idnits 2.17.1 draft-ietf-ipcdn-device-mibv2-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 18. -- Found old boilerplate from RFC 3978, Section 5.5 on line 4121. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 4098. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 4105. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 4111. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The abstract seems to indicate that this document obsoletes RFC2669, but the header doesn't have an 'Obsoletes:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 1, 2006) is 6602 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'BPI' -- Possible downref: Non-RFC (?) normative reference: ref. 'BPIPLUS' -- Possible downref: Non-RFC (?) normative reference: ref. 'MTA-PROV' ** Downref: Normative reference to an Informational RFC: RFC 1858 ** Downref: Normative reference to an Informational RFC: RFC 1945 ** Obsolete normative reference: RFC 2021 (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) ** Obsolete normative reference: RFC 2669 (Obsoleted by RFC 4639) ** Downref: Normative reference to an Informational RFC: RFC 3128 ** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424) ** Downref: Normative reference to an Informational RFC: RFC 3617 -- No information found for draft-ietf-ipcdn-docsisevent-mib - is the name correct? Summary: 11 errors (**), 0 flaws (~~), 4 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IP over Cable Data Network Working R. Woundy 3 Group Comcast 4 Internet-Draft K. Marez 5 Expires: September 2, 2006 Motorola 6 March 1, 2006 8 Cable Device Management Information Base for Data-Over-Cable Service 9 Interface Specification Compliant Cable Modems and Cable Modem 10 Termination Systems 11 draft-ietf-ipcdn-device-mibv2-11 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that any 16 applicable patent or other IPR claims of which he or she is aware 17 have been or will be disclosed, and any of which he or she becomes 18 aware will be disclosed, in accordance with Section 6 of BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on September 2, 2006. 38 Copyright Notice 40 Copyright (C) The Internet Society (2006). 42 Abstract 44 This memo is a revision of the standards track RFC 2669. Please see 45 "Revision Descriptions" below for a description of changes. This 46 document obsoletes RFC 2669. 48 This memo defines a portion of the Management Information Base (MIB) 49 for use with network management protocols in the Internet community. 50 In particular, it defines a basic set of managed objects for SNMP- 51 based management of DOCSIS-compliant Cable Modems and Cable Modem 52 Termination Systems. 54 This memo is a product of the IPCDN working group within the Internet 55 Engineering Task Force. Comments are solicited and should be 56 addressed to the working group's mailing list at ipcdn@ietf.org 57 and/or the author. 59 Table of Contents 61 1. The Internet-Standard Management Framework . . . . . . . . . . 4 62 2. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 2.1. CATV . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 64 2.2. CM or Cable Modem . . . . . . . . . . . . . . . . . . . . 5 65 2.3. CMTS or Cable Modem Termination System . . . . . . . . . . 5 66 2.4. DOCSIS or Data-Over-Cable Service Interface 67 Specification . . . . . . . . . . . . . . . . . . . . . . 5 68 2.5. Downstream . . . . . . . . . . . . . . . . . . . . . . . . 5 69 2.6. Head-end . . . . . . . . . . . . . . . . . . . . . . . . . 5 70 2.7. Media Access Control (MAC) Packet . . . . . . . . . . . . 5 71 2.8. RF . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 2.9. Simple Network Management Protocol (SNMP) . . . . . . . . 6 73 2.10. Upstream . . . . . . . . . . . . . . . . . . . . . . . . . 6 74 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 7 75 3.1. Structure of the MIB . . . . . . . . . . . . . . . . . . . 7 76 3.1.1. IMPORTed MIB Modules and REFERENCE Clauses . . . . . . 8 77 3.1.2. Persistence Model for Cable Modems . . . . . . . . . . 8 78 3.1.3. IPv4 Compliance . . . . . . . . . . . . . . . . . . . 9 79 3.2. Management requirements . . . . . . . . . . . . . . . . . 9 80 3.2.1. Handling of Software upgrades . . . . . . . . . . . . 9 81 3.2.2. Events and Notifications . . . . . . . . . . . . . . . 10 82 3.2.3. Notification Throttling . . . . . . . . . . . . . . . 10 83 3.3. Protocol Filters . . . . . . . . . . . . . . . . . . . . . 11 84 3.3.1. Inbound LLC Filters - docsDevFilterLLCTable . . . . . 12 85 3.3.2. Special Filters . . . . . . . . . . . . . . . . . . . 13 86 3.3.3. IP Filtering - docsDevFilterIpTable . . . . . . . . . 14 87 3.3.4. Outbound LLC Filters . . . . . . . . . . . . . . . . . 15 88 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 16 89 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 81 90 5.1. Revision Descriptions . . . . . . . . . . . . . . . . . . 81 91 6. Security Considerations . . . . . . . . . . . . . . . . . . . 83 92 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 87 93 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 88 94 8.1. Normative References . . . . . . . . . . . . . . . . . . . 88 95 8.2. Informative References . . . . . . . . . . . . . . . . . . 91 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 92 98 Intellectual Property and Copyright Statements . . . . . . . . . . 93 100 1. The Internet-Standard Management Framework 102 For a detailed overview of the documents that describe the current 103 Internet-Standard Management Framework, please refer to section 7 of 104 RFC 3410 [RFC3410]. 106 Managed objects are accessed via a virtual information store, termed 107 the Management Information Base or MIB. MIB objects are generally 108 accessed through the Simple Network Management Protocol (SNMP). 109 Objects in the MIB are defined using the mechanisms defined in the 110 Structure of Management Information (SMI). This memo specifies a MIB 111 module that is compliant to the SMIv2, which is described in STD 58, 112 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 113 [RFC2580]. 115 2. Glossary 117 The terms in this document are derived either from normal cable 118 system usage, or from the documents associated with the Data-Over- 119 Cable Service Interface Specification (DOCSIS) process. 121 2.1. CATV 123 Originally "Community Antenna Television", now used to refer to any 124 cable or hybrid fiber and cable system used to deliver video signals 125 to a community. 127 2.2. CM or Cable Modem 129 A CM acts as a "slave" station in a DOCSIS-compliant cable data 130 system. 132 2.3. CMTS or Cable Modem Termination System 134 A generic term covering a cable bridge or cable router in a head-end. 135 A CMTS acts as the master station in a DOCSIS-compliant cable data 136 system. It is the only station that transmits downstream, and it 137 controls the scheduling of upstream transmissions by its associated 138 CMs. 140 2.4. DOCSIS or Data-Over-Cable Service Interface Specification 142 "Data-Over-Cable Service Interface Specification". A term referring 143 to the ITU-T Recommendation J.112 [ITU-T_J.112] Annex B standard for 144 cable modem systems. [RFI1.0] [RFI1.1] [RFI2.0] 146 2.5. Downstream 148 The direction from the head-end towards the subscriber. 150 2.6. Head-end 152 The origination point in most cable systems of the subscriber video 153 signals. Generally also the location of the CMTS equipment. 155 2.7. Media Access Control (MAC) Packet 157 A DOCSIS Packet Data Unit. 159 2.8. RF 161 Radio Frequency. 163 2.9. Simple Network Management Protocol (SNMP) 165 Protocol used for network access to Management Information Base (MIB) 166 objects. The three most commonly used versions are Version 1 167 (SNMPv1), Version 2 (SNMPv2c) and Version 3 (SNMPv3). 169 2.10. Upstream 171 The direction from the subscriber towards the head-end. 173 3. Introduction 175 This MIB module provides a set of objects required for the management 176 of DOCSIS-compliant Cable Modems (CM) and Cable Modem Termination 177 Systems (CMTS). The specification is derived from the DOCSIS Radio 178 Frequency Interface specification [RFI1.0]. Please note that the 179 DOCSIS 1.0 standard only required Cable Modems to implement SNMPv1 180 and to process Internet Protocol Version 4 (IPv4) customer traffic. 181 Design choices in the original version of this MIB module reflected 182 those requirements. DOCSIS 1.1 [RFI1.1] and DOCSIS 2.0 [RFI2.0] 183 require support for SNMPv3, as well as SNMPv1 and SNMPv2c, and the 184 changes in this MIB module over the previous proposed standard 185 version reflect those additional requirements. 187 Future versions of DOCSIS are expected to require support for 188 Internet Protocol Version 6 (IPv6) as both a Customer Premise 189 Equipment (CPE) protocol and one supported by the network elements of 190 the DOCSIS CMTS/CM system. 192 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 193 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 194 document are to be interpreted as described in [RFC2119]. 196 3.1. Structure of the MIB 198 This MIB module is structured into seven components. A component 199 contains one or more MIB groups related by deprecation or logical 200 extension. 202 o The docsDevBaseGroup extends the MIB-II 'system' group of RFC3418 203 [RFC3418] with objects needed for cable device system management. 204 Related to this group is the docsDevBaseIgmpGroup (enabling 205 Internet Group Management Protocol (IGMP) status and control) and 206 the docsDevBaseMaxCpeGroup (managing the maximum number of CPEs 207 permitted access through the cable modem). 209 o The docsDevNmAccessGroup and the docsDevNmAccessExtGroup provide a 210 minimum level of SNMP access security (see Section 2.7 of 211 [OSSI1.0], section 2 of [OSSI1.1], and section 5 of [OSSI2.0]). 212 With the completion of the SNMP coexistence document, RFC 3584 213 [RFC3584], these groups have been deprecated in this version of 214 the MIB. 216 o The docsDevSoftwareGroup, updated by the docsDevSoftwareGroupV2, 217 provides information for network-downloadable software upgrades. 218 See "Handling of Software Upgrades" below. 220 o The docsDevServerGroup, updated by the docsDevServerGroupV2, 221 provides information about the progress of the interaction between 222 the CM or CMTS and various provisioning servers. 224 o The docsDevEventGroup, updated by the docsDevEventGroupV2, 225 provides control and logging for event reporting. With the 226 addition of the SNMP Notification MIB, RFC 3413 [RFC3413], and 227 Notification Log MIB, RFC 3014 [RFC3014], which cover event 228 reporting, the objects in this MIB module have been modified to 229 allow for the usage of these RFCs. 231 o The docsDevFilterGroup configures filters at link layer and IP 232 layer for bridged data traffic. This group has been deprecated in 233 this version of the MIB in favor of the docsDevFilterLLCGroup, and 234 by groups from the Differentiated Services MIB [RFC3289] -- 235 specifically the groups representing the Data Path, Classifier, 236 and Actions tables from that MIB. 238 o The docsDevCpeGroup, updated by the docsDevInetCpeGroup, provides 239 control over which IP addresses may be used by CPEs (e.g. PCs) 240 serviced by a given cable modem. This provides anti-spoofing 241 control at the point of origin for a large cable modem system. 242 This group is separate from docsDevFilter primarily as this group 243 is only implemented on the Cable Modem (CM) and MUST NOT be 244 implemented on the Cable Modem Termination System (CMTS). 246 3.1.1. IMPORTed MIB Modules and REFERENCE Clauses 248 This MIB module IMPORTs definitions normatively from the following 249 MIB modules, beyond [RFC2578], [RFC2579] and [RFC2580]: INET-ADDRESS- 250 MIB [RFC4001], SNMP-FRAMEWORK-MIB [RFC3411], IF-MIB [RFC2863], RMON2- 251 MIB [RFC2021], and DIFFSERV-MIB [RFC3289]. 253 This MIB module also includes REFERENCE clauses that normatively 254 refer to [RFC3617], [RFI1.0], [RFI1.1], [RFI2.0], [OSSI1.1], and 255 [OSSI2.0]. 257 3.1.2. Persistence Model for Cable Modems 259 Most of the tables in this MIB module (e.g. docsDevNmAccessTable, 260 docsDevFilterLLCTable) are specified not to persist objects across 261 reboots. 263 The expectation (and current operational practice) is that upon 264 reboot, these tables are cleared and repopulated from the DOCSIS 265 configuration file supplied by the cable operator. This approach 266 enables a cable modem to adapt to the current cable operator's 267 environment, which in turn enables cable modem portability across 268 different cable operators. 270 A notable exception to the persistence model is docsDevEventTable, 271 since it is useful to maintain a record of events across reboots for 272 debugging purposes. 274 3.1.3. IPv4 Compliance 276 Please note that the compliance statements in this version of the MIB 277 module require support only for IPv4 addresses. That is because the 278 current version of the DOCSIS protocols (1.0, 1.1, and 2.0) are not 279 IPv6-capable. Although support for IPv6 will require changes to the 280 DOCSIS protocols, it is expected that the only changes needed to the 281 MIB module itself will be the addition of new compliance statements 282 that mandate support for IPv6 addresses. 284 3.2. Management requirements 286 3.2.1. Handling of Software upgrades 288 The Cable Modem software upgrade process is documented in [RFI1.0]. 289 From a network management station, the operator: 291 o sets docsDevSwServer to the address of the Trivial File Transfer 292 Protocol (TFTP) server for software upgrades 294 o sets docsDevSwFilename to the file pathname of the software 295 upgrade image 297 o sets docsDevSwAdminStatus to upgrade-from-mgt 299 While DOCSIS only specifies the implementation of the TFTP protocol 300 [RFC1350] for file transfers, other functional entities embedded 301 within the cable device (particularly a PacketCable Multimedia 302 Terminal Adapter [MTA-PROV]) specify the optional implementation of 303 the Hyper Text Transfer Protocol (HTTP) [RFC1945][RFC2616] for file 304 transfers. The value of the docsDevSwServerTransportProtocol object 305 determines which protocol is used for SNMP-initiated software 306 upgrade. 308 One reason for the SNMP-initiated upgrade is to allow loading of a 309 temporary software image (e.g., special diagnostic software) that 310 differs from the software normally used on that device without 311 changing the provisioning database. 313 Note that software upgrades should not be accepted blindly by the 314 cable device. The cable device may refuse an upgrade if: 316 o The download is incomplete. 318 o The file contents are incomplete or damaged. 320 o The software is not intended for that hardware device (may include 321 the case of a feature set that has not been purchased for this 322 device). 324 A cable device that implements the code verification mechanisms of 325 [BPIPLUS] verifies the source and integrity of the downloaded image 326 by validating one or more Code Verification Signatures that are 327 bundled within the software upgrade. 329 3.2.2. Events and Notifications 331 This MIB module provides control facilities for reporting events 332 through syslog [RFC3164], notifications (traps and informs), and non- 333 volatile logging. Additional controls allow for the agent to use the 334 SNMP Notification MIB [RFC3413] and Notification Log MIB [RFC3014] 335 for event notification. 337 The conventions for event reporting are outside the scope of this 338 document. The definition and coding of common DOCSIS notifications 339 can be found in [I-D.ietf-ipcdn-docsisevent-mib]. 341 3.2.3. Notification Throttling 343 The CM and CMTS MUST provide support for notification message 344 throttling as described below. The network operator can employ 345 notification rate throttling or notification limiting by manipulating 346 the appropriate MIB variables. 348 3.2.3.1. Notification rate throttling 350 Network operators may employ either of two rate control methods. In 351 the first method, the device ceases to send notifications when the 352 rate exceeds the specified maximum message rate. It resumes sending 353 notifications only if reactivated by a network management station 354 request. 356 In the second method, the device resumes sending notifications when 357 the rate falls below the specified maximum message rate. 359 The network operator configures the specified maximum message rate by 360 setting the measurement interval (in seconds), and the maximum number 361 of notifications to be transmitted within the measurement interval. 362 The operator can query the operational throttling state (to determine 363 whether notifications are enabled or blocked by throttling) of the 364 device, as well as query and set the administrative throttling state 365 (to manage the rate control method) of the device. 367 3.2.3.2. Limiting the notification rate 369 Network operators may wish to limit the number of notifications sent 370 by a device over a specified time period. The device ceases to send 371 notifications when the number of notifications exceeds the specified 372 threshold. It resumes sending notifications only when the 373 measurement interval has passed. 375 The network operator defines the maximum number of notifications he 376 is willing to handle and sets the measurement interval to a large 377 number (in hundredths of a second). For this case, the 378 administrative throttling state is set to stop at threshold which is 379 the maximum number of notifications. 381 See "Techniques for Managing Asynchronously Generated Alerts" 382 [RFC1224] for additional technical motivations. 384 3.3. Protocol Filters 386 The Cable Device MIB provides objects for both Link Layer Control 387 (LLC) and IP protocol filters. The LLC protocol filter entries can 388 be used to limit CM forwarding to a restricted set of network-layer 389 protocols (such as IP, Internetwork Packet Exchange (IPX), Network 390 Basic Input/Output System (NetBIOS), and Appletalk). 392 The IP protocol filter entries can be used to restrict upstream or 393 downstream traffic based on source and destination IP addresses, 394 transport-layer protocols (such as Transport Control Protocol (TCP), 395 User Datagram Protocol (UDP), and Internet Control Message Protocol 396 (ICMP)), and source and destination TCP/UDP port numbers. 398 In general, a cable modem applies filters (or more properly, 399 classifiers) in an order appropriate to the layering model. 400 Specifically, the inbound MAC (or LLC) layer filters are applied 401 first, then the "special" filters, then the IP layer inbound filters, 402 then the IP layer outbound filters, then any final LLC outbound 403 filters. 405 ***************** 406 * LLC Filter In * 407 ***************** 408 | 409 v 410 ******************* 411 * Special Filters * 412 * | * 413 * V * 414 * ************ * 415 * * IP Spoof * * 416 * ************ * 417 * | * 418 * v * 419 * *************** * 420 * * SNMP Access * * 421 * *************** * 422 * | * 423 ******************* 424 | 425 v 426 **************** 427 * IP Filter In * 428 **************** 429 | 430 v 431 ***************** 432 * IP Filter Out * 433 ***************** 434 | 435 v 436 ****************** 437 * LLC Filter Out * 438 ****************** 440 3.3.1. Inbound LLC Filters - docsDevFilterLLCTable 442 The inbound LLC (or MAC or level-2) filters are contained in the 443 docsDevFilterLLCTable and are applied to level-2 frames entering the 444 cable modem from either the RF MAC interface or from one of the CPE 445 interfaces (physical or logical). These filters are used to prohibit 446 the processing and forwarding of certain types of level-2 traffic 447 that may be disruptive to the network. The filters, as currently 448 specified, can be set to cause the modem to either drop frames which 449 match at least one filter, or to process a frame which matches at 450 least one filter. Some examples of possible configurations would be 451 to only permit IP (and ARP) traffic, or to drop NetBIOS traffic. 453 3.3.2. Special Filters 455 Special filters are applied after the packet is accepted from the MAC 456 layer by the IP module, but before any other processing is done. 457 They are filters that apply only to a very specific class of traffic. 459 3.3.2.1. IP Spoofing Filters - docsDevCpeTable, docsDevCpeInetTable 461 IP spoofing filters are applied to packets entering the modem from 462 one of the CPE interfaces and are intended to prevent a subscriber 463 from stealing or mis-using IP addresses that were not assigned to the 464 subscriber. If the filters are active (enabled), the source address 465 of the IP packet must match at least one IP address in one of these 466 two tables (docsDevCpeTable or docsDevCpeInetTable) or it is 467 discarded without further processing. 469 To prevent potential implementation ambiguity, the device consults 470 the docsDevCpeTable for the IP packet source address, before 471 consulting the docsDevCpeInetTable. 473 The table can be automatically populated where the first N different 474 IP addresses seen from the CPE side of the cable modem are used to 475 automatically populate the table. The spoofing filters are specified 476 in the docsDevCpeTable and the docsDevCpeInetTable, and the policy 477 for automatically creating filters in those tables is controlled by 478 docsDevCpeEnroll and docsDevMaxCpe as well as the network management 479 agent. 481 Similar IP spoofing filter controls are defined for CMTS 482 implementation in the Subscriber Management MIB [RFC4036]. 484 3.3.2.2. SNMP Access Filters - docsDevNmAccessTable 486 The SNMP access filters are applied to SNMP packets entering from any 487 interface and destined for the cable modem. If the packets enter 488 from a CPE interface, the SNMP filters are applied after the IP 489 spoofing filters. The filters only apply to SNMPv1 or SNMPv2c 490 traffic, and are not consulted for SNMPv3 traffic (and need not be 491 implemented by a v3 only agent). SNMPv3 access control is specified 492 in the User Security Model MIB in [RFC3414]. 494 With the completion of the SNMP coexistence document, RFC 3584 495 [RFC3584], docsDevNmAccess table has been deprecated in this version 496 of the MIB. See the body of the MIB for the description of how 497 agents should handle the interaction between RFC 3584 MIBs and this 498 MIB. 500 3.3.3. IP Filtering - docsDevFilterIpTable 502 The IP Filtering table acts as a classifier table. Each row in the 503 table describes a template against which IP packets are compared. 504 The template includes source and destination addresses (and their 505 associated masks), upper level protocol (e.g. TCP, UDP), source and 506 destination port ranges, and Terms of Service (ToS) values. A row 507 also contains interface and traffic direction match values which have 508 to be considered in combination. All columns of a particular row 509 must match the appropriate fields in the packet, and must match the 510 interface and direction items for the packet to result in a match to 511 the packet. 513 When classifying a packet, each table is scanned beginning with the 514 lowest number filter. If the agent finds a match, it applies the 515 group of policies specified. If the matched filter has the continue 516 bit set, the agent continues the scan possibly matching additional 517 filters and applying additional policies. For example, this allows 518 the agent to take one set of actions for the 24.0.16/255.255.255.0 519 group and one set of actions for telnet packets to/from 24.0.16.30, 520 and these sets of actions may not be mutually exclusive. 522 Once a packet is matched, one of three actions happen based on the 523 setting of docsDevFilterIpControl in the row. The packet may be 524 dropped, in which case no further processing is required. The packet 525 may be accepted and processing of the packet continues. Lastly, the 526 packet may have a set of policy actions applied to it. If 527 docsDevFilterIpContinue is set to true, scanning of the table 528 continues and additional matches may result. 530 When a packet matches, and docsDevFilterIpControl in the filter 531 matched is set to 'policy', the value of docsDevFilterIpPolicyId is 532 used as a selector into the docsDevFilterPolicyTable. The first 533 level of indirection may result in zero or more actions being taken 534 based on the match. The docsDevFilterPolicyTable is scanned in row 535 order and all rows where docsDevFilterPolicyId equals 536 docsDevFilterIpPolicyId have the action specified by 537 docsDevFilterPolicyValue 'executed'. 539 For an example of the use of these IP Filtering MIB tables, see 540 [RFC2669]. 542 The IP Filtering table and related tables have been deprecated in 543 this version of the MIB in favor of the Data Path, Classifier, and 544 Action tables from the Differentiated Services MIB [RFC3289]. See 545 the body of the MIB for the description of how agents should handle 546 the interaction between RFC 3289 MIBs and this MIB module. 548 3.3.4. Outbound LLC Filters 550 Lastly, any outbound LLC filters are applied to the packet just prior 551 to it being emitted on the appropriate interface. This MIB module 552 does not specify any outbound LLC filters, but section 3 of the 553 DOCSIS Quality of Service (QoS) MIB, [RFC4323], includes outbound LLC 554 filtering requirements. 556 4. Definitions 558 DOCS-CABLE-DEVICE-MIB DEFINITIONS ::= BEGIN 560 IMPORTS 561 MODULE-IDENTITY, 562 OBJECT-TYPE, 563 IpAddress, 564 Unsigned32, 565 Counter32, 566 Integer32, 567 zeroDotZero, 568 mib-2 569 FROM SNMPv2-SMI -- RFC 2578 570 RowStatus, 571 RowPointer, 572 DateAndTime, 573 TruthValue, 574 StorageType 575 FROM SNMPv2-TC -- RFC 2579 576 InetAddressType, 577 InetAddress 578 FROM INET-ADDRESS-MIB -- RFC 4001 579 OBJECT-GROUP, 580 MODULE-COMPLIANCE 581 FROM SNMPv2-CONF -- RFC 2580 582 SnmpAdminString 583 FROM SNMP-FRAMEWORK-MIB -- RFC 3411 584 InterfaceIndexOrZero 585 FROM IF-MIB -- RFC 2863 586 ZeroBasedCounter32 587 FROM RMON2-MIB -- RFC 2021 588 diffServMIBDataPathGroup, 589 diffServMIBClfrGroup, 590 diffServMIBClfrElementGroup, 591 diffServMIBMultiFieldClfrGroup, 592 diffServMIBActionGroup, 593 diffServMIBDscpMarkActGroup, 594 diffServMIBCounterGroup, 595 diffServMIBAlgDropGroup, 596 diffServDataPathStatus, 597 diffServClfrStatus, 598 diffServClfrElementStatus, 599 diffServMultiFieldClfrAddrType, 600 diffServMultiFieldClfrSrcAddr, 601 diffServMultiFieldClfrDstAddr, 602 diffServAlgDropStatus, 603 diffServDataPathStorage, 604 diffServClfrStorage, 605 diffServClfrElementStorage, 606 diffServMultiFieldClfrStorage, 607 diffServActionStorage, 608 diffServCountActStorage, 609 diffServAlgDropStorage, 610 diffServAlgDropType 611 FROM DIFFSERV-MIB; -- RFC 3289 613 docsDev MODULE-IDENTITY 614 LAST-UPDATED "200603010000Z" -- March 1, 2006 615 ORGANIZATION "IETF IP over Cable Data Network 616 Working Group" 617 CONTACT-INFO 618 " Rich Woundy 619 Postal: Comcast Cable 620 27 Industrial Avenue 621 Chelmsford, MA 01824 U.S.A. 622 Phone: +1 978 244 4010 623 E-mail: richard_woundy@cable.comcast.com 625 Kevin Marez 626 Postal: Motorola Corporation 627 6450 Sequence Drive 628 San Diego, CA 92121 U.S.A. 629 Phone: +1 858 404 3785 630 E-mail: kevin.marez@motorola.com 632 IETF IPCDN Working Group 633 General Discussion: ipcdn@ietf.org 634 Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn 635 Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn 636 Co-chairs: Richard Woundy, richard_woundy@cable.comcast.com 637 Jean-Francois Mule, jf.mule@cablelabs.com" 638 DESCRIPTION 639 "This is the MIB Module for DOCSIS-compliant cable modems 640 and cable-modem termination systems. 642 Copyright (C) The Internet Society (2006). This version 643 of this MIB module was published in RFC XXXX; for full 644 legal notices see the RFC itself." 645 -- RFC Editor Note: The descriptions (above and below) 646 -- should be modified to 647 -- change XXXX to the actual RFC number that is 648 -- assigned at publication. This note should 649 -- be removed at that time as well. 651 REVISION "200603010000Z" -- March 1, 2006 652 DESCRIPTION 653 "Second version, published as RFC XXXX. 655 Modifications to this MIB module since RFC 2669 include: 656 - Deprecation of the docsDevFilter group in favor of the 657 DiffServ MIB groups, to enable support for IPv6 658 filtering and DiffServ Code Point (DSCP) marking. 659 - Deprecation of the docsDevCpeGroup in favor of the 660 docsDevCpeInetGroup, to enable support of IPv6. 661 - Addition of various InetAddress objects to enable 662 support of IPv6. 663 - Deprecation of docsDevNmAccessTable in favor of SNMP 664 Coexistence and SNMPv3 -- yet adding 665 docsDevNmAccessTrapVersion and clarifying 666 docsDevNmAccessIp for current use of this table, 667 - Addition of docsDevIgmpModeControl for management and 668 control of the IGMP mode of operation, 669 - Addition of docsDevMaxCpe for management of the 670 maxium number of CPEs permitted access through a 671 cable modem, 672 - Addition of docsDevSwServerTransportProtocol, and 673 modifications to docsDevSoftware object DESCRIPTIONS, 674 to enable software downloads via either TFTP or HTTP, 675 - Replacement of docsDevEvThrottleInhibited with 676 docsDevEvThrottleThresholdExceeded to simplify 677 event threshold management, 678 - Modification of docsDevEvReporting to enable local 679 logging to the internal volatile log, and not to the 680 internal non-volatile log, 681 - Modification of the compliance statement to make the 682 docsDevCpe objects optional 683 - Created placeholders for two OIDs in the 684 docsDevFilterPolicyTable that were never used 685 - Modified the DESCRIPTION of 686 docsDevSwServerTransportProtocol and 687 docsDevSwServerAddressType to address the 688 dependence between each object 689 - Added a reference to docsDevServerConfigTftpAddress 690 - Clarified the scope of notifications that are covered 691 by docsDevEvThrottleThreshold 692 - Clarified an error condition that could occur when 693 doing a SET to docsDevEvReporting 694 - Defined each of the enumerated types for both 695 docsDevEvLevel and docsDevEvPriority 696 - Added UNITS clause to docsDevFilterLLCMatches, 697 docsDevFilterIpMatches, docsDevMaxCpe, 698 docsDevEvThrottleThreshold and docsDevEvCounts. 700 - Added REFERENCE clause to docsDevFilterIpProtocol 701 - Modified DESCRIPTION of docsDevCpeInetAddr to be 702 more protocol-neutral 703 - Removed the enumerated value (1) from both 704 docsDevCpeInetSource and docsDevCpeSource 705 - Covered additional read-write and read-create objects 706 in the Security Considerations section 707 - Modified the default value of docsDevNmAccessIpMask 708 to be consistent with OSSI specification 709 - Modified the SYNTAX of docsDevNmAccessCommunity and 710 docsDevNmAccessInterfaces in the Conformance 711 Statement section 712 - Added SYNTAX clause to docsDevEvReporting in the 713 Conformance Statement section 714 - Modified SYNTAX clause of docsDevEvReporting to 715 move new enumerated type to byte boundary 716 - Added references to DOCSIS 2.0 specifications to 717 multiple objects 718 - Clarified non-persistency across reboots for 719 all tables 720 - Clarified functionality of docsDevSw objects as 721 they relate to docsDevSwOperStatus 722 - Clarified enumerated types (9) and (10) for 723 docsDevServerBootState 724 - Defined the state of unknown(0) for the following 725 objects: docsDevServerDhcpAddressType, 726 docsDevServerTimeAddressType, 727 docsDevServerConfigTftpAddressType and 728 docsDevServerConfigTftpAddressType 729 - Modified the value in docsDevFilterIpDaddr to be 730 consistent with the SYNTAX 731 - Specified which rows could be modified in an 732 active row for docsDevFilterPolicyStatus 733 - Defined the term 'manually' in docsDevCpeEnroll 734 - Clarified the description for 735 docsDevFilterTosOrMask 736 - Covered the case of a non-existent row for 737 docsDevFilterPolicyPtr 738 - Added DEFVAL clauses for multiple objects 739 - Replaced docsDevNotification OBJECT IDENTIFIER 740 with docsDevNotifications to address possible 741 compatibility issues 742 - Added support for the usage of RFC 3413 and RFC 3014 743 as event notification mechanisms 744 - Removed docsDevFilterPolicyObsoleteGroup 745 - Added stdInterface(9) type to docsDevEvReporting to 746 support the usage of RFC3413 and RFC3014 747 - Modified DESCRIPTION for docsDevMaxCpe" 749 REVISION "199908190000Z" 750 DESCRIPTION 751 "Initial version, published as RFC 2669." 753 ::= { mib-2 69 } 755 docsDevMIBObjects OBJECT IDENTIFIER ::= { docsDev 1 } 757 docsDevBase OBJECT IDENTIFIER ::= { docsDevMIBObjects 1 } 759 -- 760 -- For the following object, there is no concept in the 761 -- RFI specification corresponding to a backup CMTS. The 762 -- enumeration is provided here in case someone is able 763 -- to define such a role or device. 764 -- 766 docsDevRole OBJECT-TYPE 767 SYNTAX INTEGER { 768 cm(1), 769 cmtsActive(2), 770 cmtsBackup(3) 771 } 772 MAX-ACCESS read-only 773 STATUS current 774 DESCRIPTION 775 "Defines the current role of this device. cm(1) is a 776 Cable Modem, cmtsActive(2) is a Cable Modem Termination 777 System which is controlling the system of cable modems, 778 and cmtsBackup(3) is a CMTS which is currently connected 779 but not controlling the system (not currently used). 781 In general, if this device is a 'cm', its role will not 782 change during operation or between reboots. If the 783 device is a 'cmts' it may change between cmtsActive and 784 cmtsBackup and back again during normal operation. NB: 785 At this time, the DOCSIS standards do not support the 786 concept of a backup CMTS, but cmtsBackup is included for 787 completeness." 788 ::= { docsDevBase 1 } 790 docsDevDateTime OBJECT-TYPE 791 SYNTAX DateAndTime 792 MAX-ACCESS read-write 793 STATUS current 794 DESCRIPTION 795 "The current date and time, with time zone information 796 (if known). 798 If the real data and time cannot be determined, this 799 shall represent elapsed time from boot relative to 800 the standard epoch '1970-1-1,0:0:0.0'. In other 801 words, if this agent has been up for 3 minutes, and 802 not been able to determine what the actual date and 803 time are, this object will return the value 804 '1970-1-1,0:03:0.0'." 805 ::= { docsDevBase 2 } 807 docsDevResetNow OBJECT-TYPE 808 SYNTAX TruthValue 809 MAX-ACCESS read-write 810 STATUS current 811 DESCRIPTION 812 "Setting this object to true(1) causes the device to 813 reset. Reading this object always returns false(2)." 814 ::= { docsDevBase 3 } 816 docsDevSerialNumber OBJECT-TYPE 817 SYNTAX SnmpAdminString 818 MAX-ACCESS read-only 819 STATUS current 820 DESCRIPTION 821 "The manufacturer's serial number for this device." 822 ::= { docsDevBase 4 } 824 docsDevSTPControl OBJECT-TYPE 825 SYNTAX INTEGER { 826 stEnabled(1), 827 noStFilterBpdu(2), 828 noStPassBpdu(3) 829 } 830 MAX-ACCESS read-write 831 STATUS current 832 DESCRIPTION 833 "This object controls operation of the spanning tree 834 protocol (as distinguished from transparent bridging). 836 If set to stEnabled(1) then the spanning tree protocol 837 is enabled, subject to bridging constraints. 839 If noStFilterBpdu(2), then spanning tree is not active, 840 and Bridge PDUs received are discarded. 842 If noStPassBpdu(3) then spanning tree is not active 843 and Bridge PDUs are transparently forwarded. 845 Note that a device need not implement all of these 846 options, but that noStFilterBpdu(2) is required." 847 DEFVAL { noStFilterBpdu } 848 ::= { docsDevBase 5 } 850 docsDevIgmpModeControl OBJECT-TYPE 851 SYNTAX INTEGER { 852 passive(1), 853 active(2) 854 } 855 MAX-ACCESS read-write 856 STATUS current 857 DESCRIPTION 858 "This object controls the IGMP mode of operation for 859 the CM or CMTS. In passive mode, the device forwards 860 IGMP between interfaces based on knowledge of Multicast 861 Session activity on the subscriber side interface and 862 the rules defined in the DOCSIS RFI specification. In 863 active mode, the device terminates at and initiates 864 IGMP through its interfaces based on the knowledge of 865 Multicast Session activity on the subscriber side 866 interface." 867 REFERENCE 868 "DOCSIS RFI 1.1 Specification, Section 3.3.1. and 869 DOCSIS RFI 2.0 Specification, Section 5.3.1." 870 DEFVAL { passive } 871 ::= { docsDevBase 6 } 873 docsDevMaxCpe OBJECT-TYPE 874 SYNTAX Unsigned32 (0..255) 875 UNITS "CPEs" 876 MAX-ACCESS read-only 877 STATUS current 878 DESCRIPTION 879 "The maximum number of CPEs that can be granted access 880 through a CM during a CM epoch. This value can be 881 obtained from the CM configuration file, however, 882 it may be adjusted by the CM based on hardware or 883 software limitations that have been imposed on the 884 implementation." 885 REFERENCE 886 "DOCSIS RFI 1.0 Specification, Appendix C.7.20., and 887 DOCSIS RFI 1.1 Specification, Appendix C.1.1.7. and 888 DOCSIS RFI 2.0 Specification, Appendix C.1.1.7." 889 ::= { docsDevBase 7 } 891 -- 892 -- The following table provides one level of security for access 893 -- to the device by network management stations. 894 -- Note that access is also constrained by the 895 -- community strings and any vendor-specific security. 896 -- 898 docsDevNmAccessTable OBJECT-TYPE 899 SYNTAX SEQUENCE OF DocsDevNmAccessEntry 900 MAX-ACCESS not-accessible 901 STATUS deprecated 902 DESCRIPTION 903 "This table controls access to SNMP objects by network 904 management stations. If the table is empty, access to 905 SNMP objects is unrestricted. The objects in this table 906 MUST NOT persist across reboots. The objects in this 907 table are only accessible from cable devices which are 908 not capable of operating in SNMP Coexistence mode 909 (RFC 3584) nor in SNMPv3 mode (RFC 3410). 910 See the conformance section for 911 details. Note that some devices are required by other 912 specifications, e.g. the DOCSIS OSSIv1.1 specification, 913 to support the legacy SNMPv1/v2c docsDevNmAccess mode 914 for backward compatibility. 916 This table is deprecated. Instead, use the SNMP 917 coexistence MIBs from RFC 3584, the TARGET and 918 NOTIFICATION MIBs from RFC 3413, and 919 the View-Based Access Control Model (VACM) MIBs for 920 all SNMP protocol versions from RFC 3415." 921 ::= { docsDevMIBObjects 2 } 923 docsDevNmAccessEntry OBJECT-TYPE 924 SYNTAX DocsDevNmAccessEntry 925 MAX-ACCESS not-accessible 926 STATUS deprecated 927 DESCRIPTION 928 "An entry describing access to SNMP objects by a 929 particular network management station. An entry in 930 this table is not readable unless the management station 931 has read-write permission (either implicit if the table 932 is empty, or explicit through an entry in this table. 933 Entries are ordered by docsDevNmAccessIndex. The first 934 matching entry (e.g. matching IP address and community 935 string) is used to derive access." 936 INDEX { docsDevNmAccessIndex } 937 ::= { docsDevNmAccessTable 1 } 939 DocsDevNmAccessEntry ::= SEQUENCE { 940 docsDevNmAccessIndex Integer32, 941 docsDevNmAccessIp IpAddress, 942 docsDevNmAccessIpMask IpAddress, 943 docsDevNmAccessCommunity OCTET STRING, 944 docsDevNmAccessControl INTEGER, 945 docsDevNmAccessInterfaces OCTET STRING, 946 docsDevNmAccessStatus RowStatus, 947 docsDevNmAccessTrapVersion INTEGER 948 } 950 docsDevNmAccessIndex OBJECT-TYPE 951 SYNTAX Integer32 (1..2147483647) 952 MAX-ACCESS not-accessible 953 STATUS deprecated 954 DESCRIPTION 955 "Index used to order the application of access 956 entries." 957 ::= { docsDevNmAccessEntry 1 } 959 docsDevNmAccessIp OBJECT-TYPE 960 SYNTAX IpAddress 961 MAX-ACCESS read-create 962 STATUS deprecated 963 DESCRIPTION 964 "The IP address (or subnet) of the network management 965 station. The address 0.0.0.0 is defined to mean 966 any Network Management Station (NMS). If traps are 967 enabled for this entry, then the value must be the 968 address of a specific device. Implementations MAY 969 recognize 255.255.255.255 as equivalent to 0.0.0.0." 970 DEFVAL { '00000000'h } 971 ::= { docsDevNmAccessEntry 2 } 973 docsDevNmAccessIpMask OBJECT-TYPE 974 SYNTAX IpAddress 975 MAX-ACCESS read-create 976 STATUS deprecated 977 DESCRIPTION 978 "The IP subnet mask of the network management stations. 979 If traps are enabled for this entry, then the value must 980 be 0.0.0.0. Implementations MAY recognize 981 255.255.255.255 as equivalent to 0.0.0.0." 982 DEFVAL { '00000000'h } 983 ::= { docsDevNmAccessEntry 3 } 985 docsDevNmAccessCommunity OBJECT-TYPE 986 SYNTAX OCTET STRING 987 MAX-ACCESS read-create 988 STATUS deprecated 989 DESCRIPTION 990 "The community string to be matched for access by this 991 entry. If set to a zero length string then any 992 community string will match. When read, this object 993 SHOULD return a zero length string." 994 DEFVAL { "public" } 995 ::= { docsDevNmAccessEntry 4 } 997 docsDevNmAccessControl OBJECT-TYPE 998 SYNTAX INTEGER { 999 none(1), 1000 read(2), 1001 readWrite(3), 1002 roWithTraps(4), 1003 rwWithTraps(5), 1004 trapsOnly(6) 1005 } 1006 MAX-ACCESS read-create 1007 STATUS deprecated 1008 DESCRIPTION 1009 "Specifies the type of access allowed to this NMS. 1010 Setting this object to none(1) causes the table entry 1011 to be destroyed. Read(2) allows access by 'get' and 1012 'get-next' PDUs. ReadWrite(3) allows access by 'set' as 1013 well. RoWithtraps(4), rwWithTraps(5), and trapsOnly(6) 1014 control distribution of Trap PDUs transmitted by this 1015 device." 1016 DEFVAL { read } 1017 ::= { docsDevNmAccessEntry 5 } 1019 -- The syntax of the following object was copied from RFC 1493, 1020 -- dot1dStaticAllowedToGoTo. 1022 docsDevNmAccessInterfaces OBJECT-TYPE 1023 SYNTAX OCTET STRING (SIZE (1..32)) 1024 MAX-ACCESS read-create 1025 STATUS deprecated 1026 DESCRIPTION 1027 "Specifies the set of interfaces from which requests from 1028 this NMS will be accepted. Each octet within 1029 the value of this object specifies a set of eight 1030 interfaces, with the first octet specifying ports 1 1031 through 8, the second octet specifying interfaces 9 1032 through 16, etc. Within each octet, the most 1033 significant bit represents the lowest numbered 1034 interface, and the least significant bit represents the 1035 highest numbered interface. Thus, each interface is 1036 represented by a single bit within the value of this 1037 object. If that bit has a value of '1' then that 1038 interface is included in the set. 1040 Note that entries in this table apply only to link-layer 1041 interfaces (e.g., Ethernet and CATV MAC). Bits 1042 representing upstream and downstream channel interfaces 1043 MUST NOT be set to '1'. 1045 Note that if bits corresponding to non-existing 1046 interfaces are set, the result is implementation 1047 specific. 1049 Note that according to the DOCSIS OSSIv1.1 1050 specification, when ifIndex '1' is included in the 1051 set, then this row applies to all CPE 1052 (customer-facing) interfaces. 1054 The size of this object is the minimum required to 1055 represent all configured interfaces for this device." 1056 ::= { docsDevNmAccessEntry 6 } 1058 docsDevNmAccessStatus OBJECT-TYPE 1059 SYNTAX RowStatus 1060 MAX-ACCESS read-create 1061 STATUS deprecated 1062 DESCRIPTION 1063 "Controls and reflects the status of rows in this 1064 table. Rows in this table may be created by either the 1065 create-and-go or create-and-wait paradigms. There is no 1066 restriction on changing values in a row of this table 1067 while the row is active. 1069 The following objects MUST have valid values before this 1070 object can be set to active: docsDevNmAccessIp, 1071 docsDevNmAccessStatus, docsDevNmAccessIpMask, 1072 docsDevNmAccessCommunity, docsDevNmAccessControl and 1073 docsDevNmAccessInterfaces." 1074 ::= { docsDevNmAccessEntry 7 } 1076 docsDevNmAccessTrapVersion OBJECT-TYPE 1077 SYNTAX INTEGER { 1078 disableSNMPv2trap(1), 1079 enableSNMPv2trap(2) 1080 } 1081 MAX-ACCESS read-create 1082 STATUS deprecated 1083 DESCRIPTION 1084 "Specifies the TRAP version that is sent to this NMS. 1086 Setting this object to disableSNMPv2trap (1) causes the 1087 trap in SNMPv1 format to be sent to particular NMS. 1088 Setting this object to enableSNMPv2trap (2) causes the 1089 trap in SNMPv2 format be sent to particular NMS." 1090 DEFVAL { disableSNMPv2trap } 1091 ::= { docsDevNmAccessEntry 8 } 1093 -- 1094 -- The following group describes control objects used for downloading 1095 -- firmware to a cable device. Procedures for software download are 1096 -- described in section 3.2.1 of the RFC containing this MIB module. 1097 -- 1099 docsDevSoftware OBJECT IDENTIFIER ::= { docsDevMIBObjects 3 } 1101 docsDevSwServer OBJECT-TYPE 1102 SYNTAX IpAddress 1103 MAX-ACCESS read-write 1104 STATUS deprecated 1105 DESCRIPTION 1106 "The address of the TFTP server used for software 1107 upgrades. If the TFTP server is unknown or is a 1108 non-IPv4 address, return 0.0.0.0. 1110 This object is deprecated. See docsDevSwServerAddress 1111 for its replacement. This object will have its value 1112 modified given a valid SET to docsDevSwServerAddress." 1113 ::= { docsDevSoftware 1 } 1115 docsDevSwFilename OBJECT-TYPE 1116 SYNTAX SnmpAdminString (SIZE (0..64)) 1117 MAX-ACCESS read-write 1118 STATUS current 1119 DESCRIPTION 1120 "The filename of the software image to be downloaded via 1121 TFTP, or the abs_path (as defined in RFC 2616) of the 1122 software image to be downloaded via HTTP. 1124 Unless set via SNMP, this is the filename or abs_path 1125 specified by the provisioning server during the boot 1126 process, that corresponds to the software version that 1127 is desired for this device. 1129 If unknown, the value of this object is the zero-length 1130 string." 1131 ::= { docsDevSoftware 2 } 1133 docsDevSwAdminStatus OBJECT-TYPE 1134 SYNTAX INTEGER { 1135 upgradeFromMgt(1), 1136 allowProvisioningUpgrade(2), 1137 ignoreProvisioningUpgrade(3) 1138 } 1139 MAX-ACCESS read-write 1140 STATUS current 1141 DESCRIPTION 1142 "If set to upgradeFromMgt(1), the device will initiate a 1143 TFTP or HTTP software image download. After 1144 successfully receiving an image, the device will set 1145 its state to ignoreProvisioningUpgrade(3) and reboot. 1146 If the download process is interrupted (e.g. by a reset 1147 or power failure, the device will load the previous 1148 image and, after re-initialization, continue to attempt 1149 loading the image specified in docsDevSwFilename. 1151 If set to allowProvisioningUpgrade(2), the device will 1152 use the software version information supplied by the 1153 provisioning server when next rebooting (this does not 1154 cause a reboot). 1156 When set to ignoreProvisioningUpgrade(3), the device 1157 will disregard software image upgrade information 1158 from the provisioning server. 1160 Note that reading this object can return 1161 upgradeFromMgt(1). This indicates that a software 1162 download is currently in progress, and that the device 1163 will reboot after successfully receiving an image." 1164 DEFVAL { allowProvisioningUpgrade } 1165 ::= { docsDevSoftware 3 } 1167 docsDevSwOperStatus OBJECT-TYPE 1168 SYNTAX INTEGER { 1169 inProgress(1), 1170 completeFromProvisioning(2), 1171 completeFromMgt(3), 1172 failed(4), 1173 other(5) 1174 } 1175 MAX-ACCESS read-only 1176 STATUS current 1177 DESCRIPTION 1178 "InProgress(1) indicates that a TFTP or HTTP download is 1179 underway, either as a result of a version mismatch at 1180 provisioning or as a result of a upgradeFromMgt request. 1182 No other docsDevSw* objects can be modified while in 1183 this state. 1185 CompleteFromProvisioning(2) indicates that the last 1186 software upgrade was a result of version mismatch at 1187 provisioning. 1189 CompleteFromMgt(3) indicates that the last software 1190 upgrade was a result of setting docsDevSwAdminStatus to 1191 upgradeFromMgt. 1193 Failed(4) indicates that the last attempted download 1194 failed, ordinarily due to TFTP or HTTP timeout." 1195 REFERENCE 1196 "DOCSIS RFI 1.0 Specification, Section 8.2., and 1197 DOCSIS RFI 1.1 Specification, Section 10.1. and 1198 DOCSIS RFI 2.0 Specification, Section 12.1." 1199 ::= { docsDevSoftware 4 } 1201 docsDevSwCurrentVers OBJECT-TYPE 1202 SYNTAX SnmpAdminString 1203 MAX-ACCESS read-only 1204 STATUS current 1205 DESCRIPTION 1206 "The software version currently operating in this device. 1207 This string's syntax is that used by the 1208 individual vendor to identify software versions. 1209 For a CM, this string will describe the current 1210 software load. For a CMTS, this object SHOULD contain 1211 either a human readable representation of the vendor 1212 specific designation of the software for the chassis, 1213 or of the software for the control processor. If 1214 neither of these is applicable, the value MUST be a 1215 zero-length string." 1216 ::= { docsDevSoftware 5 } 1218 docsDevSwServerAddressType OBJECT-TYPE 1219 SYNTAX InetAddressType 1220 MAX-ACCESS read-write 1221 STATUS current 1222 DESCRIPTION 1223 "The type of address of the TFTP or HTTP server used for 1224 software upgrades. 1226 If docsDevSwServerTransportProtocol is currently set to 1227 tftp(1), attempting to set this object to dns(16) MUST 1228 result in an error." 1229 ::= { docsDevSoftware 6 } 1231 docsDevSwServerAddress OBJECT-TYPE 1232 SYNTAX InetAddress 1233 MAX-ACCESS read-write 1234 STATUS current 1235 DESCRIPTION 1236 "The address of the TFTP or HTTP server used for software 1237 upgrades. 1239 If the TFTP/HTTP server is unknown, return the zero 1240 length address string (see the TextualConvention). 1242 If docsDevSwServer is also implemented in this agent, 1243 this object is tied to it. A set of this object to an 1244 IPv4 address will result in the value of docsDevSwServer 1245 also being set to that address. If this object is set 1246 to an IPv6 address, docsDevSwServer is set to 0.0.0.0. 1247 If docsDevSwServer is set, this object is also set to 1248 that value. Note that if both are set in the same 1249 action, the order of which one sets the other is 1250 undefined." 1251 ::= { docsDevSoftware 7 } 1253 docsDevSwServerTransportProtocol OBJECT-TYPE 1254 SYNTAX INTEGER { 1255 tftp(1), 1256 http(2) 1257 } 1258 MAX-ACCESS read-write 1259 STATUS current 1260 DESCRIPTION 1261 "This object specifies the transport protocol (TFTP or 1262 HTTP) to be used for software upgrades. 1264 If the value of this object is tftp(1), then the cable 1265 device uses TFTP (RFC 1350) read request packets to 1266 download the docsDevSwFilename from the 1267 docsDevSwServerAddress in octet mode. 1269 If the value of this object is http(2), then the cable 1270 device uses HTTP 1.0 (RFC 1945) or HTTP 1.1 (RFC 2616) 1271 GET requests sent to host docsDevSwServerAddress to 1272 download the software image from path docsDevSwFilename. 1274 If docsDevSwServerAddressType is currently set to 1275 dns(16), attempting to set this object to tftp(1) MUST 1276 result in an error." 1277 DEFVAL { tftp } 1278 ::= { docsDevSoftware 8 } 1280 -- 1281 -- The following group describes server access and parameters used 1282 -- for initial provisioning and bootstrapping. 1283 -- 1285 docsDevServer OBJECT IDENTIFIER ::= { docsDevMIBObjects 4 } 1287 docsDevServerBootState OBJECT-TYPE 1288 SYNTAX INTEGER { 1289 operational(1), 1290 disabled(2), 1291 waitingForDhcpOffer(3), 1292 waitingForDhcpResponse(4), 1293 waitingForTimeServer(5), 1294 waitingForTftp(6), 1295 refusedByCmts(7), 1296 forwardingDenied(8), 1297 other(9), 1298 unknown(10) 1299 } 1300 MAX-ACCESS read-only 1301 STATUS current 1302 DESCRIPTION 1303 "If operational(1), the device has completed loading and 1304 processing of configuration parameters and the CMTS has 1305 completed the Registration exchange. 1307 If disabled(2) then the device was administratively 1308 disabled, possibly by being refused network access in 1309 the configuration file. 1311 If waitingForDhcpOffer(3) then a Dynamic Host 1312 Configuration Protocol (DHCP) Discover has been 1313 transmitted and no offer has yet been received. 1315 If waitingForDhcpResponse(4) then a DHCP Request has 1316 been transmitted and no response has yet been received. 1318 If waitingForTimeServer(5) then a Time Request has been 1319 transmitted and no response has yet been received. 1321 If waitingForTftp(6) then a request to the TFTP 1322 parameter server has been made and no response received. 1324 If refusedByCmts(7) then the Registration 1325 Request/Response exchange with the CMTS failed. 1327 If forwardingDenied(8) then the registration process 1328 completed, but the network access option in the received 1329 configuration file prohibits forwarding. 1331 If other(9) then the registration process reached a 1332 point that does not fall into one of the above 1333 categories. 1335 If unknown(10) then the device has not yet begun the 1336 registration process, or is in some other indeterminant 1337 state." 1338 REFERENCE 1339 "DOCSIS RFI 1.0 Specification, Figure 7-1, and 1340 DOCSIS RFI 1.1 Specification, Figure 9-1 and 1341 DOCSIS RFI 2.0 Specification, Figure 11-1." 1342 ::= { docsDevServer 1 } 1344 docsDevServerDhcp OBJECT-TYPE 1345 SYNTAX IpAddress 1346 MAX-ACCESS read-only 1347 STATUS deprecated 1348 DESCRIPTION 1349 "The IP address of the DHCP server that assigned an IP 1350 address to this device. Returns 0.0.0.0 if DHCP is not 1351 used for IP address assignment, or if this agent is 1352 not assigned an IPv4 address. 1354 This object is deprecated and is replaced by 1355 docsDevServerDhcpAddress." 1356 ::= { docsDevServer 2 } 1358 docsDevServerTime OBJECT-TYPE 1359 SYNTAX IpAddress 1360 MAX-ACCESS read-only 1361 STATUS deprecated 1362 DESCRIPTION 1363 "The IP address of the Time server (RFC 0868). Returns 1364 0.0.0.0 if the time server IP address is unknown, or if 1365 the time server is not an IPv4 server. 1367 This object is deprecated and is replaced by 1368 docsDevServerTimeAddress." 1369 ::= { docsDevServer 3 } 1371 docsDevServerTftp OBJECT-TYPE 1372 SYNTAX IpAddress 1373 MAX-ACCESS read-only 1374 STATUS deprecated 1375 DESCRIPTION 1376 "The IP address of the TFTP server responsible for 1377 downloading provisioning and configuration parameters 1378 to this device. Returns 0.0.0.0 if the TFTP server 1379 address is unknown or is not an IPv4 address. 1381 This object is deprecated and is replaced by 1382 docsDevServerConfigTftpAddress." 1383 ::= { docsDevServer 4 } 1385 docsDevServerConfigFile OBJECT-TYPE 1386 SYNTAX SnmpAdminString 1387 MAX-ACCESS read-only 1388 STATUS current 1389 DESCRIPTION 1390 "The name of the device configuration file read from 1391 the TFTP server. Returns an zero-length string if 1392 the configuration file name is unknown." 1393 ::= { docsDevServer 5 } 1395 docsDevServerDhcpAddressType OBJECT-TYPE 1396 SYNTAX InetAddressType 1397 MAX-ACCESS read-only 1398 STATUS current 1399 DESCRIPTION 1400 "The type of address of docsDevServerDhcpAddress. If 1401 DHCP was not used, this value should return 1402 unknown(0)." 1403 ::= { docsDevServer 6 } 1405 docsDevServerDhcpAddress OBJECT-TYPE 1406 SYNTAX InetAddress 1407 MAX-ACCESS read-only 1408 STATUS current 1409 DESCRIPTION 1410 "The internet address of the DHCP server that assigned 1411 an IP address to this device. Returns the zero length 1412 octet string if DHCP was not used for IP address 1413 assignment." 1414 ::= { docsDevServer 7 } 1416 docsDevServerTimeAddressType OBJECT-TYPE 1417 SYNTAX InetAddressType 1418 MAX-ACCESS read-only 1419 STATUS current 1420 DESCRIPTION 1421 "The type of address of docsDevServerTimeAddress. If 1422 no time server exists, this value should return 1423 unknown(0)." 1425 ::= { docsDevServer 8 } 1427 docsDevServerTimeAddress OBJECT-TYPE 1428 SYNTAX InetAddress 1429 MAX-ACCESS read-only 1430 STATUS current 1431 DESCRIPTION 1432 "The Internet address of the RFC 868 Time server 1433 as provided by DHCP option 4. 1435 Note that if multiple values are provided to the 1436 CM in DHCP option 4, the value of this MIB object 1437 MUST be the Time server address from which the Time 1438 of Day reference was acquired based on the DOCSIS 1439 RFI specification. During the period of time where 1440 the Time of Day have not been acquired, the Time 1441 server address reported by the CM may report the 1442 first address value in the DHCP option value or the 1443 last server address the CM attempted to get the Time 1444 of day value. 1446 Returns the zero length octet string if the time server 1447 IP address is not provisioned." 1448 REFERENCE 1449 "DOCSIS RFI 1.1 Specification, Section 9.2.7. and 1450 DOCSIS RFI 2.0 Specification, Section 11.2.7." 1451 ::= { docsDevServer 9 } 1453 docsDevServerConfigTftpAddressType OBJECT-TYPE 1454 SYNTAX InetAddressType 1455 MAX-ACCESS read-only 1456 STATUS current 1457 DESCRIPTION 1458 "The type of address of docsDevServerConfigTftpAddress. 1459 If no TFTP server exists, this value should return 1460 unknown(0)." 1461 ::= { docsDevServer 10 } 1463 docsDevServerConfigTftpAddress OBJECT-TYPE 1464 SYNTAX InetAddress 1465 MAX-ACCESS read-only 1466 STATUS current 1467 DESCRIPTION 1468 "The internet address of the TFTP server responsible for 1469 downloading provisioning and configuration parameters 1470 to this device. Returns the zero length octet string if 1471 the config server address is unknown. There are certain 1472 security risks that are involved with using TFTP." 1474 REFERENCE 1475 "RFC 3617, Section 5" 1476 ::= { docsDevServer 11 } 1478 -- 1479 -- Event Reporting 1480 -- 1482 docsDevEvent OBJECT IDENTIFIER ::= { docsDevMIBObjects 5 } 1484 docsDevEvControl OBJECT-TYPE 1485 SYNTAX INTEGER { 1486 resetLog(1), 1487 useDefaultReporting(2) 1488 } 1489 MAX-ACCESS read-write 1490 STATUS current 1491 DESCRIPTION 1492 "Setting this object to resetLog(1) empties the event 1493 log. All data is deleted. Setting it to 1494 useDefaultReporting(2) returns all event priorities to 1495 their factory-default reporting. Reading this object 1496 always returns useDefaultReporting(2)." 1497 ::= { docsDevEvent 1 } 1499 docsDevEvSyslog OBJECT-TYPE 1500 SYNTAX IpAddress 1501 MAX-ACCESS read-write 1502 STATUS deprecated 1503 DESCRIPTION 1504 "The IP address of the Syslog server. If 0.0.0.0, either 1505 syslog transmission is inhibited, or the Syslog server 1506 address is not an IPv4 address. 1508 This object is deprecated and is replaced by 1509 docsDevEvSyslogAddress." 1510 ::= { docsDevEvent 2 } 1512 docsDevEvThrottleAdminStatus OBJECT-TYPE 1513 SYNTAX INTEGER { 1514 unconstrained(1), 1515 maintainBelowThreshold(2), 1516 stopAtThreshold(3), 1517 inhibited(4) 1518 } 1519 MAX-ACCESS read-write 1520 STATUS current 1521 DESCRIPTION 1522 "Controls the transmission of traps and syslog messages 1523 with respect to the trap pacing threshold. 1525 unconstrained(1) causes traps and syslog messages to be 1526 transmitted without regard to the threshold settings. 1528 maintainBelowThreshold(2) causes trap transmission and 1529 syslog messages to be suppressed if the number of traps 1530 would otherwise exceed the threshold. 1532 stopAtThreshold(3) causes trap transmission to cease at 1533 the threshold, and not resume until directed to do so. 1535 inhibited(4) causes all trap transmission and syslog 1536 messages to be suppressed. 1538 A single event is always treated as a single event for 1539 threshold counting. That is, an event causing both a 1540 trap and a syslog message is still treated as a single 1541 event. 1543 Writing to this object resets the thresholding state." 1544 DEFVAL { unconstrained } 1545 ::= { docsDevEvent 3 } 1547 docsDevEvThrottleInhibited OBJECT-TYPE 1548 SYNTAX TruthValue 1549 MAX-ACCESS read-only 1550 STATUS deprecated 1551 DESCRIPTION 1552 "If true(1), trap and syslog transmission is currently 1553 inhibited due to thresholds and/or the current setting 1554 of docsDevEvThrottleAdminStatus. In addition, this is 1555 true(1) when transmission is inhibited due to no 1556 syslog (docsDevEvSyslog) or trap (docsDevNmAccessEntry) 1557 destinations having been set. 1559 This object is deprecated and is replaced by 1560 docsDevEvThrottleThresholdExceeded." 1561 ::= { docsDevEvent 4 } 1563 docsDevEvThrottleThreshold OBJECT-TYPE 1564 SYNTAX Unsigned32 1565 UNITS "events" 1566 MAX-ACCESS read-write 1567 STATUS current 1568 DESCRIPTION 1569 "Number of events per docsDevEvThrottleInterval permitted 1570 before throttling is to occur. 1572 A single event, whether the notification could result in 1573 messages transmitted using syslog, SNMP, or both 1574 protocols, and regardless of the number of destinations, 1575 (including zero) is always treated as a single event for 1576 threshold counting. For example, an event causing both 1577 a trap and a syslog message is still treated as a single 1578 event. 1580 All system notifications that occur within the device 1581 should be taken into consideration when calculating 1582 and monitoring the threshold." 1583 DEFVAL { 0 } 1584 ::= { docsDevEvent 5 } 1586 docsDevEvThrottleInterval OBJECT-TYPE 1587 SYNTAX Integer32 (1..2147483647) 1588 UNITS "seconds" 1589 MAX-ACCESS read-write 1590 STATUS current 1591 DESCRIPTION 1592 "The interval over which docsDevEvThrottleThreshold 1593 applies." 1594 DEFVAL { 1 } 1595 ::= { docsDevEvent 6 } 1597 -- 1598 -- The following table controls the reporting of the various classes 1599 -- of events. 1600 -- 1602 docsDevEvControlTable OBJECT-TYPE 1603 SYNTAX SEQUENCE OF DocsDevEvControlEntry 1604 MAX-ACCESS not-accessible 1605 STATUS current 1606 DESCRIPTION 1607 "This table allows control of the reporting of event 1608 classes. For each event priority, a combination of 1609 logging and reporting mechanisms may be chosen. The 1610 mapping of event types to priorities is 1611 vendor-dependent. Vendors may also choose to allow 1612 the user to control that mapping through proprietary 1613 means. Table entries MUST persist across reboots for 1614 CMTS devices and MUST NOT persist across reboots for CM 1615 devices." 1616 ::= { docsDevEvent 7 } 1618 docsDevEvControlEntry OBJECT-TYPE 1619 SYNTAX DocsDevEvControlEntry 1620 MAX-ACCESS not-accessible 1621 STATUS current 1622 DESCRIPTION 1623 "Allows configuration of the reporting mechanisms for a 1624 particular event priority." 1625 INDEX { docsDevEvPriority } 1626 ::= { docsDevEvControlTable 1 } 1628 DocsDevEvControlEntry ::= SEQUENCE { 1629 docsDevEvPriority INTEGER, 1630 docsDevEvReporting BITS 1631 } 1633 docsDevEvPriority OBJECT-TYPE 1634 SYNTAX INTEGER { 1635 emergency(1), 1636 alert(2), 1637 critical(3), 1638 error(4), 1639 warning(5), 1640 notice(6), 1641 information(7), 1642 debug(8) 1643 } 1644 MAX-ACCESS not-accessible 1645 STATUS current 1646 DESCRIPTION 1647 "The priority level that is controlled by this 1648 entry. These are ordered from most (emergency) to least 1649 (debug) critical. Each event with a CM or CMTS has a 1650 particular priority level associated with it (as defined 1651 by the vendor). 1653 emergency(1) events indicate vendor-specific fatal 1654 hardware or software errors that prevent normal system 1655 operation. 1657 alert(2) events indicate a serious failure which causes 1658 the reporting system to reboot but is not caused by 1659 hardware or software malfunctioning. 1661 critical(3) events indicate a serious failure that 1662 requires attention and prevents the device from 1663 transmitting data but could be recovered without 1664 rebooting the system. 1666 error(4) and warning(5) events indicate a failure 1667 occurred that could interrupt the normal data flow but 1668 does not cause the device to re-register. 1670 notice(6) and information(7) events indicate a 1671 milestone or checkpoint in normal operation that could 1672 be of particular importance when troubleshooting. 1674 debug(8) events are reserved for vendor-specific 1675 events. 1677 During normal operation no event more 1678 critical than notice(6) should be generated. Events 1679 between warning and emergency should be generated at 1680 appropriate levels of problems (e.g. emergency when the 1681 box is about to crash)." 1682 ::= { docsDevEvControlEntry 1 } 1684 docsDevEvReporting OBJECT-TYPE 1685 SYNTAX BITS { 1686 local(0), 1687 traps(1), 1688 syslog(2), 1689 -- The following are extensions to the original set of 1690 -- labels. The extensions start at an octet boundary. So 1691 -- for bits 3-7, one MUST set them to zero on send and 1692 -- one MUST ignore them on receipt. 1693 localVolatile(8), 1694 stdInterface(9) 1695 } 1696 MAX-ACCESS read-write 1697 STATUS current 1698 DESCRIPTION 1699 "Defines the action to be taken on occurrence of this 1700 event class. Implementations may not necessarily 1701 support all options for all event classes, but at 1702 minimum must allow traps and syslogging to be 1703 disabled. 1705 If the local(0) bit is set, then log to the internal 1706 log and update non-volatile store, for backward 1707 compatibility with the original RFC 2669 definition. 1708 If the traps(1) bit is set, then generate 1709 an SNMP trap, and if the syslog(2) bit is set, then 1710 send a syslog message (assuming the syslog address 1711 is set). If the localVolatile(8) bit is set, then 1712 log to the internal log without updating non-volatile 1713 store. If the stdInterface(9) bit is set, then the 1714 agent ignores all other bits except the local(0), 1715 syslog(2) and localVolatile(8) bits. Setting the 1716 stdInterface(9) bit indicates that RFC3413 and 1717 RFC3014 are being used to control event reporting 1718 mechanisms." 1719 ::= { docsDevEvControlEntry 2 } 1721 docsDevEventTable OBJECT-TYPE 1722 SYNTAX SEQUENCE OF DocsDevEventEntry 1723 MAX-ACCESS not-accessible 1724 STATUS current 1725 DESCRIPTION 1726 "Contains a log of network and device events that may be 1727 of interest in fault isolation and troubleshooting. 1728 If the local(0) bit is set in docsDevEvReporting, 1729 entries in this table MUST persist across reboots." 1730 ::= { docsDevEvent 8 } 1732 docsDevEventEntry OBJECT-TYPE 1733 SYNTAX DocsDevEventEntry 1734 MAX-ACCESS not-accessible 1735 STATUS current 1736 DESCRIPTION 1737 "Describes a network or device event that may be of 1738 interest in fault isolation and troubleshooting. 1739 Multiple sequential identical events are represented by 1740 incrementing docsDevEvCounts and setting 1741 docsDevEvLastTime to the current time rather than 1742 creating multiple rows. 1744 Entries are created with the first occurrence of an 1745 event. docsDevEvControl can be used to clear the 1746 table. Individual events can not be deleted." 1747 INDEX { docsDevEvIndex } 1748 ::= { docsDevEventTable 1 } 1750 DocsDevEventEntry ::= SEQUENCE { 1751 docsDevEvIndex Integer32, 1752 docsDevEvFirstTime DateAndTime, 1753 docsDevEvLastTime DateAndTime, 1754 docsDevEvCounts Counter32, 1755 docsDevEvLevel INTEGER, 1756 docsDevEvId Unsigned32, 1757 docsDevEvText SnmpAdminString 1758 } 1760 docsDevEvIndex OBJECT-TYPE 1761 SYNTAX Integer32 (1..2147483647) 1762 MAX-ACCESS not-accessible 1763 STATUS current 1764 DESCRIPTION 1765 "Provides relative ordering of the objects in the event 1766 log. This object will always increase except when 1767 (a) the log is reset via docsDevEvControl, 1768 (b) the device reboots and does not implement 1769 non-volatile storage for this log, or (c) it reaches 1770 the value 2^31. The next entry for all the above 1771 cases is 1." 1772 ::= { docsDevEventEntry 1 } 1774 docsDevEvFirstTime OBJECT-TYPE 1775 SYNTAX DateAndTime 1776 MAX-ACCESS read-only 1777 STATUS current 1778 DESCRIPTION 1779 "The value of docsDevDateTime at the time this entry was 1780 created." 1781 ::= { docsDevEventEntry 2 } 1783 docsDevEvLastTime OBJECT-TYPE 1784 SYNTAX DateAndTime 1785 MAX-ACCESS read-only 1786 STATUS current 1787 DESCRIPTION 1788 "When an entry reports only one event, this object will 1789 have the same value as the corresponding instance of 1790 docsDevEvFirstTime. When an entry reports multiple 1791 events, this object will record the value that 1792 docsDevDateTime had when the most recent event for this 1793 entry occurred." 1794 ::= { docsDevEventEntry 3 } 1796 -- This object was renamed from docsDevEvCount to meet naming 1797 -- requirements for Counter32 1798 docsDevEvCounts OBJECT-TYPE 1799 SYNTAX Counter32 1800 UNITS "events" 1801 MAX-ACCESS read-only 1802 STATUS current 1803 DESCRIPTION 1804 "The number of consecutive event instances reported by 1805 this entry. This starts at 1 with the creation of this 1806 row and increments by 1 for each subsequent duplicate 1807 event." 1808 ::= { docsDevEventEntry 4 } 1810 docsDevEvLevel OBJECT-TYPE 1811 SYNTAX INTEGER { 1812 emergency(1), 1813 alert(2), 1814 critical(3), 1815 error(4), 1816 warning(5), 1817 notice(6), 1818 information(7), 1819 debug(8) 1820 } 1821 MAX-ACCESS read-only 1822 STATUS current 1823 DESCRIPTION 1824 "The priority level of this event as defined by the 1825 vendor. These are ordered from most serious (emergency) 1826 to least serious (debug). 1828 emergency(1) events indicate vendor-specific fatal 1829 hardware or software errors that prevent normal system 1830 operation. 1832 alert(2) events indicate a serious failure which causes 1833 the reporting system to reboot but is not caused by 1834 hardware or software malfunctioning. 1836 critical(3) events indicate a serious failure that 1837 requires attention and prevents the device from 1838 transmitting data but could be recovered without 1839 rebooting the system. 1841 error(4) and warning(5) events indicate a failure 1842 occurred that could interrupt the normal data flow but 1843 does not cause the device to re-register. 1845 notice(6) and information(7) events indicate a 1846 milestone or checkpoint in normal operation that could 1847 be of particular importance when troubleshooting. 1849 debug(8) events are reserved for vendor-specific 1850 events. 1852 During normal operation no event more 1853 critical than notice(6) should be generated. Events 1854 between warning and emergency should be generated at 1855 appropriate levels of problems (e.g. emergency when the 1856 box is about to crash)." 1857 ::= { docsDevEventEntry 5 } 1859 -- 1860 -- It is strongly recommended that implementors follow the CableLabs 1861 -- enumerations for docsDevEvId, per the DOCSIS OSSIv1.1 spec 1862 -- and follow-on specifications. 1863 -- 1865 docsDevEvId OBJECT-TYPE 1866 SYNTAX Unsigned32 1867 MAX-ACCESS read-only 1868 STATUS current 1869 DESCRIPTION 1870 "For this product, uniquely identifies the type of event 1871 that is reported by this entry." 1872 REFERENCE 1873 "DOCSIS OSSI 1.1 Specification, Appendix H and 1874 DOCSIS OSSI 2.0 Specification, Annex D." 1875 ::= { docsDevEventEntry 6 } 1877 docsDevEvText OBJECT-TYPE 1878 SYNTAX SnmpAdminString 1879 MAX-ACCESS read-only 1880 STATUS current 1881 DESCRIPTION 1882 "Provides a human-readable description of the event, 1883 including all relevant context (interface numbers, 1884 etc.)." 1885 ::= { docsDevEventEntry 7 } 1887 docsDevEvSyslogAddressType OBJECT-TYPE 1888 SYNTAX InetAddressType 1889 MAX-ACCESS read-write 1890 STATUS current 1891 DESCRIPTION 1892 "The type of address of docsDevEvSyslogAddress. If 1893 no syslog server exists, this value should return 1894 unknown(0)." 1895 DEFVAL { unknown } 1896 ::= { docsDevEvent 9 } 1898 docsDevEvSyslogAddress OBJECT-TYPE 1899 SYNTAX InetAddress 1900 MAX-ACCESS read-write 1901 STATUS current 1902 DESCRIPTION 1903 "The Internet address of the Syslog server as provided by 1904 DHCP option 7 or set via SNMP management. If the 1905 address of the server is set to any of the zero length 1906 string, the 0.0.0.0 IPv4 address or the 0: IPv6 address, 1907 Syslog transmission is inhibited. 1909 Note that if multiple values are provided to the CM in 1910 DHCP option 7, the value of this MIB object MUST be the 1911 first Syslog server address received. 1913 By default at agent boot, this object returns the zero 1914 length string." 1915 ::= { docsDevEvent 10 } 1917 docsDevEvThrottleThresholdExceeded OBJECT-TYPE 1918 SYNTAX TruthValue 1919 MAX-ACCESS read-only 1920 STATUS current 1921 DESCRIPTION 1922 "If true(1), trap and syslog transmission is currently 1923 inhibited due to exceeding the trap/syslog event 1924 threshold in the current interval." 1925 ::= { docsDevEvent 11 } 1927 -- 1928 -- Link Level Control Filtering 1929 -- 1931 docsDevFilter OBJECT IDENTIFIER ::= { docsDevMIBObjects 6 } 1933 docsDevFilterLLCUnmatchedAction OBJECT-TYPE 1934 SYNTAX INTEGER { 1935 discard(1), 1936 accept(2) 1937 } 1938 MAX-ACCESS read-write 1939 STATUS current 1940 DESCRIPTION 1941 "LLC (Link Level Control) filters can be defined on an 1942 inclusive or exclusive basis: CMs can be configured to 1943 forward only packets matching a set of layer three 1944 protocols, or to drop packets matching a set of layer 1945 three protocols. Typical use of these filters is to 1946 filter out possibly harmful (given the context of a 1947 large metropolitan LAN) protocols. 1949 If set to discard(1), any L2 packet which does not match 1950 at least one filter in the docsDevFilterLLCTable will be 1951 discarded. If set to accept(2), any L2 packet which 1952 does not match at least one filter in the 1953 docsDevFilterLLCTable will be accepted for further 1954 processing (e.g., bridging). In other words, if the 1955 packet does not match an entry in the table it takes 1956 this action, if it does match an entry in the table it 1957 takes the opposite of this action." 1958 DEFVAL { accept } 1959 ::= { docsDevFilter 1 } 1961 docsDevFilterLLCTable OBJECT-TYPE 1962 SYNTAX SEQUENCE OF DocsDevFilterLLCEntry 1963 MAX-ACCESS not-accessible 1964 STATUS current 1965 DESCRIPTION 1966 "A list of filters to apply to (bridged) LLC 1967 traffic. The filters in this table are applied to 1968 incoming traffic on the appropriate interface(s) prior 1969 to any further processing (e.g. before handing the 1970 packet off for level 3 processing, or for bridging). 1971 The specific action taken when no filter is matched is 1972 controlled by docsDevFilterLLCUnmatchedAction. Table 1973 entries MUST NOT persist across reboots for any device." 1974 ::= { docsDevFilter 2 } 1976 docsDevFilterLLCEntry OBJECT-TYPE 1977 SYNTAX DocsDevFilterLLCEntry 1978 MAX-ACCESS not-accessible 1979 STATUS current 1980 DESCRIPTION 1981 "Describes a single filter to apply to (bridged) LLC 1982 traffic received on a specified interface. " 1983 INDEX { docsDevFilterLLCIndex } 1984 ::= { docsDevFilterLLCTable 1 } 1986 DocsDevFilterLLCEntry ::= SEQUENCE { 1987 docsDevFilterLLCIndex Integer32, 1988 docsDevFilterLLCStatus RowStatus, 1989 docsDevFilterLLCIfIndex InterfaceIndexOrZero, 1990 docsDevFilterLLCProtocolType INTEGER, 1991 docsDevFilterLLCProtocol Integer32, 1992 docsDevFilterLLCMatches Counter32 1993 } 1995 docsDevFilterLLCIndex OBJECT-TYPE 1996 SYNTAX Integer32 (1..2147483647) 1997 MAX-ACCESS not-accessible 1998 STATUS current 1999 DESCRIPTION 2000 "Index used for the identification of filters (note that 2001 LLC filter order is irrelevant)." 2002 ::= { docsDevFilterLLCEntry 1 } 2004 docsDevFilterLLCStatus OBJECT-TYPE 2005 SYNTAX RowStatus 2006 MAX-ACCESS read-create 2007 STATUS current 2008 DESCRIPTION 2009 "Controls and reflects the status of rows in this 2010 table. There is no restriction on changing any of the 2011 associated columns for this row while this object is set 2012 to active. 2014 Specifying only this object (with the 2015 appropriate index) on a CM is sufficient to create a 2016 filter row which matches all inbound packets on the 2017 ethernet interface, and results in the packets being 2018 discarded. docsDevFilterLLCIfIndex (at least) must be 2019 specified on a CMTS to create a row." 2020 ::= { docsDevFilterLLCEntry 2} 2022 docsDevFilterLLCIfIndex OBJECT-TYPE 2023 SYNTAX InterfaceIndexOrZero 2024 MAX-ACCESS read-create 2025 STATUS current 2026 DESCRIPTION 2027 "The entry interface to which this filter applies. The 2028 value corresponds to ifIndex for either a CATV MAC or 2029 another network interface. If the value is zero, the 2030 filter applies to all interfaces. In Cable Modems, the 2031 default value is the customer side interface(s). In 2032 CMTSs, this object has to be specified to 2033 create a row in this table. 2035 Note that according to the DOCSIS OSSIv1.1 2036 specification, ifIndex '1' in the CM means that this 2037 row applies to all Cable Modem to CPE Interfaces 2038 (CMCI)." 2039 REFERENCE 2040 "DOCSIS OSSI 1.1 Specification, Section 3.3.4.1. and 2041 DOCSIS OSSI 2.0 Specification, Section 6.3.4.1." 2042 ::= { docsDevFilterLLCEntry 3 } 2044 docsDevFilterLLCProtocolType OBJECT-TYPE 2045 SYNTAX INTEGER { 2046 ethertype(1), 2047 dsap(2) 2048 } 2049 MAX-ACCESS read-create 2050 STATUS current 2051 DESCRIPTION 2052 "The format of the value in docsDevFilterLLCProtocol: 2053 either a two-byte Ethernet Ethertype, or a one-byte 2054 802.2 Service Access Point (SAP) value. ethertype(1) 2055 also applies to Standard Network Access Protocol 2056 (SNAP) encapsulated frames." 2057 DEFVAL { ethertype } 2058 ::= { docsDevFilterLLCEntry 4 } 2060 docsDevFilterLLCProtocol OBJECT-TYPE 2061 SYNTAX Integer32 (0..65535) 2062 MAX-ACCESS read-create 2063 STATUS current 2064 DESCRIPTION 2065 "The layer three protocol for which this filter applies. 2066 The protocol value format depends on 2067 docsDevFilterLLCProtocolType. Note that for SNAP 2068 frames, ethertype filtering is performed rather than 2069 Destination Service Access Point (DSAP) =0xAA." 2070 DEFVAL { 0 } 2071 ::= { docsDevFilterLLCEntry 5 } 2073 docsDevFilterLLCMatches OBJECT-TYPE 2074 SYNTAX Counter32 2075 UNITS "matches" 2076 MAX-ACCESS read-only 2077 STATUS current 2078 DESCRIPTION 2079 "Counts the number of times this filter was matched." 2080 ::= { docsDevFilterLLCEntry 6 } 2082 -- 2083 -- IPv4 Filtering 2084 -- 2086 docsDevFilterIpDefault OBJECT-TYPE 2087 SYNTAX INTEGER { 2088 discard(1), 2089 accept(2) 2090 } 2091 MAX-ACCESS read-write 2092 STATUS deprecated 2093 DESCRIPTION 2094 "The default behavior for (bridged) packets that do not 2095 match IP filters (nor Internet filters if implemented) 2096 is defined by docsDevFilterIpDefault. 2098 If set to discard(1), all packets not matching an IP 2099 filter in docsDevFilterIpTable will be discarded. If 2100 set to accept(2), all packets not matching an IP filter 2101 nor an Internet filter will be accepted for further 2102 processing (e.g., bridging)." 2103 DEFVAL { accept } 2104 ::= { docsDevFilter 3 } 2106 docsDevFilterIpTable OBJECT-TYPE 2107 SYNTAX SEQUENCE OF DocsDevFilterIpEntry 2108 MAX-ACCESS not-accessible 2109 STATUS deprecated 2110 DESCRIPTION 2111 "An ordered list of filters or classifiers to apply to 2112 IP traffic. Filter application is ordered by the filter 2113 index, rather than by a best match algorithm (Note that 2114 this implies that the filter table may have gaps in the 2115 index values). Packets which match no filters will have 2116 policy 0 in the docsDevFilterPolicyTable applied to 2117 them if it exists. Otherwise, Packets which match no 2118 filters are discarded or forwarded according to the 2119 setting of docsDevFilterIpDefault. 2121 Any IP packet can theoretically match multiple rows of 2122 this table. When considering a packet, the table is 2123 scanned in row index order (e.g. filter 10 is checked 2124 before filter 20). If the packet matches that filter 2125 (which means that it matches ALL criteria for that row), 2126 actions appropriate to docsDevFilterIpControl and 2127 docsDevFilterPolicyId are taken. If the packet was 2128 discarded processing is complete. If 2129 docsDevFilterIpContinue is set to true, the filter 2130 comparison continues with the next row in the table 2131 looking for additional matches. 2133 If the packet matches no filter in the table, the packet 2134 is accepted or dropped for further processing based on 2135 the setting of docsDevFilterIpDefault. If the packet is 2136 accepted, the actions specified by policy group 0 2137 (e.g. the rows in docsDevFilterPolicyTable which have a 2138 value of 0 for docsDevFilterPolicyId) are taken if that 2139 policy group exists. 2141 Logically, this table is consulted twice during the 2142 processing of any IP packet - once upon its acceptance 2143 from the L2 entity, and once upon its transmission to 2144 the L2 entity. In actuality, for cable modems, IP 2145 filtering is generally the only IP processing done for 2146 transit traffic. This means that inbound and outbound 2147 filtering can generally be done at the same time with 2148 one pass through the filter table. 2150 The objects in this table are only accessible from cable 2151 devices which are not operating in DiffServ MIB mode 2152 (RFC 3289). See the conformance section for details. 2154 Note that some devices are required by other 2155 specifications, e.g. the DOCSIS OSSIv1.1 specification, 2156 to support the legacy SNMPv1/v2c docsDevFilter mode 2157 for backward compatibility. 2159 Table entries MUST NOT persist across reboots for any 2160 device. 2162 This table is deprecated. Instead, use the DiffServ MIB 2163 from RFC 3289." 2164 ::= { docsDevFilter 4 } 2166 docsDevFilterIpEntry OBJECT-TYPE 2167 SYNTAX DocsDevFilterIpEntry 2168 MAX-ACCESS not-accessible 2169 STATUS deprecated 2170 DESCRIPTION 2171 "Describes a filter to apply to IP traffic received on a 2172 specified interface. All identity objects in this table 2173 (e.g. source and destination address/mask, protocol, 2174 source/dest port, TOS/mask, interface and direction) 2175 must match their respective fields in the packet for 2176 any given filter to match. 2178 To create an entry in this table, docsDevFilterIpIfIndex 2179 must be specified." 2180 INDEX { docsDevFilterIpIndex } 2181 ::= { docsDevFilterIpTable 1 } 2183 DocsDevFilterIpEntry ::= SEQUENCE { 2184 docsDevFilterIpIndex Integer32, 2185 docsDevFilterIpStatus RowStatus, 2186 docsDevFilterIpControl INTEGER, 2187 docsDevFilterIpIfIndex InterfaceIndexOrZero, 2188 docsDevFilterIpDirection INTEGER, 2189 docsDevFilterIpBroadcast TruthValue, 2190 docsDevFilterIpSaddr IpAddress, 2191 docsDevFilterIpSmask IpAddress, 2192 docsDevFilterIpDaddr IpAddress, 2193 docsDevFilterIpDmask IpAddress, 2194 docsDevFilterIpProtocol Integer32, 2195 docsDevFilterIpSourcePortLow Integer32, 2196 docsDevFilterIpSourcePortHigh Integer32, 2197 docsDevFilterIpDestPortLow Integer32, 2198 docsDevFilterIpDestPortHigh Integer32, 2199 docsDevFilterIpMatches ZeroBasedCounter32, 2200 docsDevFilterIpTos OCTET STRING, 2201 docsDevFilterIpTosMask OCTET STRING, 2202 docsDevFilterIpContinue TruthValue, 2203 docsDevFilterIpPolicyId Integer32 2204 } 2206 docsDevFilterIpIndex OBJECT-TYPE 2207 SYNTAX Integer32 (1..2147483647) 2208 MAX-ACCESS not-accessible 2209 STATUS deprecated 2210 DESCRIPTION 2211 "Index used to order the application of filters. 2212 The filter with the lowest index is always applied 2213 first." 2214 ::= { docsDevFilterIpEntry 1 } 2216 docsDevFilterIpStatus OBJECT-TYPE 2217 SYNTAX RowStatus 2218 MAX-ACCESS read-create 2219 STATUS deprecated 2220 DESCRIPTION 2221 "Controls and reflects the status of rows in this 2222 table. Specifying only this object (with the 2223 appropriate index) on a CM is sufficient to create a 2224 filter row which matches all inbound packets on the 2225 ethernet interface, and results in the packets being 2226 discarded. docsDevFilterIpIfIndex (at least) must be 2227 specified on a CMTS to create a row. Creation of the 2228 rows may be done via either create-and-wait or 2229 create-and-go, but the filter is not applied until this 2230 object is set to (or changes to) active. There is no 2231 restriction in changing any object in a row while this 2232 object is set to active." 2233 ::= { docsDevFilterIpEntry 2 } 2235 docsDevFilterIpControl OBJECT-TYPE 2236 SYNTAX INTEGER { 2237 discard(1), 2238 accept(2), 2239 policy(3) 2240 } 2241 MAX-ACCESS read-create 2242 STATUS deprecated 2243 DESCRIPTION 2244 "If set to discard(1), all packets matching this filter 2245 will be discarded and scanning of the remainder of the 2246 filter list will be aborted. If set to accept(2), all 2247 packets matching this filter will be accepted for 2248 further processing (e.g., bridging). If 2249 docsDevFilterIpContinue is set to true, see if there 2250 are other matches, otherwise done. If set to 2251 policy (3), execute the policy entries 2252 matched by docsDevFilterIpPolicyId in 2253 docsDevFilterPolicyTable. 2255 If docsDevFilterIpContinue is set to true, continue 2256 scanning the table for other matches, otherwise done." 2257 DEFVAL { discard } 2258 ::= { docsDevFilterIpEntry 3 } 2260 docsDevFilterIpIfIndex OBJECT-TYPE 2261 SYNTAX InterfaceIndexOrZero 2262 MAX-ACCESS read-create 2263 STATUS deprecated 2264 DESCRIPTION 2265 "The entry interface to which this filter applies. The 2266 value corresponds to ifIndex for either a CATV MAC or 2267 another interface. If the value is zero, the 2268 filter applies to all interfaces. Default value in CMs 2269 is the index of the customer-side (e.g. ethernet) 2270 interface(s). In CMTSes, this object MUST be 2271 specified to create a row in this table. 2273 Note that according to the DOCSIS OSSIv1.1 2274 specification, ifIndex '1' in the Cable Modem means 2275 that this row applies to all CMCI (customer-facing) 2276 interfaces." 2277 REFERENCE 2278 "DOCSIS OSSI 1.1 Specification, Section 3.3.4.1. and 2279 DOCSIS OSSI 2.0 Specification, Section 6.3.4.1." 2280 ::= { docsDevFilterIpEntry 4 } 2282 docsDevFilterIpDirection OBJECT-TYPE 2283 SYNTAX INTEGER { 2284 inbound(1), 2285 outbound(2), 2286 both(3) 2287 } 2288 MAX-ACCESS read-create 2289 STATUS deprecated 2290 DESCRIPTION 2291 "Determines whether the filter is applied to inbound(1) 2292 traffic, outbound(2) traffic, or traffic in both(3) 2293 directions." 2294 DEFVAL { inbound } 2295 ::= { docsDevFilterIpEntry 5 } 2297 docsDevFilterIpBroadcast OBJECT-TYPE 2298 SYNTAX TruthValue 2299 MAX-ACCESS read-create 2300 STATUS deprecated 2301 DESCRIPTION 2302 "If set to true(1), the filter only applies to multicast 2303 and broadcast traffic. If set to false(2), the filter 2304 applies to all traffic." 2305 DEFVAL { false } 2306 ::= { docsDevFilterIpEntry 6 } 2308 docsDevFilterIpSaddr OBJECT-TYPE 2309 SYNTAX IpAddress 2310 MAX-ACCESS read-create 2311 STATUS deprecated 2312 DESCRIPTION 2313 "The source IP address, or portion thereof, that is to be 2314 matched for this filter. The source address is first 2315 masked (and'ed) against docsDevFilterIpSmask before 2316 being compared to this value. A value of 0 for this 2317 object and 0 for the mask matches all IP addresses." 2318 DEFVAL { '00000000'h } 2319 ::= { docsDevFilterIpEntry 7 } 2321 docsDevFilterIpSmask OBJECT-TYPE 2322 SYNTAX IpAddress 2323 MAX-ACCESS read-create 2324 STATUS deprecated 2325 DESCRIPTION 2326 "A bit mask that is to be applied to the source address 2327 prior to matching. This mask is not necessarily the 2328 same as a subnet mask, but 1's bits must be leftmost and 2329 contiguous." 2330 DEFVAL { '00000000'h } 2331 ::= { docsDevFilterIpEntry 8 } 2333 docsDevFilterIpDaddr OBJECT-TYPE 2334 SYNTAX IpAddress 2335 MAX-ACCESS read-create 2336 STATUS deprecated 2337 DESCRIPTION 2338 "The destination IP address, or portion thereof, that is 2339 to be matched for this filter. The destination address 2340 is first masked (and'ed) against docsDevFilterIpDmask 2341 before being compared to this value. A value of 2342 00000000 for this object and 00000000 for the mask 2343 matches all IP addresses." 2344 DEFVAL { '00000000'h } 2345 ::= { docsDevFilterIpEntry 9 } 2347 docsDevFilterIpDmask OBJECT-TYPE 2348 SYNTAX IpAddress 2349 MAX-ACCESS read-create 2350 STATUS deprecated 2351 DESCRIPTION 2352 "A bit mask that is to be applied to the destination 2353 address prior to matching. This mask is not necessarily 2354 the same as a subnet mask, but 1's bits MUST be leftmost 2355 and contiguous." 2356 DEFVAL { '00000000'h } 2357 ::= { docsDevFilterIpEntry 10 } 2359 docsDevFilterIpProtocol OBJECT-TYPE 2360 SYNTAX Integer32 (0..256) 2361 MAX-ACCESS read-create 2362 STATUS deprecated 2363 DESCRIPTION 2364 "The IP protocol value that is to be matched. For 2365 example: icmp is 1, tcp is 6, udp is 17. A value of 2366 256 matches ANY protocol." 2367 REFERENCE "www.iana.org/assignments/protocol-numbers" 2368 DEFVAL { 256 } 2369 ::= { docsDevFilterIpEntry 11 } 2371 docsDevFilterIpSourcePortLow OBJECT-TYPE 2372 SYNTAX Integer32 (0..65535) 2373 MAX-ACCESS read-create 2374 STATUS deprecated 2375 DESCRIPTION 2376 "This is the inclusive lower bound of the transport-layer 2377 source port range that is to be matched. If the IP 2378 protocol of the packet is neither UDP nor TCP, this 2379 object is ignored during matching." 2380 REFERENCE "www.iana.org/assignments/port-numbers" 2381 DEFVAL { 0 } 2382 ::= { docsDevFilterIpEntry 12 } 2384 docsDevFilterIpSourcePortHigh OBJECT-TYPE 2385 SYNTAX Integer32 (0..65535) 2386 MAX-ACCESS read-create 2387 STATUS deprecated 2388 DESCRIPTION 2389 "This is the inclusive upper bound of the transport-layer 2390 source port range that is to be matched. If the IP 2391 protocol of the packet is neither UDP nor TCP, this 2392 object is ignored during matching." 2393 REFERENCE "www.iana.org/assignments/port-numbers" 2394 DEFVAL { 65535 } 2395 ::= { docsDevFilterIpEntry 13 } 2397 docsDevFilterIpDestPortLow OBJECT-TYPE 2398 SYNTAX Integer32 (0..65535) 2399 MAX-ACCESS read-create 2400 STATUS deprecated 2401 DESCRIPTION 2402 "This is the inclusive lower bound of the transport-layer 2403 destination port range that is to be matched. If the IP 2404 protocol of the packet is neither UDP nor TCP, this 2405 object is ignored during matching." 2406 REFERENCE "www.iana.org/assignments/port-numbers" 2407 DEFVAL { 0 } 2408 ::= { docsDevFilterIpEntry 14 } 2410 docsDevFilterIpDestPortHigh OBJECT-TYPE 2411 SYNTAX Integer32 (0..65535) 2412 MAX-ACCESS read-create 2413 STATUS deprecated 2414 DESCRIPTION 2415 "This is the inclusive upper bound of the transport-layer 2416 destination port range that is to be matched. If the IP 2417 protocol of the packet is neither UDP nor TCP, this 2418 object is ignored during matching." 2419 REFERENCE "www.iana.org/assignments/port-numbers" 2420 DEFVAL { 65535 } 2421 ::= { docsDevFilterIpEntry 15 } 2423 docsDevFilterIpMatches OBJECT-TYPE 2424 SYNTAX ZeroBasedCounter32 2425 UNITS "matches" 2426 MAX-ACCESS read-only 2427 STATUS deprecated 2428 DESCRIPTION 2429 "Counts the number of times this filter was matched. 2430 This object is initialized to 0 at boot, or at row 2431 creation, and is reset only upon reboot." 2432 ::= { docsDevFilterIpEntry 16 } 2434 docsDevFilterIpTos OBJECT-TYPE 2435 SYNTAX OCTET STRING (SIZE (1)) 2436 MAX-ACCESS read-create 2437 STATUS deprecated 2438 DESCRIPTION 2439 "This is the value to be matched to the packet's 2440 TOS (Type of Service) value (after the TOS value 2441 is AND'd with docsDevFilterIpTosMask). A value for this 2442 object of 0 and a mask of 0 matches all TOS values." 2443 DEFVAL { '00'h } 2444 ::= { docsDevFilterIpEntry 17 } 2446 docsDevFilterIpTosMask OBJECT-TYPE 2447 SYNTAX OCTET STRING (SIZE (1)) 2448 MAX-ACCESS read-create 2449 STATUS deprecated 2450 DESCRIPTION 2451 "The mask to be applied to the packet's TOS value before 2452 matching." 2453 DEFVAL { '00'h } 2454 ::= { docsDevFilterIpEntry 18 } 2456 docsDevFilterIpContinue OBJECT-TYPE 2457 SYNTAX TruthValue 2458 MAX-ACCESS read-create 2459 STATUS deprecated 2460 DESCRIPTION 2461 "If this value is set to true, and docsDevFilterIpControl 2462 is anything but discard (1), continue scanning and 2463 applying policies. See section 3.3.3 for more 2464 details." 2465 DEFVAL { false } 2466 ::= { docsDevFilterIpEntry 19 } 2468 docsDevFilterIpPolicyId OBJECT-TYPE 2469 SYNTAX Integer32 (0..2147483647) 2470 MAX-ACCESS read-create 2471 STATUS deprecated 2472 DESCRIPTION 2473 "This object points to an entry in 2474 docsDevFilterPolicyTable. If docsDevFilterIpControl 2475 is set to policy (3), execute all matching policies 2476 in docsDevFilterPolicyTable. If no matching policy 2477 exists, treat as if docsDevFilterIpControl were set 2478 to accept (1). If this object is set to the value of 2479 0, there is no matching policy, and 2480 docsDevFilterPolicyTable MUST NOT be consulted." 2481 DEFVAL { 0 } 2482 ::= { docsDevFilterIpEntry 20 } 2484 -- 2485 -- Policy Mapping Table 2486 -- 2488 docsDevFilterPolicyTable OBJECT-TYPE 2489 SYNTAX SEQUENCE OF DocsDevFilterPolicyEntry 2490 MAX-ACCESS not-accessible 2491 STATUS deprecated 2492 DESCRIPTION 2493 "A Table which maps between a policy group ID and a set 2494 of pointers to policies to be applied. All rows with 2495 the same docsDevFilterPolicyId are part of the same 2496 group of policy pointers, and are applied in the order 2497 in this table. docsDevFilterPolicyTable exists to 2498 allow multiple policy actions (referenced by policy 2499 pointers) to be applied to any given classified packet. 2500 The policy actions are applied in index order. 2501 For example: 2503 Index ID Type Action 2504 1 1 TOS 1 2505 9 5 TOS 1 2506 12 1 IPSEC 3 2508 This says that a packet which matches a filter with 2509 policy id 1, first has TOS policy 1 applied (which might 2510 set the TOS bits to enable a higher priority), and next 2511 has the IPSEC policy 3 applied (which may result in the 2512 packet being dumped into a secure VPN to a remote 2513 encryptor). 2515 Policy ID 0 is reserved for default actions and is 2516 applied only to packets which match no filters in 2517 docsDevFilterIpTable. 2519 Table entries MUST NOT persist across reboots for any 2520 device. 2522 This table is deprecated. Instead, use the DiffServ MIB 2523 from RFC 3289." 2524 ::= { docsDevFilter 5 } 2526 docsDevFilterPolicyEntry OBJECT-TYPE 2527 SYNTAX DocsDevFilterPolicyEntry 2528 MAX-ACCESS not-accessible 2529 STATUS deprecated 2530 DESCRIPTION 2531 "An entry in the docsDevFilterPolicyTable. Entries are 2532 created by Network Management. To create an entry, 2533 docsDevFilterPolicyId MUST be specified." 2534 INDEX { docsDevFilterPolicyIndex } 2535 ::= { docsDevFilterPolicyTable 1 } 2537 DocsDevFilterPolicyEntry ::= SEQUENCE { 2538 docsDevFilterPolicyIndex Integer32, 2539 docsDevFilterPolicyId Integer32, 2540 -- docsDevFilterPolicyType INTEGER, 2541 -- docsDevFilterPolicyAction Integer32, 2542 docsDevFilterPolicyStatus RowStatus, 2543 docsDevFilterPolicyPtr RowPointer 2544 } 2546 docsDevFilterPolicyIndex OBJECT-TYPE 2547 SYNTAX Integer32 (1..2147483647) 2548 MAX-ACCESS not-accessible 2549 STATUS deprecated 2550 DESCRIPTION "Index value for the table." 2551 ::= { docsDevFilterPolicyEntry 1 } 2553 docsDevFilterPolicyId OBJECT-TYPE 2554 SYNTAX Integer32 (0..2147483647) 2555 MAX-ACCESS read-create 2556 STATUS deprecated 2557 DESCRIPTION 2558 "Policy ID for this entry. A policy ID can apply to 2559 multiple rows of this table, all relevant policies are 2560 executed. Policy 0 (if populated) is applied to all 2561 packets which do not match any of the filters. N.B. If 2562 docsDevFilterIpPolicyId is set to 0, it DOES NOT match 2563 policy 0 of this table." 2564 ::= { docsDevFilterPolicyEntry 2 } 2566 -- The following two objects were removed and never used, however, 2567 -- to preserve OID numbering, they are simply commented out to 2568 -- to ensure that they are not used again. 2569 -- docsDevFilterPolicyType ::= { docsDevFilterPolicyEntry 3 } 2570 -- docsDevFilterPolicyAction ::= { docsDevFilterPolicyEntry 4 } 2572 docsDevFilterPolicyStatus OBJECT-TYPE 2573 SYNTAX RowStatus 2574 MAX-ACCESS read-create 2575 STATUS deprecated 2576 DESCRIPTION 2577 "Object used to create an entry in this table. There is 2578 no restriction in changing any object in a row while 2579 this object is set to active. 2581 The following object MUST have a valid value before this 2582 object can be set to active: docsDevFilterPolicyPtr." 2583 ::= { docsDevFilterPolicyEntry 5 } 2585 docsDevFilterPolicyPtr OBJECT-TYPE 2586 SYNTAX RowPointer 2587 MAX-ACCESS read-create 2588 STATUS deprecated 2589 DESCRIPTION 2590 "This object points to a row in an applicable filter 2591 policy table. Currently, the only standard policy 2592 table is docsDevFilterTosTable. 2594 Per the textual convention, this object points to the 2595 first accessible object in the row. E.g. to point to a 2596 row in docsDevFilterTosTable with an index of 21, the 2597 value of this object would be the object identifier 2598 docsDevTosStatus.21. 2600 Vendors are recommended to adhere to the same convention 2601 when adding vendor specific policy table extensions. 2603 If this pointer references an empty or non-existant 2604 row then no policy action is taken. 2606 The default upon row creation is a null pointer which 2607 results in no policy action being taken." 2608 DEFVAL { zeroDotZero } 2609 ::= { docsDevFilterPolicyEntry 6 } 2611 -- 2612 -- TOS Policy action table 2613 -- 2615 docsDevFilterTosTable OBJECT-TYPE 2616 SYNTAX SEQUENCE OF DocsDevFilterTosEntry 2617 MAX-ACCESS not-accessible 2618 STATUS deprecated 2619 DESCRIPTION 2620 "Table used to describe Type of Service (TOS) bits 2621 processing. 2623 This table is an adjunct to the docsDevFilterIpTable, 2624 and the docsDevFilterPolicy table. Entries in the 2625 latter table can point to specific rows in this (and 2626 other) tables and cause specific actions to be taken. 2627 This table permits the manipulation of the value of the 2628 Type of Service bits in the IP header of the matched 2629 packet as follows: 2631 Set the tosBits of the packet to 2632 (tosBits & docsDevFilterTosAndMask) | 2633 docsDevFilterTosOrMask 2635 This construct allows you to do a clear and set of all 2636 the TOS bits in a flexible manner. 2638 Table entries MUST NOT persist across reboots for any 2639 device. 2641 This table is deprecated. Instead, use the DiffServ MIB 2642 from RFC 3289." 2643 ::= { docsDevFilter 6 } 2645 docsDevFilterTosEntry OBJECT-TYPE 2646 SYNTAX DocsDevFilterTosEntry 2647 MAX-ACCESS not-accessible 2648 STATUS deprecated 2649 DESCRIPTION 2650 "A TOS policy entry." 2651 INDEX { docsDevFilterTosIndex } 2652 ::= { docsDevFilterTosTable 1 } 2654 DocsDevFilterTosEntry ::= SEQUENCE { 2655 docsDevFilterTosIndex Integer32, 2656 docsDevFilterTosStatus RowStatus, 2657 docsDevFilterTosAndMask OCTET STRING, 2658 docsDevFilterTosOrMask OCTET STRING 2659 } 2661 docsDevFilterTosIndex OBJECT-TYPE 2662 SYNTAX Integer32 (1..2147483647) 2663 MAX-ACCESS not-accessible 2664 STATUS deprecated 2665 DESCRIPTION 2666 "The unique index for this row. There are no ordering 2667 requirements for this table and any valid index may be 2668 specified." 2669 ::= { docsDevFilterTosEntry 1 } 2671 docsDevFilterTosStatus OBJECT-TYPE 2672 SYNTAX RowStatus 2673 MAX-ACCESS read-create 2674 STATUS deprecated 2675 DESCRIPTION 2676 "The object used to create and delete entries in this 2677 table. A row created by specifying just this object 2678 results in a row which specifies no change to the TOS 2679 bits. A row may be created using either the 2680 create-and-go or create-and-wait paradigms. There is 2681 no restriction on the ability to change values in this 2682 row while the row is active." 2683 ::= { docsDevFilterTosEntry 2 } 2685 docsDevFilterTosAndMask OBJECT-TYPE 2686 SYNTAX OCTET STRING (SIZE (1)) 2687 MAX-ACCESS read-create 2688 STATUS deprecated 2689 DESCRIPTION 2690 "This value is bitwise AND'd with the matched packet's 2691 TOS bits." 2692 DEFVAL { 'ff'h } 2693 ::= { docsDevFilterTosEntry 3 } 2695 docsDevFilterTosOrMask OBJECT-TYPE 2696 SYNTAX OCTET STRING (SIZE (1)) 2697 MAX-ACCESS read-create 2698 STATUS deprecated 2699 DESCRIPTION 2700 "This value is bitwise OR'd with the result from the 2701 AND procedure, (tosBits & docsDevFilterTosAndMask). 2702 The result then replaces the packet's TOS bits." 2703 DEFVAL { '00'h } 2704 ::= { docsDevFilterTosEntry 4 } 2706 -- 2707 -- CPE IP Management and anti spoofing group. Only implemented on 2708 -- Cable Modems. 2709 -- 2711 docsDevCpe OBJECT IDENTIFIER ::= { docsDevMIBObjects 7 } 2713 docsDevCpeEnroll OBJECT-TYPE 2714 SYNTAX INTEGER { 2715 none(1), 2716 any(2) 2717 } 2718 MAX-ACCESS read-write 2719 STATUS current 2720 DESCRIPTION 2721 "This object controls the population of 2722 docsDevFilterCpeTable. 2723 If set to none, the filters must be set manually 2724 by a network management action (either configuration 2725 or SNMP set). 2726 If set to any, the CM wiretaps the packets originating 2727 from the ethernet and enrolls up to docsDevCpeIpMax 2728 addresses based on the source IPv4 or v6 addresses of 2729 those packets." 2730 DEFVAL { any } 2731 ::= { docsDevCpe 1 } 2733 docsDevCpeIpMax OBJECT-TYPE 2734 SYNTAX Integer32 (-1..2147483647) 2735 MAX-ACCESS read-write 2736 STATUS current 2737 DESCRIPTION 2738 "This object controls the maximum number of CPEs allowed 2739 to be learned behind this device. If set to zero, any 2740 number of CPEs may connect up to the maximum permitted 2741 for the device. 2742 If set to -1, no filtering is done on CPE source 2743 addresses, and no entries are made in the 2744 docsDevFilterCpeTable via learning. If an attempt is 2745 made to set this to a number greater than that 2746 permitted for the device, it is set to that maximum." 2747 DEFVAL { -1 } 2748 ::= { docsDevCpe 2 } 2750 docsDevCpeTable OBJECT-TYPE 2751 SYNTAX SEQUENCE OF DocsDevCpeEntry 2752 MAX-ACCESS not-accessible 2753 STATUS deprecated 2754 DESCRIPTION 2755 "This table lists the IPv4 addresses seen (or permitted) 2756 as source addresses in packets originating from the 2757 customer interface on this device. In addition, this 2758 table can be provisioned with the specific addresses 2759 permitted for the CPEs via the normal row creation 2760 mechanisms. Table entries MUST NOT persist across 2761 reboots for any device. 2763 N.B. Management action can add entries in this table 2764 and in docsDevCpeIpTable past the value of 2765 docsDevCpeIpMax. docsDevCpeIpMax ONLY restricts the 2766 ability of the CM to automatically add learned 2767 addresses. 2769 This table is deprecated and is replaced by 2770 docsDevCpeInetTable." 2771 ::= { docsDevCpe 3 } 2773 docsDevCpeEntry OBJECT-TYPE 2774 SYNTAX DocsDevCpeEntry 2775 MAX-ACCESS not-accessible 2776 STATUS deprecated 2777 DESCRIPTION 2778 "An entry in the docsDevFilterCpeTable. There is one 2779 entry for each IPv4 CPE seen or provisioned. If 2780 docsDevCpeIpMax is set to -1, this table is ignored, 2781 otherwise: Upon receipt of an IP packet from the 2782 customer interface of the CM, the source IP address is 2783 checked against this table. If the address is in the 2784 table, packet processing continues. If the address is 2785 not in the table, but docsDevCpeEnroll is set to any 2786 and the sum of the table sizes of docsDevCpeTable and 2787 docsDevCpeInetTable is less than docsDevCpeIpMax, the 2788 address is added to the table and packet processing 2789 continues. Otherwise, the packet is dropped. 2791 The filtering actions specified by this table occur 2792 after any LLC filtering (docsDevFilterLLCTable), but 2793 prior to any IP filtering (docsDevFilterIpTable, 2794 docsDevNmAccessTable)." 2795 INDEX { docsDevCpeIp } 2796 ::= {docsDevCpeTable 1 } 2798 DocsDevCpeEntry ::= SEQUENCE { 2799 docsDevCpeIp IpAddress, 2800 docsDevCpeSource INTEGER, 2801 docsDevCpeStatus RowStatus 2802 } 2804 docsDevCpeIp OBJECT-TYPE 2805 SYNTAX IpAddress 2806 MAX-ACCESS not-accessible 2807 STATUS deprecated 2808 DESCRIPTION 2809 "The IPv4 address to which this entry applies. 2811 N.B. Attempts to set all zeros or all ones address 2812 values MUST be rejected." 2813 ::= { docsDevCpeEntry 1 } 2815 docsDevCpeSource OBJECT-TYPE 2816 SYNTAX INTEGER { 2817 other(1), 2818 manual(2), 2819 learned(3) 2820 } 2821 MAX-ACCESS read-only 2822 STATUS deprecated 2823 DESCRIPTION 2824 "This object describes how this entry was created. If 2825 the value is manual(2), this row was created by a 2826 network management action (either configuration or 2827 SNMP set). If set to learned(3), then it was found via 2828 looking at the source IPv4 address of a 2829 received packet. The value other(1) is used for any 2830 entries that do not meet manual(2) or learned(3) 2831 criteria." 2832 ::= { docsDevCpeEntry 2 } 2834 docsDevCpeStatus OBJECT-TYPE 2835 SYNTAX RowStatus 2836 MAX-ACCESS read-create 2837 STATUS deprecated 2838 DESCRIPTION 2839 "Standard object to manipulate rows. To create a row in 2840 this table, you only need to specify this object. 2841 Management stations SHOULD use the create-and-go 2842 mechanism for creating rows in this table." 2843 ::= { docsDevCpeEntry 3 } 2845 -- 2846 -- Internet CPE Management and anti spoofing group, for support of 2847 -- non-IPv4 CPEs. 2848 -- 2850 docsDevCpeInetTable OBJECT-TYPE 2851 SYNTAX SEQUENCE OF DocsDevCpeInetEntry 2852 MAX-ACCESS not-accessible 2853 STATUS current 2854 DESCRIPTION 2855 "This table lists the IP addresses seen (or permitted) as 2856 source addresses in packets originating from the 2857 customer interface on this device. In addition, this 2858 table can be provisioned with the specific addresses 2859 permitted for the CPEs via the normal row creation 2860 mechanisms. 2862 N.B. Management action can add entries in this table 2863 and in docsDevCpeIpTable past the value of 2864 docsDevCpeIpMax. docsDevCpeIpMax ONLY restricts the 2865 ability of the CM to automatically add learned 2866 addresses. 2868 Table entries MUST NOT persist across reboots for any 2869 device. 2871 This table exactly mirrors docsDevCpeTable and applies 2872 to IPv4 and IPv6 addresses." 2873 ::= { docsDevCpe 4 } 2875 docsDevCpeInetEntry OBJECT-TYPE 2876 SYNTAX DocsDevCpeInetEntry 2877 MAX-ACCESS not-accessible 2878 STATUS current 2879 DESCRIPTION 2880 "An entry in the docsDevFilterCpeInetTable. There is one 2881 entry for each IP CPE seen or provisioned. If 2882 docsDevCpeIpMax is set to -1, this table is ignored, 2883 otherwise: upon receipt of an IP packet from the 2884 customer interface of the CM, the source IP address is 2885 checked against this table. If the address is in the 2886 table, packet processing continues. If the address is 2887 not in the table, but docsDevCpeEnroll is set to any and 2888 the sum of the table sizes for docsDevCpeTable and 2889 docsDevCpeInetTable is less than docsDevCpeIpMax, the 2890 address is added to the table and packet processing 2891 continues. Otherwise, the packet is dropped. 2893 The filtering actions specified by this table occur 2894 after any LLC filtering (docsDevFilterLLCTable), but 2895 prior to any IP filtering (docsDevFilterIpTable, 2896 docsDevNmAccessTable). 2898 When an agent (cable modem) restarts, then all 2899 dynamically-created rows are lost." 2900 INDEX { docsDevCpeInetType, docsDevCpeInetAddr } 2901 ::= { docsDevCpeInetTable 1 } 2903 DocsDevCpeInetEntry ::= SEQUENCE { 2904 docsDevCpeInetType InetAddressType, 2905 docsDevCpeInetAddr InetAddress, 2906 docsDevCpeInetSource INTEGER, 2907 docsDevCpeInetRowStatus RowStatus 2908 } 2910 docsDevCpeInetType OBJECT-TYPE 2911 SYNTAX InetAddressType 2912 MAX-ACCESS not-accessible 2913 STATUS current 2914 DESCRIPTION 2915 "The type of internet address of docsDevCpeInetAddr." 2916 ::= { docsDevCpeInetEntry 1 } 2918 docsDevCpeInetAddr OBJECT-TYPE 2919 SYNTAX InetAddress 2920 MAX-ACCESS not-accessible 2921 STATUS current 2922 DESCRIPTION 2923 "The Internet address to which this entry applies. 2925 Implementors need to be aware that if the size of 2926 of docsDevCpeInetAddr exceeds 114 octets then 2927 OIDs of instances of columns in this row will have 2928 more than 128 sub-identifiers and cannot be accessed 2929 using SNMPv1, SNMPv2c, or SNMPv3. Only unicast 2930 address are allowed for this object." 2931 ::= { docsDevCpeInetEntry 2 } 2933 docsDevCpeInetSource OBJECT-TYPE 2934 SYNTAX INTEGER { 2935 manual(2), 2936 learned(3) 2937 } 2938 MAX-ACCESS read-only 2939 STATUS current 2940 DESCRIPTION 2941 "This object describes how this entry was created. If 2942 the value is manual(2), this row was created by a 2943 network management action (either configuration, or 2944 SNMP set). If set to learned(3), then it was found 2945 via looking at the source IP address of a received 2946 packet." 2947 ::= { docsDevCpeInetEntry 3 } 2949 docsDevCpeInetRowStatus OBJECT-TYPE 2950 SYNTAX RowStatus 2951 MAX-ACCESS read-create 2952 STATUS current 2953 DESCRIPTION 2954 "Standard object to manipulate rows. To create a row in 2955 this table, you only need to specify this object. 2956 Management stations SHOULD use the create-and-go 2957 mechanism for creating rows in this table." 2958 ::= { docsDevCpeInetEntry 4 } 2960 -- 2961 -- Placeholder for notifications/traps. 2962 -- 2964 -- erroneous, DO NOT USE docsDevNotification 2965 docsDevNotification OBJECT IDENTIFIER ::= { docsDev 2 } 2966 -- erroneous, DO NOT USE docsDevNotification 2968 docsDevNotifications OBJECT IDENTIFIER ::= { docsDev 0 } 2970 -- 2971 -- RFC 2669 Conformance definitions 2972 -- 2974 docsDevConformance OBJECT IDENTIFIER ::= { docsDev 3 } 2975 docsDevGroups OBJECT IDENTIFIER ::= { docsDevConformance 1 } 2976 docsDevCompliances OBJECT IDENTIFIER ::= { docsDevConformance 2 } 2978 docsDevBasicCompliance MODULE-COMPLIANCE 2979 STATUS deprecated 2980 DESCRIPTION 2981 "The RFC 2669 compliance statement for MCNS/DOCSIS 2982 Cable Modems and Cable Modem Termination Systems." 2984 MODULE -- docsDev 2986 -- conditionally mandatory groups 2988 GROUP docsDevBaseGroup 2989 DESCRIPTION 2990 "Mandatory in Cable Modems, optional in Cable Modem 2991 Termination Systems." 2993 GROUP docsDevEventGroup 2994 DESCRIPTION 2995 "Mandatory in Cable Modems, optional in Cable Modem 2996 Termination Systems." 2998 GROUP docsDevFilterGroup 2999 DESCRIPTION 3000 "Mandatory in Cable Modems, optional in Cable Modem 3001 Termination Systems." 3003 GROUP docsDevNmAccessGroup 3004 DESCRIPTION 3005 "This group is only implemented in devices which do not 3006 implement SNMPv3 User Security Model. It SHOULD NOT be 3007 implemented by SNMPv3 conformant devices. 3009 For devices which do not implement SNMPv3 or later, this 3010 group is Mandatory in Cable Modems and is optional 3011 in Cable Modem Termination Systems." 3013 GROUP docsDevServerGroup 3014 DESCRIPTION 3015 "This group is implemented only in Cable Modems and is 3016 not implemented in Cable Modem Termination Systems." 3018 GROUP docsDevSoftwareGroup 3019 DESCRIPTION 3020 "This group is Mandatory in Cable Modems and optional in 3021 Cable Modem Termination Systems." 3023 GROUP docsDevCpeGroup 3024 DESCRIPTION 3025 "This group is Mandatory in Cable Modems, and is 3026 not implemented in Cable Modem Termination Systems." 3028 OBJECT docsDevSTPControl 3029 MIN-ACCESS read-only 3030 DESCRIPTION 3031 "It is compliant to implement this object as read-only. 3032 Devices need only support noStFilterBpdu(2)." 3034 OBJECT docsDevNmAccessIp 3035 DESCRIPTION 3036 "It is compliant to recognize the IP address 3037 255.255.255.255 as referring to any NMS." 3039 OBJECT docsDevEvReporting 3040 MIN-ACCESS read-only 3041 DESCRIPTION 3042 "It is compliant to implement this object as read-only. 3043 Devices need only support local(0). An agent need not 3044 enforce that trap or syslog logging be accompanied 3045 by local(0) or localVolatile(3) logging." 3046 ::= { docsDevCompliances 1 } 3048 docsDevBaseGroup OBJECT-GROUP 3049 OBJECTS { 3050 docsDevRole, 3051 docsDevDateTime, 3052 docsDevResetNow, 3053 docsDevSerialNumber, 3054 docsDevSTPControl 3055 } 3056 STATUS current 3057 DESCRIPTION 3058 "A collection of objects providing device status and 3059 control." 3060 ::= { docsDevGroups 1 } 3062 docsDevNmAccessGroup OBJECT-GROUP 3063 OBJECTS { 3064 docsDevNmAccessIp, 3065 docsDevNmAccessIpMask, 3066 docsDevNmAccessCommunity, 3067 docsDevNmAccessControl, 3068 docsDevNmAccessInterfaces, 3069 docsDevNmAccessStatus 3070 } 3071 STATUS deprecated 3072 DESCRIPTION 3073 "A collection of objects for controlling access to SNMP 3074 objects on cable devices. 3076 This group has been deprecated because all of the 3077 objects have been deprecated in favor of SNMPv3 and 3078 Coexistence MIBs." 3079 ::= { docsDevGroups 2 } 3081 docsDevSoftwareGroup OBJECT-GROUP 3082 OBJECTS { 3083 docsDevSwServer, 3084 docsDevSwFilename, 3085 docsDevSwAdminStatus, 3086 docsDevSwOperStatus, 3087 docsDevSwCurrentVers 3088 } 3089 STATUS deprecated 3090 DESCRIPTION 3091 "A collection of objects for controlling software 3092 downloads. 3094 This group has been deprecated and replaced by 3095 docsDevSoftwareGroupV2. Object docsDevSwServer 3096 has been replaced by docsDevSwServerAddressType 3097 and docsDevSwServerAddress, and 3098 docsDevSwServerTransportProtocol has been added to 3099 support TFTP and HTTP firmware downloads." 3100 ::= { docsDevGroups 3 } 3102 docsDevServerGroup OBJECT-GROUP 3103 OBJECTS { 3104 docsDevServerBootState, 3105 docsDevServerDhcp, 3106 docsDevServerTime, 3107 docsDevServerTftp, 3108 docsDevServerConfigFile 3109 } 3110 STATUS deprecated 3111 DESCRIPTION 3112 "A collection of objects providing status about server 3113 provisioning. 3115 This group has been deprecated and replaced by 3116 docsDevServerGroupV2. Objects docsDevServerDhcp, 3117 docsDevServerTime, and docsDevServerTftp have 3118 been replaced by docsDevServerDhcpAddressType, 3119 docsDevServerDhcpAddress, docsDevServerTimeAddressType, 3120 docsDevServerTimeAddress, 3121 docsDevServerConfigTftpAddressType, and 3122 docsDevServerConfigTftpAddress." 3123 ::= { docsDevGroups 4 } 3125 docsDevEventGroup OBJECT-GROUP 3126 OBJECTS { 3127 docsDevEvControl, 3128 docsDevEvSyslog, 3129 docsDevEvThrottleAdminStatus, 3130 docsDevEvThrottleInhibited, 3131 docsDevEvThrottleThreshold, 3132 docsDevEvThrottleInterval, 3133 docsDevEvReporting, 3134 docsDevEvFirstTime, 3135 docsDevEvLastTime, 3136 docsDevEvCounts, 3137 docsDevEvLevel, 3138 docsDevEvId, 3139 docsDevEvText 3140 } 3141 STATUS deprecated 3142 DESCRIPTION 3143 "A collection of objects used to control and monitor 3144 events. 3146 This group has been deprecated and replaced by 3147 docsDevEventGroupV2. Object docsDevEvSyslog has been 3148 replaced by docsDevEvSyslogAddressType and 3149 docsDevEvSyslogAddress, and docsDevEvThrottleInhibited 3150 has been replaced by 3151 docsDevEvThrottleThresholdExceeded." 3152 ::= { docsDevGroups 5 } 3154 docsDevFilterGroup OBJECT-GROUP 3155 OBJECTS { 3156 docsDevFilterLLCUnmatchedAction, 3157 docsDevFilterIpDefault, 3158 docsDevFilterLLCStatus, 3159 docsDevFilterLLCIfIndex, 3160 docsDevFilterLLCProtocolType, 3161 docsDevFilterLLCProtocol, 3162 docsDevFilterLLCMatches, 3163 docsDevFilterIpControl, 3164 docsDevFilterIpIfIndex, 3165 docsDevFilterIpStatus, 3166 docsDevFilterIpDirection, 3167 docsDevFilterIpBroadcast, 3168 docsDevFilterIpSaddr, 3169 docsDevFilterIpSmask, 3170 docsDevFilterIpDaddr, 3171 docsDevFilterIpDmask, 3172 docsDevFilterIpProtocol, 3173 docsDevFilterIpSourcePortLow, 3174 docsDevFilterIpSourcePortHigh, 3175 docsDevFilterIpDestPortLow, 3176 docsDevFilterIpDestPortHigh, 3177 docsDevFilterIpMatches, 3178 docsDevFilterIpTos, 3179 docsDevFilterIpTosMask, 3180 docsDevFilterIpContinue, 3181 docsDevFilterIpPolicyId, 3182 docsDevFilterPolicyId, 3183 docsDevFilterPolicyStatus, 3184 docsDevFilterPolicyPtr, 3185 docsDevFilterTosStatus, 3186 docsDevFilterTosAndMask, 3187 docsDevFilterTosOrMask 3188 } 3189 STATUS deprecated 3190 DESCRIPTION 3191 "A collection of objects to specify filters at link layer 3192 and IPv4 layer. 3194 This group has been deprecated and replaced by various 3195 groups from the DiffServ MIB." 3196 ::= { docsDevGroups 6 } 3198 docsDevCpeGroup OBJECT-GROUP 3199 OBJECTS { 3200 docsDevCpeEnroll, 3201 docsDevCpeIpMax, 3202 docsDevCpeSource, 3203 docsDevCpeStatus 3204 } 3205 STATUS deprecated 3206 DESCRIPTION 3207 "A collection of objects used to control the number 3208 and specific values of IPv4 addresses allowed for 3209 associated Customer Premises Equipment (CPE). 3211 This group has been deprecated and replaced by 3212 docsDevInetCpeGroup. Object docsDevCpeSource has been 3213 replaced by docsDevCpeInetSource, and docsDevCpeStatus 3214 has been replaced by docsDevCpeInetRowStatus." 3215 ::= { docsDevGroups 7 } 3217 -- 3218 -- RFC XXXX Conformance definitions 3219 -- 3221 docsDevGroupsV2 OBJECT IDENTIFIER ::= { docsDevConformance 3 } 3222 docsDevCompliancesV2 OBJECT IDENTIFIER ::= { docsDevConformance 4 } 3224 docsDevCmCompliance MODULE-COMPLIANCE 3225 STATUS current 3226 DESCRIPTION 3227 "The compliance statement for DOCSIS Cable Modems. 3229 This compliance statement applies to implementations 3230 of DOCSIS versions which are not IPv6-capable." 3232 MODULE DIFFSERV-MIB -- RFC 3289 3234 MANDATORY-GROUPS { 3235 diffServMIBDataPathGroup, 3236 diffServMIBClfrGroup, 3237 diffServMIBClfrElementGroup, 3238 diffServMIBMultiFieldClfrGroup, 3239 diffServMIBActionGroup, 3240 diffServMIBDscpMarkActGroup, 3241 diffServMIBCounterGroup, 3242 diffServMIBAlgDropGroup 3243 } 3245 OBJECT diffServDataPathStatus -- same as RFC 3289 3246 SYNTAX RowStatus { active(1) } 3247 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) } 3248 DESCRIPTION 3249 "Support for createAndWait and notInService is not 3250 required." 3252 OBJECT diffServClfrStatus -- same as RFC 3289 3253 SYNTAX RowStatus { active(1) } 3254 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) } 3255 DESCRIPTION 3256 "Support for createAndWait and notInService is not 3257 required." 3259 OBJECT diffServClfrElementStatus -- same as RFC 3289 3260 SYNTAX RowStatus { active(1) } 3261 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) } 3262 DESCRIPTION 3263 "Support for createAndWait and notInService is not 3264 required." 3266 OBJECT diffServMultiFieldClfrAddrType 3267 SYNTAX InetAddressType { ipv4(1) } 3268 DESCRIPTION 3269 "An implementation is only required to support IPv4 3270 addresses." 3272 OBJECT diffServMultiFieldClfrSrcAddr 3273 SYNTAX InetAddress (SIZE(4)) 3274 DESCRIPTION 3275 "An implementation is only required to support IPv4 3276 addresses." 3278 OBJECT diffServMultiFieldClfrDstAddr 3279 SYNTAX InetAddress (SIZE(4)) 3280 DESCRIPTION 3281 "An implementation is only required to support IPv4 3282 addresses." 3284 OBJECT diffServAlgDropStatus -- same as RFC 3289 3285 SYNTAX RowStatus { active(1) } 3286 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) } 3287 DESCRIPTION 3288 "Support for createAndWait and notInService is not 3289 required." 3291 OBJECT diffServDataPathStorage 3292 SYNTAX StorageType { volatile(2) } 3293 DESCRIPTION 3294 "An implementation is only required to support 3295 volatile storage." 3297 OBJECT diffServClfrStorage 3298 SYNTAX StorageType { volatile(2) } 3299 DESCRIPTION 3300 "An implementation is only required to support 3301 volatile storage." 3303 OBJECT diffServClfrElementStorage 3304 SYNTAX StorageType { volatile(2) } 3305 DESCRIPTION 3306 "An implementation is only required to support 3307 volatile storage." 3309 OBJECT diffServMultiFieldClfrStorage 3310 SYNTAX StorageType { volatile(2) } 3311 DESCRIPTION 3312 "An implementation is only required to support 3313 volatile storage." 3315 OBJECT diffServActionStorage 3316 SYNTAX StorageType { volatile(2) } 3317 DESCRIPTION 3318 "An implementation is only required to support 3319 volatile storage." 3321 OBJECT diffServCountActStorage 3322 SYNTAX StorageType { volatile(2) } 3323 DESCRIPTION 3324 "An implementation is only required to support 3325 volatile storage." 3327 OBJECT diffServAlgDropStorage 3328 SYNTAX StorageType { volatile(2) } 3329 DESCRIPTION 3330 "An implementation is only required to support 3331 volatile storage." 3333 OBJECT diffServAlgDropType 3334 SYNTAX INTEGER { alwaysDrop(5) } 3335 DESCRIPTION 3336 "This object is only used to provide packet 3337 filtering. Implementations need not support other 3338 values of this enumeration." 3340 MODULE -- docsDev 3342 MANDATORY-GROUPS { 3343 docsDevBaseGroup, 3344 docsDevBaseIgmpGroup, 3345 docsDevBaseMaxCpeGroup, 3346 docsDevSoftwareGroupV2, 3347 docsDevServerGroupV2, 3348 docsDevEventGroupV2, 3349 docsDevFilterLLCGroup 3350 } 3352 -- conditionally mandatory groups 3354 GROUP docsDevInetCpeGroup 3355 DESCRIPTION 3356 "This group is optional in Cable Modems." 3358 OBJECT docsDevDateTime 3359 MIN-ACCESS read-only 3360 DESCRIPTION 3361 "It is compliant to implement this object as read-only." 3363 OBJECT docsDevSTPControl 3364 SYNTAX INTEGER { noStFilterBpdu(2) } 3365 MIN-ACCESS read-only 3366 DESCRIPTION 3367 "It is compliant to implement this object as read-only. 3368 Devices need only support noStFilterBpdu(2)." 3370 OBJECT docsDevIgmpModeControl 3371 SYNTAX INTEGER { passive(1) } 3372 MIN-ACCESS read-only 3373 DESCRIPTION 3374 "It is compliant to implement this object as read-only. 3375 Devices need only support passive(1)." 3377 OBJECT docsDevSwServerAddressType 3378 SYNTAX InetAddressType { ipv4(1) } 3379 DESCRIPTION 3380 "An implementation is only required to support IPv4 3381 addresses." 3383 OBJECT docsDevSwServerAddress 3384 SYNTAX InetAddress (SIZE(4)) 3385 DESCRIPTION 3386 "An implementation is only required to support IPv4 3387 addresses." 3389 OBJECT docsDevServerDhcpAddressType 3390 SYNTAX InetAddressType { ipv4(1) } 3391 DESCRIPTION 3392 "An implementation is only required to support IPv4 3393 addresses." 3395 OBJECT docsDevServerDhcpAddress 3396 SYNTAX InetAddress (SIZE(4)) 3397 DESCRIPTION 3398 "An implementation is only required to support IPv4 3399 addresses." 3401 OBJECT docsDevServerTimeAddressType 3402 SYNTAX InetAddressType { ipv4(1) } 3403 DESCRIPTION 3404 "An implementation is only required to support IPv4 3405 addresses." 3407 OBJECT docsDevServerTimeAddress 3408 SYNTAX InetAddress (SIZE(4)) 3409 DESCRIPTION 3410 "An implementation is only required to support IPv4 3411 addresses." 3413 OBJECT docsDevServerConfigTftpAddressType 3414 SYNTAX InetAddressType { ipv4(1) } 3415 DESCRIPTION 3416 "An implementation is only required to support IPv4 3417 addresses." 3419 OBJECT docsDevServerConfigTftpAddress 3420 SYNTAX InetAddress (SIZE(4)) 3421 DESCRIPTION 3422 "An implementation is only required to support IPv4 3423 addresses." 3425 OBJECT docsDevEvReporting 3426 MIN-ACCESS read-only 3427 DESCRIPTION 3428 "It is compliant to implement this object as read-only. 3429 Devices need only support local(0)." 3431 OBJECT docsDevEvSyslogAddressType 3432 SYNTAX InetAddressType { ipv4(1) } 3433 DESCRIPTION 3434 "An implementation is only required to support IPv4 3435 addresses." 3437 OBJECT docsDevEvSyslogAddress 3438 SYNTAX InetAddress (SIZE(4)) 3439 DESCRIPTION 3440 "An implementation is only required to support IPv4 3441 addresses." 3443 OBJECT docsDevSwServerTransportProtocol 3444 SYNTAX INTEGER { tftp(1) } 3445 DESCRIPTION 3446 "An implementation is only required to support TFTP 3447 software image downloads." 3449 ::= { docsDevCompliancesV2 1 } 3451 docsDevCmtsCompliance MODULE-COMPLIANCE 3452 STATUS current 3453 DESCRIPTION 3454 "The compliance statement for DOCSIS Cable Modem 3455 Termination Systems. 3457 This compliance statement applies to implementations 3458 of DOCSIS versions which are not IPv6-capable." 3460 MODULE -- docsDev 3462 -- conditionally mandatory groups 3464 GROUP docsDevBaseGroup 3465 DESCRIPTION 3466 "Optional in Cable Modem Termination Systems." 3468 GROUP docsDevBaseIgmpGroup 3469 DESCRIPTION 3470 "Optional in Cable Modem Termination Systems." 3472 GROUP docsDevBaseMaxCpeGroup 3473 DESCRIPTION 3474 "This group MUST NOT be implemented in Cable Modem 3475 Termination Systems." 3477 GROUP docsDevSoftwareGroupV2 3478 DESCRIPTION 3479 "Optional in Cable Modem Termination Systems." 3481 GROUP docsDevServerGroupV2 3482 DESCRIPTION 3483 "This group MUST NOT be implemented in Cable Modem 3484 Termination Systems." 3486 GROUP docsDevEventGroupV2 3487 DESCRIPTION 3488 "Optional in Cable Modem Termination Systems." 3490 GROUP docsDevFilterLLCGroup 3491 DESCRIPTION 3492 "This group MUST NOT be implemented in Cable Modem 3493 Termination Systems. See the Subscriber Management 3494 MIB for similar CMTS capability." 3496 GROUP docsDevInetCpeGroup 3497 DESCRIPTION 3498 "This group MUST NOT be implemented in Cable Modem 3499 Termination Systems. See the Subscriber Management 3500 MIB for similar CMTS capability." 3502 OBJECT docsDevDateTime 3503 MIN-ACCESS read-only 3504 DESCRIPTION 3505 "It is compliant to implement this object as read-only." 3507 OBJECT docsDevSTPControl 3508 SYNTAX INTEGER { noStFilterBpdu(2) } 3509 MIN-ACCESS read-only 3510 DESCRIPTION 3511 "It is compliant to implement this object as read-only. 3512 Devices need only support noStFilterBpdu(2)." 3514 OBJECT docsDevIgmpModeControl 3515 SYNTAX INTEGER { passive(1) } 3516 MIN-ACCESS read-only 3517 DESCRIPTION 3518 "It is compliant to implement this object as read-only. 3519 Devices need only support passive(1)." 3521 OBJECT docsDevSwServerAddressType 3522 SYNTAX InetAddressType { ipv4(1) } 3523 DESCRIPTION 3524 "An implementation is only required to support IPv4 3525 addresses." 3527 OBJECT docsDevSwServerAddress 3528 SYNTAX InetAddress (SIZE(4)) 3529 DESCRIPTION 3530 "An implementation is only required to support IPv4 3531 addresses." 3533 OBJECT docsDevEvReporting 3534 MIN-ACCESS read-only 3535 DESCRIPTION 3536 "It is compliant to implement this object as read-only. 3537 Devices need only support local(0)." 3539 OBJECT docsDevEvSyslogAddressType 3540 SYNTAX InetAddressType { ipv4(1) } 3541 DESCRIPTION 3542 "An implementation is only required to support IPv4 3543 addresses." 3545 OBJECT docsDevEvSyslogAddress 3546 SYNTAX InetAddress (SIZE(4)) 3547 DESCRIPTION 3548 "An implementation is only required to support IPv4 3549 addresses." 3551 OBJECT docsDevSwServerTransportProtocol 3552 SYNTAX INTEGER { tftp(1) } 3553 DESCRIPTION 3554 "An implementation is only required to support TFTP 3555 software image downloads." 3557 ::= { docsDevCompliancesV2 2 } 3559 docsDevBaseIgmpGroup OBJECT-GROUP 3560 OBJECTS { 3561 docsDevIgmpModeControl 3562 } 3563 STATUS current 3564 DESCRIPTION 3565 "An object providing cable device IGMP status and 3566 control." 3567 ::= { docsDevGroupsV2 1 } 3569 docsDevBaseMaxCpeGroup OBJECT-GROUP 3570 OBJECTS { 3571 docsDevMaxCpe 3572 } 3573 STATUS current 3574 DESCRIPTION 3575 "An object providing management of the maximum number of 3576 CPEs permitted access through a cable modem." 3577 ::= { docsDevGroupsV2 2 } 3579 docsDevNmAccessExtGroup OBJECT-GROUP 3580 OBJECTS { 3581 docsDevNmAccessTrapVersion 3582 } 3583 STATUS deprecated 3584 DESCRIPTION 3585 "An object, in addition to the objects in 3586 docsDevNmAccessGroup, for controlling access to 3587 SNMP objects on cable devices. 3589 This group is included in this MIB due to existing 3590 implementations of docsDevNmAccessTrapVersion in 3591 DOCSIS cable modems. 3593 This group has been deprecated because the object has 3594 been deprecated in favor of SNMPv3 and Coexistence 3595 MIBs." 3596 ::= { docsDevGroupsV2 3 } 3598 docsDevSoftwareGroupV2 OBJECT-GROUP 3599 OBJECTS { 3600 docsDevSwFilename, 3601 docsDevSwAdminStatus, 3602 docsDevSwOperStatus, 3603 docsDevSwCurrentVers, 3604 docsDevSwServerAddressType, 3605 docsDevSwServerAddress, 3606 docsDevSwServerTransportProtocol 3607 } 3608 STATUS current 3609 DESCRIPTION 3610 "A collection of objects for controlling software 3611 downloads. This group replaces docsDevSoftwareGroup." 3612 ::= { docsDevGroupsV2 4 } 3614 docsDevServerGroupV2 OBJECT-GROUP 3615 OBJECTS { 3616 docsDevServerBootState, 3617 docsDevServerDhcpAddressType, 3618 docsDevServerDhcpAddress, 3619 docsDevServerTimeAddressType, 3620 docsDevServerTimeAddress, 3621 docsDevServerConfigTftpAddressType, 3622 docsDevServerConfigTftpAddress, 3623 docsDevServerConfigFile 3624 } 3625 STATUS current 3626 DESCRIPTION 3627 "A collection of objects providing status about server 3628 provisioning. This group replaces docsDevServerGroup." 3629 ::= { docsDevGroupsV2 5 } 3631 docsDevEventGroupV2 OBJECT-GROUP 3632 OBJECTS { 3633 docsDevEvControl, 3634 docsDevEvThrottleAdminStatus, 3635 docsDevEvThrottleThreshold, 3636 docsDevEvThrottleInterval, 3637 docsDevEvReporting, 3638 docsDevEvFirstTime, 3639 docsDevEvLastTime, 3640 docsDevEvCounts, 3641 docsDevEvLevel, 3642 docsDevEvId, 3643 docsDevEvText, 3644 docsDevEvSyslogAddressType, 3645 docsDevEvSyslogAddress, 3646 docsDevEvThrottleThresholdExceeded 3647 } 3648 STATUS current 3649 DESCRIPTION 3650 "A collection of objects used to control and monitor 3651 events. This group replaces docsDevEventGroup. 3652 The event reporting mechanism, and more specifically 3653 docsDevEvReporting, can be used to take advantage of 3654 the event reporting features of RFC3413 and RFC3014." 3655 ::= { docsDevGroupsV2 6 } 3657 docsDevFilterLLCGroup OBJECT-GROUP 3658 OBJECTS { 3659 docsDevFilterLLCUnmatchedAction, 3660 docsDevFilterLLCStatus, 3661 docsDevFilterLLCIfIndex, 3662 docsDevFilterLLCProtocolType, 3663 docsDevFilterLLCProtocol, 3664 docsDevFilterLLCMatches 3665 } 3666 STATUS current 3667 DESCRIPTION 3668 "A collection of objects to specify link layer filters." 3669 ::= { docsDevGroupsV2 7 } 3671 docsDevInetCpeGroup OBJECT-GROUP 3672 OBJECTS { 3673 docsDevCpeEnroll, 3674 docsDevCpeIpMax, 3675 docsDevCpeInetSource, 3676 docsDevCpeInetRowStatus 3677 } 3678 STATUS current 3679 DESCRIPTION 3680 "A collection of objects used to control the number 3681 and specific values of Internet (e.g. IPv4 and IPv6) 3682 addresses allowed for associated Customer Premises 3683 Equipment (CPE)." 3684 ::= { docsDevGroupsV2 8 } 3686 END 3688 5. Acknowledgments 3690 This document is a production of the IPCDN Working Group, and is a 3691 revision of RFC 2669, "Cable Device Management Information Base for 3692 DOCSIS-compliant Cable Modems and Cable Modem Termination Systems" 3693 [RFC2669]. Mike StJohns and Guenter Roeck served well as the editors 3694 of previous versions of this MIB module. 3696 The editor specifically wishes to thank Howard Abramson, Eduardo 3697 Cardona, Andre Lejeune, Kevin Marez, Jean-Francois Mule, Greg 3698 Nakanishi, Pak Siripunkaw, Boris Tsekinovski, Randy Presuhn, Bert 3699 Wijnen and Bill Yost for their contributions to this document. 3701 5.1. Revision Descriptions 3703 This document contains the following revisions over RFC 2669: 3705 o All IPv4 address objects were either deprecated and replaced, or 3706 mirrored with IPv6 objects where appropriate, following the 3707 guidelines of RFC 4001 [RFC4001]. In particular, 3708 docsDevCpeInetTable was added, and the docsDevFilterGroup objects 3709 were deprecated in favor of the DiffServ MIB. 3711 o Objects which were obviated by SNMPv3 and the SNMP Coexistence 3712 MIBs have been deprecated, e.g. docsDevNmAccessTable. 3714 o A new object, docsDevIgmpModeControl, has been added to control 3715 passive versus active IGMP modem operation. 3717 o A new object, docsDevMaxCpe, has been added to report the maximum 3718 number of CPEs granted network access across the CM. 3720 o A new object, docsDevSwServerTransportProtocol, has been added to 3721 docsDevSoftware, and other object DESCRIPTIONs have been modified, 3722 to enable the use of either TFTP or HTTP for software downloads to 3723 the device. 3725 o A new object, docsDevEvThrottleThresholdExceeded, has been added 3726 to replace docsDevEvThrottleInhibited for simplification of event 3727 threshold management. 3729 o The docsDevEvReporting object has been modified to enable local 3730 logging to the internal volatile log, and not to the internal non- 3731 volatile log, 3733 o Minor updates to the description text have been made to a number 3734 of objects to clarify their meaning. 3736 o The compliance statements were updated to reflect current 3737 requirements (including making the docsDevCpe objects optional), 3738 and split between CM and CMTS devices. 3740 o Added text to indicate support of the SNMP Notification MIB 3741 [RFC3413] and Notification Log MIB [RFC3014] modules. 3743 6. Security Considerations 3745 This MIB module relates to a system which will provide metropolitan 3746 public internet access. As such, improper manipulation of the 3747 objects represented by this MIB module may result in denial of 3748 service to a large number of end-users. In addition, manipulation of 3749 the docsDevNmAccessTable, docsDevFilterLLCTable, 3750 docsDevFilterIpTable, docsDevFilterInetTable, and the elements of the 3751 docsDevCpe and docsDevCpeInetTable groups may allow an end-user to 3752 increase their service levels, spoof their IP addresses, change the 3753 permitted management stations, or affect other end-users in either a 3754 positive or negative manner. 3756 It is recommended that the implementers prevent the "tiny fragment" 3757 and "overlapping fragment" attacks for the IP filtering tables in 3758 this MIB module, as discussed in [RFC1858] and [RFC3128]. Prevention 3759 of these attacks can be implemented with the following rules, when 3760 TCP source and/or destination port filtering is enabled: 3762 o admit all packets with fragment offset >= 2 3764 o discard all packets with fragment offset = 1, or with fragment 3765 offset = 0 AND fragment payload length < 16. 3767 o apply filtering rules to all packets with fragment offset = 0. 3769 This MIB module does not affect confidentiality of services on a 3770 cable modem system. [BPI] and [BPIPLUS] specify the implementation 3771 of the DOCSIS Baseline Privacy and Baseline Privacy Plus mechanisms 3772 for data transmission confidentiality. 3774 There are a number of management objects defined in this MIB module 3775 with a MAX-ACCESS clause of read-write and/or read-create. Such 3776 objects may be considered sensitive or vulnerable in some network 3777 environments. The support for SET operations in a non-secure 3778 environment without proper protection can have a negative effect on 3779 network operations. These are the tables and objects and their 3780 sensitivity/vulnerability: 3782 o The use of docsDevNmAccessTable to specify management stations is 3783 considered to be only limited protection and does not protect 3784 against attacks which spoof the management station's IP address. 3785 The use of stronger mechanisms such as SNMPv3 security should be 3786 considered where possible. Specifically, SNMPv3 USM [RFC3414] and 3787 VACM [RFC3415] MUST be used with any v3 agent which implements 3788 this MIB module. 3790 o The CM may have its software changed by the actions of the 3791 management system using a combination of the following objects: 3792 docsDevSwServer, docsDevSwFilename, docsDevSwAdminStatus, 3793 docsDevSwServerAddressType, docsDevSwServerAddress, and 3794 docsDevSwServerTransportProtocol. An improper software download 3795 may result in substantial vulnerabilities and the loss of the 3796 ability of the management system to control the cable modem. A 3797 cable device SHOULD implement the code verification mechanisms of 3798 [BPIPLUS] to verify the source and integrity of downloaded 3799 software images. 3801 o The device may be reset by setting docsDevResetNow = true(1). 3802 This causes the device to reload its configuration files as well 3803 as eliminating all previous non-persistent network management 3804 settings. As such, this may provide a vector for attacking the 3805 system. 3807 o Setting docsDevEvThrottleAdminStatus = unconstrained(1) (which is 3808 also the DEFVAL) may cause flooding of traps, which can disrupt 3809 network service. Additionally, docsDevThrottleThreshold and 3810 docsDevThrottleInterval could also be set to high values that may 3811 cause a disruption in service. 3813 o Setting docsDevDateTime to an arbitrary (incorrect) value would 3814 merely cause the device to record incorrect timestamps on many 3815 events/actions that rely on this object for reporting. 3817 o Setting docsDevEvControl to resetLog(1) will delete any event log 3818 history and could potentially impact debugging/troubleshooting 3819 efforts. 3821 o Setting docsDevEvSyslog. 3823 o Setting docsDevEvReporting to enable syslog reporting, along with 3824 a redirect of the syslog server could allow access to sensitive 3825 information on network devices. Modifying docsDevEvSyslog, 3826 docsDevEvSyslogAddressType or docsDevEvSyslogAddress could allow a 3827 redirect of sensitive information. 3829 o Setting docsDevFilterLLCnmatchedAction or docsDevFilterIpDefault 3830 could cause significant changes to default traffic filtering on a 3831 device. 3833 o Setting docsDevCpeEnroll to any(2) could cause the 3834 docsDevFilterCPETable to be populated, which may not be the 3835 intended functionality. 3837 o Setting docsDevCpeIpMax to a value other than is intended by the 3838 MSO may allow a user to provision more devices than the MSO would 3839 like. 3841 o Setting values in the docsDevNmAccess table can potentially 3842 introduce a mechanism for users to use a local NMS device and 3843 manipulate other settings in the CM or CMTS. 3845 o Setting values in the docsDevFilterLLC and docsDevFilterIP tables 3846 can allow/deny access to certain devices that the MSO does not 3847 want. 3849 o Setting docsDevCpeStatus and docsDevCpeInetRowStatus may allow 3850 users to provision more/different devices than was intended by the 3851 MSO. 3853 Some of the readable objects in this MIB module (i.e., objects with a 3854 MAX-ACCESS other than not-accessible) may be considered sensitive or 3855 vulnerable in some network environments. It is thus important to 3856 control even GET access to these objects and possibly to even encrypt 3857 the values of these objects when sending them over the network via 3858 SNMP. These are the tables and objects and their sensitivity/ 3859 vulnerability: 3861 o Rows from docsDevNmAccessTable may provide sufficient information 3862 for attackers to spoof management stations which have management 3863 access to the device. 3865 o The docsDevSwCurrentVers object may provide hints as to the 3866 software vulnerabilities of the cable device. 3868 o The docsDevFilterLLCTable and docsDevFilterLLCTable may provide 3869 clues for attacking the cable device and other subscriber devices. 3871 SNMP versions prior to SNMPv3 did not include adequate security. 3872 Even if the network itself is secure (for example by using IPsec), 3873 even then, there is no control as to who on the secure network is 3874 allowed to access and GET/SET (read/change/create/delete) the objects 3875 in this MIB module. 3877 It is RECOMMENDED that implementers consider the security features as 3878 provided by the SNMPv3 framework (see [RFC3410], section 8), 3879 including full support for the SNMPv3 cryptographic mechanisms (for 3880 authentication and privacy). 3882 Further, deployment of SNMP versions prior to SNMPv3 is NOT 3883 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 3884 enable cryptographic security. It is then a customer/operator 3885 responsibility to ensure that the SNMP entity giving access to an 3886 instance of this MIB module, is properly configured to give access to 3887 the objects only to those principals (users) that have legitimate 3888 rights to indeed GET or SET (change/create/delete) them. 3890 7. IANA Considerations 3892 The MIB module defined in this document uses the following IANA- 3893 assigned OBJECT IDENTIFIER values recorded in the SMI Numbers 3894 registry: 3896 Descriptor OBJECT IDENTIFIER value 3897 ---------- ----------------------- 3898 docsDevMIB { mib-2 69 } 3900 8. References 3902 8.1. Normative References 3904 [BPI] SCTE Data Standards Subcommittee, "Data-Over-Cable Service 3905 Interface Specifications: DOCSIS 1.0 Baseline Privacy 3906 Interface Specification SCTE 22-2 2002", 2002, 3907 . 3909 [BPIPLUS] CableLabs, "Data-Over-Cable Service Interface 3910 Specifications: Baseline Privacy Plus Interface 3911 Specification CM-SP-BPI+_I12-050812", August 2005, 3912 . 3914 [ITU-T_J.112] 3915 ITU-T Recommendation J.112 (3/98), "Transmission Systems 3916 for Interactive Cable Television Services, J.112, 3917 International Telecommunications Union", March 1998, 3918 . 3920 [MTA-PROV] 3921 CableLabs, "PacketCable(TM) MTA Device Provisioning 3922 Specification PKT-SP-PROV-I11-050812", August 2005, 3923 . 3925 [OSSI1.0] SCTE Data Standards Subcommittee, "Data-Over-Cable Service 3926 Interface Specification: DOCSIS 1.0 Operations Support 3927 System Interface (OSSI), SCTE 22-3 2002", 2002, 3928 . 3930 [OSSI1.1] CableLabs, "Data-Over-Cable Service Interface 3931 Specifications: Operations Support System Interface 3932 Specification SP-OSSIv1.1-C01-050907", September 2005, 3933 . 3935 [OSSI2.0] CableLabs, "Data-Over-Cable Service Interface 3936 Specifications: Operations Support System Interface 3937 Specification SP-OSSIv2.0-I09-050812", August 2005, 3938 . 3940 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, 3941 RFC 1350, July 1992. 3943 [RFC1858] Ziemba, G., Reed, D., and P. Traina, "Security 3944 Considerations for IP Fragment Filtering", RFC 1858, 3945 October 1995. 3947 [RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext 3948 Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996. 3950 [RFC2021] Waldbusser, S., "Remote Network Monitoring Management 3951 Information Base Version 2 using SMIv2", RFC 2021, 3952 January 1997. 3954 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3955 Requirement Levels", BCP 14, RFC 2119, March 1997. 3957 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3958 Schoenwaelder, Ed., "Structure of Management Information 3959 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 3961 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3962 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 3963 STD 58, RFC 2579, April 1999. 3965 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 3966 "Conformance Statements for SMIv2", STD 58, RFC 2580, 3967 April 1999. 3969 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 3970 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 3971 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 3973 [RFC2669] St. Johns, M., "DOCSIS Cable Device MIB Cable Device 3974 Management Information Base for DOCSIS compliant Cable 3975 Modems and Cable Modem Termination Systems", RFC 2669, 3976 August 1999. 3978 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 3979 MIB", RFC 2863, June 2000. 3981 [RFC3014] Kavasseri, R., "Notification Log MIB", RFC 3014, 3982 November 2000. 3984 [RFC3128] Miller, I., "Protection Against a Variant of the Tiny 3985 Fragment Attack (RFC 1858)", RFC 3128, June 2001. 3987 [RFC3164] Lonvick, C., "The BSD Syslog Protocol", RFC 3164, 3988 August 2001. 3990 [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information 3991 Base for the Differentiated Services Architecture", 3992 RFC 3289, May 2002. 3994 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 3995 Architecture for Describing Simple Network Management 3996 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 3997 December 2002. 3999 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 4000 Management Protocol (SNMP) Applications", STD 62, 4001 RFC 3413, December 2002. 4003 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 4004 (USM) for version 3 of the Simple Network Management 4005 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 4007 [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 4008 Access Control Model (VACM) for the Simple Network 4009 Management Protocol (SNMP)", STD 62, RFC 3415, 4010 December 2002. 4012 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 4013 Simple Network Management Protocol (SNMP)", STD 62, 4014 RFC 3418, December 2002. 4016 [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, 4017 "Coexistence between Version 1, Version 2, and Version 3 4018 of the Internet-standard Network Management Framework", 4019 BCP 74, RFC 3584, August 2003. 4021 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and 4022 Applicability Statement for the Trivial File Transfer 4023 Protocol (TFTP)", RFC 3617, October 2003. 4025 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 4026 Schoenwaelder, "Textual Conventions for Internet Network 4027 Addresses", RFC 4001, February 2005. 4029 [RFI1.0] SCTE Data Standards Subcommittee, "Data-Over-Cable Service 4030 Interface Specifications: DOCSIS 1.0 Radio Frequency 4031 Interface Specification SCTE 22-1 2002", 2002, 4032 . 4034 [RFI1.1] CableLabs, "Data-Over-Cable Service Interface 4035 Specifications: Radio Frequency Interface Specification 4036 SP-RFIv1.1-C01-050907", September 2005, 4037 . 4039 [RFI2.0] CableLabs, "Data-Over-Cable Service Interface 4040 Specifications: Radio Frequency Interface Specification 4041 SP-RFI2.0-I09-050812", August 2005, 4042 . 4044 8.2. Informative References 4046 [I-D.ietf-ipcdn-docsisevent-mib] 4047 Ahmad, A., "Event Notification Management Information Base 4048 for DOCSIS Compliant Cable Modems and Cable Modem 4049 Termination Systems", draft-ietf-ipcdn-docsisevent-mib-06 4050 (work in progress), January 2005. 4052 [RFC1224] Steinberg, L., "Techniques for managing asynchronously 4053 generated alerts", RFC 1224, May 1991. 4055 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 4056 "Introduction and Applicability Statements for Internet- 4057 Standard Management Framework", RFC 3410, December 2002. 4059 [RFC4036] Sawyer, W., "Management Information Base for Data Over 4060 Cable Service Interface Specification (DOCSIS) Cable Modem 4061 Termination Systems for Subscriber Management", RFC 4036, 4062 April 2005. 4064 [RFC4323] Patrick, M. and W. Murwin, "Data Over Cable System 4065 Interface Specification Quality of Service Management 4066 Information Base (DOCSIS-QoS MIB)", RFC 4323, 4067 January 2006. 4069 Authors' Addresses 4071 Richard Woundy 4072 Comcast Cable Communications 4073 27 Industrial Avenue 4074 Chelmsford, MA 01824 4075 USA 4077 Phone: +1 978 244 4010 4078 Email: richard_woundy@cable.comcast.com 4080 Kevin Marez 4081 Motorola Corporation 4082 6450 Sequence Drive 4083 San Diego, CA 92121 4084 USA 4086 Phone: +1 858 404 3785 4087 Email: kevin.marez@motorola.com 4089 Intellectual Property Statement 4091 The IETF takes no position regarding the validity or scope of any 4092 Intellectual Property Rights or other rights that might be claimed to 4093 pertain to the implementation or use of the technology described in 4094 this document or the extent to which any license under such rights 4095 might or might not be available; nor does it represent that it has 4096 made any independent effort to identify any such rights. Information 4097 on the procedures with respect to rights in RFC documents can be 4098 found in BCP 78 and BCP 79. 4100 Copies of IPR disclosures made to the IETF Secretariat and any 4101 assurances of licenses to be made available, or the result of an 4102 attempt made to obtain a general license or permission for the use of 4103 such proprietary rights by implementers or users of this 4104 specification can be obtained from the IETF on-line IPR repository at 4105 http://www.ietf.org/ipr. 4107 The IETF invites any interested party to bring to its attention any 4108 copyrights, patents or patent applications, or other proprietary 4109 rights that may cover technology that may be required to implement 4110 this standard. Please address the information to the IETF at 4111 ietf-ipr@ietf.org. 4113 Disclaimer of Validity 4115 This document and the information contained herein are provided on an 4116 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 4117 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 4118 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 4119 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 4120 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 4121 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 4123 Copyright Statement 4125 Copyright (C) The Internet Society (2006). This document is subject 4126 to the rights, licenses and restrictions contained in BCP 78, and 4127 except as set forth therein, the authors retain all their rights. 4129 Acknowledgment 4131 Funding for the RFC Editor function is currently provided by the 4132 Internet Society.