idnits 2.17.1
draft-ietf-ipcdn-device-mibv2-11.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** It looks like you're using RFC 3978 boilerplate. You should update this
to the boilerplate described in the IETF Trust License Policy document
(see https://trustee.ietf.org/license-info), which is required now.
-- Found old boilerplate from RFC 3978, Section 5.1 on line 18.
-- Found old boilerplate from RFC 3978, Section 5.5 on line 4121.
-- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 4098.
-- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 4105.
-- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 4111.
** This document has an original RFC 3978 Section 5.4 Copyright Line,
instead of the newer IETF Trust Copyright according to RFC 4748.
** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
of the newer disclaimer which includes the IETF Trust according to RFC
4748.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
== No 'Intended status' indicated for this document; assuming Proposed
Standard
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
== There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses
in the document. If these are example addresses, they should be changed.
-- The abstract seems to indicate that this document obsoletes RFC2669, but
the header doesn't have an 'Obsoletes:' line to match this.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
match the current year
== The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but
does not include the phrase in its RFC 2119 key words list.
-- The document seems to lack a disclaimer for pre-RFC5378 work, but may
have content which was first submitted before 10 November 2008. If you
have contacted all the original authors and they are all willing to grant
the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
this comment. If not, you may need to add the pre-RFC5378 disclaimer.
(See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (March 1, 2006) is 6602 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
-- Possible downref: Non-RFC (?) normative reference: ref. 'BPI'
-- Possible downref: Non-RFC (?) normative reference: ref. 'BPIPLUS'
-- Possible downref: Non-RFC (?) normative reference: ref. 'MTA-PROV'
** Downref: Normative reference to an Informational RFC: RFC 1858
** Downref: Normative reference to an Informational RFC: RFC 1945
** Obsolete normative reference: RFC 2021 (Obsoleted by RFC 4502)
** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231,
RFC 7232, RFC 7233, RFC 7234, RFC 7235)
** Obsolete normative reference: RFC 2669 (Obsoleted by RFC 4639)
** Downref: Normative reference to an Informational RFC: RFC 3128
** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424)
** Downref: Normative reference to an Informational RFC: RFC 3617
-- No information found for draft-ietf-ipcdn-docsisevent-mib - is the name
correct?
Summary: 11 errors (**), 0 flaws (~~), 4 warnings (==), 12 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 IP over Cable Data Network Working R. Woundy
3 Group Comcast
4 Internet-Draft K. Marez
5 Expires: September 2, 2006 Motorola
6 March 1, 2006
8 Cable Device Management Information Base for Data-Over-Cable Service
9 Interface Specification Compliant Cable Modems and Cable Modem
10 Termination Systems
11 draft-ietf-ipcdn-device-mibv2-11
13 Status of this Memo
15 By submitting this Internet-Draft, each author represents that any
16 applicable patent or other IPR claims of which he or she is aware
17 have been or will be disclosed, and any of which he or she becomes
18 aware will be disclosed, in accordance with Section 6 of BCP 79.
20 Internet-Drafts are working documents of the Internet Engineering
21 Task Force (IETF), its areas, and its working groups. Note that
22 other groups may also distribute working documents as Internet-
23 Drafts.
25 Internet-Drafts are draft documents valid for a maximum of six months
26 and may be updated, replaced, or obsoleted by other documents at any
27 time. It is inappropriate to use Internet-Drafts as reference
28 material or to cite them other than as "work in progress."
30 The list of current Internet-Drafts can be accessed at
31 http://www.ietf.org/ietf/1id-abstracts.txt.
33 The list of Internet-Draft Shadow Directories can be accessed at
34 http://www.ietf.org/shadow.html.
36 This Internet-Draft will expire on September 2, 2006.
38 Copyright Notice
40 Copyright (C) The Internet Society (2006).
42 Abstract
44 This memo is a revision of the standards track RFC 2669. Please see
45 "Revision Descriptions" below for a description of changes. This
46 document obsoletes RFC 2669.
48 This memo defines a portion of the Management Information Base (MIB)
49 for use with network management protocols in the Internet community.
50 In particular, it defines a basic set of managed objects for SNMP-
51 based management of DOCSIS-compliant Cable Modems and Cable Modem
52 Termination Systems.
54 This memo is a product of the IPCDN working group within the Internet
55 Engineering Task Force. Comments are solicited and should be
56 addressed to the working group's mailing list at ipcdn@ietf.org
57 and/or the author.
59 Table of Contents
61 1. The Internet-Standard Management Framework . . . . . . . . . . 4
62 2. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
63 2.1. CATV . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
64 2.2. CM or Cable Modem . . . . . . . . . . . . . . . . . . . . 5
65 2.3. CMTS or Cable Modem Termination System . . . . . . . . . . 5
66 2.4. DOCSIS or Data-Over-Cable Service Interface
67 Specification . . . . . . . . . . . . . . . . . . . . . . 5
68 2.5. Downstream . . . . . . . . . . . . . . . . . . . . . . . . 5
69 2.6. Head-end . . . . . . . . . . . . . . . . . . . . . . . . . 5
70 2.7. Media Access Control (MAC) Packet . . . . . . . . . . . . 5
71 2.8. RF . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
72 2.9. Simple Network Management Protocol (SNMP) . . . . . . . . 6
73 2.10. Upstream . . . . . . . . . . . . . . . . . . . . . . . . . 6
74 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 7
75 3.1. Structure of the MIB . . . . . . . . . . . . . . . . . . . 7
76 3.1.1. IMPORTed MIB Modules and REFERENCE Clauses . . . . . . 8
77 3.1.2. Persistence Model for Cable Modems . . . . . . . . . . 8
78 3.1.3. IPv4 Compliance . . . . . . . . . . . . . . . . . . . 9
79 3.2. Management requirements . . . . . . . . . . . . . . . . . 9
80 3.2.1. Handling of Software upgrades . . . . . . . . . . . . 9
81 3.2.2. Events and Notifications . . . . . . . . . . . . . . . 10
82 3.2.3. Notification Throttling . . . . . . . . . . . . . . . 10
83 3.3. Protocol Filters . . . . . . . . . . . . . . . . . . . . . 11
84 3.3.1. Inbound LLC Filters - docsDevFilterLLCTable . . . . . 12
85 3.3.2. Special Filters . . . . . . . . . . . . . . . . . . . 13
86 3.3.3. IP Filtering - docsDevFilterIpTable . . . . . . . . . 14
87 3.3.4. Outbound LLC Filters . . . . . . . . . . . . . . . . . 15
88 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 16
89 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 81
90 5.1. Revision Descriptions . . . . . . . . . . . . . . . . . . 81
91 6. Security Considerations . . . . . . . . . . . . . . . . . . . 83
92 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 87
93 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 88
94 8.1. Normative References . . . . . . . . . . . . . . . . . . . 88
95 8.2. Informative References . . . . . . . . . . . . . . . . . . 91
97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 92
98 Intellectual Property and Copyright Statements . . . . . . . . . . 93
100 1. The Internet-Standard Management Framework
102 For a detailed overview of the documents that describe the current
103 Internet-Standard Management Framework, please refer to section 7 of
104 RFC 3410 [RFC3410].
106 Managed objects are accessed via a virtual information store, termed
107 the Management Information Base or MIB. MIB objects are generally
108 accessed through the Simple Network Management Protocol (SNMP).
109 Objects in the MIB are defined using the mechanisms defined in the
110 Structure of Management Information (SMI). This memo specifies a MIB
111 module that is compliant to the SMIv2, which is described in STD 58,
112 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
113 [RFC2580].
115 2. Glossary
117 The terms in this document are derived either from normal cable
118 system usage, or from the documents associated with the Data-Over-
119 Cable Service Interface Specification (DOCSIS) process.
121 2.1. CATV
123 Originally "Community Antenna Television", now used to refer to any
124 cable or hybrid fiber and cable system used to deliver video signals
125 to a community.
127 2.2. CM or Cable Modem
129 A CM acts as a "slave" station in a DOCSIS-compliant cable data
130 system.
132 2.3. CMTS or Cable Modem Termination System
134 A generic term covering a cable bridge or cable router in a head-end.
135 A CMTS acts as the master station in a DOCSIS-compliant cable data
136 system. It is the only station that transmits downstream, and it
137 controls the scheduling of upstream transmissions by its associated
138 CMs.
140 2.4. DOCSIS or Data-Over-Cable Service Interface Specification
142 "Data-Over-Cable Service Interface Specification". A term referring
143 to the ITU-T Recommendation J.112 [ITU-T_J.112] Annex B standard for
144 cable modem systems. [RFI1.0] [RFI1.1] [RFI2.0]
146 2.5. Downstream
148 The direction from the head-end towards the subscriber.
150 2.6. Head-end
152 The origination point in most cable systems of the subscriber video
153 signals. Generally also the location of the CMTS equipment.
155 2.7. Media Access Control (MAC) Packet
157 A DOCSIS Packet Data Unit.
159 2.8. RF
161 Radio Frequency.
163 2.9. Simple Network Management Protocol (SNMP)
165 Protocol used for network access to Management Information Base (MIB)
166 objects. The three most commonly used versions are Version 1
167 (SNMPv1), Version 2 (SNMPv2c) and Version 3 (SNMPv3).
169 2.10. Upstream
171 The direction from the subscriber towards the head-end.
173 3. Introduction
175 This MIB module provides a set of objects required for the management
176 of DOCSIS-compliant Cable Modems (CM) and Cable Modem Termination
177 Systems (CMTS). The specification is derived from the DOCSIS Radio
178 Frequency Interface specification [RFI1.0]. Please note that the
179 DOCSIS 1.0 standard only required Cable Modems to implement SNMPv1
180 and to process Internet Protocol Version 4 (IPv4) customer traffic.
181 Design choices in the original version of this MIB module reflected
182 those requirements. DOCSIS 1.1 [RFI1.1] and DOCSIS 2.0 [RFI2.0]
183 require support for SNMPv3, as well as SNMPv1 and SNMPv2c, and the
184 changes in this MIB module over the previous proposed standard
185 version reflect those additional requirements.
187 Future versions of DOCSIS are expected to require support for
188 Internet Protocol Version 6 (IPv6) as both a Customer Premise
189 Equipment (CPE) protocol and one supported by the network elements of
190 the DOCSIS CMTS/CM system.
192 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
193 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
194 document are to be interpreted as described in [RFC2119].
196 3.1. Structure of the MIB
198 This MIB module is structured into seven components. A component
199 contains one or more MIB groups related by deprecation or logical
200 extension.
202 o The docsDevBaseGroup extends the MIB-II 'system' group of RFC3418
203 [RFC3418] with objects needed for cable device system management.
204 Related to this group is the docsDevBaseIgmpGroup (enabling
205 Internet Group Management Protocol (IGMP) status and control) and
206 the docsDevBaseMaxCpeGroup (managing the maximum number of CPEs
207 permitted access through the cable modem).
209 o The docsDevNmAccessGroup and the docsDevNmAccessExtGroup provide a
210 minimum level of SNMP access security (see Section 2.7 of
211 [OSSI1.0], section 2 of [OSSI1.1], and section 5 of [OSSI2.0]).
212 With the completion of the SNMP coexistence document, RFC 3584
213 [RFC3584], these groups have been deprecated in this version of
214 the MIB.
216 o The docsDevSoftwareGroup, updated by the docsDevSoftwareGroupV2,
217 provides information for network-downloadable software upgrades.
218 See "Handling of Software Upgrades" below.
220 o The docsDevServerGroup, updated by the docsDevServerGroupV2,
221 provides information about the progress of the interaction between
222 the CM or CMTS and various provisioning servers.
224 o The docsDevEventGroup, updated by the docsDevEventGroupV2,
225 provides control and logging for event reporting. With the
226 addition of the SNMP Notification MIB, RFC 3413 [RFC3413], and
227 Notification Log MIB, RFC 3014 [RFC3014], which cover event
228 reporting, the objects in this MIB module have been modified to
229 allow for the usage of these RFCs.
231 o The docsDevFilterGroup configures filters at link layer and IP
232 layer for bridged data traffic. This group has been deprecated in
233 this version of the MIB in favor of the docsDevFilterLLCGroup, and
234 by groups from the Differentiated Services MIB [RFC3289] --
235 specifically the groups representing the Data Path, Classifier,
236 and Actions tables from that MIB.
238 o The docsDevCpeGroup, updated by the docsDevInetCpeGroup, provides
239 control over which IP addresses may be used by CPEs (e.g. PCs)
240 serviced by a given cable modem. This provides anti-spoofing
241 control at the point of origin for a large cable modem system.
242 This group is separate from docsDevFilter primarily as this group
243 is only implemented on the Cable Modem (CM) and MUST NOT be
244 implemented on the Cable Modem Termination System (CMTS).
246 3.1.1. IMPORTed MIB Modules and REFERENCE Clauses
248 This MIB module IMPORTs definitions normatively from the following
249 MIB modules, beyond [RFC2578], [RFC2579] and [RFC2580]: INET-ADDRESS-
250 MIB [RFC4001], SNMP-FRAMEWORK-MIB [RFC3411], IF-MIB [RFC2863], RMON2-
251 MIB [RFC2021], and DIFFSERV-MIB [RFC3289].
253 This MIB module also includes REFERENCE clauses that normatively
254 refer to [RFC3617], [RFI1.0], [RFI1.1], [RFI2.0], [OSSI1.1], and
255 [OSSI2.0].
257 3.1.2. Persistence Model for Cable Modems
259 Most of the tables in this MIB module (e.g. docsDevNmAccessTable,
260 docsDevFilterLLCTable) are specified not to persist objects across
261 reboots.
263 The expectation (and current operational practice) is that upon
264 reboot, these tables are cleared and repopulated from the DOCSIS
265 configuration file supplied by the cable operator. This approach
266 enables a cable modem to adapt to the current cable operator's
267 environment, which in turn enables cable modem portability across
268 different cable operators.
270 A notable exception to the persistence model is docsDevEventTable,
271 since it is useful to maintain a record of events across reboots for
272 debugging purposes.
274 3.1.3. IPv4 Compliance
276 Please note that the compliance statements in this version of the MIB
277 module require support only for IPv4 addresses. That is because the
278 current version of the DOCSIS protocols (1.0, 1.1, and 2.0) are not
279 IPv6-capable. Although support for IPv6 will require changes to the
280 DOCSIS protocols, it is expected that the only changes needed to the
281 MIB module itself will be the addition of new compliance statements
282 that mandate support for IPv6 addresses.
284 3.2. Management requirements
286 3.2.1. Handling of Software upgrades
288 The Cable Modem software upgrade process is documented in [RFI1.0].
289 From a network management station, the operator:
291 o sets docsDevSwServer to the address of the Trivial File Transfer
292 Protocol (TFTP) server for software upgrades
294 o sets docsDevSwFilename to the file pathname of the software
295 upgrade image
297 o sets docsDevSwAdminStatus to upgrade-from-mgt
299 While DOCSIS only specifies the implementation of the TFTP protocol
300 [RFC1350] for file transfers, other functional entities embedded
301 within the cable device (particularly a PacketCable Multimedia
302 Terminal Adapter [MTA-PROV]) specify the optional implementation of
303 the Hyper Text Transfer Protocol (HTTP) [RFC1945][RFC2616] for file
304 transfers. The value of the docsDevSwServerTransportProtocol object
305 determines which protocol is used for SNMP-initiated software
306 upgrade.
308 One reason for the SNMP-initiated upgrade is to allow loading of a
309 temporary software image (e.g., special diagnostic software) that
310 differs from the software normally used on that device without
311 changing the provisioning database.
313 Note that software upgrades should not be accepted blindly by the
314 cable device. The cable device may refuse an upgrade if:
316 o The download is incomplete.
318 o The file contents are incomplete or damaged.
320 o The software is not intended for that hardware device (may include
321 the case of a feature set that has not been purchased for this
322 device).
324 A cable device that implements the code verification mechanisms of
325 [BPIPLUS] verifies the source and integrity of the downloaded image
326 by validating one or more Code Verification Signatures that are
327 bundled within the software upgrade.
329 3.2.2. Events and Notifications
331 This MIB module provides control facilities for reporting events
332 through syslog [RFC3164], notifications (traps and informs), and non-
333 volatile logging. Additional controls allow for the agent to use the
334 SNMP Notification MIB [RFC3413] and Notification Log MIB [RFC3014]
335 for event notification.
337 The conventions for event reporting are outside the scope of this
338 document. The definition and coding of common DOCSIS notifications
339 can be found in [I-D.ietf-ipcdn-docsisevent-mib].
341 3.2.3. Notification Throttling
343 The CM and CMTS MUST provide support for notification message
344 throttling as described below. The network operator can employ
345 notification rate throttling or notification limiting by manipulating
346 the appropriate MIB variables.
348 3.2.3.1. Notification rate throttling
350 Network operators may employ either of two rate control methods. In
351 the first method, the device ceases to send notifications when the
352 rate exceeds the specified maximum message rate. It resumes sending
353 notifications only if reactivated by a network management station
354 request.
356 In the second method, the device resumes sending notifications when
357 the rate falls below the specified maximum message rate.
359 The network operator configures the specified maximum message rate by
360 setting the measurement interval (in seconds), and the maximum number
361 of notifications to be transmitted within the measurement interval.
362 The operator can query the operational throttling state (to determine
363 whether notifications are enabled or blocked by throttling) of the
364 device, as well as query and set the administrative throttling state
365 (to manage the rate control method) of the device.
367 3.2.3.2. Limiting the notification rate
369 Network operators may wish to limit the number of notifications sent
370 by a device over a specified time period. The device ceases to send
371 notifications when the number of notifications exceeds the specified
372 threshold. It resumes sending notifications only when the
373 measurement interval has passed.
375 The network operator defines the maximum number of notifications he
376 is willing to handle and sets the measurement interval to a large
377 number (in hundredths of a second). For this case, the
378 administrative throttling state is set to stop at threshold which is
379 the maximum number of notifications.
381 See "Techniques for Managing Asynchronously Generated Alerts"
382 [RFC1224] for additional technical motivations.
384 3.3. Protocol Filters
386 The Cable Device MIB provides objects for both Link Layer Control
387 (LLC) and IP protocol filters. The LLC protocol filter entries can
388 be used to limit CM forwarding to a restricted set of network-layer
389 protocols (such as IP, Internetwork Packet Exchange (IPX), Network
390 Basic Input/Output System (NetBIOS), and Appletalk).
392 The IP protocol filter entries can be used to restrict upstream or
393 downstream traffic based on source and destination IP addresses,
394 transport-layer protocols (such as Transport Control Protocol (TCP),
395 User Datagram Protocol (UDP), and Internet Control Message Protocol
396 (ICMP)), and source and destination TCP/UDP port numbers.
398 In general, a cable modem applies filters (or more properly,
399 classifiers) in an order appropriate to the layering model.
400 Specifically, the inbound MAC (or LLC) layer filters are applied
401 first, then the "special" filters, then the IP layer inbound filters,
402 then the IP layer outbound filters, then any final LLC outbound
403 filters.
405 *****************
406 * LLC Filter In *
407 *****************
408 |
409 v
410 *******************
411 * Special Filters *
412 * | *
413 * V *
414 * ************ *
415 * * IP Spoof * *
416 * ************ *
417 * | *
418 * v *
419 * *************** *
420 * * SNMP Access * *
421 * *************** *
422 * | *
423 *******************
424 |
425 v
426 ****************
427 * IP Filter In *
428 ****************
429 |
430 v
431 *****************
432 * IP Filter Out *
433 *****************
434 |
435 v
436 ******************
437 * LLC Filter Out *
438 ******************
440 3.3.1. Inbound LLC Filters - docsDevFilterLLCTable
442 The inbound LLC (or MAC or level-2) filters are contained in the
443 docsDevFilterLLCTable and are applied to level-2 frames entering the
444 cable modem from either the RF MAC interface or from one of the CPE
445 interfaces (physical or logical). These filters are used to prohibit
446 the processing and forwarding of certain types of level-2 traffic
447 that may be disruptive to the network. The filters, as currently
448 specified, can be set to cause the modem to either drop frames which
449 match at least one filter, or to process a frame which matches at
450 least one filter. Some examples of possible configurations would be
451 to only permit IP (and ARP) traffic, or to drop NetBIOS traffic.
453 3.3.2. Special Filters
455 Special filters are applied after the packet is accepted from the MAC
456 layer by the IP module, but before any other processing is done.
457 They are filters that apply only to a very specific class of traffic.
459 3.3.2.1. IP Spoofing Filters - docsDevCpeTable, docsDevCpeInetTable
461 IP spoofing filters are applied to packets entering the modem from
462 one of the CPE interfaces and are intended to prevent a subscriber
463 from stealing or mis-using IP addresses that were not assigned to the
464 subscriber. If the filters are active (enabled), the source address
465 of the IP packet must match at least one IP address in one of these
466 two tables (docsDevCpeTable or docsDevCpeInetTable) or it is
467 discarded without further processing.
469 To prevent potential implementation ambiguity, the device consults
470 the docsDevCpeTable for the IP packet source address, before
471 consulting the docsDevCpeInetTable.
473 The table can be automatically populated where the first N different
474 IP addresses seen from the CPE side of the cable modem are used to
475 automatically populate the table. The spoofing filters are specified
476 in the docsDevCpeTable and the docsDevCpeInetTable, and the policy
477 for automatically creating filters in those tables is controlled by
478 docsDevCpeEnroll and docsDevMaxCpe as well as the network management
479 agent.
481 Similar IP spoofing filter controls are defined for CMTS
482 implementation in the Subscriber Management MIB [RFC4036].
484 3.3.2.2. SNMP Access Filters - docsDevNmAccessTable
486 The SNMP access filters are applied to SNMP packets entering from any
487 interface and destined for the cable modem. If the packets enter
488 from a CPE interface, the SNMP filters are applied after the IP
489 spoofing filters. The filters only apply to SNMPv1 or SNMPv2c
490 traffic, and are not consulted for SNMPv3 traffic (and need not be
491 implemented by a v3 only agent). SNMPv3 access control is specified
492 in the User Security Model MIB in [RFC3414].
494 With the completion of the SNMP coexistence document, RFC 3584
495 [RFC3584], docsDevNmAccess table has been deprecated in this version
496 of the MIB. See the body of the MIB for the description of how
497 agents should handle the interaction between RFC 3584 MIBs and this
498 MIB.
500 3.3.3. IP Filtering - docsDevFilterIpTable
502 The IP Filtering table acts as a classifier table. Each row in the
503 table describes a template against which IP packets are compared.
504 The template includes source and destination addresses (and their
505 associated masks), upper level protocol (e.g. TCP, UDP), source and
506 destination port ranges, and Terms of Service (ToS) values. A row
507 also contains interface and traffic direction match values which have
508 to be considered in combination. All columns of a particular row
509 must match the appropriate fields in the packet, and must match the
510 interface and direction items for the packet to result in a match to
511 the packet.
513 When classifying a packet, each table is scanned beginning with the
514 lowest number filter. If the agent finds a match, it applies the
515 group of policies specified. If the matched filter has the continue
516 bit set, the agent continues the scan possibly matching additional
517 filters and applying additional policies. For example, this allows
518 the agent to take one set of actions for the 24.0.16/255.255.255.0
519 group and one set of actions for telnet packets to/from 24.0.16.30,
520 and these sets of actions may not be mutually exclusive.
522 Once a packet is matched, one of three actions happen based on the
523 setting of docsDevFilterIpControl in the row. The packet may be
524 dropped, in which case no further processing is required. The packet
525 may be accepted and processing of the packet continues. Lastly, the
526 packet may have a set of policy actions applied to it. If
527 docsDevFilterIpContinue is set to true, scanning of the table
528 continues and additional matches may result.
530 When a packet matches, and docsDevFilterIpControl in the filter
531 matched is set to 'policy', the value of docsDevFilterIpPolicyId is
532 used as a selector into the docsDevFilterPolicyTable. The first
533 level of indirection may result in zero or more actions being taken
534 based on the match. The docsDevFilterPolicyTable is scanned in row
535 order and all rows where docsDevFilterPolicyId equals
536 docsDevFilterIpPolicyId have the action specified by
537 docsDevFilterPolicyValue 'executed'.
539 For an example of the use of these IP Filtering MIB tables, see
540 [RFC2669].
542 The IP Filtering table and related tables have been deprecated in
543 this version of the MIB in favor of the Data Path, Classifier, and
544 Action tables from the Differentiated Services MIB [RFC3289]. See
545 the body of the MIB for the description of how agents should handle
546 the interaction between RFC 3289 MIBs and this MIB module.
548 3.3.4. Outbound LLC Filters
550 Lastly, any outbound LLC filters are applied to the packet just prior
551 to it being emitted on the appropriate interface. This MIB module
552 does not specify any outbound LLC filters, but section 3 of the
553 DOCSIS Quality of Service (QoS) MIB, [RFC4323], includes outbound LLC
554 filtering requirements.
556 4. Definitions
558 DOCS-CABLE-DEVICE-MIB DEFINITIONS ::= BEGIN
560 IMPORTS
561 MODULE-IDENTITY,
562 OBJECT-TYPE,
563 IpAddress,
564 Unsigned32,
565 Counter32,
566 Integer32,
567 zeroDotZero,
568 mib-2
569 FROM SNMPv2-SMI -- RFC 2578
570 RowStatus,
571 RowPointer,
572 DateAndTime,
573 TruthValue,
574 StorageType
575 FROM SNMPv2-TC -- RFC 2579
576 InetAddressType,
577 InetAddress
578 FROM INET-ADDRESS-MIB -- RFC 4001
579 OBJECT-GROUP,
580 MODULE-COMPLIANCE
581 FROM SNMPv2-CONF -- RFC 2580
582 SnmpAdminString
583 FROM SNMP-FRAMEWORK-MIB -- RFC 3411
584 InterfaceIndexOrZero
585 FROM IF-MIB -- RFC 2863
586 ZeroBasedCounter32
587 FROM RMON2-MIB -- RFC 2021
588 diffServMIBDataPathGroup,
589 diffServMIBClfrGroup,
590 diffServMIBClfrElementGroup,
591 diffServMIBMultiFieldClfrGroup,
592 diffServMIBActionGroup,
593 diffServMIBDscpMarkActGroup,
594 diffServMIBCounterGroup,
595 diffServMIBAlgDropGroup,
596 diffServDataPathStatus,
597 diffServClfrStatus,
598 diffServClfrElementStatus,
599 diffServMultiFieldClfrAddrType,
600 diffServMultiFieldClfrSrcAddr,
601 diffServMultiFieldClfrDstAddr,
602 diffServAlgDropStatus,
603 diffServDataPathStorage,
604 diffServClfrStorage,
605 diffServClfrElementStorage,
606 diffServMultiFieldClfrStorage,
607 diffServActionStorage,
608 diffServCountActStorage,
609 diffServAlgDropStorage,
610 diffServAlgDropType
611 FROM DIFFSERV-MIB; -- RFC 3289
613 docsDev MODULE-IDENTITY
614 LAST-UPDATED "200603010000Z" -- March 1, 2006
615 ORGANIZATION "IETF IP over Cable Data Network
616 Working Group"
617 CONTACT-INFO
618 " Rich Woundy
619 Postal: Comcast Cable
620 27 Industrial Avenue
621 Chelmsford, MA 01824 U.S.A.
622 Phone: +1 978 244 4010
623 E-mail: richard_woundy@cable.comcast.com
625 Kevin Marez
626 Postal: Motorola Corporation
627 6450 Sequence Drive
628 San Diego, CA 92121 U.S.A.
629 Phone: +1 858 404 3785
630 E-mail: kevin.marez@motorola.com
632 IETF IPCDN Working Group
633 General Discussion: ipcdn@ietf.org
634 Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn
635 Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn
636 Co-chairs: Richard Woundy, richard_woundy@cable.comcast.com
637 Jean-Francois Mule, jf.mule@cablelabs.com"
638 DESCRIPTION
639 "This is the MIB Module for DOCSIS-compliant cable modems
640 and cable-modem termination systems.
642 Copyright (C) The Internet Society (2006). This version
643 of this MIB module was published in RFC XXXX; for full
644 legal notices see the RFC itself."
645 -- RFC Editor Note: The descriptions (above and below)
646 -- should be modified to
647 -- change XXXX to the actual RFC number that is
648 -- assigned at publication. This note should
649 -- be removed at that time as well.
651 REVISION "200603010000Z" -- March 1, 2006
652 DESCRIPTION
653 "Second version, published as RFC XXXX.
655 Modifications to this MIB module since RFC 2669 include:
656 - Deprecation of the docsDevFilter group in favor of the
657 DiffServ MIB groups, to enable support for IPv6
658 filtering and DiffServ Code Point (DSCP) marking.
659 - Deprecation of the docsDevCpeGroup in favor of the
660 docsDevCpeInetGroup, to enable support of IPv6.
661 - Addition of various InetAddress objects to enable
662 support of IPv6.
663 - Deprecation of docsDevNmAccessTable in favor of SNMP
664 Coexistence and SNMPv3 -- yet adding
665 docsDevNmAccessTrapVersion and clarifying
666 docsDevNmAccessIp for current use of this table,
667 - Addition of docsDevIgmpModeControl for management and
668 control of the IGMP mode of operation,
669 - Addition of docsDevMaxCpe for management of the
670 maxium number of CPEs permitted access through a
671 cable modem,
672 - Addition of docsDevSwServerTransportProtocol, and
673 modifications to docsDevSoftware object DESCRIPTIONS,
674 to enable software downloads via either TFTP or HTTP,
675 - Replacement of docsDevEvThrottleInhibited with
676 docsDevEvThrottleThresholdExceeded to simplify
677 event threshold management,
678 - Modification of docsDevEvReporting to enable local
679 logging to the internal volatile log, and not to the
680 internal non-volatile log,
681 - Modification of the compliance statement to make the
682 docsDevCpe objects optional
683 - Created placeholders for two OIDs in the
684 docsDevFilterPolicyTable that were never used
685 - Modified the DESCRIPTION of
686 docsDevSwServerTransportProtocol and
687 docsDevSwServerAddressType to address the
688 dependence between each object
689 - Added a reference to docsDevServerConfigTftpAddress
690 - Clarified the scope of notifications that are covered
691 by docsDevEvThrottleThreshold
692 - Clarified an error condition that could occur when
693 doing a SET to docsDevEvReporting
694 - Defined each of the enumerated types for both
695 docsDevEvLevel and docsDevEvPriority
696 - Added UNITS clause to docsDevFilterLLCMatches,
697 docsDevFilterIpMatches, docsDevMaxCpe,
698 docsDevEvThrottleThreshold and docsDevEvCounts.
700 - Added REFERENCE clause to docsDevFilterIpProtocol
701 - Modified DESCRIPTION of docsDevCpeInetAddr to be
702 more protocol-neutral
703 - Removed the enumerated value (1) from both
704 docsDevCpeInetSource and docsDevCpeSource
705 - Covered additional read-write and read-create objects
706 in the Security Considerations section
707 - Modified the default value of docsDevNmAccessIpMask
708 to be consistent with OSSI specification
709 - Modified the SYNTAX of docsDevNmAccessCommunity and
710 docsDevNmAccessInterfaces in the Conformance
711 Statement section
712 - Added SYNTAX clause to docsDevEvReporting in the
713 Conformance Statement section
714 - Modified SYNTAX clause of docsDevEvReporting to
715 move new enumerated type to byte boundary
716 - Added references to DOCSIS 2.0 specifications to
717 multiple objects
718 - Clarified non-persistency across reboots for
719 all tables
720 - Clarified functionality of docsDevSw objects as
721 they relate to docsDevSwOperStatus
722 - Clarified enumerated types (9) and (10) for
723 docsDevServerBootState
724 - Defined the state of unknown(0) for the following
725 objects: docsDevServerDhcpAddressType,
726 docsDevServerTimeAddressType,
727 docsDevServerConfigTftpAddressType and
728 docsDevServerConfigTftpAddressType
729 - Modified the value in docsDevFilterIpDaddr to be
730 consistent with the SYNTAX
731 - Specified which rows could be modified in an
732 active row for docsDevFilterPolicyStatus
733 - Defined the term 'manually' in docsDevCpeEnroll
734 - Clarified the description for
735 docsDevFilterTosOrMask
736 - Covered the case of a non-existent row for
737 docsDevFilterPolicyPtr
738 - Added DEFVAL clauses for multiple objects
739 - Replaced docsDevNotification OBJECT IDENTIFIER
740 with docsDevNotifications to address possible
741 compatibility issues
742 - Added support for the usage of RFC 3413 and RFC 3014
743 as event notification mechanisms
744 - Removed docsDevFilterPolicyObsoleteGroup
745 - Added stdInterface(9) type to docsDevEvReporting to
746 support the usage of RFC3413 and RFC3014
747 - Modified DESCRIPTION for docsDevMaxCpe"
749 REVISION "199908190000Z"
750 DESCRIPTION
751 "Initial version, published as RFC 2669."
753 ::= { mib-2 69 }
755 docsDevMIBObjects OBJECT IDENTIFIER ::= { docsDev 1 }
757 docsDevBase OBJECT IDENTIFIER ::= { docsDevMIBObjects 1 }
759 --
760 -- For the following object, there is no concept in the
761 -- RFI specification corresponding to a backup CMTS. The
762 -- enumeration is provided here in case someone is able
763 -- to define such a role or device.
764 --
766 docsDevRole OBJECT-TYPE
767 SYNTAX INTEGER {
768 cm(1),
769 cmtsActive(2),
770 cmtsBackup(3)
771 }
772 MAX-ACCESS read-only
773 STATUS current
774 DESCRIPTION
775 "Defines the current role of this device. cm(1) is a
776 Cable Modem, cmtsActive(2) is a Cable Modem Termination
777 System which is controlling the system of cable modems,
778 and cmtsBackup(3) is a CMTS which is currently connected
779 but not controlling the system (not currently used).
781 In general, if this device is a 'cm', its role will not
782 change during operation or between reboots. If the
783 device is a 'cmts' it may change between cmtsActive and
784 cmtsBackup and back again during normal operation. NB:
785 At this time, the DOCSIS standards do not support the
786 concept of a backup CMTS, but cmtsBackup is included for
787 completeness."
788 ::= { docsDevBase 1 }
790 docsDevDateTime OBJECT-TYPE
791 SYNTAX DateAndTime
792 MAX-ACCESS read-write
793 STATUS current
794 DESCRIPTION
795 "The current date and time, with time zone information
796 (if known).
798 If the real data and time cannot be determined, this
799 shall represent elapsed time from boot relative to
800 the standard epoch '1970-1-1,0:0:0.0'. In other
801 words, if this agent has been up for 3 minutes, and
802 not been able to determine what the actual date and
803 time are, this object will return the value
804 '1970-1-1,0:03:0.0'."
805 ::= { docsDevBase 2 }
807 docsDevResetNow OBJECT-TYPE
808 SYNTAX TruthValue
809 MAX-ACCESS read-write
810 STATUS current
811 DESCRIPTION
812 "Setting this object to true(1) causes the device to
813 reset. Reading this object always returns false(2)."
814 ::= { docsDevBase 3 }
816 docsDevSerialNumber OBJECT-TYPE
817 SYNTAX SnmpAdminString
818 MAX-ACCESS read-only
819 STATUS current
820 DESCRIPTION
821 "The manufacturer's serial number for this device."
822 ::= { docsDevBase 4 }
824 docsDevSTPControl OBJECT-TYPE
825 SYNTAX INTEGER {
826 stEnabled(1),
827 noStFilterBpdu(2),
828 noStPassBpdu(3)
829 }
830 MAX-ACCESS read-write
831 STATUS current
832 DESCRIPTION
833 "This object controls operation of the spanning tree
834 protocol (as distinguished from transparent bridging).
836 If set to stEnabled(1) then the spanning tree protocol
837 is enabled, subject to bridging constraints.
839 If noStFilterBpdu(2), then spanning tree is not active,
840 and Bridge PDUs received are discarded.
842 If noStPassBpdu(3) then spanning tree is not active
843 and Bridge PDUs are transparently forwarded.
845 Note that a device need not implement all of these
846 options, but that noStFilterBpdu(2) is required."
847 DEFVAL { noStFilterBpdu }
848 ::= { docsDevBase 5 }
850 docsDevIgmpModeControl OBJECT-TYPE
851 SYNTAX INTEGER {
852 passive(1),
853 active(2)
854 }
855 MAX-ACCESS read-write
856 STATUS current
857 DESCRIPTION
858 "This object controls the IGMP mode of operation for
859 the CM or CMTS. In passive mode, the device forwards
860 IGMP between interfaces based on knowledge of Multicast
861 Session activity on the subscriber side interface and
862 the rules defined in the DOCSIS RFI specification. In
863 active mode, the device terminates at and initiates
864 IGMP through its interfaces based on the knowledge of
865 Multicast Session activity on the subscriber side
866 interface."
867 REFERENCE
868 "DOCSIS RFI 1.1 Specification, Section 3.3.1. and
869 DOCSIS RFI 2.0 Specification, Section 5.3.1."
870 DEFVAL { passive }
871 ::= { docsDevBase 6 }
873 docsDevMaxCpe OBJECT-TYPE
874 SYNTAX Unsigned32 (0..255)
875 UNITS "CPEs"
876 MAX-ACCESS read-only
877 STATUS current
878 DESCRIPTION
879 "The maximum number of CPEs that can be granted access
880 through a CM during a CM epoch. This value can be
881 obtained from the CM configuration file, however,
882 it may be adjusted by the CM based on hardware or
883 software limitations that have been imposed on the
884 implementation."
885 REFERENCE
886 "DOCSIS RFI 1.0 Specification, Appendix C.7.20., and
887 DOCSIS RFI 1.1 Specification, Appendix C.1.1.7. and
888 DOCSIS RFI 2.0 Specification, Appendix C.1.1.7."
889 ::= { docsDevBase 7 }
891 --
892 -- The following table provides one level of security for access
893 -- to the device by network management stations.
894 -- Note that access is also constrained by the
895 -- community strings and any vendor-specific security.
896 --
898 docsDevNmAccessTable OBJECT-TYPE
899 SYNTAX SEQUENCE OF DocsDevNmAccessEntry
900 MAX-ACCESS not-accessible
901 STATUS deprecated
902 DESCRIPTION
903 "This table controls access to SNMP objects by network
904 management stations. If the table is empty, access to
905 SNMP objects is unrestricted. The objects in this table
906 MUST NOT persist across reboots. The objects in this
907 table are only accessible from cable devices which are
908 not capable of operating in SNMP Coexistence mode
909 (RFC 3584) nor in SNMPv3 mode (RFC 3410).
910 See the conformance section for
911 details. Note that some devices are required by other
912 specifications, e.g. the DOCSIS OSSIv1.1 specification,
913 to support the legacy SNMPv1/v2c docsDevNmAccess mode
914 for backward compatibility.
916 This table is deprecated. Instead, use the SNMP
917 coexistence MIBs from RFC 3584, the TARGET and
918 NOTIFICATION MIBs from RFC 3413, and
919 the View-Based Access Control Model (VACM) MIBs for
920 all SNMP protocol versions from RFC 3415."
921 ::= { docsDevMIBObjects 2 }
923 docsDevNmAccessEntry OBJECT-TYPE
924 SYNTAX DocsDevNmAccessEntry
925 MAX-ACCESS not-accessible
926 STATUS deprecated
927 DESCRIPTION
928 "An entry describing access to SNMP objects by a
929 particular network management station. An entry in
930 this table is not readable unless the management station
931 has read-write permission (either implicit if the table
932 is empty, or explicit through an entry in this table.
933 Entries are ordered by docsDevNmAccessIndex. The first
934 matching entry (e.g. matching IP address and community
935 string) is used to derive access."
936 INDEX { docsDevNmAccessIndex }
937 ::= { docsDevNmAccessTable 1 }
939 DocsDevNmAccessEntry ::= SEQUENCE {
940 docsDevNmAccessIndex Integer32,
941 docsDevNmAccessIp IpAddress,
942 docsDevNmAccessIpMask IpAddress,
943 docsDevNmAccessCommunity OCTET STRING,
944 docsDevNmAccessControl INTEGER,
945 docsDevNmAccessInterfaces OCTET STRING,
946 docsDevNmAccessStatus RowStatus,
947 docsDevNmAccessTrapVersion INTEGER
948 }
950 docsDevNmAccessIndex OBJECT-TYPE
951 SYNTAX Integer32 (1..2147483647)
952 MAX-ACCESS not-accessible
953 STATUS deprecated
954 DESCRIPTION
955 "Index used to order the application of access
956 entries."
957 ::= { docsDevNmAccessEntry 1 }
959 docsDevNmAccessIp OBJECT-TYPE
960 SYNTAX IpAddress
961 MAX-ACCESS read-create
962 STATUS deprecated
963 DESCRIPTION
964 "The IP address (or subnet) of the network management
965 station. The address 0.0.0.0 is defined to mean
966 any Network Management Station (NMS). If traps are
967 enabled for this entry, then the value must be the
968 address of a specific device. Implementations MAY
969 recognize 255.255.255.255 as equivalent to 0.0.0.0."
970 DEFVAL { '00000000'h }
971 ::= { docsDevNmAccessEntry 2 }
973 docsDevNmAccessIpMask OBJECT-TYPE
974 SYNTAX IpAddress
975 MAX-ACCESS read-create
976 STATUS deprecated
977 DESCRIPTION
978 "The IP subnet mask of the network management stations.
979 If traps are enabled for this entry, then the value must
980 be 0.0.0.0. Implementations MAY recognize
981 255.255.255.255 as equivalent to 0.0.0.0."
982 DEFVAL { '00000000'h }
983 ::= { docsDevNmAccessEntry 3 }
985 docsDevNmAccessCommunity OBJECT-TYPE
986 SYNTAX OCTET STRING
987 MAX-ACCESS read-create
988 STATUS deprecated
989 DESCRIPTION
990 "The community string to be matched for access by this
991 entry. If set to a zero length string then any
992 community string will match. When read, this object
993 SHOULD return a zero length string."
994 DEFVAL { "public" }
995 ::= { docsDevNmAccessEntry 4 }
997 docsDevNmAccessControl OBJECT-TYPE
998 SYNTAX INTEGER {
999 none(1),
1000 read(2),
1001 readWrite(3),
1002 roWithTraps(4),
1003 rwWithTraps(5),
1004 trapsOnly(6)
1005 }
1006 MAX-ACCESS read-create
1007 STATUS deprecated
1008 DESCRIPTION
1009 "Specifies the type of access allowed to this NMS.
1010 Setting this object to none(1) causes the table entry
1011 to be destroyed. Read(2) allows access by 'get' and
1012 'get-next' PDUs. ReadWrite(3) allows access by 'set' as
1013 well. RoWithtraps(4), rwWithTraps(5), and trapsOnly(6)
1014 control distribution of Trap PDUs transmitted by this
1015 device."
1016 DEFVAL { read }
1017 ::= { docsDevNmAccessEntry 5 }
1019 -- The syntax of the following object was copied from RFC 1493,
1020 -- dot1dStaticAllowedToGoTo.
1022 docsDevNmAccessInterfaces OBJECT-TYPE
1023 SYNTAX OCTET STRING (SIZE (1..32))
1024 MAX-ACCESS read-create
1025 STATUS deprecated
1026 DESCRIPTION
1027 "Specifies the set of interfaces from which requests from
1028 this NMS will be accepted. Each octet within
1029 the value of this object specifies a set of eight
1030 interfaces, with the first octet specifying ports 1
1031 through 8, the second octet specifying interfaces 9
1032 through 16, etc. Within each octet, the most
1033 significant bit represents the lowest numbered
1034 interface, and the least significant bit represents the
1035 highest numbered interface. Thus, each interface is
1036 represented by a single bit within the value of this
1037 object. If that bit has a value of '1' then that
1038 interface is included in the set.
1040 Note that entries in this table apply only to link-layer
1041 interfaces (e.g., Ethernet and CATV MAC). Bits
1042 representing upstream and downstream channel interfaces
1043 MUST NOT be set to '1'.
1045 Note that if bits corresponding to non-existing
1046 interfaces are set, the result is implementation
1047 specific.
1049 Note that according to the DOCSIS OSSIv1.1
1050 specification, when ifIndex '1' is included in the
1051 set, then this row applies to all CPE
1052 (customer-facing) interfaces.
1054 The size of this object is the minimum required to
1055 represent all configured interfaces for this device."
1056 ::= { docsDevNmAccessEntry 6 }
1058 docsDevNmAccessStatus OBJECT-TYPE
1059 SYNTAX RowStatus
1060 MAX-ACCESS read-create
1061 STATUS deprecated
1062 DESCRIPTION
1063 "Controls and reflects the status of rows in this
1064 table. Rows in this table may be created by either the
1065 create-and-go or create-and-wait paradigms. There is no
1066 restriction on changing values in a row of this table
1067 while the row is active.
1069 The following objects MUST have valid values before this
1070 object can be set to active: docsDevNmAccessIp,
1071 docsDevNmAccessStatus, docsDevNmAccessIpMask,
1072 docsDevNmAccessCommunity, docsDevNmAccessControl and
1073 docsDevNmAccessInterfaces."
1074 ::= { docsDevNmAccessEntry 7 }
1076 docsDevNmAccessTrapVersion OBJECT-TYPE
1077 SYNTAX INTEGER {
1078 disableSNMPv2trap(1),
1079 enableSNMPv2trap(2)
1080 }
1081 MAX-ACCESS read-create
1082 STATUS deprecated
1083 DESCRIPTION
1084 "Specifies the TRAP version that is sent to this NMS.
1086 Setting this object to disableSNMPv2trap (1) causes the
1087 trap in SNMPv1 format to be sent to particular NMS.
1088 Setting this object to enableSNMPv2trap (2) causes the
1089 trap in SNMPv2 format be sent to particular NMS."
1090 DEFVAL { disableSNMPv2trap }
1091 ::= { docsDevNmAccessEntry 8 }
1093 --
1094 -- The following group describes control objects used for downloading
1095 -- firmware to a cable device. Procedures for software download are
1096 -- described in section 3.2.1 of the RFC containing this MIB module.
1097 --
1099 docsDevSoftware OBJECT IDENTIFIER ::= { docsDevMIBObjects 3 }
1101 docsDevSwServer OBJECT-TYPE
1102 SYNTAX IpAddress
1103 MAX-ACCESS read-write
1104 STATUS deprecated
1105 DESCRIPTION
1106 "The address of the TFTP server used for software
1107 upgrades. If the TFTP server is unknown or is a
1108 non-IPv4 address, return 0.0.0.0.
1110 This object is deprecated. See docsDevSwServerAddress
1111 for its replacement. This object will have its value
1112 modified given a valid SET to docsDevSwServerAddress."
1113 ::= { docsDevSoftware 1 }
1115 docsDevSwFilename OBJECT-TYPE
1116 SYNTAX SnmpAdminString (SIZE (0..64))
1117 MAX-ACCESS read-write
1118 STATUS current
1119 DESCRIPTION
1120 "The filename of the software image to be downloaded via
1121 TFTP, or the abs_path (as defined in RFC 2616) of the
1122 software image to be downloaded via HTTP.
1124 Unless set via SNMP, this is the filename or abs_path
1125 specified by the provisioning server during the boot
1126 process, that corresponds to the software version that
1127 is desired for this device.
1129 If unknown, the value of this object is the zero-length
1130 string."
1131 ::= { docsDevSoftware 2 }
1133 docsDevSwAdminStatus OBJECT-TYPE
1134 SYNTAX INTEGER {
1135 upgradeFromMgt(1),
1136 allowProvisioningUpgrade(2),
1137 ignoreProvisioningUpgrade(3)
1138 }
1139 MAX-ACCESS read-write
1140 STATUS current
1141 DESCRIPTION
1142 "If set to upgradeFromMgt(1), the device will initiate a
1143 TFTP or HTTP software image download. After
1144 successfully receiving an image, the device will set
1145 its state to ignoreProvisioningUpgrade(3) and reboot.
1146 If the download process is interrupted (e.g. by a reset
1147 or power failure, the device will load the previous
1148 image and, after re-initialization, continue to attempt
1149 loading the image specified in docsDevSwFilename.
1151 If set to allowProvisioningUpgrade(2), the device will
1152 use the software version information supplied by the
1153 provisioning server when next rebooting (this does not
1154 cause a reboot).
1156 When set to ignoreProvisioningUpgrade(3), the device
1157 will disregard software image upgrade information
1158 from the provisioning server.
1160 Note that reading this object can return
1161 upgradeFromMgt(1). This indicates that a software
1162 download is currently in progress, and that the device
1163 will reboot after successfully receiving an image."
1164 DEFVAL { allowProvisioningUpgrade }
1165 ::= { docsDevSoftware 3 }
1167 docsDevSwOperStatus OBJECT-TYPE
1168 SYNTAX INTEGER {
1169 inProgress(1),
1170 completeFromProvisioning(2),
1171 completeFromMgt(3),
1172 failed(4),
1173 other(5)
1174 }
1175 MAX-ACCESS read-only
1176 STATUS current
1177 DESCRIPTION
1178 "InProgress(1) indicates that a TFTP or HTTP download is
1179 underway, either as a result of a version mismatch at
1180 provisioning or as a result of a upgradeFromMgt request.
1182 No other docsDevSw* objects can be modified while in
1183 this state.
1185 CompleteFromProvisioning(2) indicates that the last
1186 software upgrade was a result of version mismatch at
1187 provisioning.
1189 CompleteFromMgt(3) indicates that the last software
1190 upgrade was a result of setting docsDevSwAdminStatus to
1191 upgradeFromMgt.
1193 Failed(4) indicates that the last attempted download
1194 failed, ordinarily due to TFTP or HTTP timeout."
1195 REFERENCE
1196 "DOCSIS RFI 1.0 Specification, Section 8.2., and
1197 DOCSIS RFI 1.1 Specification, Section 10.1. and
1198 DOCSIS RFI 2.0 Specification, Section 12.1."
1199 ::= { docsDevSoftware 4 }
1201 docsDevSwCurrentVers OBJECT-TYPE
1202 SYNTAX SnmpAdminString
1203 MAX-ACCESS read-only
1204 STATUS current
1205 DESCRIPTION
1206 "The software version currently operating in this device.
1207 This string's syntax is that used by the
1208 individual vendor to identify software versions.
1209 For a CM, this string will describe the current
1210 software load. For a CMTS, this object SHOULD contain
1211 either a human readable representation of the vendor
1212 specific designation of the software for the chassis,
1213 or of the software for the control processor. If
1214 neither of these is applicable, the value MUST be a
1215 zero-length string."
1216 ::= { docsDevSoftware 5 }
1218 docsDevSwServerAddressType OBJECT-TYPE
1219 SYNTAX InetAddressType
1220 MAX-ACCESS read-write
1221 STATUS current
1222 DESCRIPTION
1223 "The type of address of the TFTP or HTTP server used for
1224 software upgrades.
1226 If docsDevSwServerTransportProtocol is currently set to
1227 tftp(1), attempting to set this object to dns(16) MUST
1228 result in an error."
1229 ::= { docsDevSoftware 6 }
1231 docsDevSwServerAddress OBJECT-TYPE
1232 SYNTAX InetAddress
1233 MAX-ACCESS read-write
1234 STATUS current
1235 DESCRIPTION
1236 "The address of the TFTP or HTTP server used for software
1237 upgrades.
1239 If the TFTP/HTTP server is unknown, return the zero
1240 length address string (see the TextualConvention).
1242 If docsDevSwServer is also implemented in this agent,
1243 this object is tied to it. A set of this object to an
1244 IPv4 address will result in the value of docsDevSwServer
1245 also being set to that address. If this object is set
1246 to an IPv6 address, docsDevSwServer is set to 0.0.0.0.
1247 If docsDevSwServer is set, this object is also set to
1248 that value. Note that if both are set in the same
1249 action, the order of which one sets the other is
1250 undefined."
1251 ::= { docsDevSoftware 7 }
1253 docsDevSwServerTransportProtocol OBJECT-TYPE
1254 SYNTAX INTEGER {
1255 tftp(1),
1256 http(2)
1257 }
1258 MAX-ACCESS read-write
1259 STATUS current
1260 DESCRIPTION
1261 "This object specifies the transport protocol (TFTP or
1262 HTTP) to be used for software upgrades.
1264 If the value of this object is tftp(1), then the cable
1265 device uses TFTP (RFC 1350) read request packets to
1266 download the docsDevSwFilename from the
1267 docsDevSwServerAddress in octet mode.
1269 If the value of this object is http(2), then the cable
1270 device uses HTTP 1.0 (RFC 1945) or HTTP 1.1 (RFC 2616)
1271 GET requests sent to host docsDevSwServerAddress to
1272 download the software image from path docsDevSwFilename.
1274 If docsDevSwServerAddressType is currently set to
1275 dns(16), attempting to set this object to tftp(1) MUST
1276 result in an error."
1277 DEFVAL { tftp }
1278 ::= { docsDevSoftware 8 }
1280 --
1281 -- The following group describes server access and parameters used
1282 -- for initial provisioning and bootstrapping.
1283 --
1285 docsDevServer OBJECT IDENTIFIER ::= { docsDevMIBObjects 4 }
1287 docsDevServerBootState OBJECT-TYPE
1288 SYNTAX INTEGER {
1289 operational(1),
1290 disabled(2),
1291 waitingForDhcpOffer(3),
1292 waitingForDhcpResponse(4),
1293 waitingForTimeServer(5),
1294 waitingForTftp(6),
1295 refusedByCmts(7),
1296 forwardingDenied(8),
1297 other(9),
1298 unknown(10)
1299 }
1300 MAX-ACCESS read-only
1301 STATUS current
1302 DESCRIPTION
1303 "If operational(1), the device has completed loading and
1304 processing of configuration parameters and the CMTS has
1305 completed the Registration exchange.
1307 If disabled(2) then the device was administratively
1308 disabled, possibly by being refused network access in
1309 the configuration file.
1311 If waitingForDhcpOffer(3) then a Dynamic Host
1312 Configuration Protocol (DHCP) Discover has been
1313 transmitted and no offer has yet been received.
1315 If waitingForDhcpResponse(4) then a DHCP Request has
1316 been transmitted and no response has yet been received.
1318 If waitingForTimeServer(5) then a Time Request has been
1319 transmitted and no response has yet been received.
1321 If waitingForTftp(6) then a request to the TFTP
1322 parameter server has been made and no response received.
1324 If refusedByCmts(7) then the Registration
1325 Request/Response exchange with the CMTS failed.
1327 If forwardingDenied(8) then the registration process
1328 completed, but the network access option in the received
1329 configuration file prohibits forwarding.
1331 If other(9) then the registration process reached a
1332 point that does not fall into one of the above
1333 categories.
1335 If unknown(10) then the device has not yet begun the
1336 registration process, or is in some other indeterminant
1337 state."
1338 REFERENCE
1339 "DOCSIS RFI 1.0 Specification, Figure 7-1, and
1340 DOCSIS RFI 1.1 Specification, Figure 9-1 and
1341 DOCSIS RFI 2.0 Specification, Figure 11-1."
1342 ::= { docsDevServer 1 }
1344 docsDevServerDhcp OBJECT-TYPE
1345 SYNTAX IpAddress
1346 MAX-ACCESS read-only
1347 STATUS deprecated
1348 DESCRIPTION
1349 "The IP address of the DHCP server that assigned an IP
1350 address to this device. Returns 0.0.0.0 if DHCP is not
1351 used for IP address assignment, or if this agent is
1352 not assigned an IPv4 address.
1354 This object is deprecated and is replaced by
1355 docsDevServerDhcpAddress."
1356 ::= { docsDevServer 2 }
1358 docsDevServerTime OBJECT-TYPE
1359 SYNTAX IpAddress
1360 MAX-ACCESS read-only
1361 STATUS deprecated
1362 DESCRIPTION
1363 "The IP address of the Time server (RFC 0868). Returns
1364 0.0.0.0 if the time server IP address is unknown, or if
1365 the time server is not an IPv4 server.
1367 This object is deprecated and is replaced by
1368 docsDevServerTimeAddress."
1369 ::= { docsDevServer 3 }
1371 docsDevServerTftp OBJECT-TYPE
1372 SYNTAX IpAddress
1373 MAX-ACCESS read-only
1374 STATUS deprecated
1375 DESCRIPTION
1376 "The IP address of the TFTP server responsible for
1377 downloading provisioning and configuration parameters
1378 to this device. Returns 0.0.0.0 if the TFTP server
1379 address is unknown or is not an IPv4 address.
1381 This object is deprecated and is replaced by
1382 docsDevServerConfigTftpAddress."
1383 ::= { docsDevServer 4 }
1385 docsDevServerConfigFile OBJECT-TYPE
1386 SYNTAX SnmpAdminString
1387 MAX-ACCESS read-only
1388 STATUS current
1389 DESCRIPTION
1390 "The name of the device configuration file read from
1391 the TFTP server. Returns an zero-length string if
1392 the configuration file name is unknown."
1393 ::= { docsDevServer 5 }
1395 docsDevServerDhcpAddressType OBJECT-TYPE
1396 SYNTAX InetAddressType
1397 MAX-ACCESS read-only
1398 STATUS current
1399 DESCRIPTION
1400 "The type of address of docsDevServerDhcpAddress. If
1401 DHCP was not used, this value should return
1402 unknown(0)."
1403 ::= { docsDevServer 6 }
1405 docsDevServerDhcpAddress OBJECT-TYPE
1406 SYNTAX InetAddress
1407 MAX-ACCESS read-only
1408 STATUS current
1409 DESCRIPTION
1410 "The internet address of the DHCP server that assigned
1411 an IP address to this device. Returns the zero length
1412 octet string if DHCP was not used for IP address
1413 assignment."
1414 ::= { docsDevServer 7 }
1416 docsDevServerTimeAddressType OBJECT-TYPE
1417 SYNTAX InetAddressType
1418 MAX-ACCESS read-only
1419 STATUS current
1420 DESCRIPTION
1421 "The type of address of docsDevServerTimeAddress. If
1422 no time server exists, this value should return
1423 unknown(0)."
1425 ::= { docsDevServer 8 }
1427 docsDevServerTimeAddress OBJECT-TYPE
1428 SYNTAX InetAddress
1429 MAX-ACCESS read-only
1430 STATUS current
1431 DESCRIPTION
1432 "The Internet address of the RFC 868 Time server
1433 as provided by DHCP option 4.
1435 Note that if multiple values are provided to the
1436 CM in DHCP option 4, the value of this MIB object
1437 MUST be the Time server address from which the Time
1438 of Day reference was acquired based on the DOCSIS
1439 RFI specification. During the period of time where
1440 the Time of Day have not been acquired, the Time
1441 server address reported by the CM may report the
1442 first address value in the DHCP option value or the
1443 last server address the CM attempted to get the Time
1444 of day value.
1446 Returns the zero length octet string if the time server
1447 IP address is not provisioned."
1448 REFERENCE
1449 "DOCSIS RFI 1.1 Specification, Section 9.2.7. and
1450 DOCSIS RFI 2.0 Specification, Section 11.2.7."
1451 ::= { docsDevServer 9 }
1453 docsDevServerConfigTftpAddressType OBJECT-TYPE
1454 SYNTAX InetAddressType
1455 MAX-ACCESS read-only
1456 STATUS current
1457 DESCRIPTION
1458 "The type of address of docsDevServerConfigTftpAddress.
1459 If no TFTP server exists, this value should return
1460 unknown(0)."
1461 ::= { docsDevServer 10 }
1463 docsDevServerConfigTftpAddress OBJECT-TYPE
1464 SYNTAX InetAddress
1465 MAX-ACCESS read-only
1466 STATUS current
1467 DESCRIPTION
1468 "The internet address of the TFTP server responsible for
1469 downloading provisioning and configuration parameters
1470 to this device. Returns the zero length octet string if
1471 the config server address is unknown. There are certain
1472 security risks that are involved with using TFTP."
1474 REFERENCE
1475 "RFC 3617, Section 5"
1476 ::= { docsDevServer 11 }
1478 --
1479 -- Event Reporting
1480 --
1482 docsDevEvent OBJECT IDENTIFIER ::= { docsDevMIBObjects 5 }
1484 docsDevEvControl OBJECT-TYPE
1485 SYNTAX INTEGER {
1486 resetLog(1),
1487 useDefaultReporting(2)
1488 }
1489 MAX-ACCESS read-write
1490 STATUS current
1491 DESCRIPTION
1492 "Setting this object to resetLog(1) empties the event
1493 log. All data is deleted. Setting it to
1494 useDefaultReporting(2) returns all event priorities to
1495 their factory-default reporting. Reading this object
1496 always returns useDefaultReporting(2)."
1497 ::= { docsDevEvent 1 }
1499 docsDevEvSyslog OBJECT-TYPE
1500 SYNTAX IpAddress
1501 MAX-ACCESS read-write
1502 STATUS deprecated
1503 DESCRIPTION
1504 "The IP address of the Syslog server. If 0.0.0.0, either
1505 syslog transmission is inhibited, or the Syslog server
1506 address is not an IPv4 address.
1508 This object is deprecated and is replaced by
1509 docsDevEvSyslogAddress."
1510 ::= { docsDevEvent 2 }
1512 docsDevEvThrottleAdminStatus OBJECT-TYPE
1513 SYNTAX INTEGER {
1514 unconstrained(1),
1515 maintainBelowThreshold(2),
1516 stopAtThreshold(3),
1517 inhibited(4)
1518 }
1519 MAX-ACCESS read-write
1520 STATUS current
1521 DESCRIPTION
1522 "Controls the transmission of traps and syslog messages
1523 with respect to the trap pacing threshold.
1525 unconstrained(1) causes traps and syslog messages to be
1526 transmitted without regard to the threshold settings.
1528 maintainBelowThreshold(2) causes trap transmission and
1529 syslog messages to be suppressed if the number of traps
1530 would otherwise exceed the threshold.
1532 stopAtThreshold(3) causes trap transmission to cease at
1533 the threshold, and not resume until directed to do so.
1535 inhibited(4) causes all trap transmission and syslog
1536 messages to be suppressed.
1538 A single event is always treated as a single event for
1539 threshold counting. That is, an event causing both a
1540 trap and a syslog message is still treated as a single
1541 event.
1543 Writing to this object resets the thresholding state."
1544 DEFVAL { unconstrained }
1545 ::= { docsDevEvent 3 }
1547 docsDevEvThrottleInhibited OBJECT-TYPE
1548 SYNTAX TruthValue
1549 MAX-ACCESS read-only
1550 STATUS deprecated
1551 DESCRIPTION
1552 "If true(1), trap and syslog transmission is currently
1553 inhibited due to thresholds and/or the current setting
1554 of docsDevEvThrottleAdminStatus. In addition, this is
1555 true(1) when transmission is inhibited due to no
1556 syslog (docsDevEvSyslog) or trap (docsDevNmAccessEntry)
1557 destinations having been set.
1559 This object is deprecated and is replaced by
1560 docsDevEvThrottleThresholdExceeded."
1561 ::= { docsDevEvent 4 }
1563 docsDevEvThrottleThreshold OBJECT-TYPE
1564 SYNTAX Unsigned32
1565 UNITS "events"
1566 MAX-ACCESS read-write
1567 STATUS current
1568 DESCRIPTION
1569 "Number of events per docsDevEvThrottleInterval permitted
1570 before throttling is to occur.
1572 A single event, whether the notification could result in
1573 messages transmitted using syslog, SNMP, or both
1574 protocols, and regardless of the number of destinations,
1575 (including zero) is always treated as a single event for
1576 threshold counting. For example, an event causing both
1577 a trap and a syslog message is still treated as a single
1578 event.
1580 All system notifications that occur within the device
1581 should be taken into consideration when calculating
1582 and monitoring the threshold."
1583 DEFVAL { 0 }
1584 ::= { docsDevEvent 5 }
1586 docsDevEvThrottleInterval OBJECT-TYPE
1587 SYNTAX Integer32 (1..2147483647)
1588 UNITS "seconds"
1589 MAX-ACCESS read-write
1590 STATUS current
1591 DESCRIPTION
1592 "The interval over which docsDevEvThrottleThreshold
1593 applies."
1594 DEFVAL { 1 }
1595 ::= { docsDevEvent 6 }
1597 --
1598 -- The following table controls the reporting of the various classes
1599 -- of events.
1600 --
1602 docsDevEvControlTable OBJECT-TYPE
1603 SYNTAX SEQUENCE OF DocsDevEvControlEntry
1604 MAX-ACCESS not-accessible
1605 STATUS current
1606 DESCRIPTION
1607 "This table allows control of the reporting of event
1608 classes. For each event priority, a combination of
1609 logging and reporting mechanisms may be chosen. The
1610 mapping of event types to priorities is
1611 vendor-dependent. Vendors may also choose to allow
1612 the user to control that mapping through proprietary
1613 means. Table entries MUST persist across reboots for
1614 CMTS devices and MUST NOT persist across reboots for CM
1615 devices."
1616 ::= { docsDevEvent 7 }
1618 docsDevEvControlEntry OBJECT-TYPE
1619 SYNTAX DocsDevEvControlEntry
1620 MAX-ACCESS not-accessible
1621 STATUS current
1622 DESCRIPTION
1623 "Allows configuration of the reporting mechanisms for a
1624 particular event priority."
1625 INDEX { docsDevEvPriority }
1626 ::= { docsDevEvControlTable 1 }
1628 DocsDevEvControlEntry ::= SEQUENCE {
1629 docsDevEvPriority INTEGER,
1630 docsDevEvReporting BITS
1631 }
1633 docsDevEvPriority OBJECT-TYPE
1634 SYNTAX INTEGER {
1635 emergency(1),
1636 alert(2),
1637 critical(3),
1638 error(4),
1639 warning(5),
1640 notice(6),
1641 information(7),
1642 debug(8)
1643 }
1644 MAX-ACCESS not-accessible
1645 STATUS current
1646 DESCRIPTION
1647 "The priority level that is controlled by this
1648 entry. These are ordered from most (emergency) to least
1649 (debug) critical. Each event with a CM or CMTS has a
1650 particular priority level associated with it (as defined
1651 by the vendor).
1653 emergency(1) events indicate vendor-specific fatal
1654 hardware or software errors that prevent normal system
1655 operation.
1657 alert(2) events indicate a serious failure which causes
1658 the reporting system to reboot but is not caused by
1659 hardware or software malfunctioning.
1661 critical(3) events indicate a serious failure that
1662 requires attention and prevents the device from
1663 transmitting data but could be recovered without
1664 rebooting the system.
1666 error(4) and warning(5) events indicate a failure
1667 occurred that could interrupt the normal data flow but
1668 does not cause the device to re-register.
1670 notice(6) and information(7) events indicate a
1671 milestone or checkpoint in normal operation that could
1672 be of particular importance when troubleshooting.
1674 debug(8) events are reserved for vendor-specific
1675 events.
1677 During normal operation no event more
1678 critical than notice(6) should be generated. Events
1679 between warning and emergency should be generated at
1680 appropriate levels of problems (e.g. emergency when the
1681 box is about to crash)."
1682 ::= { docsDevEvControlEntry 1 }
1684 docsDevEvReporting OBJECT-TYPE
1685 SYNTAX BITS {
1686 local(0),
1687 traps(1),
1688 syslog(2),
1689 -- The following are extensions to the original set of
1690 -- labels. The extensions start at an octet boundary. So
1691 -- for bits 3-7, one MUST set them to zero on send and
1692 -- one MUST ignore them on receipt.
1693 localVolatile(8),
1694 stdInterface(9)
1695 }
1696 MAX-ACCESS read-write
1697 STATUS current
1698 DESCRIPTION
1699 "Defines the action to be taken on occurrence of this
1700 event class. Implementations may not necessarily
1701 support all options for all event classes, but at
1702 minimum must allow traps and syslogging to be
1703 disabled.
1705 If the local(0) bit is set, then log to the internal
1706 log and update non-volatile store, for backward
1707 compatibility with the original RFC 2669 definition.
1708 If the traps(1) bit is set, then generate
1709 an SNMP trap, and if the syslog(2) bit is set, then
1710 send a syslog message (assuming the syslog address
1711 is set). If the localVolatile(8) bit is set, then
1712 log to the internal log without updating non-volatile
1713 store. If the stdInterface(9) bit is set, then the
1714 agent ignores all other bits except the local(0),
1715 syslog(2) and localVolatile(8) bits. Setting the
1716 stdInterface(9) bit indicates that RFC3413 and
1717 RFC3014 are being used to control event reporting
1718 mechanisms."
1719 ::= { docsDevEvControlEntry 2 }
1721 docsDevEventTable OBJECT-TYPE
1722 SYNTAX SEQUENCE OF DocsDevEventEntry
1723 MAX-ACCESS not-accessible
1724 STATUS current
1725 DESCRIPTION
1726 "Contains a log of network and device events that may be
1727 of interest in fault isolation and troubleshooting.
1728 If the local(0) bit is set in docsDevEvReporting,
1729 entries in this table MUST persist across reboots."
1730 ::= { docsDevEvent 8 }
1732 docsDevEventEntry OBJECT-TYPE
1733 SYNTAX DocsDevEventEntry
1734 MAX-ACCESS not-accessible
1735 STATUS current
1736 DESCRIPTION
1737 "Describes a network or device event that may be of
1738 interest in fault isolation and troubleshooting.
1739 Multiple sequential identical events are represented by
1740 incrementing docsDevEvCounts and setting
1741 docsDevEvLastTime to the current time rather than
1742 creating multiple rows.
1744 Entries are created with the first occurrence of an
1745 event. docsDevEvControl can be used to clear the
1746 table. Individual events can not be deleted."
1747 INDEX { docsDevEvIndex }
1748 ::= { docsDevEventTable 1 }
1750 DocsDevEventEntry ::= SEQUENCE {
1751 docsDevEvIndex Integer32,
1752 docsDevEvFirstTime DateAndTime,
1753 docsDevEvLastTime DateAndTime,
1754 docsDevEvCounts Counter32,
1755 docsDevEvLevel INTEGER,
1756 docsDevEvId Unsigned32,
1757 docsDevEvText SnmpAdminString
1758 }
1760 docsDevEvIndex OBJECT-TYPE
1761 SYNTAX Integer32 (1..2147483647)
1762 MAX-ACCESS not-accessible
1763 STATUS current
1764 DESCRIPTION
1765 "Provides relative ordering of the objects in the event
1766 log. This object will always increase except when
1767 (a) the log is reset via docsDevEvControl,
1768 (b) the device reboots and does not implement
1769 non-volatile storage for this log, or (c) it reaches
1770 the value 2^31. The next entry for all the above
1771 cases is 1."
1772 ::= { docsDevEventEntry 1 }
1774 docsDevEvFirstTime OBJECT-TYPE
1775 SYNTAX DateAndTime
1776 MAX-ACCESS read-only
1777 STATUS current
1778 DESCRIPTION
1779 "The value of docsDevDateTime at the time this entry was
1780 created."
1781 ::= { docsDevEventEntry 2 }
1783 docsDevEvLastTime OBJECT-TYPE
1784 SYNTAX DateAndTime
1785 MAX-ACCESS read-only
1786 STATUS current
1787 DESCRIPTION
1788 "When an entry reports only one event, this object will
1789 have the same value as the corresponding instance of
1790 docsDevEvFirstTime. When an entry reports multiple
1791 events, this object will record the value that
1792 docsDevDateTime had when the most recent event for this
1793 entry occurred."
1794 ::= { docsDevEventEntry 3 }
1796 -- This object was renamed from docsDevEvCount to meet naming
1797 -- requirements for Counter32
1798 docsDevEvCounts OBJECT-TYPE
1799 SYNTAX Counter32
1800 UNITS "events"
1801 MAX-ACCESS read-only
1802 STATUS current
1803 DESCRIPTION
1804 "The number of consecutive event instances reported by
1805 this entry. This starts at 1 with the creation of this
1806 row and increments by 1 for each subsequent duplicate
1807 event."
1808 ::= { docsDevEventEntry 4 }
1810 docsDevEvLevel OBJECT-TYPE
1811 SYNTAX INTEGER {
1812 emergency(1),
1813 alert(2),
1814 critical(3),
1815 error(4),
1816 warning(5),
1817 notice(6),
1818 information(7),
1819 debug(8)
1820 }
1821 MAX-ACCESS read-only
1822 STATUS current
1823 DESCRIPTION
1824 "The priority level of this event as defined by the
1825 vendor. These are ordered from most serious (emergency)
1826 to least serious (debug).
1828 emergency(1) events indicate vendor-specific fatal
1829 hardware or software errors that prevent normal system
1830 operation.
1832 alert(2) events indicate a serious failure which causes
1833 the reporting system to reboot but is not caused by
1834 hardware or software malfunctioning.
1836 critical(3) events indicate a serious failure that
1837 requires attention and prevents the device from
1838 transmitting data but could be recovered without
1839 rebooting the system.
1841 error(4) and warning(5) events indicate a failure
1842 occurred that could interrupt the normal data flow but
1843 does not cause the device to re-register.
1845 notice(6) and information(7) events indicate a
1846 milestone or checkpoint in normal operation that could
1847 be of particular importance when troubleshooting.
1849 debug(8) events are reserved for vendor-specific
1850 events.
1852 During normal operation no event more
1853 critical than notice(6) should be generated. Events
1854 between warning and emergency should be generated at
1855 appropriate levels of problems (e.g. emergency when the
1856 box is about to crash)."
1857 ::= { docsDevEventEntry 5 }
1859 --
1860 -- It is strongly recommended that implementors follow the CableLabs
1861 -- enumerations for docsDevEvId, per the DOCSIS OSSIv1.1 spec
1862 -- and follow-on specifications.
1863 --
1865 docsDevEvId OBJECT-TYPE
1866 SYNTAX Unsigned32
1867 MAX-ACCESS read-only
1868 STATUS current
1869 DESCRIPTION
1870 "For this product, uniquely identifies the type of event
1871 that is reported by this entry."
1872 REFERENCE
1873 "DOCSIS OSSI 1.1 Specification, Appendix H and
1874 DOCSIS OSSI 2.0 Specification, Annex D."
1875 ::= { docsDevEventEntry 6 }
1877 docsDevEvText OBJECT-TYPE
1878 SYNTAX SnmpAdminString
1879 MAX-ACCESS read-only
1880 STATUS current
1881 DESCRIPTION
1882 "Provides a human-readable description of the event,
1883 including all relevant context (interface numbers,
1884 etc.)."
1885 ::= { docsDevEventEntry 7 }
1887 docsDevEvSyslogAddressType OBJECT-TYPE
1888 SYNTAX InetAddressType
1889 MAX-ACCESS read-write
1890 STATUS current
1891 DESCRIPTION
1892 "The type of address of docsDevEvSyslogAddress. If
1893 no syslog server exists, this value should return
1894 unknown(0)."
1895 DEFVAL { unknown }
1896 ::= { docsDevEvent 9 }
1898 docsDevEvSyslogAddress OBJECT-TYPE
1899 SYNTAX InetAddress
1900 MAX-ACCESS read-write
1901 STATUS current
1902 DESCRIPTION
1903 "The Internet address of the Syslog server as provided by
1904 DHCP option 7 or set via SNMP management. If the
1905 address of the server is set to any of the zero length
1906 string, the 0.0.0.0 IPv4 address or the 0: IPv6 address,
1907 Syslog transmission is inhibited.
1909 Note that if multiple values are provided to the CM in
1910 DHCP option 7, the value of this MIB object MUST be the
1911 first Syslog server address received.
1913 By default at agent boot, this object returns the zero
1914 length string."
1915 ::= { docsDevEvent 10 }
1917 docsDevEvThrottleThresholdExceeded OBJECT-TYPE
1918 SYNTAX TruthValue
1919 MAX-ACCESS read-only
1920 STATUS current
1921 DESCRIPTION
1922 "If true(1), trap and syslog transmission is currently
1923 inhibited due to exceeding the trap/syslog event
1924 threshold in the current interval."
1925 ::= { docsDevEvent 11 }
1927 --
1928 -- Link Level Control Filtering
1929 --
1931 docsDevFilter OBJECT IDENTIFIER ::= { docsDevMIBObjects 6 }
1933 docsDevFilterLLCUnmatchedAction OBJECT-TYPE
1934 SYNTAX INTEGER {
1935 discard(1),
1936 accept(2)
1937 }
1938 MAX-ACCESS read-write
1939 STATUS current
1940 DESCRIPTION
1941 "LLC (Link Level Control) filters can be defined on an
1942 inclusive or exclusive basis: CMs can be configured to
1943 forward only packets matching a set of layer three
1944 protocols, or to drop packets matching a set of layer
1945 three protocols. Typical use of these filters is to
1946 filter out possibly harmful (given the context of a
1947 large metropolitan LAN) protocols.
1949 If set to discard(1), any L2 packet which does not match
1950 at least one filter in the docsDevFilterLLCTable will be
1951 discarded. If set to accept(2), any L2 packet which
1952 does not match at least one filter in the
1953 docsDevFilterLLCTable will be accepted for further
1954 processing (e.g., bridging). In other words, if the
1955 packet does not match an entry in the table it takes
1956 this action, if it does match an entry in the table it
1957 takes the opposite of this action."
1958 DEFVAL { accept }
1959 ::= { docsDevFilter 1 }
1961 docsDevFilterLLCTable OBJECT-TYPE
1962 SYNTAX SEQUENCE OF DocsDevFilterLLCEntry
1963 MAX-ACCESS not-accessible
1964 STATUS current
1965 DESCRIPTION
1966 "A list of filters to apply to (bridged) LLC
1967 traffic. The filters in this table are applied to
1968 incoming traffic on the appropriate interface(s) prior
1969 to any further processing (e.g. before handing the
1970 packet off for level 3 processing, or for bridging).
1971 The specific action taken when no filter is matched is
1972 controlled by docsDevFilterLLCUnmatchedAction. Table
1973 entries MUST NOT persist across reboots for any device."
1974 ::= { docsDevFilter 2 }
1976 docsDevFilterLLCEntry OBJECT-TYPE
1977 SYNTAX DocsDevFilterLLCEntry
1978 MAX-ACCESS not-accessible
1979 STATUS current
1980 DESCRIPTION
1981 "Describes a single filter to apply to (bridged) LLC
1982 traffic received on a specified interface. "
1983 INDEX { docsDevFilterLLCIndex }
1984 ::= { docsDevFilterLLCTable 1 }
1986 DocsDevFilterLLCEntry ::= SEQUENCE {
1987 docsDevFilterLLCIndex Integer32,
1988 docsDevFilterLLCStatus RowStatus,
1989 docsDevFilterLLCIfIndex InterfaceIndexOrZero,
1990 docsDevFilterLLCProtocolType INTEGER,
1991 docsDevFilterLLCProtocol Integer32,
1992 docsDevFilterLLCMatches Counter32
1993 }
1995 docsDevFilterLLCIndex OBJECT-TYPE
1996 SYNTAX Integer32 (1..2147483647)
1997 MAX-ACCESS not-accessible
1998 STATUS current
1999 DESCRIPTION
2000 "Index used for the identification of filters (note that
2001 LLC filter order is irrelevant)."
2002 ::= { docsDevFilterLLCEntry 1 }
2004 docsDevFilterLLCStatus OBJECT-TYPE
2005 SYNTAX RowStatus
2006 MAX-ACCESS read-create
2007 STATUS current
2008 DESCRIPTION
2009 "Controls and reflects the status of rows in this
2010 table. There is no restriction on changing any of the
2011 associated columns for this row while this object is set
2012 to active.
2014 Specifying only this object (with the
2015 appropriate index) on a CM is sufficient to create a
2016 filter row which matches all inbound packets on the
2017 ethernet interface, and results in the packets being
2018 discarded. docsDevFilterLLCIfIndex (at least) must be
2019 specified on a CMTS to create a row."
2020 ::= { docsDevFilterLLCEntry 2}
2022 docsDevFilterLLCIfIndex OBJECT-TYPE
2023 SYNTAX InterfaceIndexOrZero
2024 MAX-ACCESS read-create
2025 STATUS current
2026 DESCRIPTION
2027 "The entry interface to which this filter applies. The
2028 value corresponds to ifIndex for either a CATV MAC or
2029 another network interface. If the value is zero, the
2030 filter applies to all interfaces. In Cable Modems, the
2031 default value is the customer side interface(s). In
2032 CMTSs, this object has to be specified to
2033 create a row in this table.
2035 Note that according to the DOCSIS OSSIv1.1
2036 specification, ifIndex '1' in the CM means that this
2037 row applies to all Cable Modem to CPE Interfaces
2038 (CMCI)."
2039 REFERENCE
2040 "DOCSIS OSSI 1.1 Specification, Section 3.3.4.1. and
2041 DOCSIS OSSI 2.0 Specification, Section 6.3.4.1."
2042 ::= { docsDevFilterLLCEntry 3 }
2044 docsDevFilterLLCProtocolType OBJECT-TYPE
2045 SYNTAX INTEGER {
2046 ethertype(1),
2047 dsap(2)
2048 }
2049 MAX-ACCESS read-create
2050 STATUS current
2051 DESCRIPTION
2052 "The format of the value in docsDevFilterLLCProtocol:
2053 either a two-byte Ethernet Ethertype, or a one-byte
2054 802.2 Service Access Point (SAP) value. ethertype(1)
2055 also applies to Standard Network Access Protocol
2056 (SNAP) encapsulated frames."
2057 DEFVAL { ethertype }
2058 ::= { docsDevFilterLLCEntry 4 }
2060 docsDevFilterLLCProtocol OBJECT-TYPE
2061 SYNTAX Integer32 (0..65535)
2062 MAX-ACCESS read-create
2063 STATUS current
2064 DESCRIPTION
2065 "The layer three protocol for which this filter applies.
2066 The protocol value format depends on
2067 docsDevFilterLLCProtocolType. Note that for SNAP
2068 frames, ethertype filtering is performed rather than
2069 Destination Service Access Point (DSAP) =0xAA."
2070 DEFVAL { 0 }
2071 ::= { docsDevFilterLLCEntry 5 }
2073 docsDevFilterLLCMatches OBJECT-TYPE
2074 SYNTAX Counter32
2075 UNITS "matches"
2076 MAX-ACCESS read-only
2077 STATUS current
2078 DESCRIPTION
2079 "Counts the number of times this filter was matched."
2080 ::= { docsDevFilterLLCEntry 6 }
2082 --
2083 -- IPv4 Filtering
2084 --
2086 docsDevFilterIpDefault OBJECT-TYPE
2087 SYNTAX INTEGER {
2088 discard(1),
2089 accept(2)
2090 }
2091 MAX-ACCESS read-write
2092 STATUS deprecated
2093 DESCRIPTION
2094 "The default behavior for (bridged) packets that do not
2095 match IP filters (nor Internet filters if implemented)
2096 is defined by docsDevFilterIpDefault.
2098 If set to discard(1), all packets not matching an IP
2099 filter in docsDevFilterIpTable will be discarded. If
2100 set to accept(2), all packets not matching an IP filter
2101 nor an Internet filter will be accepted for further
2102 processing (e.g., bridging)."
2103 DEFVAL { accept }
2104 ::= { docsDevFilter 3 }
2106 docsDevFilterIpTable OBJECT-TYPE
2107 SYNTAX SEQUENCE OF DocsDevFilterIpEntry
2108 MAX-ACCESS not-accessible
2109 STATUS deprecated
2110 DESCRIPTION
2111 "An ordered list of filters or classifiers to apply to
2112 IP traffic. Filter application is ordered by the filter
2113 index, rather than by a best match algorithm (Note that
2114 this implies that the filter table may have gaps in the
2115 index values). Packets which match no filters will have
2116 policy 0 in the docsDevFilterPolicyTable applied to
2117 them if it exists. Otherwise, Packets which match no
2118 filters are discarded or forwarded according to the
2119 setting of docsDevFilterIpDefault.
2121 Any IP packet can theoretically match multiple rows of
2122 this table. When considering a packet, the table is
2123 scanned in row index order (e.g. filter 10 is checked
2124 before filter 20). If the packet matches that filter
2125 (which means that it matches ALL criteria for that row),
2126 actions appropriate to docsDevFilterIpControl and
2127 docsDevFilterPolicyId are taken. If the packet was
2128 discarded processing is complete. If
2129 docsDevFilterIpContinue is set to true, the filter
2130 comparison continues with the next row in the table
2131 looking for additional matches.
2133 If the packet matches no filter in the table, the packet
2134 is accepted or dropped for further processing based on
2135 the setting of docsDevFilterIpDefault. If the packet is
2136 accepted, the actions specified by policy group 0
2137 (e.g. the rows in docsDevFilterPolicyTable which have a
2138 value of 0 for docsDevFilterPolicyId) are taken if that
2139 policy group exists.
2141 Logically, this table is consulted twice during the
2142 processing of any IP packet - once upon its acceptance
2143 from the L2 entity, and once upon its transmission to
2144 the L2 entity. In actuality, for cable modems, IP
2145 filtering is generally the only IP processing done for
2146 transit traffic. This means that inbound and outbound
2147 filtering can generally be done at the same time with
2148 one pass through the filter table.
2150 The objects in this table are only accessible from cable
2151 devices which are not operating in DiffServ MIB mode
2152 (RFC 3289). See the conformance section for details.
2154 Note that some devices are required by other
2155 specifications, e.g. the DOCSIS OSSIv1.1 specification,
2156 to support the legacy SNMPv1/v2c docsDevFilter mode
2157 for backward compatibility.
2159 Table entries MUST NOT persist across reboots for any
2160 device.
2162 This table is deprecated. Instead, use the DiffServ MIB
2163 from RFC 3289."
2164 ::= { docsDevFilter 4 }
2166 docsDevFilterIpEntry OBJECT-TYPE
2167 SYNTAX DocsDevFilterIpEntry
2168 MAX-ACCESS not-accessible
2169 STATUS deprecated
2170 DESCRIPTION
2171 "Describes a filter to apply to IP traffic received on a
2172 specified interface. All identity objects in this table
2173 (e.g. source and destination address/mask, protocol,
2174 source/dest port, TOS/mask, interface and direction)
2175 must match their respective fields in the packet for
2176 any given filter to match.
2178 To create an entry in this table, docsDevFilterIpIfIndex
2179 must be specified."
2180 INDEX { docsDevFilterIpIndex }
2181 ::= { docsDevFilterIpTable 1 }
2183 DocsDevFilterIpEntry ::= SEQUENCE {
2184 docsDevFilterIpIndex Integer32,
2185 docsDevFilterIpStatus RowStatus,
2186 docsDevFilterIpControl INTEGER,
2187 docsDevFilterIpIfIndex InterfaceIndexOrZero,
2188 docsDevFilterIpDirection INTEGER,
2189 docsDevFilterIpBroadcast TruthValue,
2190 docsDevFilterIpSaddr IpAddress,
2191 docsDevFilterIpSmask IpAddress,
2192 docsDevFilterIpDaddr IpAddress,
2193 docsDevFilterIpDmask IpAddress,
2194 docsDevFilterIpProtocol Integer32,
2195 docsDevFilterIpSourcePortLow Integer32,
2196 docsDevFilterIpSourcePortHigh Integer32,
2197 docsDevFilterIpDestPortLow Integer32,
2198 docsDevFilterIpDestPortHigh Integer32,
2199 docsDevFilterIpMatches ZeroBasedCounter32,
2200 docsDevFilterIpTos OCTET STRING,
2201 docsDevFilterIpTosMask OCTET STRING,
2202 docsDevFilterIpContinue TruthValue,
2203 docsDevFilterIpPolicyId Integer32
2204 }
2206 docsDevFilterIpIndex OBJECT-TYPE
2207 SYNTAX Integer32 (1..2147483647)
2208 MAX-ACCESS not-accessible
2209 STATUS deprecated
2210 DESCRIPTION
2211 "Index used to order the application of filters.
2212 The filter with the lowest index is always applied
2213 first."
2214 ::= { docsDevFilterIpEntry 1 }
2216 docsDevFilterIpStatus OBJECT-TYPE
2217 SYNTAX RowStatus
2218 MAX-ACCESS read-create
2219 STATUS deprecated
2220 DESCRIPTION
2221 "Controls and reflects the status of rows in this
2222 table. Specifying only this object (with the
2223 appropriate index) on a CM is sufficient to create a
2224 filter row which matches all inbound packets on the
2225 ethernet interface, and results in the packets being
2226 discarded. docsDevFilterIpIfIndex (at least) must be
2227 specified on a CMTS to create a row. Creation of the
2228 rows may be done via either create-and-wait or
2229 create-and-go, but the filter is not applied until this
2230 object is set to (or changes to) active. There is no
2231 restriction in changing any object in a row while this
2232 object is set to active."
2233 ::= { docsDevFilterIpEntry 2 }
2235 docsDevFilterIpControl OBJECT-TYPE
2236 SYNTAX INTEGER {
2237 discard(1),
2238 accept(2),
2239 policy(3)
2240 }
2241 MAX-ACCESS read-create
2242 STATUS deprecated
2243 DESCRIPTION
2244 "If set to discard(1), all packets matching this filter
2245 will be discarded and scanning of the remainder of the
2246 filter list will be aborted. If set to accept(2), all
2247 packets matching this filter will be accepted for
2248 further processing (e.g., bridging). If
2249 docsDevFilterIpContinue is set to true, see if there
2250 are other matches, otherwise done. If set to
2251 policy (3), execute the policy entries
2252 matched by docsDevFilterIpPolicyId in
2253 docsDevFilterPolicyTable.
2255 If docsDevFilterIpContinue is set to true, continue
2256 scanning the table for other matches, otherwise done."
2257 DEFVAL { discard }
2258 ::= { docsDevFilterIpEntry 3 }
2260 docsDevFilterIpIfIndex OBJECT-TYPE
2261 SYNTAX InterfaceIndexOrZero
2262 MAX-ACCESS read-create
2263 STATUS deprecated
2264 DESCRIPTION
2265 "The entry interface to which this filter applies. The
2266 value corresponds to ifIndex for either a CATV MAC or
2267 another interface. If the value is zero, the
2268 filter applies to all interfaces. Default value in CMs
2269 is the index of the customer-side (e.g. ethernet)
2270 interface(s). In CMTSes, this object MUST be
2271 specified to create a row in this table.
2273 Note that according to the DOCSIS OSSIv1.1
2274 specification, ifIndex '1' in the Cable Modem means
2275 that this row applies to all CMCI (customer-facing)
2276 interfaces."
2277 REFERENCE
2278 "DOCSIS OSSI 1.1 Specification, Section 3.3.4.1. and
2279 DOCSIS OSSI 2.0 Specification, Section 6.3.4.1."
2280 ::= { docsDevFilterIpEntry 4 }
2282 docsDevFilterIpDirection OBJECT-TYPE
2283 SYNTAX INTEGER {
2284 inbound(1),
2285 outbound(2),
2286 both(3)
2287 }
2288 MAX-ACCESS read-create
2289 STATUS deprecated
2290 DESCRIPTION
2291 "Determines whether the filter is applied to inbound(1)
2292 traffic, outbound(2) traffic, or traffic in both(3)
2293 directions."
2294 DEFVAL { inbound }
2295 ::= { docsDevFilterIpEntry 5 }
2297 docsDevFilterIpBroadcast OBJECT-TYPE
2298 SYNTAX TruthValue
2299 MAX-ACCESS read-create
2300 STATUS deprecated
2301 DESCRIPTION
2302 "If set to true(1), the filter only applies to multicast
2303 and broadcast traffic. If set to false(2), the filter
2304 applies to all traffic."
2305 DEFVAL { false }
2306 ::= { docsDevFilterIpEntry 6 }
2308 docsDevFilterIpSaddr OBJECT-TYPE
2309 SYNTAX IpAddress
2310 MAX-ACCESS read-create
2311 STATUS deprecated
2312 DESCRIPTION
2313 "The source IP address, or portion thereof, that is to be
2314 matched for this filter. The source address is first
2315 masked (and'ed) against docsDevFilterIpSmask before
2316 being compared to this value. A value of 0 for this
2317 object and 0 for the mask matches all IP addresses."
2318 DEFVAL { '00000000'h }
2319 ::= { docsDevFilterIpEntry 7 }
2321 docsDevFilterIpSmask OBJECT-TYPE
2322 SYNTAX IpAddress
2323 MAX-ACCESS read-create
2324 STATUS deprecated
2325 DESCRIPTION
2326 "A bit mask that is to be applied to the source address
2327 prior to matching. This mask is not necessarily the
2328 same as a subnet mask, but 1's bits must be leftmost and
2329 contiguous."
2330 DEFVAL { '00000000'h }
2331 ::= { docsDevFilterIpEntry 8 }
2333 docsDevFilterIpDaddr OBJECT-TYPE
2334 SYNTAX IpAddress
2335 MAX-ACCESS read-create
2336 STATUS deprecated
2337 DESCRIPTION
2338 "The destination IP address, or portion thereof, that is
2339 to be matched for this filter. The destination address
2340 is first masked (and'ed) against docsDevFilterIpDmask
2341 before being compared to this value. A value of
2342 00000000 for this object and 00000000 for the mask
2343 matches all IP addresses."
2344 DEFVAL { '00000000'h }
2345 ::= { docsDevFilterIpEntry 9 }
2347 docsDevFilterIpDmask OBJECT-TYPE
2348 SYNTAX IpAddress
2349 MAX-ACCESS read-create
2350 STATUS deprecated
2351 DESCRIPTION
2352 "A bit mask that is to be applied to the destination
2353 address prior to matching. This mask is not necessarily
2354 the same as a subnet mask, but 1's bits MUST be leftmost
2355 and contiguous."
2356 DEFVAL { '00000000'h }
2357 ::= { docsDevFilterIpEntry 10 }
2359 docsDevFilterIpProtocol OBJECT-TYPE
2360 SYNTAX Integer32 (0..256)
2361 MAX-ACCESS read-create
2362 STATUS deprecated
2363 DESCRIPTION
2364 "The IP protocol value that is to be matched. For
2365 example: icmp is 1, tcp is 6, udp is 17. A value of
2366 256 matches ANY protocol."
2367 REFERENCE "www.iana.org/assignments/protocol-numbers"
2368 DEFVAL { 256 }
2369 ::= { docsDevFilterIpEntry 11 }
2371 docsDevFilterIpSourcePortLow OBJECT-TYPE
2372 SYNTAX Integer32 (0..65535)
2373 MAX-ACCESS read-create
2374 STATUS deprecated
2375 DESCRIPTION
2376 "This is the inclusive lower bound of the transport-layer
2377 source port range that is to be matched. If the IP
2378 protocol of the packet is neither UDP nor TCP, this
2379 object is ignored during matching."
2380 REFERENCE "www.iana.org/assignments/port-numbers"
2381 DEFVAL { 0 }
2382 ::= { docsDevFilterIpEntry 12 }
2384 docsDevFilterIpSourcePortHigh OBJECT-TYPE
2385 SYNTAX Integer32 (0..65535)
2386 MAX-ACCESS read-create
2387 STATUS deprecated
2388 DESCRIPTION
2389 "This is the inclusive upper bound of the transport-layer
2390 source port range that is to be matched. If the IP
2391 protocol of the packet is neither UDP nor TCP, this
2392 object is ignored during matching."
2393 REFERENCE "www.iana.org/assignments/port-numbers"
2394 DEFVAL { 65535 }
2395 ::= { docsDevFilterIpEntry 13 }
2397 docsDevFilterIpDestPortLow OBJECT-TYPE
2398 SYNTAX Integer32 (0..65535)
2399 MAX-ACCESS read-create
2400 STATUS deprecated
2401 DESCRIPTION
2402 "This is the inclusive lower bound of the transport-layer
2403 destination port range that is to be matched. If the IP
2404 protocol of the packet is neither UDP nor TCP, this
2405 object is ignored during matching."
2406 REFERENCE "www.iana.org/assignments/port-numbers"
2407 DEFVAL { 0 }
2408 ::= { docsDevFilterIpEntry 14 }
2410 docsDevFilterIpDestPortHigh OBJECT-TYPE
2411 SYNTAX Integer32 (0..65535)
2412 MAX-ACCESS read-create
2413 STATUS deprecated
2414 DESCRIPTION
2415 "This is the inclusive upper bound of the transport-layer
2416 destination port range that is to be matched. If the IP
2417 protocol of the packet is neither UDP nor TCP, this
2418 object is ignored during matching."
2419 REFERENCE "www.iana.org/assignments/port-numbers"
2420 DEFVAL { 65535 }
2421 ::= { docsDevFilterIpEntry 15 }
2423 docsDevFilterIpMatches OBJECT-TYPE
2424 SYNTAX ZeroBasedCounter32
2425 UNITS "matches"
2426 MAX-ACCESS read-only
2427 STATUS deprecated
2428 DESCRIPTION
2429 "Counts the number of times this filter was matched.
2430 This object is initialized to 0 at boot, or at row
2431 creation, and is reset only upon reboot."
2432 ::= { docsDevFilterIpEntry 16 }
2434 docsDevFilterIpTos OBJECT-TYPE
2435 SYNTAX OCTET STRING (SIZE (1))
2436 MAX-ACCESS read-create
2437 STATUS deprecated
2438 DESCRIPTION
2439 "This is the value to be matched to the packet's
2440 TOS (Type of Service) value (after the TOS value
2441 is AND'd with docsDevFilterIpTosMask). A value for this
2442 object of 0 and a mask of 0 matches all TOS values."
2443 DEFVAL { '00'h }
2444 ::= { docsDevFilterIpEntry 17 }
2446 docsDevFilterIpTosMask OBJECT-TYPE
2447 SYNTAX OCTET STRING (SIZE (1))
2448 MAX-ACCESS read-create
2449 STATUS deprecated
2450 DESCRIPTION
2451 "The mask to be applied to the packet's TOS value before
2452 matching."
2453 DEFVAL { '00'h }
2454 ::= { docsDevFilterIpEntry 18 }
2456 docsDevFilterIpContinue OBJECT-TYPE
2457 SYNTAX TruthValue
2458 MAX-ACCESS read-create
2459 STATUS deprecated
2460 DESCRIPTION
2461 "If this value is set to true, and docsDevFilterIpControl
2462 is anything but discard (1), continue scanning and
2463 applying policies. See section 3.3.3 for more
2464 details."
2465 DEFVAL { false }
2466 ::= { docsDevFilterIpEntry 19 }
2468 docsDevFilterIpPolicyId OBJECT-TYPE
2469 SYNTAX Integer32 (0..2147483647)
2470 MAX-ACCESS read-create
2471 STATUS deprecated
2472 DESCRIPTION
2473 "This object points to an entry in
2474 docsDevFilterPolicyTable. If docsDevFilterIpControl
2475 is set to policy (3), execute all matching policies
2476 in docsDevFilterPolicyTable. If no matching policy
2477 exists, treat as if docsDevFilterIpControl were set
2478 to accept (1). If this object is set to the value of
2479 0, there is no matching policy, and
2480 docsDevFilterPolicyTable MUST NOT be consulted."
2481 DEFVAL { 0 }
2482 ::= { docsDevFilterIpEntry 20 }
2484 --
2485 -- Policy Mapping Table
2486 --
2488 docsDevFilterPolicyTable OBJECT-TYPE
2489 SYNTAX SEQUENCE OF DocsDevFilterPolicyEntry
2490 MAX-ACCESS not-accessible
2491 STATUS deprecated
2492 DESCRIPTION
2493 "A Table which maps between a policy group ID and a set
2494 of pointers to policies to be applied. All rows with
2495 the same docsDevFilterPolicyId are part of the same
2496 group of policy pointers, and are applied in the order
2497 in this table. docsDevFilterPolicyTable exists to
2498 allow multiple policy actions (referenced by policy
2499 pointers) to be applied to any given classified packet.
2500 The policy actions are applied in index order.
2501 For example:
2503 Index ID Type Action
2504 1 1 TOS 1
2505 9 5 TOS 1
2506 12 1 IPSEC 3
2508 This says that a packet which matches a filter with
2509 policy id 1, first has TOS policy 1 applied (which might
2510 set the TOS bits to enable a higher priority), and next
2511 has the IPSEC policy 3 applied (which may result in the
2512 packet being dumped into a secure VPN to a remote
2513 encryptor).
2515 Policy ID 0 is reserved for default actions and is
2516 applied only to packets which match no filters in
2517 docsDevFilterIpTable.
2519 Table entries MUST NOT persist across reboots for any
2520 device.
2522 This table is deprecated. Instead, use the DiffServ MIB
2523 from RFC 3289."
2524 ::= { docsDevFilter 5 }
2526 docsDevFilterPolicyEntry OBJECT-TYPE
2527 SYNTAX DocsDevFilterPolicyEntry
2528 MAX-ACCESS not-accessible
2529 STATUS deprecated
2530 DESCRIPTION
2531 "An entry in the docsDevFilterPolicyTable. Entries are
2532 created by Network Management. To create an entry,
2533 docsDevFilterPolicyId MUST be specified."
2534 INDEX { docsDevFilterPolicyIndex }
2535 ::= { docsDevFilterPolicyTable 1 }
2537 DocsDevFilterPolicyEntry ::= SEQUENCE {
2538 docsDevFilterPolicyIndex Integer32,
2539 docsDevFilterPolicyId Integer32,
2540 -- docsDevFilterPolicyType INTEGER,
2541 -- docsDevFilterPolicyAction Integer32,
2542 docsDevFilterPolicyStatus RowStatus,
2543 docsDevFilterPolicyPtr RowPointer
2544 }
2546 docsDevFilterPolicyIndex OBJECT-TYPE
2547 SYNTAX Integer32 (1..2147483647)
2548 MAX-ACCESS not-accessible
2549 STATUS deprecated
2550 DESCRIPTION "Index value for the table."
2551 ::= { docsDevFilterPolicyEntry 1 }
2553 docsDevFilterPolicyId OBJECT-TYPE
2554 SYNTAX Integer32 (0..2147483647)
2555 MAX-ACCESS read-create
2556 STATUS deprecated
2557 DESCRIPTION
2558 "Policy ID for this entry. A policy ID can apply to
2559 multiple rows of this table, all relevant policies are
2560 executed. Policy 0 (if populated) is applied to all
2561 packets which do not match any of the filters. N.B. If
2562 docsDevFilterIpPolicyId is set to 0, it DOES NOT match
2563 policy 0 of this table."
2564 ::= { docsDevFilterPolicyEntry 2 }
2566 -- The following two objects were removed and never used, however,
2567 -- to preserve OID numbering, they are simply commented out to
2568 -- to ensure that they are not used again.
2569 -- docsDevFilterPolicyType ::= { docsDevFilterPolicyEntry 3 }
2570 -- docsDevFilterPolicyAction ::= { docsDevFilterPolicyEntry 4 }
2572 docsDevFilterPolicyStatus OBJECT-TYPE
2573 SYNTAX RowStatus
2574 MAX-ACCESS read-create
2575 STATUS deprecated
2576 DESCRIPTION
2577 "Object used to create an entry in this table. There is
2578 no restriction in changing any object in a row while
2579 this object is set to active.
2581 The following object MUST have a valid value before this
2582 object can be set to active: docsDevFilterPolicyPtr."
2583 ::= { docsDevFilterPolicyEntry 5 }
2585 docsDevFilterPolicyPtr OBJECT-TYPE
2586 SYNTAX RowPointer
2587 MAX-ACCESS read-create
2588 STATUS deprecated
2589 DESCRIPTION
2590 "This object points to a row in an applicable filter
2591 policy table. Currently, the only standard policy
2592 table is docsDevFilterTosTable.
2594 Per the textual convention, this object points to the
2595 first accessible object in the row. E.g. to point to a
2596 row in docsDevFilterTosTable with an index of 21, the
2597 value of this object would be the object identifier
2598 docsDevTosStatus.21.
2600 Vendors are recommended to adhere to the same convention
2601 when adding vendor specific policy table extensions.
2603 If this pointer references an empty or non-existant
2604 row then no policy action is taken.
2606 The default upon row creation is a null pointer which
2607 results in no policy action being taken."
2608 DEFVAL { zeroDotZero }
2609 ::= { docsDevFilterPolicyEntry 6 }
2611 --
2612 -- TOS Policy action table
2613 --
2615 docsDevFilterTosTable OBJECT-TYPE
2616 SYNTAX SEQUENCE OF DocsDevFilterTosEntry
2617 MAX-ACCESS not-accessible
2618 STATUS deprecated
2619 DESCRIPTION
2620 "Table used to describe Type of Service (TOS) bits
2621 processing.
2623 This table is an adjunct to the docsDevFilterIpTable,
2624 and the docsDevFilterPolicy table. Entries in the
2625 latter table can point to specific rows in this (and
2626 other) tables and cause specific actions to be taken.
2627 This table permits the manipulation of the value of the
2628 Type of Service bits in the IP header of the matched
2629 packet as follows:
2631 Set the tosBits of the packet to
2632 (tosBits & docsDevFilterTosAndMask) |
2633 docsDevFilterTosOrMask
2635 This construct allows you to do a clear and set of all
2636 the TOS bits in a flexible manner.
2638 Table entries MUST NOT persist across reboots for any
2639 device.
2641 This table is deprecated. Instead, use the DiffServ MIB
2642 from RFC 3289."
2643 ::= { docsDevFilter 6 }
2645 docsDevFilterTosEntry OBJECT-TYPE
2646 SYNTAX DocsDevFilterTosEntry
2647 MAX-ACCESS not-accessible
2648 STATUS deprecated
2649 DESCRIPTION
2650 "A TOS policy entry."
2651 INDEX { docsDevFilterTosIndex }
2652 ::= { docsDevFilterTosTable 1 }
2654 DocsDevFilterTosEntry ::= SEQUENCE {
2655 docsDevFilterTosIndex Integer32,
2656 docsDevFilterTosStatus RowStatus,
2657 docsDevFilterTosAndMask OCTET STRING,
2658 docsDevFilterTosOrMask OCTET STRING
2659 }
2661 docsDevFilterTosIndex OBJECT-TYPE
2662 SYNTAX Integer32 (1..2147483647)
2663 MAX-ACCESS not-accessible
2664 STATUS deprecated
2665 DESCRIPTION
2666 "The unique index for this row. There are no ordering
2667 requirements for this table and any valid index may be
2668 specified."
2669 ::= { docsDevFilterTosEntry 1 }
2671 docsDevFilterTosStatus OBJECT-TYPE
2672 SYNTAX RowStatus
2673 MAX-ACCESS read-create
2674 STATUS deprecated
2675 DESCRIPTION
2676 "The object used to create and delete entries in this
2677 table. A row created by specifying just this object
2678 results in a row which specifies no change to the TOS
2679 bits. A row may be created using either the
2680 create-and-go or create-and-wait paradigms. There is
2681 no restriction on the ability to change values in this
2682 row while the row is active."
2683 ::= { docsDevFilterTosEntry 2 }
2685 docsDevFilterTosAndMask OBJECT-TYPE
2686 SYNTAX OCTET STRING (SIZE (1))
2687 MAX-ACCESS read-create
2688 STATUS deprecated
2689 DESCRIPTION
2690 "This value is bitwise AND'd with the matched packet's
2691 TOS bits."
2692 DEFVAL { 'ff'h }
2693 ::= { docsDevFilterTosEntry 3 }
2695 docsDevFilterTosOrMask OBJECT-TYPE
2696 SYNTAX OCTET STRING (SIZE (1))
2697 MAX-ACCESS read-create
2698 STATUS deprecated
2699 DESCRIPTION
2700 "This value is bitwise OR'd with the result from the
2701 AND procedure, (tosBits & docsDevFilterTosAndMask).
2702 The result then replaces the packet's TOS bits."
2703 DEFVAL { '00'h }
2704 ::= { docsDevFilterTosEntry 4 }
2706 --
2707 -- CPE IP Management and anti spoofing group. Only implemented on
2708 -- Cable Modems.
2709 --
2711 docsDevCpe OBJECT IDENTIFIER ::= { docsDevMIBObjects 7 }
2713 docsDevCpeEnroll OBJECT-TYPE
2714 SYNTAX INTEGER {
2715 none(1),
2716 any(2)
2717 }
2718 MAX-ACCESS read-write
2719 STATUS current
2720 DESCRIPTION
2721 "This object controls the population of
2722 docsDevFilterCpeTable.
2723 If set to none, the filters must be set manually
2724 by a network management action (either configuration
2725 or SNMP set).
2726 If set to any, the CM wiretaps the packets originating
2727 from the ethernet and enrolls up to docsDevCpeIpMax
2728 addresses based on the source IPv4 or v6 addresses of
2729 those packets."
2730 DEFVAL { any }
2731 ::= { docsDevCpe 1 }
2733 docsDevCpeIpMax OBJECT-TYPE
2734 SYNTAX Integer32 (-1..2147483647)
2735 MAX-ACCESS read-write
2736 STATUS current
2737 DESCRIPTION
2738 "This object controls the maximum number of CPEs allowed
2739 to be learned behind this device. If set to zero, any
2740 number of CPEs may connect up to the maximum permitted
2741 for the device.
2742 If set to -1, no filtering is done on CPE source
2743 addresses, and no entries are made in the
2744 docsDevFilterCpeTable via learning. If an attempt is
2745 made to set this to a number greater than that
2746 permitted for the device, it is set to that maximum."
2747 DEFVAL { -1 }
2748 ::= { docsDevCpe 2 }
2750 docsDevCpeTable OBJECT-TYPE
2751 SYNTAX SEQUENCE OF DocsDevCpeEntry
2752 MAX-ACCESS not-accessible
2753 STATUS deprecated
2754 DESCRIPTION
2755 "This table lists the IPv4 addresses seen (or permitted)
2756 as source addresses in packets originating from the
2757 customer interface on this device. In addition, this
2758 table can be provisioned with the specific addresses
2759 permitted for the CPEs via the normal row creation
2760 mechanisms. Table entries MUST NOT persist across
2761 reboots for any device.
2763 N.B. Management action can add entries in this table
2764 and in docsDevCpeIpTable past the value of
2765 docsDevCpeIpMax. docsDevCpeIpMax ONLY restricts the
2766 ability of the CM to automatically add learned
2767 addresses.
2769 This table is deprecated and is replaced by
2770 docsDevCpeInetTable."
2771 ::= { docsDevCpe 3 }
2773 docsDevCpeEntry OBJECT-TYPE
2774 SYNTAX DocsDevCpeEntry
2775 MAX-ACCESS not-accessible
2776 STATUS deprecated
2777 DESCRIPTION
2778 "An entry in the docsDevFilterCpeTable. There is one
2779 entry for each IPv4 CPE seen or provisioned. If
2780 docsDevCpeIpMax is set to -1, this table is ignored,
2781 otherwise: Upon receipt of an IP packet from the
2782 customer interface of the CM, the source IP address is
2783 checked against this table. If the address is in the
2784 table, packet processing continues. If the address is
2785 not in the table, but docsDevCpeEnroll is set to any
2786 and the sum of the table sizes of docsDevCpeTable and
2787 docsDevCpeInetTable is less than docsDevCpeIpMax, the
2788 address is added to the table and packet processing
2789 continues. Otherwise, the packet is dropped.
2791 The filtering actions specified by this table occur
2792 after any LLC filtering (docsDevFilterLLCTable), but
2793 prior to any IP filtering (docsDevFilterIpTable,
2794 docsDevNmAccessTable)."
2795 INDEX { docsDevCpeIp }
2796 ::= {docsDevCpeTable 1 }
2798 DocsDevCpeEntry ::= SEQUENCE {
2799 docsDevCpeIp IpAddress,
2800 docsDevCpeSource INTEGER,
2801 docsDevCpeStatus RowStatus
2802 }
2804 docsDevCpeIp OBJECT-TYPE
2805 SYNTAX IpAddress
2806 MAX-ACCESS not-accessible
2807 STATUS deprecated
2808 DESCRIPTION
2809 "The IPv4 address to which this entry applies.
2811 N.B. Attempts to set all zeros or all ones address
2812 values MUST be rejected."
2813 ::= { docsDevCpeEntry 1 }
2815 docsDevCpeSource OBJECT-TYPE
2816 SYNTAX INTEGER {
2817 other(1),
2818 manual(2),
2819 learned(3)
2820 }
2821 MAX-ACCESS read-only
2822 STATUS deprecated
2823 DESCRIPTION
2824 "This object describes how this entry was created. If
2825 the value is manual(2), this row was created by a
2826 network management action (either configuration or
2827 SNMP set). If set to learned(3), then it was found via
2828 looking at the source IPv4 address of a
2829 received packet. The value other(1) is used for any
2830 entries that do not meet manual(2) or learned(3)
2831 criteria."
2832 ::= { docsDevCpeEntry 2 }
2834 docsDevCpeStatus OBJECT-TYPE
2835 SYNTAX RowStatus
2836 MAX-ACCESS read-create
2837 STATUS deprecated
2838 DESCRIPTION
2839 "Standard object to manipulate rows. To create a row in
2840 this table, you only need to specify this object.
2841 Management stations SHOULD use the create-and-go
2842 mechanism for creating rows in this table."
2843 ::= { docsDevCpeEntry 3 }
2845 --
2846 -- Internet CPE Management and anti spoofing group, for support of
2847 -- non-IPv4 CPEs.
2848 --
2850 docsDevCpeInetTable OBJECT-TYPE
2851 SYNTAX SEQUENCE OF DocsDevCpeInetEntry
2852 MAX-ACCESS not-accessible
2853 STATUS current
2854 DESCRIPTION
2855 "This table lists the IP addresses seen (or permitted) as
2856 source addresses in packets originating from the
2857 customer interface on this device. In addition, this
2858 table can be provisioned with the specific addresses
2859 permitted for the CPEs via the normal row creation
2860 mechanisms.
2862 N.B. Management action can add entries in this table
2863 and in docsDevCpeIpTable past the value of
2864 docsDevCpeIpMax. docsDevCpeIpMax ONLY restricts the
2865 ability of the CM to automatically add learned
2866 addresses.
2868 Table entries MUST NOT persist across reboots for any
2869 device.
2871 This table exactly mirrors docsDevCpeTable and applies
2872 to IPv4 and IPv6 addresses."
2873 ::= { docsDevCpe 4 }
2875 docsDevCpeInetEntry OBJECT-TYPE
2876 SYNTAX DocsDevCpeInetEntry
2877 MAX-ACCESS not-accessible
2878 STATUS current
2879 DESCRIPTION
2880 "An entry in the docsDevFilterCpeInetTable. There is one
2881 entry for each IP CPE seen or provisioned. If
2882 docsDevCpeIpMax is set to -1, this table is ignored,
2883 otherwise: upon receipt of an IP packet from the
2884 customer interface of the CM, the source IP address is
2885 checked against this table. If the address is in the
2886 table, packet processing continues. If the address is
2887 not in the table, but docsDevCpeEnroll is set to any and
2888 the sum of the table sizes for docsDevCpeTable and
2889 docsDevCpeInetTable is less than docsDevCpeIpMax, the
2890 address is added to the table and packet processing
2891 continues. Otherwise, the packet is dropped.
2893 The filtering actions specified by this table occur
2894 after any LLC filtering (docsDevFilterLLCTable), but
2895 prior to any IP filtering (docsDevFilterIpTable,
2896 docsDevNmAccessTable).
2898 When an agent (cable modem) restarts, then all
2899 dynamically-created rows are lost."
2900 INDEX { docsDevCpeInetType, docsDevCpeInetAddr }
2901 ::= { docsDevCpeInetTable 1 }
2903 DocsDevCpeInetEntry ::= SEQUENCE {
2904 docsDevCpeInetType InetAddressType,
2905 docsDevCpeInetAddr InetAddress,
2906 docsDevCpeInetSource INTEGER,
2907 docsDevCpeInetRowStatus RowStatus
2908 }
2910 docsDevCpeInetType OBJECT-TYPE
2911 SYNTAX InetAddressType
2912 MAX-ACCESS not-accessible
2913 STATUS current
2914 DESCRIPTION
2915 "The type of internet address of docsDevCpeInetAddr."
2916 ::= { docsDevCpeInetEntry 1 }
2918 docsDevCpeInetAddr OBJECT-TYPE
2919 SYNTAX InetAddress
2920 MAX-ACCESS not-accessible
2921 STATUS current
2922 DESCRIPTION
2923 "The Internet address to which this entry applies.
2925 Implementors need to be aware that if the size of
2926 of docsDevCpeInetAddr exceeds 114 octets then
2927 OIDs of instances of columns in this row will have
2928 more than 128 sub-identifiers and cannot be accessed
2929 using SNMPv1, SNMPv2c, or SNMPv3. Only unicast
2930 address are allowed for this object."
2931 ::= { docsDevCpeInetEntry 2 }
2933 docsDevCpeInetSource OBJECT-TYPE
2934 SYNTAX INTEGER {
2935 manual(2),
2936 learned(3)
2937 }
2938 MAX-ACCESS read-only
2939 STATUS current
2940 DESCRIPTION
2941 "This object describes how this entry was created. If
2942 the value is manual(2), this row was created by a
2943 network management action (either configuration, or
2944 SNMP set). If set to learned(3), then it was found
2945 via looking at the source IP address of a received
2946 packet."
2947 ::= { docsDevCpeInetEntry 3 }
2949 docsDevCpeInetRowStatus OBJECT-TYPE
2950 SYNTAX RowStatus
2951 MAX-ACCESS read-create
2952 STATUS current
2953 DESCRIPTION
2954 "Standard object to manipulate rows. To create a row in
2955 this table, you only need to specify this object.
2956 Management stations SHOULD use the create-and-go
2957 mechanism for creating rows in this table."
2958 ::= { docsDevCpeInetEntry 4 }
2960 --
2961 -- Placeholder for notifications/traps.
2962 --
2964 -- erroneous, DO NOT USE docsDevNotification
2965 docsDevNotification OBJECT IDENTIFIER ::= { docsDev 2 }
2966 -- erroneous, DO NOT USE docsDevNotification
2968 docsDevNotifications OBJECT IDENTIFIER ::= { docsDev 0 }
2970 --
2971 -- RFC 2669 Conformance definitions
2972 --
2974 docsDevConformance OBJECT IDENTIFIER ::= { docsDev 3 }
2975 docsDevGroups OBJECT IDENTIFIER ::= { docsDevConformance 1 }
2976 docsDevCompliances OBJECT IDENTIFIER ::= { docsDevConformance 2 }
2978 docsDevBasicCompliance MODULE-COMPLIANCE
2979 STATUS deprecated
2980 DESCRIPTION
2981 "The RFC 2669 compliance statement for MCNS/DOCSIS
2982 Cable Modems and Cable Modem Termination Systems."
2984 MODULE -- docsDev
2986 -- conditionally mandatory groups
2988 GROUP docsDevBaseGroup
2989 DESCRIPTION
2990 "Mandatory in Cable Modems, optional in Cable Modem
2991 Termination Systems."
2993 GROUP docsDevEventGroup
2994 DESCRIPTION
2995 "Mandatory in Cable Modems, optional in Cable Modem
2996 Termination Systems."
2998 GROUP docsDevFilterGroup
2999 DESCRIPTION
3000 "Mandatory in Cable Modems, optional in Cable Modem
3001 Termination Systems."
3003 GROUP docsDevNmAccessGroup
3004 DESCRIPTION
3005 "This group is only implemented in devices which do not
3006 implement SNMPv3 User Security Model. It SHOULD NOT be
3007 implemented by SNMPv3 conformant devices.
3009 For devices which do not implement SNMPv3 or later, this
3010 group is Mandatory in Cable Modems and is optional
3011 in Cable Modem Termination Systems."
3013 GROUP docsDevServerGroup
3014 DESCRIPTION
3015 "This group is implemented only in Cable Modems and is
3016 not implemented in Cable Modem Termination Systems."
3018 GROUP docsDevSoftwareGroup
3019 DESCRIPTION
3020 "This group is Mandatory in Cable Modems and optional in
3021 Cable Modem Termination Systems."
3023 GROUP docsDevCpeGroup
3024 DESCRIPTION
3025 "This group is Mandatory in Cable Modems, and is
3026 not implemented in Cable Modem Termination Systems."
3028 OBJECT docsDevSTPControl
3029 MIN-ACCESS read-only
3030 DESCRIPTION
3031 "It is compliant to implement this object as read-only.
3032 Devices need only support noStFilterBpdu(2)."
3034 OBJECT docsDevNmAccessIp
3035 DESCRIPTION
3036 "It is compliant to recognize the IP address
3037 255.255.255.255 as referring to any NMS."
3039 OBJECT docsDevEvReporting
3040 MIN-ACCESS read-only
3041 DESCRIPTION
3042 "It is compliant to implement this object as read-only.
3043 Devices need only support local(0). An agent need not
3044 enforce that trap or syslog logging be accompanied
3045 by local(0) or localVolatile(3) logging."
3046 ::= { docsDevCompliances 1 }
3048 docsDevBaseGroup OBJECT-GROUP
3049 OBJECTS {
3050 docsDevRole,
3051 docsDevDateTime,
3052 docsDevResetNow,
3053 docsDevSerialNumber,
3054 docsDevSTPControl
3055 }
3056 STATUS current
3057 DESCRIPTION
3058 "A collection of objects providing device status and
3059 control."
3060 ::= { docsDevGroups 1 }
3062 docsDevNmAccessGroup OBJECT-GROUP
3063 OBJECTS {
3064 docsDevNmAccessIp,
3065 docsDevNmAccessIpMask,
3066 docsDevNmAccessCommunity,
3067 docsDevNmAccessControl,
3068 docsDevNmAccessInterfaces,
3069 docsDevNmAccessStatus
3070 }
3071 STATUS deprecated
3072 DESCRIPTION
3073 "A collection of objects for controlling access to SNMP
3074 objects on cable devices.
3076 This group has been deprecated because all of the
3077 objects have been deprecated in favor of SNMPv3 and
3078 Coexistence MIBs."
3079 ::= { docsDevGroups 2 }
3081 docsDevSoftwareGroup OBJECT-GROUP
3082 OBJECTS {
3083 docsDevSwServer,
3084 docsDevSwFilename,
3085 docsDevSwAdminStatus,
3086 docsDevSwOperStatus,
3087 docsDevSwCurrentVers
3088 }
3089 STATUS deprecated
3090 DESCRIPTION
3091 "A collection of objects for controlling software
3092 downloads.
3094 This group has been deprecated and replaced by
3095 docsDevSoftwareGroupV2. Object docsDevSwServer
3096 has been replaced by docsDevSwServerAddressType
3097 and docsDevSwServerAddress, and
3098 docsDevSwServerTransportProtocol has been added to
3099 support TFTP and HTTP firmware downloads."
3100 ::= { docsDevGroups 3 }
3102 docsDevServerGroup OBJECT-GROUP
3103 OBJECTS {
3104 docsDevServerBootState,
3105 docsDevServerDhcp,
3106 docsDevServerTime,
3107 docsDevServerTftp,
3108 docsDevServerConfigFile
3109 }
3110 STATUS deprecated
3111 DESCRIPTION
3112 "A collection of objects providing status about server
3113 provisioning.
3115 This group has been deprecated and replaced by
3116 docsDevServerGroupV2. Objects docsDevServerDhcp,
3117 docsDevServerTime, and docsDevServerTftp have
3118 been replaced by docsDevServerDhcpAddressType,
3119 docsDevServerDhcpAddress, docsDevServerTimeAddressType,
3120 docsDevServerTimeAddress,
3121 docsDevServerConfigTftpAddressType, and
3122 docsDevServerConfigTftpAddress."
3123 ::= { docsDevGroups 4 }
3125 docsDevEventGroup OBJECT-GROUP
3126 OBJECTS {
3127 docsDevEvControl,
3128 docsDevEvSyslog,
3129 docsDevEvThrottleAdminStatus,
3130 docsDevEvThrottleInhibited,
3131 docsDevEvThrottleThreshold,
3132 docsDevEvThrottleInterval,
3133 docsDevEvReporting,
3134 docsDevEvFirstTime,
3135 docsDevEvLastTime,
3136 docsDevEvCounts,
3137 docsDevEvLevel,
3138 docsDevEvId,
3139 docsDevEvText
3140 }
3141 STATUS deprecated
3142 DESCRIPTION
3143 "A collection of objects used to control and monitor
3144 events.
3146 This group has been deprecated and replaced by
3147 docsDevEventGroupV2. Object docsDevEvSyslog has been
3148 replaced by docsDevEvSyslogAddressType and
3149 docsDevEvSyslogAddress, and docsDevEvThrottleInhibited
3150 has been replaced by
3151 docsDevEvThrottleThresholdExceeded."
3152 ::= { docsDevGroups 5 }
3154 docsDevFilterGroup OBJECT-GROUP
3155 OBJECTS {
3156 docsDevFilterLLCUnmatchedAction,
3157 docsDevFilterIpDefault,
3158 docsDevFilterLLCStatus,
3159 docsDevFilterLLCIfIndex,
3160 docsDevFilterLLCProtocolType,
3161 docsDevFilterLLCProtocol,
3162 docsDevFilterLLCMatches,
3163 docsDevFilterIpControl,
3164 docsDevFilterIpIfIndex,
3165 docsDevFilterIpStatus,
3166 docsDevFilterIpDirection,
3167 docsDevFilterIpBroadcast,
3168 docsDevFilterIpSaddr,
3169 docsDevFilterIpSmask,
3170 docsDevFilterIpDaddr,
3171 docsDevFilterIpDmask,
3172 docsDevFilterIpProtocol,
3173 docsDevFilterIpSourcePortLow,
3174 docsDevFilterIpSourcePortHigh,
3175 docsDevFilterIpDestPortLow,
3176 docsDevFilterIpDestPortHigh,
3177 docsDevFilterIpMatches,
3178 docsDevFilterIpTos,
3179 docsDevFilterIpTosMask,
3180 docsDevFilterIpContinue,
3181 docsDevFilterIpPolicyId,
3182 docsDevFilterPolicyId,
3183 docsDevFilterPolicyStatus,
3184 docsDevFilterPolicyPtr,
3185 docsDevFilterTosStatus,
3186 docsDevFilterTosAndMask,
3187 docsDevFilterTosOrMask
3188 }
3189 STATUS deprecated
3190 DESCRIPTION
3191 "A collection of objects to specify filters at link layer
3192 and IPv4 layer.
3194 This group has been deprecated and replaced by various
3195 groups from the DiffServ MIB."
3196 ::= { docsDevGroups 6 }
3198 docsDevCpeGroup OBJECT-GROUP
3199 OBJECTS {
3200 docsDevCpeEnroll,
3201 docsDevCpeIpMax,
3202 docsDevCpeSource,
3203 docsDevCpeStatus
3204 }
3205 STATUS deprecated
3206 DESCRIPTION
3207 "A collection of objects used to control the number
3208 and specific values of IPv4 addresses allowed for
3209 associated Customer Premises Equipment (CPE).
3211 This group has been deprecated and replaced by
3212 docsDevInetCpeGroup. Object docsDevCpeSource has been
3213 replaced by docsDevCpeInetSource, and docsDevCpeStatus
3214 has been replaced by docsDevCpeInetRowStatus."
3215 ::= { docsDevGroups 7 }
3217 --
3218 -- RFC XXXX Conformance definitions
3219 --
3221 docsDevGroupsV2 OBJECT IDENTIFIER ::= { docsDevConformance 3 }
3222 docsDevCompliancesV2 OBJECT IDENTIFIER ::= { docsDevConformance 4 }
3224 docsDevCmCompliance MODULE-COMPLIANCE
3225 STATUS current
3226 DESCRIPTION
3227 "The compliance statement for DOCSIS Cable Modems.
3229 This compliance statement applies to implementations
3230 of DOCSIS versions which are not IPv6-capable."
3232 MODULE DIFFSERV-MIB -- RFC 3289
3234 MANDATORY-GROUPS {
3235 diffServMIBDataPathGroup,
3236 diffServMIBClfrGroup,
3237 diffServMIBClfrElementGroup,
3238 diffServMIBMultiFieldClfrGroup,
3239 diffServMIBActionGroup,
3240 diffServMIBDscpMarkActGroup,
3241 diffServMIBCounterGroup,
3242 diffServMIBAlgDropGroup
3243 }
3245 OBJECT diffServDataPathStatus -- same as RFC 3289
3246 SYNTAX RowStatus { active(1) }
3247 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) }
3248 DESCRIPTION
3249 "Support for createAndWait and notInService is not
3250 required."
3252 OBJECT diffServClfrStatus -- same as RFC 3289
3253 SYNTAX RowStatus { active(1) }
3254 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) }
3255 DESCRIPTION
3256 "Support for createAndWait and notInService is not
3257 required."
3259 OBJECT diffServClfrElementStatus -- same as RFC 3289
3260 SYNTAX RowStatus { active(1) }
3261 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) }
3262 DESCRIPTION
3263 "Support for createAndWait and notInService is not
3264 required."
3266 OBJECT diffServMultiFieldClfrAddrType
3267 SYNTAX InetAddressType { ipv4(1) }
3268 DESCRIPTION
3269 "An implementation is only required to support IPv4
3270 addresses."
3272 OBJECT diffServMultiFieldClfrSrcAddr
3273 SYNTAX InetAddress (SIZE(4))
3274 DESCRIPTION
3275 "An implementation is only required to support IPv4
3276 addresses."
3278 OBJECT diffServMultiFieldClfrDstAddr
3279 SYNTAX InetAddress (SIZE(4))
3280 DESCRIPTION
3281 "An implementation is only required to support IPv4
3282 addresses."
3284 OBJECT diffServAlgDropStatus -- same as RFC 3289
3285 SYNTAX RowStatus { active(1) }
3286 WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) }
3287 DESCRIPTION
3288 "Support for createAndWait and notInService is not
3289 required."
3291 OBJECT diffServDataPathStorage
3292 SYNTAX StorageType { volatile(2) }
3293 DESCRIPTION
3294 "An implementation is only required to support
3295 volatile storage."
3297 OBJECT diffServClfrStorage
3298 SYNTAX StorageType { volatile(2) }
3299 DESCRIPTION
3300 "An implementation is only required to support
3301 volatile storage."
3303 OBJECT diffServClfrElementStorage
3304 SYNTAX StorageType { volatile(2) }
3305 DESCRIPTION
3306 "An implementation is only required to support
3307 volatile storage."
3309 OBJECT diffServMultiFieldClfrStorage
3310 SYNTAX StorageType { volatile(2) }
3311 DESCRIPTION
3312 "An implementation is only required to support
3313 volatile storage."
3315 OBJECT diffServActionStorage
3316 SYNTAX StorageType { volatile(2) }
3317 DESCRIPTION
3318 "An implementation is only required to support
3319 volatile storage."
3321 OBJECT diffServCountActStorage
3322 SYNTAX StorageType { volatile(2) }
3323 DESCRIPTION
3324 "An implementation is only required to support
3325 volatile storage."
3327 OBJECT diffServAlgDropStorage
3328 SYNTAX StorageType { volatile(2) }
3329 DESCRIPTION
3330 "An implementation is only required to support
3331 volatile storage."
3333 OBJECT diffServAlgDropType
3334 SYNTAX INTEGER { alwaysDrop(5) }
3335 DESCRIPTION
3336 "This object is only used to provide packet
3337 filtering. Implementations need not support other
3338 values of this enumeration."
3340 MODULE -- docsDev
3342 MANDATORY-GROUPS {
3343 docsDevBaseGroup,
3344 docsDevBaseIgmpGroup,
3345 docsDevBaseMaxCpeGroup,
3346 docsDevSoftwareGroupV2,
3347 docsDevServerGroupV2,
3348 docsDevEventGroupV2,
3349 docsDevFilterLLCGroup
3350 }
3352 -- conditionally mandatory groups
3354 GROUP docsDevInetCpeGroup
3355 DESCRIPTION
3356 "This group is optional in Cable Modems."
3358 OBJECT docsDevDateTime
3359 MIN-ACCESS read-only
3360 DESCRIPTION
3361 "It is compliant to implement this object as read-only."
3363 OBJECT docsDevSTPControl
3364 SYNTAX INTEGER { noStFilterBpdu(2) }
3365 MIN-ACCESS read-only
3366 DESCRIPTION
3367 "It is compliant to implement this object as read-only.
3368 Devices need only support noStFilterBpdu(2)."
3370 OBJECT docsDevIgmpModeControl
3371 SYNTAX INTEGER { passive(1) }
3372 MIN-ACCESS read-only
3373 DESCRIPTION
3374 "It is compliant to implement this object as read-only.
3375 Devices need only support passive(1)."
3377 OBJECT docsDevSwServerAddressType
3378 SYNTAX InetAddressType { ipv4(1) }
3379 DESCRIPTION
3380 "An implementation is only required to support IPv4
3381 addresses."
3383 OBJECT docsDevSwServerAddress
3384 SYNTAX InetAddress (SIZE(4))
3385 DESCRIPTION
3386 "An implementation is only required to support IPv4
3387 addresses."
3389 OBJECT docsDevServerDhcpAddressType
3390 SYNTAX InetAddressType { ipv4(1) }
3391 DESCRIPTION
3392 "An implementation is only required to support IPv4
3393 addresses."
3395 OBJECT docsDevServerDhcpAddress
3396 SYNTAX InetAddress (SIZE(4))
3397 DESCRIPTION
3398 "An implementation is only required to support IPv4
3399 addresses."
3401 OBJECT docsDevServerTimeAddressType
3402 SYNTAX InetAddressType { ipv4(1) }
3403 DESCRIPTION
3404 "An implementation is only required to support IPv4
3405 addresses."
3407 OBJECT docsDevServerTimeAddress
3408 SYNTAX InetAddress (SIZE(4))
3409 DESCRIPTION
3410 "An implementation is only required to support IPv4
3411 addresses."
3413 OBJECT docsDevServerConfigTftpAddressType
3414 SYNTAX InetAddressType { ipv4(1) }
3415 DESCRIPTION
3416 "An implementation is only required to support IPv4
3417 addresses."
3419 OBJECT docsDevServerConfigTftpAddress
3420 SYNTAX InetAddress (SIZE(4))
3421 DESCRIPTION
3422 "An implementation is only required to support IPv4
3423 addresses."
3425 OBJECT docsDevEvReporting
3426 MIN-ACCESS read-only
3427 DESCRIPTION
3428 "It is compliant to implement this object as read-only.
3429 Devices need only support local(0)."
3431 OBJECT docsDevEvSyslogAddressType
3432 SYNTAX InetAddressType { ipv4(1) }
3433 DESCRIPTION
3434 "An implementation is only required to support IPv4
3435 addresses."
3437 OBJECT docsDevEvSyslogAddress
3438 SYNTAX InetAddress (SIZE(4))
3439 DESCRIPTION
3440 "An implementation is only required to support IPv4
3441 addresses."
3443 OBJECT docsDevSwServerTransportProtocol
3444 SYNTAX INTEGER { tftp(1) }
3445 DESCRIPTION
3446 "An implementation is only required to support TFTP
3447 software image downloads."
3449 ::= { docsDevCompliancesV2 1 }
3451 docsDevCmtsCompliance MODULE-COMPLIANCE
3452 STATUS current
3453 DESCRIPTION
3454 "The compliance statement for DOCSIS Cable Modem
3455 Termination Systems.
3457 This compliance statement applies to implementations
3458 of DOCSIS versions which are not IPv6-capable."
3460 MODULE -- docsDev
3462 -- conditionally mandatory groups
3464 GROUP docsDevBaseGroup
3465 DESCRIPTION
3466 "Optional in Cable Modem Termination Systems."
3468 GROUP docsDevBaseIgmpGroup
3469 DESCRIPTION
3470 "Optional in Cable Modem Termination Systems."
3472 GROUP docsDevBaseMaxCpeGroup
3473 DESCRIPTION
3474 "This group MUST NOT be implemented in Cable Modem
3475 Termination Systems."
3477 GROUP docsDevSoftwareGroupV2
3478 DESCRIPTION
3479 "Optional in Cable Modem Termination Systems."
3481 GROUP docsDevServerGroupV2
3482 DESCRIPTION
3483 "This group MUST NOT be implemented in Cable Modem
3484 Termination Systems."
3486 GROUP docsDevEventGroupV2
3487 DESCRIPTION
3488 "Optional in Cable Modem Termination Systems."
3490 GROUP docsDevFilterLLCGroup
3491 DESCRIPTION
3492 "This group MUST NOT be implemented in Cable Modem
3493 Termination Systems. See the Subscriber Management
3494 MIB for similar CMTS capability."
3496 GROUP docsDevInetCpeGroup
3497 DESCRIPTION
3498 "This group MUST NOT be implemented in Cable Modem
3499 Termination Systems. See the Subscriber Management
3500 MIB for similar CMTS capability."
3502 OBJECT docsDevDateTime
3503 MIN-ACCESS read-only
3504 DESCRIPTION
3505 "It is compliant to implement this object as read-only."
3507 OBJECT docsDevSTPControl
3508 SYNTAX INTEGER { noStFilterBpdu(2) }
3509 MIN-ACCESS read-only
3510 DESCRIPTION
3511 "It is compliant to implement this object as read-only.
3512 Devices need only support noStFilterBpdu(2)."
3514 OBJECT docsDevIgmpModeControl
3515 SYNTAX INTEGER { passive(1) }
3516 MIN-ACCESS read-only
3517 DESCRIPTION
3518 "It is compliant to implement this object as read-only.
3519 Devices need only support passive(1)."
3521 OBJECT docsDevSwServerAddressType
3522 SYNTAX InetAddressType { ipv4(1) }
3523 DESCRIPTION
3524 "An implementation is only required to support IPv4
3525 addresses."
3527 OBJECT docsDevSwServerAddress
3528 SYNTAX InetAddress (SIZE(4))
3529 DESCRIPTION
3530 "An implementation is only required to support IPv4
3531 addresses."
3533 OBJECT docsDevEvReporting
3534 MIN-ACCESS read-only
3535 DESCRIPTION
3536 "It is compliant to implement this object as read-only.
3537 Devices need only support local(0)."
3539 OBJECT docsDevEvSyslogAddressType
3540 SYNTAX InetAddressType { ipv4(1) }
3541 DESCRIPTION
3542 "An implementation is only required to support IPv4
3543 addresses."
3545 OBJECT docsDevEvSyslogAddress
3546 SYNTAX InetAddress (SIZE(4))
3547 DESCRIPTION
3548 "An implementation is only required to support IPv4
3549 addresses."
3551 OBJECT docsDevSwServerTransportProtocol
3552 SYNTAX INTEGER { tftp(1) }
3553 DESCRIPTION
3554 "An implementation is only required to support TFTP
3555 software image downloads."
3557 ::= { docsDevCompliancesV2 2 }
3559 docsDevBaseIgmpGroup OBJECT-GROUP
3560 OBJECTS {
3561 docsDevIgmpModeControl
3562 }
3563 STATUS current
3564 DESCRIPTION
3565 "An object providing cable device IGMP status and
3566 control."
3567 ::= { docsDevGroupsV2 1 }
3569 docsDevBaseMaxCpeGroup OBJECT-GROUP
3570 OBJECTS {
3571 docsDevMaxCpe
3572 }
3573 STATUS current
3574 DESCRIPTION
3575 "An object providing management of the maximum number of
3576 CPEs permitted access through a cable modem."
3577 ::= { docsDevGroupsV2 2 }
3579 docsDevNmAccessExtGroup OBJECT-GROUP
3580 OBJECTS {
3581 docsDevNmAccessTrapVersion
3582 }
3583 STATUS deprecated
3584 DESCRIPTION
3585 "An object, in addition to the objects in
3586 docsDevNmAccessGroup, for controlling access to
3587 SNMP objects on cable devices.
3589 This group is included in this MIB due to existing
3590 implementations of docsDevNmAccessTrapVersion in
3591 DOCSIS cable modems.
3593 This group has been deprecated because the object has
3594 been deprecated in favor of SNMPv3 and Coexistence
3595 MIBs."
3596 ::= { docsDevGroupsV2 3 }
3598 docsDevSoftwareGroupV2 OBJECT-GROUP
3599 OBJECTS {
3600 docsDevSwFilename,
3601 docsDevSwAdminStatus,
3602 docsDevSwOperStatus,
3603 docsDevSwCurrentVers,
3604 docsDevSwServerAddressType,
3605 docsDevSwServerAddress,
3606 docsDevSwServerTransportProtocol
3607 }
3608 STATUS current
3609 DESCRIPTION
3610 "A collection of objects for controlling software
3611 downloads. This group replaces docsDevSoftwareGroup."
3612 ::= { docsDevGroupsV2 4 }
3614 docsDevServerGroupV2 OBJECT-GROUP
3615 OBJECTS {
3616 docsDevServerBootState,
3617 docsDevServerDhcpAddressType,
3618 docsDevServerDhcpAddress,
3619 docsDevServerTimeAddressType,
3620 docsDevServerTimeAddress,
3621 docsDevServerConfigTftpAddressType,
3622 docsDevServerConfigTftpAddress,
3623 docsDevServerConfigFile
3624 }
3625 STATUS current
3626 DESCRIPTION
3627 "A collection of objects providing status about server
3628 provisioning. This group replaces docsDevServerGroup."
3629 ::= { docsDevGroupsV2 5 }
3631 docsDevEventGroupV2 OBJECT-GROUP
3632 OBJECTS {
3633 docsDevEvControl,
3634 docsDevEvThrottleAdminStatus,
3635 docsDevEvThrottleThreshold,
3636 docsDevEvThrottleInterval,
3637 docsDevEvReporting,
3638 docsDevEvFirstTime,
3639 docsDevEvLastTime,
3640 docsDevEvCounts,
3641 docsDevEvLevel,
3642 docsDevEvId,
3643 docsDevEvText,
3644 docsDevEvSyslogAddressType,
3645 docsDevEvSyslogAddress,
3646 docsDevEvThrottleThresholdExceeded
3647 }
3648 STATUS current
3649 DESCRIPTION
3650 "A collection of objects used to control and monitor
3651 events. This group replaces docsDevEventGroup.
3652 The event reporting mechanism, and more specifically
3653 docsDevEvReporting, can be used to take advantage of
3654 the event reporting features of RFC3413 and RFC3014."
3655 ::= { docsDevGroupsV2 6 }
3657 docsDevFilterLLCGroup OBJECT-GROUP
3658 OBJECTS {
3659 docsDevFilterLLCUnmatchedAction,
3660 docsDevFilterLLCStatus,
3661 docsDevFilterLLCIfIndex,
3662 docsDevFilterLLCProtocolType,
3663 docsDevFilterLLCProtocol,
3664 docsDevFilterLLCMatches
3665 }
3666 STATUS current
3667 DESCRIPTION
3668 "A collection of objects to specify link layer filters."
3669 ::= { docsDevGroupsV2 7 }
3671 docsDevInetCpeGroup OBJECT-GROUP
3672 OBJECTS {
3673 docsDevCpeEnroll,
3674 docsDevCpeIpMax,
3675 docsDevCpeInetSource,
3676 docsDevCpeInetRowStatus
3677 }
3678 STATUS current
3679 DESCRIPTION
3680 "A collection of objects used to control the number
3681 and specific values of Internet (e.g. IPv4 and IPv6)
3682 addresses allowed for associated Customer Premises
3683 Equipment (CPE)."
3684 ::= { docsDevGroupsV2 8 }
3686 END
3688 5. Acknowledgments
3690 This document is a production of the IPCDN Working Group, and is a
3691 revision of RFC 2669, "Cable Device Management Information Base for
3692 DOCSIS-compliant Cable Modems and Cable Modem Termination Systems"
3693 [RFC2669]. Mike StJohns and Guenter Roeck served well as the editors
3694 of previous versions of this MIB module.
3696 The editor specifically wishes to thank Howard Abramson, Eduardo
3697 Cardona, Andre Lejeune, Kevin Marez, Jean-Francois Mule, Greg
3698 Nakanishi, Pak Siripunkaw, Boris Tsekinovski, Randy Presuhn, Bert
3699 Wijnen and Bill Yost for their contributions to this document.
3701 5.1. Revision Descriptions
3703 This document contains the following revisions over RFC 2669:
3705 o All IPv4 address objects were either deprecated and replaced, or
3706 mirrored with IPv6 objects where appropriate, following the
3707 guidelines of RFC 4001 [RFC4001]. In particular,
3708 docsDevCpeInetTable was added, and the docsDevFilterGroup objects
3709 were deprecated in favor of the DiffServ MIB.
3711 o Objects which were obviated by SNMPv3 and the SNMP Coexistence
3712 MIBs have been deprecated, e.g. docsDevNmAccessTable.
3714 o A new object, docsDevIgmpModeControl, has been added to control
3715 passive versus active IGMP modem operation.
3717 o A new object, docsDevMaxCpe, has been added to report the maximum
3718 number of CPEs granted network access across the CM.
3720 o A new object, docsDevSwServerTransportProtocol, has been added to
3721 docsDevSoftware, and other object DESCRIPTIONs have been modified,
3722 to enable the use of either TFTP or HTTP for software downloads to
3723 the device.
3725 o A new object, docsDevEvThrottleThresholdExceeded, has been added
3726 to replace docsDevEvThrottleInhibited for simplification of event
3727 threshold management.
3729 o The docsDevEvReporting object has been modified to enable local
3730 logging to the internal volatile log, and not to the internal non-
3731 volatile log,
3733 o Minor updates to the description text have been made to a number
3734 of objects to clarify their meaning.
3736 o The compliance statements were updated to reflect current
3737 requirements (including making the docsDevCpe objects optional),
3738 and split between CM and CMTS devices.
3740 o Added text to indicate support of the SNMP Notification MIB
3741 [RFC3413] and Notification Log MIB [RFC3014] modules.
3743 6. Security Considerations
3745 This MIB module relates to a system which will provide metropolitan
3746 public internet access. As such, improper manipulation of the
3747 objects represented by this MIB module may result in denial of
3748 service to a large number of end-users. In addition, manipulation of
3749 the docsDevNmAccessTable, docsDevFilterLLCTable,
3750 docsDevFilterIpTable, docsDevFilterInetTable, and the elements of the
3751 docsDevCpe and docsDevCpeInetTable groups may allow an end-user to
3752 increase their service levels, spoof their IP addresses, change the
3753 permitted management stations, or affect other end-users in either a
3754 positive or negative manner.
3756 It is recommended that the implementers prevent the "tiny fragment"
3757 and "overlapping fragment" attacks for the IP filtering tables in
3758 this MIB module, as discussed in [RFC1858] and [RFC3128]. Prevention
3759 of these attacks can be implemented with the following rules, when
3760 TCP source and/or destination port filtering is enabled:
3762 o admit all packets with fragment offset >= 2
3764 o discard all packets with fragment offset = 1, or with fragment
3765 offset = 0 AND fragment payload length < 16.
3767 o apply filtering rules to all packets with fragment offset = 0.
3769 This MIB module does not affect confidentiality of services on a
3770 cable modem system. [BPI] and [BPIPLUS] specify the implementation
3771 of the DOCSIS Baseline Privacy and Baseline Privacy Plus mechanisms
3772 for data transmission confidentiality.
3774 There are a number of management objects defined in this MIB module
3775 with a MAX-ACCESS clause of read-write and/or read-create. Such
3776 objects may be considered sensitive or vulnerable in some network
3777 environments. The support for SET operations in a non-secure
3778 environment without proper protection can have a negative effect on
3779 network operations. These are the tables and objects and their
3780 sensitivity/vulnerability:
3782 o The use of docsDevNmAccessTable to specify management stations is
3783 considered to be only limited protection and does not protect
3784 against attacks which spoof the management station's IP address.
3785 The use of stronger mechanisms such as SNMPv3 security should be
3786 considered where possible. Specifically, SNMPv3 USM [RFC3414] and
3787 VACM [RFC3415] MUST be used with any v3 agent which implements
3788 this MIB module.
3790 o The CM may have its software changed by the actions of the
3791 management system using a combination of the following objects:
3792 docsDevSwServer, docsDevSwFilename, docsDevSwAdminStatus,
3793 docsDevSwServerAddressType, docsDevSwServerAddress, and
3794 docsDevSwServerTransportProtocol. An improper software download
3795 may result in substantial vulnerabilities and the loss of the
3796 ability of the management system to control the cable modem. A
3797 cable device SHOULD implement the code verification mechanisms of
3798 [BPIPLUS] to verify the source and integrity of downloaded
3799 software images.
3801 o The device may be reset by setting docsDevResetNow = true(1).
3802 This causes the device to reload its configuration files as well
3803 as eliminating all previous non-persistent network management
3804 settings. As such, this may provide a vector for attacking the
3805 system.
3807 o Setting docsDevEvThrottleAdminStatus = unconstrained(1) (which is
3808 also the DEFVAL) may cause flooding of traps, which can disrupt
3809 network service. Additionally, docsDevThrottleThreshold and
3810 docsDevThrottleInterval could also be set to high values that may
3811 cause a disruption in service.
3813 o Setting docsDevDateTime to an arbitrary (incorrect) value would
3814 merely cause the device to record incorrect timestamps on many
3815 events/actions that rely on this object for reporting.
3817 o Setting docsDevEvControl to resetLog(1) will delete any event log
3818 history and could potentially impact debugging/troubleshooting
3819 efforts.
3821 o Setting docsDevEvSyslog.
3823 o Setting docsDevEvReporting to enable syslog reporting, along with
3824 a redirect of the syslog server could allow access to sensitive
3825 information on network devices. Modifying docsDevEvSyslog,
3826 docsDevEvSyslogAddressType or docsDevEvSyslogAddress could allow a
3827 redirect of sensitive information.
3829 o Setting docsDevFilterLLCnmatchedAction or docsDevFilterIpDefault
3830 could cause significant changes to default traffic filtering on a
3831 device.
3833 o Setting docsDevCpeEnroll to any(2) could cause the
3834 docsDevFilterCPETable to be populated, which may not be the
3835 intended functionality.
3837 o Setting docsDevCpeIpMax to a value other than is intended by the
3838 MSO may allow a user to provision more devices than the MSO would
3839 like.
3841 o Setting values in the docsDevNmAccess table can potentially
3842 introduce a mechanism for users to use a local NMS device and
3843 manipulate other settings in the CM or CMTS.
3845 o Setting values in the docsDevFilterLLC and docsDevFilterIP tables
3846 can allow/deny access to certain devices that the MSO does not
3847 want.
3849 o Setting docsDevCpeStatus and docsDevCpeInetRowStatus may allow
3850 users to provision more/different devices than was intended by the
3851 MSO.
3853 Some of the readable objects in this MIB module (i.e., objects with a
3854 MAX-ACCESS other than not-accessible) may be considered sensitive or
3855 vulnerable in some network environments. It is thus important to
3856 control even GET access to these objects and possibly to even encrypt
3857 the values of these objects when sending them over the network via
3858 SNMP. These are the tables and objects and their sensitivity/
3859 vulnerability:
3861 o Rows from docsDevNmAccessTable may provide sufficient information
3862 for attackers to spoof management stations which have management
3863 access to the device.
3865 o The docsDevSwCurrentVers object may provide hints as to the
3866 software vulnerabilities of the cable device.
3868 o The docsDevFilterLLCTable and docsDevFilterLLCTable may provide
3869 clues for attacking the cable device and other subscriber devices.
3871 SNMP versions prior to SNMPv3 did not include adequate security.
3872 Even if the network itself is secure (for example by using IPsec),
3873 even then, there is no control as to who on the secure network is
3874 allowed to access and GET/SET (read/change/create/delete) the objects
3875 in this MIB module.
3877 It is RECOMMENDED that implementers consider the security features as
3878 provided by the SNMPv3 framework (see [RFC3410], section 8),
3879 including full support for the SNMPv3 cryptographic mechanisms (for
3880 authentication and privacy).
3882 Further, deployment of SNMP versions prior to SNMPv3 is NOT
3883 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
3884 enable cryptographic security. It is then a customer/operator
3885 responsibility to ensure that the SNMP entity giving access to an
3886 instance of this MIB module, is properly configured to give access to
3887 the objects only to those principals (users) that have legitimate
3888 rights to indeed GET or SET (change/create/delete) them.
3890 7. IANA Considerations
3892 The MIB module defined in this document uses the following IANA-
3893 assigned OBJECT IDENTIFIER values recorded in the SMI Numbers
3894 registry:
3896 Descriptor OBJECT IDENTIFIER value
3897 ---------- -----------------------
3898 docsDevMIB { mib-2 69 }
3900 8. References
3902 8.1. Normative References
3904 [BPI] SCTE Data Standards Subcommittee, "Data-Over-Cable Service
3905 Interface Specifications: DOCSIS 1.0 Baseline Privacy
3906 Interface Specification SCTE 22-2 2002", 2002,
3907 .
3909 [BPIPLUS] CableLabs, "Data-Over-Cable Service Interface
3910 Specifications: Baseline Privacy Plus Interface
3911 Specification CM-SP-BPI+_I12-050812", August 2005,
3912 .
3914 [ITU-T_J.112]
3915 ITU-T Recommendation J.112 (3/98), "Transmission Systems
3916 for Interactive Cable Television Services, J.112,
3917 International Telecommunications Union", March 1998,
3918 .
3920 [MTA-PROV]
3921 CableLabs, "PacketCable(TM) MTA Device Provisioning
3922 Specification PKT-SP-PROV-I11-050812", August 2005,
3923 .
3925 [OSSI1.0] SCTE Data Standards Subcommittee, "Data-Over-Cable Service
3926 Interface Specification: DOCSIS 1.0 Operations Support
3927 System Interface (OSSI), SCTE 22-3 2002", 2002,
3928 .
3930 [OSSI1.1] CableLabs, "Data-Over-Cable Service Interface
3931 Specifications: Operations Support System Interface
3932 Specification SP-OSSIv1.1-C01-050907", September 2005,
3933 .
3935 [OSSI2.0] CableLabs, "Data-Over-Cable Service Interface
3936 Specifications: Operations Support System Interface
3937 Specification SP-OSSIv2.0-I09-050812", August 2005,
3938 .
3940 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33,
3941 RFC 1350, July 1992.
3943 [RFC1858] Ziemba, G., Reed, D., and P. Traina, "Security
3944 Considerations for IP Fragment Filtering", RFC 1858,
3945 October 1995.
3947 [RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext
3948 Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
3950 [RFC2021] Waldbusser, S., "Remote Network Monitoring Management
3951 Information Base Version 2 using SMIv2", RFC 2021,
3952 January 1997.
3954 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
3955 Requirement Levels", BCP 14, RFC 2119, March 1997.
3957 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
3958 Schoenwaelder, Ed., "Structure of Management Information
3959 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
3961 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
3962 Schoenwaelder, Ed., "Textual Conventions for SMIv2",
3963 STD 58, RFC 2579, April 1999.
3965 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
3966 "Conformance Statements for SMIv2", STD 58, RFC 2580,
3967 April 1999.
3969 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
3970 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
3971 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
3973 [RFC2669] St. Johns, M., "DOCSIS Cable Device MIB Cable Device
3974 Management Information Base for DOCSIS compliant Cable
3975 Modems and Cable Modem Termination Systems", RFC 2669,
3976 August 1999.
3978 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
3979 MIB", RFC 2863, June 2000.
3981 [RFC3014] Kavasseri, R., "Notification Log MIB", RFC 3014,
3982 November 2000.
3984 [RFC3128] Miller, I., "Protection Against a Variant of the Tiny
3985 Fragment Attack (RFC 1858)", RFC 3128, June 2001.
3987 [RFC3164] Lonvick, C., "The BSD Syslog Protocol", RFC 3164,
3988 August 2001.
3990 [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information
3991 Base for the Differentiated Services Architecture",
3992 RFC 3289, May 2002.
3994 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
3995 Architecture for Describing Simple Network Management
3996 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
3997 December 2002.
3999 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network
4000 Management Protocol (SNMP) Applications", STD 62,
4001 RFC 3413, December 2002.
4003 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
4004 (USM) for version 3 of the Simple Network Management
4005 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.
4007 [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
4008 Access Control Model (VACM) for the Simple Network
4009 Management Protocol (SNMP)", STD 62, RFC 3415,
4010 December 2002.
4012 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the
4013 Simple Network Management Protocol (SNMP)", STD 62,
4014 RFC 3418, December 2002.
4016 [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen,
4017 "Coexistence between Version 1, Version 2, and Version 3
4018 of the Internet-standard Network Management Framework",
4019 BCP 74, RFC 3584, August 2003.
4021 [RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and
4022 Applicability Statement for the Trivial File Transfer
4023 Protocol (TFTP)", RFC 3617, October 2003.
4025 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
4026 Schoenwaelder, "Textual Conventions for Internet Network
4027 Addresses", RFC 4001, February 2005.
4029 [RFI1.0] SCTE Data Standards Subcommittee, "Data-Over-Cable Service
4030 Interface Specifications: DOCSIS 1.0 Radio Frequency
4031 Interface Specification SCTE 22-1 2002", 2002,
4032 .
4034 [RFI1.1] CableLabs, "Data-Over-Cable Service Interface
4035 Specifications: Radio Frequency Interface Specification
4036 SP-RFIv1.1-C01-050907", September 2005,
4037 .
4039 [RFI2.0] CableLabs, "Data-Over-Cable Service Interface
4040 Specifications: Radio Frequency Interface Specification
4041 SP-RFI2.0-I09-050812", August 2005,
4042 .
4044 8.2. Informative References
4046 [I-D.ietf-ipcdn-docsisevent-mib]
4047 Ahmad, A., "Event Notification Management Information Base
4048 for DOCSIS Compliant Cable Modems and Cable Modem
4049 Termination Systems", draft-ietf-ipcdn-docsisevent-mib-06
4050 (work in progress), January 2005.
4052 [RFC1224] Steinberg, L., "Techniques for managing asynchronously
4053 generated alerts", RFC 1224, May 1991.
4055 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
4056 "Introduction and Applicability Statements for Internet-
4057 Standard Management Framework", RFC 3410, December 2002.
4059 [RFC4036] Sawyer, W., "Management Information Base for Data Over
4060 Cable Service Interface Specification (DOCSIS) Cable Modem
4061 Termination Systems for Subscriber Management", RFC 4036,
4062 April 2005.
4064 [RFC4323] Patrick, M. and W. Murwin, "Data Over Cable System
4065 Interface Specification Quality of Service Management
4066 Information Base (DOCSIS-QoS MIB)", RFC 4323,
4067 January 2006.
4069 Authors' Addresses
4071 Richard Woundy
4072 Comcast Cable Communications
4073 27 Industrial Avenue
4074 Chelmsford, MA 01824
4075 USA
4077 Phone: +1 978 244 4010
4078 Email: richard_woundy@cable.comcast.com
4080 Kevin Marez
4081 Motorola Corporation
4082 6450 Sequence Drive
4083 San Diego, CA 92121
4084 USA
4086 Phone: +1 858 404 3785
4087 Email: kevin.marez@motorola.com
4089 Intellectual Property Statement
4091 The IETF takes no position regarding the validity or scope of any
4092 Intellectual Property Rights or other rights that might be claimed to
4093 pertain to the implementation or use of the technology described in
4094 this document or the extent to which any license under such rights
4095 might or might not be available; nor does it represent that it has
4096 made any independent effort to identify any such rights. Information
4097 on the procedures with respect to rights in RFC documents can be
4098 found in BCP 78 and BCP 79.
4100 Copies of IPR disclosures made to the IETF Secretariat and any
4101 assurances of licenses to be made available, or the result of an
4102 attempt made to obtain a general license or permission for the use of
4103 such proprietary rights by implementers or users of this
4104 specification can be obtained from the IETF on-line IPR repository at
4105 http://www.ietf.org/ipr.
4107 The IETF invites any interested party to bring to its attention any
4108 copyrights, patents or patent applications, or other proprietary
4109 rights that may cover technology that may be required to implement
4110 this standard. Please address the information to the IETF at
4111 ietf-ipr@ietf.org.
4113 Disclaimer of Validity
4115 This document and the information contained herein are provided on an
4116 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
4117 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
4118 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
4119 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
4120 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
4121 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
4123 Copyright Statement
4125 Copyright (C) The Internet Society (2006). This document is subject
4126 to the rights, licenses and restrictions contained in BCP 78, and
4127 except as set forth therein, the authors retain all their rights.
4129 Acknowledgment
4131 Funding for the RFC Editor function is currently provided by the
4132 Internet Society.