idnits 2.17.1 draft-ietf-ipcdn-bpiplus-mib-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 22. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 4229. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 4235. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** The document seems to lack an RFC 3978 Section 5.5 (updated by RFC 4748) Disclaimer -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack an RFC 3979 Section 5, para. 1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1468 has weird spacing: '...ontains the c...' == Line 1653 has weird spacing: '...-signed manuf...' == Line 2928 has weird spacing: '...tion of multi...' == Line 3964 has weird spacing: '... denial of se...' == Line 4033 has weird spacing: '...rtTable conta...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: docsBpi2CmtsAuthEntry OBJECT-TYPE SYNTAX DocsBpi2CmtsAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains objects describing attributes of one authorization association. The CMTS MUST create one entry per CM per MAC interface, based on the receipt of an Authorization Request message, and MUST not delete the entry until the CM loses registration." INDEX { ifIndex, docsBpi2CmtsAuthCmMacAddress } ::= { docsBpi2CmtsAuthTable 1 } DOCSIS BPI Plus MIB November 2004 == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: docsBpi2CmtsTEKEntry OBJECT-TYPE SYNTAX DocsBpi2CmtsTEKEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains objects describing attributes of one TEK association on a particular CMTS MAC interface. The CMTS MUST create one entry per SAID per MAC interface, based on the receipt of a Key Request message, and MUST not delete the entry before the CM authorization for the SAID permanently expires." INDEX { ifIndex, docsBpi2CmtsTEKSAId } ::= { docsBpi2CmtsTEKTable 1 } == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'not RECOMMENDED' in this paragraph: docsBpi2CmtsDefaultSelfSignedManufCertTrust: A malicious SET in a self-signed certificate as 'untrusted' may cause CM to receive an authorization reject message which may constitute denial of service. This object is designed for testing purposes, Therefore is not RECOMMENDED to be used for commercial Deployments [1]. Administrators can make usage of View-based Access Control (VACM) introduced in section 7.9 of [RFC3410] to restrict write access to this object. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 2004) is 7102 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2021 (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 3291 (Obsoleted by RFC 4001) ** Obsolete normative reference: RFC 2670 (Obsoleted by RFC 4546) -- Possible downref: Non-RFC (?) normative reference: ref. '1' -- Obsolete informational reference (is this intentional?): RFC 3513 (Obsoleted by RFC 4291) Summary: 9 errors (**), 0 flaws (~~), 11 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft 2 IPCDN Working Group S. Green 3 Document: draft-ietf-ipcdn-bpiplus-mib-15 ADC Telecommunications, 4 Inc 5 Kaz Ozawa 6 Toshiba 7 A. Katsnelson 8 CableLabs 9 E. Cardona 10 CableLabs (Editor) 11 Expires: June 2004 November 2004 13 Management Information Base for DOCSIS 14 Cable Modems and Cable Modem Termination 15 Systems for Baseline Privacy Plus 17 Status of this Memo 19 By submitting this Internet-Draft, we certify that any applicable 20 patent or other IPR claims of which we are aware have been 21 disclosed, or will be disclosed, and any of which we become aware 22 will be disclosed, in accordance with RFC 3668. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six 30 months and may be updated, replaced, or obsoleted by other 31 documents at any time. It is inappropriate to use Internet-Drafts 32 as reference material or to cite them other than as "work in 33 progress." 35 The list of current Internet-Drafts can be accessed at 36 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 Abstract 42 This memo defines a portion of the Management Information Base (MIB) 43 for use with network management protocols in the Internet community. 44 In particular, it defines a set of managed objects for SNMP based 45 management of the Baseline Privacy Plus features of DOCSIS 1.1 and 46 DOCSIS 2.0 (Data-over-Cable Service Interface Specification) 47 compliant Cable Modems and Cable Modem Termination 48 DOCSIS BPI Plus MIB November 2004 50 Systems. 52 Note to RFC Editor (Remove this paragraph prior to publication) 53 This memo is a product of the IPCDN working group within the 54 Internet Engineering Task Force. Comments are solicited and 55 should be Addressed to the working group's mailing list at 56 ipcdn@ietf.org and/or the authors. 58 Conventions used in this document 60 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 61 NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" 62 in this document are to be interpreted as described in BCP 14, 63 RFC 2119 [RFC2119]. 65 Table of Contents 67 1. The Internet-Standard Management Framework......................2 68 2. Overview........................................................3 69 2.1 Structure of the MIB........................................3 70 2.2 Relationship of BPI+ and BPI MIB Modules....................5 71 2.3 BPI+ MIB module relationship with The Interfaces Group MIB..5 72 3. Definitions.....................................................6 73 4. Acknowledgments................................................77 74 5. Normative References...........................................77 75 6. Informative References.........................................79 76 7. Security Considerations........................................79 77 8. IANA Considerations............................................83 78 9. Authors' Addresses.............................................84 79 10. Disclaimer of Validity........................................84 80 11. Intellectual Property.........................................85 81 12. Copyright Statement...........................................85 83 1. The Internet-Standard Management Framework 85 For a detailed overview of the documents that describe the current 86 Internet-Standard Management Framework, please refer to section 7 of 87 RFC 3410 [RFC3410]. 89 Managed objects are accessed via a virtual information store, termed 90 the Management Information Base or MIB. MIB objects are generally 91 accessed through the Simple Network Management Protocol (SNMP). 92 Objects in the MIB are defined using the mechanisms defined in the 93 Structure of Management Information (SMI). This memo specifies a 94 MIB module that is compliant to the SMIv2, which is described in 95 STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, 96 DOCSIS BPI Plus MIB November 2004 98 RFC 2580 [RFC2580]. 100 2. Overview 102 This MIB module (BPI+ MIB) provides a set of objects required for 103 the management of the Baseline Privacy Interface Plus features of 104 DOCSIS 1.1 and DOCSIS 2.0 Cable Modem (CM) and Cable Modem 105 Termination System (CMTS). The specification is derived from the 106 operational model described in the DOCSIS Baseline Privacy Interface 107 Plus Specification [1]. 109 DOCSIS Baseline Privacy Plus is composed of four distinct 110 functional and manageable areas: 112 o Key Exchange and Data Encryption 114 o Cable Modem Authentication 116 o Multicast Encryption 118 o Authentication of Downloaded Software Images 120 This MIB module is an extension of the DOCSIS 1.0 Baseline Privacy 121 MIB module [RFC3083] (BPI MIB), which is derived from the 122 Operational model described in the DOCSIS Baseline Privacy Interface 123 Specification [2]. The original Baseline Privacy MIB structure 124 has been mostly preserved in the Baseline Privacy Plus MIB. 125 Please note that the referenced DOCSIS specifications only require 126 Cable Modems to process IPv4 customer traffic. Design choices in 127 this MIB module reflect those requirements. Future versions of the 128 DOCSIS specifications are expected to require support for IPv6 as 129 well. 131 2.1 Structure of the MIB 133 This MIB module is structured into several tables and objects: 135 2.1.1. Cable Modem 137 o The docsBpi2CmBaseTable contains authorization key exchange 138 information for one CM MAC interface. 140 o The docsBpi2CmTEKTable contains traffic key exchange and 141 data encryption information for a particular security 142 association ID of the cable modem. 144 DOCSIS BPI Plus MIB November 2004 146 o Multicast Encryption information is maintained under 147 Docsbpi2CmMulticastObjects. There is currently one multicast 148 table object which manages IP multicast encryption, 149 docsBpi2CmIpMulticastMapTable. 151 o Digital certificates used for cable modem authentication are 152 accessible via docsBpi2CmDeviceCertTable. 154 o Cryptographic suite capabilities for a CM MAC are maintained 155 in the docsBpi2CmCryptoSuiteTable. 157 2.1.2. Cable Modem Termination System 159 o The docsBpi2CmtsBaseTable contains default settings and 160 summary counters for the cable modem termination system. 162 o The DocsBpi2CmtsAuthTable contains Authorization Key Exchange 163 information for each CM MAC interface, as well as data 164 from CM certificates used in cable modem authentication. 166 o The docsBpi2CmtsTEKTable contains traffic key exchange and 167 data encryption information for a particular security 168 association ID. 170 o Multicast Encryption information is maintained under 171 Docsbpi2CmtsMulticastObjects. There are currently two 172 multicast table objects. The Table 173 docsBpi2CmtsIpMulticastMapTable is specifically designed 174 for IP multicast encryption, whereas 175 docsBpi2CmtsMulticastAuthTable is meant to manage all 176 multicast security associations. 178 In particular, the table docsBpi2CmtsIpMulticastMapTable 179 defines the object docsBpi2CmtsIpMulticastMask which could 180 be a non-contiguous netmask; this is why the object syntax 181 is based on the INET-ADDRESS-MIB MIB Module [RFC3291] 182 Textual Convention InetAddress instead of 183 InetAddressPrefixLength. 185 This is to facilitate the assignment of same DOCSIS Security 186 Association ID (SAID) to one or more IPv6 multicast group 187 ID(s) matching one or more IPv6 multicast scope types within 188 an entry in this table. 189 For example, multicast scopes labeled "unassigned" [RFC3513] 190 may be allocated by administrators to a particular SAID 191 regardless of their multicast scope; such mapping 192 transient multicast group 'Y' to SAID 'z' for ANY multicast 193 scope. The non-contiguous netmask will be FF10:Y, see 194 DOCSIS BPI Plus MIB November 2004 196 [RFC3513] for details on IPv6 multicast addressing. 198 o DocsBpi2CmtsCertObjects contains 2 manageable tables: one 199 for provisioned cable modem certificates and one for 200 certification authority certificates. 202 2.1.3. Common 204 o The docsBpi2CodeDownloadControl objects manage the 205 authenticated software download process for a given device. 207 2.2 Relationship of BPI+ and BPI MIB Modules 209 This section describes the relationship between the BPI+ MIB module 210 defined in this document and the BPI MIB module defined in RFC 3083 211 [RFC3083]. The BPI+ protocol interface is an enhancement to the BPI 212 protocol and it is a distinct protocol from BPI. The associated BPI+ 213 managed objects should be considered separate from the BPI MIB 214 objects defined in RFC 3083. 216 DOCSIS 1.1 and 2.0 systems implement both the BPI+ and BPI protocols 217 to be backward compatible with 1.0 systems. For more information 218 regarding the interoperability between BPI and BPI+ compliant 219 systems, refer to appendix C of the DOCSIS BPI+ specification 220 [1] and for MIB modules requirements, refers to section 4.6.1, 221 Figure 9 of the DOCSIS 1.1 OSSI specification [3] and section 222 7.6.1, Table 7-9 of the DOCSIS 2.0 OSSI specification [4]. 224 2.3 BPI+ MIB module relationship with The Interfaces Group MIB 226 The BPI+ MIB module is the management framework of Baseline Privacy 227 Plus Interface Specification [1], which provides the MAC layer 228 (Media Access Control) security Services of DOCSIS through the 229 Baseline Privacy Key Management (BPKM) protocol. 230 The BPI+ MIB module objects are organized as extensions of the Radio 231 Frequency (RF) Interface Management [RFC2670]. 233 The MIB table structures of this MIB Module are extensions of the 234 DOCSIS CATV (Community Antenna Television) MAC layer interface 235 (DocsCableMaclayer by [IANA]). In particular the provisions of the 236 Interface Group MIB[RFC2863] for counters discontinuities and 237 system re-initialization apply to CM and CMTS to validate the 238 difference between two consecutive counters polls. 240 All BPI+ MIB module counters are 32 bits based on the minimum time 241 to wrap-up considerations of [RFC2863] and their possible frequency 242 DOCSIS BPI Plus MIB November 2004 244 occurrence as BPI+ FSM (Finite State Machine) event counters. see 245 [1] for BPI+ FSM parameter guidelines. 247 3. Definitions 249 DOCS-IETF-BPI2-MIB DEFINITIONS ::= BEGIN 251 IMPORTS 252 MODULE-IDENTITY, OBJECT-TYPE, 253 Integer32, 254 Unsigned32, 255 Counter32, 256 mib-2 257 FROM SNMPv2-SMI -- [RFC2578] 258 SnmpAdminString 259 FROM SNMP-FRAMEWORK-MIB -- [RFC3411] 260 TEXTUAL-CONVENTION, 261 MacAddress, 262 RowStatus, 263 TruthValue, 264 DateAndTime, 265 StorageType 266 FROM SNMPv2-TC -- [RFC2579] 267 OBJECT-GROUP, 268 MODULE-COMPLIANCE 269 FROM SNMPv2-CONF -- [RFC2580] 270 ifIndex 271 FROM IF-MIB -- [RFC2863] 272 InetAddressType, 273 InetAddress 274 FROM INET-ADDRESS-MIB; -- [RFC3291] 276 docsBpi2MIB MODULE-IDENTITY 277 LAST-UPDATED "200409071700Z" -- September 7th, 2004 278 ORGANIZATION "IETF IP over Cable Data Network (IPCDN) 279 Working Group" 280 CONTACT-INFO "--------------------------------------- 281 Stuart M. Green 282 Postal: 283 ADC Telecommunications, Inc. 284 Mailstop 1641 285 8 Technology Drive 286 Westborough, MA 01581 287 U.S.A. 288 Tel: +1 508 870 2554 289 DOCSIS BPI Plus MIB November 2004 291 E-mail: stuart.green@adc.com 292 --------------------------------------- 293 Kaz Ozawa 294 Cable Modem & Network Dept. 295 Server & Network Div. 296 TOSHIBA CORPORATION 297 Digital Media Network Company 298 1-1, Shibaura 1-Chome 299 Minato-ku, Tokyo 105-8001 300 Japan 301 Phone: +81-3-3457-2726 302 FAX: +81-3-5444-9359 303 Email: Kazuyoshi.Ozawa@toshiba.co.jp 304 --------------------------------------- 305 Alexander Katsnelson 306 Postal: 307 Cable Television Laboratories, Inc. 308 858 Coal Creek Circle 309 Louisville, CO 80027- 9750 310 U.S.A. 311 Tel: +1 303 661 9100 312 Fax: +1 303 661 9199 313 E-mail: a.katsnelson@cablelabs.com 314 --------------------------------------- 315 Eduardo Cardona 316 Postal: 317 Cable Television Laboratories, Inc. 318 858 Coal Creek Circle 319 Louisville, CO 80027- 9750 320 U.S.A. 321 Tel: +1 303 661 9100 322 Fax: +1 303 661 9199 323 E-mail: e.cardona@cablelabs.com 324 --------------------------------------- 326 IETF IPCDN Working Group 327 General Discussion: ipcdn@ietf.org 328 Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn. 329 Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn. 330 Co-chairs: Richard Woundy, rwoundy@cisco.com 331 Jean-Francois Mule, jfm@cablelabs.com" 332 DESCRIPTION 333 "This is the MIB module for the DOCSIS Baseline 334 Privacy Plus Interface (BPI+) at cable modems (CMs) 335 and cable modem termination systems (CMTSs). 337 Copyright (C) The Internet Society (2004). This 338 version of this MIB module is part of RFC XXXX; see 339 the RFC itself for full legal notices." 340 DOCSIS BPI Plus MIB November 2004 342 REVISION "200409071700Z" 343 DESCRIPTION 344 "Initial version of the IETF BPI+ MIB module. 345 This version published as RFC XXXX." 347 -- Note to RFC editor: 348 -- RFC editor to assign yy 349 -- Delete this note 351 ::= { mib-2 yy } -- yy to be assigned by IANA 353 -- Textual conventions 355 DocsX509ASN1DEREncodedCertificate ::= TEXTUAL-CONVENTION 356 STATUS current 357 DESCRIPTION 358 "An X509 digital certificate encoded as an ASN.1 DER 359 object." 360 SYNTAX OCTET STRING (SIZE (0..4096)) 362 DocsSAId ::= TEXTUAL-CONVENTION 363 DISPLAY-HINT "d" 364 STATUS current 365 DESCRIPTION 366 "Security Association identifier (SAId)" 367 REFERENCE 368 " DOCSIS Baseline Privacy Plus Interface 369 specification, Section 2.1.3 BPI+ Security 370 Associations" 371 SYNTAX Integer32 (1..16383) 373 DocsSAIdOrZero ::= TEXTUAL-CONVENTION 374 DISPLAY-HINT "d" 375 STATUS current 376 DESCRIPTION 377 "Security Association identifier (SAId). The value 378 zero indicates the SAId is yet to be determined" 379 REFERENCE 380 " DOCSIS Baseline Privacy Plus Interface 381 specification, Section 2.1.3 BPI+ Security 382 Associations" 383 SYNTAX Unsigned32 (0 | 1..16383) 385 DocsBpkmSAType ::= TEXTUAL-CONVENTION 386 STATUS current 387 DOCSIS BPI Plus MIB November 2004 389 DESCRIPTION 390 "The type of security association (SA). 391 The values of the named-numbers are associated 392 with the BPKM SA-Type attributes: 393 'primary' corresponds to code '1', 'static' to code '2' 394 'dynamic' to code '3'. 395 'none' value must only be used if the SA type has yet 396 to be determined." 397 REFERENCE 398 "DOCSIS Baseline Privacy Plus Interface 399 specification, Section 4.2.2.24" 400 SYNTAX INTEGER { 401 none(0), 402 primary(1), 403 static(2), 404 dynamic(3) 405 } 407 DocsBpkmDataEncryptAlg ::= TEXTUAL-CONVENTION 408 STATUS current 409 DESCRIPTION 410 "The list of data encryption algorithms defined for 411 the DOCSIS interface in the BPKM cryptographic-suite 412 parameter. The Value 'none' is indicates that the SAID 413 being referenced has no data encryption." 414 REFERENCE 415 "DOCSIS Baseline Privacy Plus Interface Specification, 416 Section 4.2.2.20." 417 SYNTAX INTEGER { 418 none(0), 419 des56CbcMode(1), 420 des40CbcMode(2), 421 t3Des128CbcMode(3), 422 aes128CbcMode(4), 423 aes256CbcMode(5) 424 } 426 DocsBpkmDataAuthentAlg ::= TEXTUAL-CONVENTION 427 STATUS current 428 DESCRIPTION 429 "The list of data integrity algorithms defined for the 430 DOCSIS interface in the BPKM cryptographic-suite parameter. 431 The value 'none' indicates no data integrity is used for 432 the SAID being referenced." 433 REFERENCE 434 "DOCSIS Baseline Privacy Plus Interface Specification, 435 Section 4.2.2.20." 436 SYNTAX INTEGER { 437 none(0), 439 DOCSIS BPI Plus MIB November 2004 441 hmacSha196(1) 442 } 444 docsBpi2MIBObjects OBJECT IDENTIFIER ::= { docsBpi2MIB 1 } 446 -- Cable Modem Group 448 docsBpi2CmObjects OBJECT IDENTIFIER ::= { docsBpi2MIBObjects 1 } 450 -- 451 -- The BPI+ base and authorization table for CMs, 452 -- indexed by ifIndex 453 -- 455 docsBpi2CmBaseTable OBJECT-TYPE 456 SYNTAX SEQUENCE OF DocsBpi2CmBaseEntry 457 MAX-ACCESS not-accessible 458 STATUS current 459 DESCRIPTION 460 "This table describes the basic and authorization 461 related Baseline Privacy Plus attributes of each CM MAC 462 interface." 463 ::= { docsBpi2CmObjects 1 } 465 docsBpi2CmBaseEntry OBJECT-TYPE 466 SYNTAX DocsBpi2CmBaseEntry 467 MAX-ACCESS not-accessible 468 STATUS current 469 DESCRIPTION 470 "Each entry contains objects describing attributes of 471 one CM MAC interface. An entry in this table exists for 472 each ifEntry with an ifType of docsCableMaclayer(127)." 473 INDEX { ifIndex } 474 ::= { docsBpi2CmBaseTable 1 } 476 DocsBpi2CmBaseEntry ::= SEQUENCE { 477 docsBpi2CmPrivacyEnable TruthValue, 478 docsBpi2CmPublicKey OCTET STRING, 479 docsBpi2CmAuthState INTEGER, 480 docsBpi2CmAuthKeySequenceNumber Integer32, 481 docsBpi2CmAuthExpiresOld DateAndTime, 482 docsBpi2CmAuthExpiresNew DateAndTime, 483 docsBpi2CmAuthReset TruthValue, 484 docsBpi2CmAuthGraceTime Integer32, 485 docsBpi2CmTEKGraceTime Integer32, 486 docsBpi2CmAuthWaitTimeout Integer32, 487 docsBpi2CmReauthWaitTimeout Integer32, 488 docsBpi2CmOpWaitTimeout Integer32, 489 docsBpi2CmRekeyWaitTimeout Integer32, 490 DOCSIS BPI Plus MIB November 2004 492 docsBpi2CmAuthRejectWaitTimeout Integer32, 493 docsBpi2CmSAMapWaitTimeout Integer32, 494 docsBpi2CmSAMapMaxRetries Integer32, 495 docsBpi2CmAuthentInfos Counter32, 496 docsBpi2CmAuthRequests Counter32, 497 docsBpi2CmAuthReplies Counter32, 498 docsBpi2CmAuthRejects Counter32, 499 docsBpi2CmAuthInvalids Counter32, 500 docsBpi2CmAuthRejectErrorCode INTEGER, 501 docsBpi2CmAuthRejectErrorString SnmpAdminString, 502 docsBpi2CmAuthInvalidErrorCode INTEGER, 503 docsBpi2CmAuthInvalidErrorString SnmpAdminString 504 } 506 docsBpi2CmPrivacyEnable OBJECT-TYPE 507 SYNTAX TruthValue 508 MAX-ACCESS read-only 509 STATUS current 510 DESCRIPTION 511 "This object identifies whether this CM is 512 provisioned to run Baseline Privacy Plus." 513 REFERENCE 514 "DOCSIS Baseline Privacy Plus Interface Specification, 515 Appendix A.1.1." 516 ::= { docsBpi2CmBaseEntry 1 } 518 docsBpi2CmPublicKey OBJECT-TYPE 519 SYNTAX OCTET STRING (SIZE (0..524)) 520 MAX-ACCESS read-only 521 STATUS current 522 DESCRIPTION 523 "The value of this object is a DER-encoded 524 RSAPublicKey ASN.1 type string, as defined in the RSA 525 Encryption Standard (PKCS #1), corresponding to the 526 public key of the CM." 528 REFERENCE 529 "DOCSIS Baseline Privacy Plus Interface Specification, 530 Section 4.2.2.4." 531 ::= { docsBpi2CmBaseEntry 2 } 533 docsBpi2CmAuthState OBJECT-TYPE 534 SYNTAX INTEGER { 535 start(1), 536 authWait(2), 537 authorized(3), 538 reauthWait(4), 539 authRejectWait(5), 540 silent(6) 542 DOCSIS BPI Plus MIB November 2004 544 } 545 MAX-ACCESS read-only 546 STATUS current 547 DESCRIPTION 548 "The value of this object is the state of the CM 549 authorization FSM. The start state indicates that FSM is 550 in its initial state." 551 REFERENCE 552 "DOCSIS Baseline Privacy Plus Interface Specification, 553 Section 4.1.2.1." 554 ::= { docsBpi2CmBaseEntry 3 } 556 docsBpi2CmAuthKeySequenceNumber OBJECT-TYPE 557 SYNTAX Integer32 (0..15) 558 MAX-ACCESS read-only 559 STATUS current 560 DESCRIPTION 561 "The value of this object is the most recent 562 authorization key sequence number for this FSM." 563 REFERENCE 564 "DOCSIS Baseline Privacy Plus Interface Specification, 565 Sections 4.2.1.2 and 4.2.2.10." 566 ::= { docsBpi2CmBaseEntry 4 } 568 docsBpi2CmAuthExpiresOld OBJECT-TYPE 569 SYNTAX DateAndTime 570 MAX-ACCESS read-only 571 STATUS current 572 DESCRIPTION 573 "The value of this object is the actual clock time for 574 expiration of the immediate predecessor of the most recent 575 authorization key for this FSM. If this FSM has only one 576 authorization key, then the value is the time of activation 577 of this FSM." 578 REFERENCE 579 "DOCSIS Baseline Privacy Plus Interface Specification, 580 Sections 4.2.1.2 and 4.2.2.9." 581 ::= { docsBpi2CmBaseEntry 5 } 583 docsBpi2CmAuthExpiresNew OBJECT-TYPE 584 SYNTAX DateAndTime 585 MAX-ACCESS read-only 586 STATUS current 587 DESCRIPTION 588 "The value of this object is the actual clock time for 589 expiration of the most recent authorization key for this 590 FSM." 591 REFERENCE 592 "DOCSIS Baseline Privacy Plus Interface Specification, 593 DOCSIS BPI Plus MIB November 2004 595 Sections 4.2.1.2 and 4.2.2.9." 596 ::= { docsBpi2CmBaseEntry 6 } 598 docsBpi2CmAuthReset OBJECT-TYPE 599 SYNTAX TruthValue 600 MAX-ACCESS read-write 601 STATUS current 602 DESCRIPTION 603 "Setting this object to 'true' generates a Reauthorize 604 event in the authorization FSM. Reading this object always 605 returns FALSE. 606 This object is for testing purposes only and therefore it 607 does not require to be associated with a last reset 608 object." 609 REFERENCE 610 "DOCSIS Baseline Privacy Plus Interface Specification, 611 Section 4.1.2.3.4." 612 ::= { docsBpi2CmBaseEntry 7 } 614 docsBpi2CmAuthGraceTime OBJECT-TYPE 615 SYNTAX Integer32 (1..6047999) 616 UNITS "seconds" 617 MAX-ACCESS read-only 618 STATUS current 619 DESCRIPTION 620 "The value of this object is the grace time for an 621 authorization key in seconds. A CM is expected to start 622 trying to get a new authorization key beginning 623 AuthGraceTime seconds before the most recent authorization 624 key actually expires." 625 REFERENCE 626 "DOCSIS Baseline Privacy Plus Interface Specification, 627 Appendix A.1.1.1.3." 628 ::= { docsBpi2CmBaseEntry 8 } 630 docsBpi2CmTEKGraceTime OBJECT-TYPE 631 SYNTAX Integer32 (1..302399) 632 UNITS "seconds" 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION 636 "The value of this object is the grace time for 637 the TEK in seconds. The CM is expected to start trying to 638 acquire a new TEK beginning TEK GraceTime seconds before 639 the expiration of the most recent TEK." 640 REFERENCE 641 "DOCSIS Baseline Privacy Plus Interface Specification, 642 Appendix A.1.1.1.6." 643 ::= { docsBpi2CmBaseEntry 9 } 644 DOCSIS BPI Plus MIB November 2004 646 docsBpi2CmAuthWaitTimeout OBJECT-TYPE 647 SYNTAX Integer32 (1..30) 648 UNITS "seconds" 649 MAX-ACCESS read-only 650 STATUS current 651 DESCRIPTION 652 "The value of this object is the Authorize Wait 653 Timeout in second." 654 REFERENCE 655 "DOCSIS Baseline Privacy Plus Interface Specification, 656 Appendix A.1.1.1.1." 657 ::= { docsBpi2CmBaseEntry 10 } 659 docsBpi2CmReauthWaitTimeout OBJECT-TYPE 660 SYNTAX Integer32 (1..30) 661 UNITS "seconds" 662 MAX-ACCESS read-only 663 STATUS current 664 DESCRIPTION 665 "The value of this object is the Reauthorize Wait 666 Timeout in seconds." 667 REFERENCE 668 "DOCSIS Baseline Privacy Plus Interface Specification, 669 Appendix A.1.1.1.2." 670 ::= { docsBpi2CmBaseEntry 11 } 672 docsBpi2CmOpWaitTimeout OBJECT-TYPE 673 SYNTAX Integer32 (1..10) 674 UNITS "seconds" 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 "The value of this object is the Operational Wait 679 Timeout in seconds." 680 REFERENCE 681 "DOCSIS Baseline Privacy Plus Interface Specification, 682 Appendix A.1.1.1.4." 683 ::= { docsBpi2CmBaseEntry 12 } 685 docsBpi2CmRekeyWaitTimeout OBJECT-TYPE 686 SYNTAX Integer32 (1..10) 687 UNITS "seconds" 688 MAX-ACCESS read-only 689 STATUS current 690 DESCRIPTION 691 "The value of this object is the Rekey Wait Timeout 692 in seconds." 693 REFERENCE 694 DOCSIS BPI Plus MIB November 2004 696 "DOCSIS Baseline Privacy Plus Interface Specification, 697 Appendix A.1.1.1.5." 698 ::= { docsBpi2CmBaseEntry 13 } 700 docsBpi2CmAuthRejectWaitTimeout OBJECT-TYPE 701 SYNTAX Integer32 (1..600) 702 UNITS "seconds" 703 MAX-ACCESS read-only 704 STATUS current 705 DESCRIPTION 706 "The value of this object is the Authorization Reject 707 Wait Timeout in seconds." 708 REFERENCE 709 "DOCSIS Baseline Privacy Plus Interface Specification, 710 Appendix A.1.1.1.7." 711 ::= { docsBpi2CmBaseEntry 14 } 713 docsBpi2CmSAMapWaitTimeout OBJECT-TYPE 714 SYNTAX Integer32 (1..10) 715 UNITS "seconds" 716 MAX-ACCESS read-only 717 STATUS current 718 DESCRIPTION 719 "The value of this object is the retransmission 720 interval, in seconds, of SA Map Requests from the MAP Wait 721 state." 722 REFERENCE 723 "DOCSIS Baseline Privacy Plus Interface Specification, 724 Appendix A.1.1.1.8." 725 ::= { docsBpi2CmBaseEntry 15 } 727 docsBpi2CmSAMapMaxRetries OBJECT-TYPE 728 SYNTAX Integer32 (0..10) 729 UNITS "count" 730 MAX-ACCESS read-only 731 STATUS current 732 DESCRIPTION 733 "The value of this object is the maximum number of 734 Map Request retries allowed." 735 REFERENCE 736 "DOCSIS Baseline Privacy Plus Interface Specification, 737 Appendix A.1.1.1.9." 738 ::= { docsBpi2CmBaseEntry 16 } 740 docsBpi2CmAuthentInfos OBJECT-TYPE 741 SYNTAX Counter32 742 MAX-ACCESS read-only 743 STATUS current 744 DESCRIPTION 745 DOCSIS BPI Plus MIB November 2004 747 "The value of this object is the count of times the CM 748 has transmitted an Authentication Information message. 749 Discontinuities in the value of this counter can occur at 750 re-initialization of the management system, and at other 751 times as indicated by the value of 752 ifCounterDiscontinuityTime." 753 REFERENCE 754 "DOCSIS Baseline Privacy Plus Interface Specification, 755 Section 4.2.1.9." 756 ::= { docsBpi2CmBaseEntry 17 } 758 docsBpi2CmAuthRequests OBJECT-TYPE 759 SYNTAX Counter32 760 MAX-ACCESS read-only 761 STATUS current 762 DESCRIPTION 763 "The value of this object is the count of times the CM 764 has transmitted an Authorization Request message. 765 Discontinuities in the value of this counter can occur at 766 re-initialization of the management system, and at other 767 times as indicated by the value of 768 ifCounterDiscontinuityTime." 769 REFERENCE 770 "DOCSIS Baseline Privacy Plus Interface Specification, 771 Section 4.2.1.1." 772 ::= { docsBpi2CmBaseEntry 18 } 774 docsBpi2CmAuthReplies OBJECT-TYPE 775 SYNTAX Counter32 776 MAX-ACCESS read-only 777 STATUS current 778 DESCRIPTION 779 "The value of this object is the count of times the CM 780 has received an Authorization Reply message. 781 Discontinuities in the value of this counter can occur at 782 re-initialization of the management system, and at other 783 times as indicated by the value of 784 ifCounterDiscontinuityTime." 786 REFERENCE 787 "DOCSIS Baseline Privacy Plus Interface Specification, 788 Section 4.2.1.2." 789 ::= { docsBpi2CmBaseEntry 19 } 791 docsBpi2CmAuthRejects OBJECT-TYPE 792 SYNTAX Counter32 793 MAX-ACCESS read-only 794 STATUS current 795 DESCRIPTION 796 DOCSIS BPI Plus MIB November 2004 798 "The value of this object is the count of times the CM 799 has received an Authorization Reject message. 800 Discontinuities in the value of this counter can occur at 801 re-initialization of the management system, and at other 802 times as indicated by the value of 803 ifCounterDiscontinuityTime." 804 REFERENCE 805 "DOCSIS Baseline Privacy Plus Interface Specification, 806 Section 4.2.1.3." 807 ::= { docsBpi2CmBaseEntry 20 } 809 docsBpi2CmAuthInvalids OBJECT-TYPE 810 SYNTAX Counter32 811 MAX-ACCESS read-only 812 STATUS current 813 DESCRIPTION 814 "The value of this object is the count of times the CM 815 has received an Authorization Invalid message. 816 Discontinuities in the value of this counter can occur at 817 re-initialization of the management system, and at other 818 times as indicated by the value of 819 ifCounterDiscontinuityTime." 820 REFERENCE 821 "DOCSIS Baseline Privacy Plus Interface Specification, 822 Section 4.2.1.7." 823 ::= { docsBpi2CmBaseEntry 21 } 825 docsBpi2CmAuthRejectErrorCode OBJECT-TYPE 826 SYNTAX INTEGER { 827 none(1), 828 unknown(2), 829 unauthorizedCm(3), 830 unauthorizedSaid(4), 831 permanentAuthorizationFailure(8), 832 timeOfDayNotAcquired(11) 833 } 834 MAX-ACCESS read-only 835 STATUS current 836 DESCRIPTION 837 "The value of this object is the enumerated 838 description of the Error-Code in most recent Authorization 839 Reject message received by the CM. This has value 840 unknown(2) if the last Error-Code value was 0, and none(1) 841 if no Authorization Reject message has been received since 842 reboot." 843 REFERENCE 844 "DOCSIS Baseline Privacy Plus Interface Specification, 845 Sections 4.2.1.3 and 4.2.2.15." 846 ::= { docsBpi2CmBaseEntry 22 } 847 DOCSIS BPI Plus MIB November 2004 849 docsBpi2CmAuthRejectErrorString OBJECT-TYPE 850 SYNTAX SnmpAdminString (SIZE (0..128)) 851 MAX-ACCESS read-only 852 STATUS current 853 DESCRIPTION 854 "The value of this object is the text string in 855 most recent Authorization Reject message received by the 856 CM. This is a zero length string if no Authorization 857 Reject message has been received since reboot." 858 REFERENCE 859 "DOCSIS Baseline Privacy Plus Interface Specification, 860 Sections 4.2.1.3 and 4.2.2.6." 861 ::= { docsBpi2CmBaseEntry 23 } 863 docsBpi2CmAuthInvalidErrorCode OBJECT-TYPE 864 SYNTAX INTEGER { 865 none(1), 866 unknown(2), 867 unauthorizedCm(3), 868 unsolicited(5), 869 invalidKeySequence(6), 870 keyRequestAuthenticationFailure(7) 871 } 872 MAX-ACCESS read-only 873 STATUS current 874 DESCRIPTION 875 "The value of this object is the enumerated 876 description of the Error-Code in most recent Authorization 877 Invalid message received by the CM. This has value 878 unknown(2) if the last Error-Code value was 0, and none(1) 879 if no Authorization Invalid message has been received since 880 reboot." 881 REFERENCE 882 "DOCSIS Baseline Privacy Plus Interface Specification, 883 Sections 4.2.1.7 and 4.2.2.15." 884 ::= { docsBpi2CmBaseEntry 24 } 886 docsBpi2CmAuthInvalidErrorString OBJECT-TYPE 887 SYNTAX SnmpAdminString (SIZE (0..128)) 888 MAX-ACCESS read-only 889 STATUS current 890 DESCRIPTION 891 "The value of this object is the text string in 892 most recent Authorization Invalid message received by the 893 CM. This is a zero length string if no Authorization 894 Invalid message has been received since reboot." 895 REFERENCE 896 "DOCSIS Baseline Privacy Plus Interface Specification, 897 DOCSIS BPI Plus MIB November 2004 899 Sections 4.2.1.7 and 4.2.2.6." 900 ::= { docsBpi2CmBaseEntry 25 } 902 -- 903 -- The CM TEK Table, indexed by ifIndex and SAID 904 -- 906 docsBpi2CmTEKTable OBJECT-TYPE 907 SYNTAX SEQUENCE OF DocsBpi2CmTEKEntry 908 MAX-ACCESS not-accessible 909 STATUS current 910 DESCRIPTION 911 "This table describes the attributes of each CM 912 Traffic Encryption Key (TEK) association. The CM maintains 913 (no more than) one TEK association per SAID per CM MAC 914 interface." 915 ::= { docsBpi2CmObjects 2 } 917 docsBpi2CmTEKEntry OBJECT-TYPE 918 SYNTAX DocsBpi2CmTEKEntry 919 MAX-ACCESS not-accessible 920 STATUS current 921 DESCRIPTION 922 "Each entry contains objects describing the TEK 923 association attributes of one SAID. The CM MUST create one 924 entry per SAID, regardless of whether the SAID was obtained 925 from a Registration Response message, from an Authorization 926 Reply message, or from any dynamic SAID establishment 927 mechanisms." 928 INDEX { ifIndex, docsBpi2CmTEKSAId } 929 ::= { docsBpi2CmTEKTable 1 } 931 DocsBpi2CmTEKEntry ::= SEQUENCE { 932 docsBpi2CmTEKSAId DocsSAId, 933 docsBpi2CmTEKSAType DocsBpkmSAType, 934 docsBpi2CmTEKDataEncryptAlg DocsBpkmDataEncryptAlg, 935 docsBpi2CmTEKDataAuthentAlg DocsBpkmDataAuthentAlg, 936 docsBpi2CmTEKState INTEGER, 937 docsBpi2CmTEKKeySequenceNumber Integer32, 938 docsBpi2CmTEKExpiresOld DateAndTime, 939 docsBpi2CmTEKExpiresNew DateAndTime, 940 docsBpi2CmTEKKeyRequests Counter32, 941 docsBpi2CmTEKKeyReplies Counter32, 942 docsBpi2CmTEKKeyRejects Counter32, 943 docsBpi2CmTEKInvalids Counter32, 944 docsBpi2CmTEKAuthPends Counter32, 945 DOCSIS BPI Plus MIB November 2004 947 docsBpi2CmTEKKeyRejectErrorCode INTEGER, 948 docsBpi2CmTEKKeyRejectErrorString SnmpAdminString, 949 docsBpi2CmTEKInvalidErrorCode INTEGER, 950 docsBpi2CmTEKInvalidErrorString SnmpAdminString 951 } 953 docsBpi2CmTEKSAId OBJECT-TYPE 954 SYNTAX DocsSAId 955 MAX-ACCESS not-accessible 956 STATUS current 957 DESCRIPTION 958 "The value of this object is the DOCSIS Security 959 Association ID (SAID)." 960 REFERENCE 961 "DOCSIS Baseline Privacy Plus Interface Specification, 962 Section 4.2.2.12." 963 ::= { docsBpi2CmTEKEntry 1 } 965 docsBpi2CmTEKSAType OBJECT-TYPE 966 SYNTAX DocsBpkmSAType 967 MAX-ACCESS read-only 968 STATUS current 969 DESCRIPTION 970 "The value of this object is the type of security 971 association." 972 REFERENCE 973 "DOCSIS Baseline Privacy Plus Interface Specification, 974 Section 2.1.3." 975 ::= { docsBpi2CmTEKEntry 2 } 977 docsBpi2CmTEKDataEncryptAlg OBJECT-TYPE 978 SYNTAX DocsBpkmDataEncryptAlg 979 MAX-ACCESS read-only 980 STATUS current 981 DESCRIPTION 982 "The value of this object is the data encryption 983 algorithm for this SAID." 984 REFERENCE 985 "DOCSIS Baseline Privacy Plus Interface Specification, 986 Section 4.2.2.20." 987 ::= { docsBpi2CmTEKEntry 3 } 989 docsBpi2CmTEKDataAuthentAlg OBJECT-TYPE 990 SYNTAX DocsBpkmDataAuthentAlg 991 MAX-ACCESS read-only 992 STATUS current 993 DESCRIPTION 994 "The value of this object is the data authentication 995 algorithm for this SAID." 996 DOCSIS BPI Plus MIB November 2004 998 REFERENCE 999 "DOCSIS Baseline Privacy Plus Interface Specification, 1000 Section 4.2.2.20." 1001 ::= { docsBpi2CmTEKEntry 4 } 1003 docsBpi2CmTEKState OBJECT-TYPE 1004 SYNTAX INTEGER { 1005 start(1), 1006 opWait(2), 1007 opReauthWait(3), 1008 operational(4), 1009 rekeyWait(5), 1010 rekeyReauthWait(6) 1011 } 1012 MAX-ACCESS read-only 1013 STATUS current 1014 DESCRIPTION 1015 "The value of this object is the state of the 1016 indicated TEK FSM. The start(1) state indicates that FSM 1017 is in its initial state." 1018 REFERENCE 1019 "DOCSIS Baseline Privacy Plus Interface Specification, 1020 Section 4.1.3.1." 1021 ::= { docsBpi2CmTEKEntry 5 } 1023 docsBpi2CmTEKKeySequenceNumber OBJECT-TYPE 1024 SYNTAX Integer32 (0..15) 1025 MAX-ACCESS read-only 1026 STATUS current 1027 DESCRIPTION 1028 "The value of this object is the most recent TEK 1029 key sequence number for this TEK FSM." 1030 REFERENCE 1031 "DOCSIS Baseline Privacy Plus Interface Specification, 1032 Sections 4.2.2.10 and 4.2.2.13." 1033 ::= { docsBpi2CmTEKEntry 6 } 1035 docsBpi2CmTEKExpiresOld OBJECT-TYPE 1036 SYNTAX DateAndTime 1037 MAX-ACCESS read-only 1038 STATUS current 1039 DESCRIPTION 1040 "The value of this object is the actual clock time for 1041 expiration of the immediate predecessor of the most recent 1042 TEK for this FSM. If this FSM has only one TEK, then the 1043 value is the time of activation of this FSM." 1044 REFERENCE 1045 "DOCSIS Baseline Privacy Plus Interface Specification, 1046 Sections 4.2.1.5 and 4.2.2.9." 1047 DOCSIS BPI Plus MIB November 2004 1049 ::= { docsBpi2CmTEKEntry 7 } 1051 docsBpi2CmTEKExpiresNew OBJECT-TYPE 1052 SYNTAX DateAndTime 1053 MAX-ACCESS read-only 1054 STATUS current 1055 DESCRIPTION 1056 "The value of this object is the actual clock time for 1057 expiration of the most recent TEK for this FSM." 1058 REFERENCE 1059 "DOCSIS Baseline Privacy Plus Interface Specification, 1060 Sections 4.2.1.5 and 4.2.2.9." 1061 ::= { docsBpi2CmTEKEntry 8 } 1063 docsBpi2CmTEKKeyRequests OBJECT-TYPE 1064 SYNTAX Counter32 1065 MAX-ACCESS read-only 1066 STATUS current 1067 DESCRIPTION 1068 "The value of this object is the count of times the CM 1069 has transmitted a Key Request message. 1070 Discontinuities in the value of this counter can occur at 1071 re-initialization of the management system, and at other 1072 times as indicated by the value of 1073 ifCounterDiscontinuityTime." 1075 REFERENCE 1076 "DOCSIS Baseline Privacy Plus Interface Specification, 1077 Section 4.2.1.4." 1078 ::= { docsBpi2CmTEKEntry 9 } 1080 docsBpi2CmTEKKeyReplies OBJECT-TYPE 1081 SYNTAX Counter32 1082 MAX-ACCESS read-only 1083 STATUS current 1084 DESCRIPTION 1085 "The value of this object is the count of times the CM 1086 has received a Key Reply message, including a message whose 1087 authentication failed. 1088 Discontinuities in the value of this counter can occur at 1089 re-initialization of the management system, and at other 1090 times as indicated by the value of 1091 ifCounterDiscontinuityTime." 1092 REFERENCE 1093 "DOCSIS Baseline Privacy Plus Interface Specification, 1094 Section 4.2.1.5." 1095 ::= { docsBpi2CmTEKEntry 10 } 1097 docsBpi2CmTEKKeyRejects OBJECT-TYPE 1098 DOCSIS BPI Plus MIB November 2004 1100 SYNTAX Counter32 1101 MAX-ACCESS read-only 1102 STATUS current 1103 DESCRIPTION 1104 "The value of this object is the count of times the CM 1105 has received a Key Reject message, including a message 1106 whose authentication failed. 1107 Discontinuities in the value of this counter can occur at 1108 re-initialization of the management system, and at other 1109 times as indicated by the value of 1110 ifCounterDiscontinuityTime." 1111 REFERENCE 1112 "DOCSIS Baseline Privacy Plus Interface Specification, 1113 Section 4.2.1.6." 1114 ::= { docsBpi2CmTEKEntry 11 } 1116 docsBpi2CmTEKInvalids OBJECT-TYPE 1117 SYNTAX Counter32 1118 MAX-ACCESS read-only 1119 STATUS current 1120 DESCRIPTION 1121 "The value of this object is the count of times the CM 1122 has received a TEK Invalid message, including a message 1123 whose authentication failed. 1124 Discontinuities in the value of this counter can occur at 1125 re-initialization of the management system, and at other 1126 times as indicated by the value of 1127 ifCounterDiscontinuityTime." 1128 REFERENCE 1129 "DOCSIS Baseline Privacy Plus Interface Specification, 1130 Section 4.2.1.8." 1131 ::= { docsBpi2CmTEKEntry 12 } 1133 docsBpi2CmTEKAuthPends OBJECT-TYPE 1134 SYNTAX Counter32 1135 MAX-ACCESS read-only 1136 STATUS current 1137 DESCRIPTION 1138 "The value of this object is the count of times an 1139 Authorization Pending (Auth Pend) event occurred in this 1140 FSM. 1141 Discontinuities in the value of this counter can occur at 1142 re-initialization of the management system, and at other 1143 times as indicated by the value of 1144 ifCounterDiscontinuityTime." 1145 REFERENCE 1146 "DOCSIS Baseline Privacy Plus Interface Specification, 1147 Section 4.1.3.3.3." 1148 ::= { docsBpi2CmTEKEntry 13 } 1149 DOCSIS BPI Plus MIB November 2004 1151 docsBpi2CmTEKKeyRejectErrorCode OBJECT-TYPE 1152 SYNTAX INTEGER { 1153 none(1), 1154 unknown(2), 1155 unauthorizedSaid(4) 1156 } 1157 MAX-ACCESS read-only 1158 STATUS current 1159 DESCRIPTION 1160 "The value of this object is the enumerated 1161 description of the Error-Code in most recent Key Reject 1162 message received by the CM. This has value unknown(2) if 1163 the last Error-Code value was 0, and none(1) if no Key 1164 Reject message has been received since registration." 1165 REFERENCE 1166 "DOCSIS Baseline Privacy Plus Interface Specification, 1167 Sections 4.1.2.6 and 4.2.2.15." 1168 ::= { docsBpi2CmTEKEntry 14 } 1170 docsBpi2CmTEKKeyRejectErrorString OBJECT-TYPE 1171 SYNTAX SnmpAdminString (SIZE (0..128)) 1172 MAX-ACCESS read-only 1173 STATUS current 1174 DESCRIPTION 1175 "The value of this object is the text string in 1176 most recent Key Reject message received by the CM. This is 1177 a zero length string if no Key Reject message has been 1178 received since registration." 1179 REFERENCE 1180 "DOCSIS Baseline Privacy Plus Interface Specification, 1181 Sections 4.1.2.6 and 4.2.2.6." 1182 ::= { docsBpi2CmTEKEntry 15 } 1184 docsBpi2CmTEKInvalidErrorCode OBJECT-TYPE 1185 SYNTAX INTEGER { 1186 none(1), 1187 unknown(2), 1188 invalidKeySequence(6) 1189 } 1190 MAX-ACCESS read-only 1191 STATUS current 1192 DESCRIPTION 1193 "The value of this object is the enumerated 1194 description of the Error-Code in most recent TEK Invalid 1195 message received by the CM. This has value unknown(2) if 1196 the last Error-Code value was 0, and none(1) if no TEK 1197 Invalid message has been received since registration." 1198 REFERENCE 1199 DOCSIS BPI Plus MIB November 2004 1201 "DOCSIS Baseline Privacy Plus Interface Specification, 1202 Sections 4.1.2.8 and 4.2.2.15." 1203 ::= { docsBpi2CmTEKEntry 16 } 1205 docsBpi2CmTEKInvalidErrorString OBJECT-TYPE 1206 SYNTAX SnmpAdminString (SIZE (0..128)) 1207 MAX-ACCESS read-only 1208 STATUS current 1209 DESCRIPTION 1210 "The value of this object is the text string in 1211 most recent TEK Invalid message received by the CM. This is 1212 a zero length string if no TEK Invalid message has been 1213 received since registration." 1214 REFERENCE 1215 "DOCSIS Baseline Privacy Plus Interface Specification, 1216 Sections 4.1.2.8 and 4.2.2.6." 1217 ::= { docsBpi2CmTEKEntry 17 } 1219 -- 1220 -- The CM Multicast Objects Group 1221 -- 1223 docsBpi2CmMulticastObjects OBJECT IDENTIFIER 1224 ::= { docsBpi2CmObjects 3 } 1226 -- 1227 -- The CM Dynamic IP Multicast Mapping Table, indexed by 1228 -- docsBpi2CmIpMulticastIndex and by ifIndex 1229 -- 1231 docsBpi2CmIpMulticastMapTable OBJECT-TYPE 1232 SYNTAX SEQUENCE OF DocsBpi2CmIpMulticastMapEntry 1233 MAX-ACCESS not-accessible 1234 STATUS current 1235 DESCRIPTION 1236 "This table maps multicast IP addresses to SAIDs per 1237 CM MAC Interface. 1238 It is intended to map multicast IP addresses associated 1239 with SA MAP Request messages." 1240 ::= { docsBpi2CmMulticastObjects 1 } 1242 docsBpi2CmIpMulticastMapEntry OBJECT-TYPE 1243 SYNTAX DocsBpi2CmIpMulticastMapEntry 1244 MAX-ACCESS not-accessible 1245 STATUS current 1246 DESCRIPTION 1247 "Each entry contains objects describing the mapping of 1248 one multicast IP address to one SAID, as well as 1249 DOCSIS BPI Plus MIB November 2004 1251 associated state, message counters, and error information. 1253 An entry may be removed from this table upon the reception 1254 of an SA Map Reject." 1255 INDEX { ifIndex, docsBpi2CmIpMulticastIndex } 1256 ::= { docsBpi2CmIpMulticastMapTable 1 } 1258 DocsBpi2CmIpMulticastMapEntry ::= SEQUENCE { 1259 docsBpi2CmIpMulticastIndex Unsigned32, 1260 docsBpi2CmIpMulticastAddressType InetAddressType, 1261 docsBpi2CmIpMulticastAddress InetAddress, 1262 docsBpi2CmIpMulticastSAId DocsSAIdOrZero, 1263 docsBpi2CmIpMulticastSAMapState INTEGER, 1264 docsBpi2CmIpMulticastSAMapRequests Counter32, 1265 docsBpi2CmIpMulticastSAMapReplies Counter32, 1266 docsBpi2CmIpMulticastSAMapRejects Counter32, 1267 docsBpi2CmIpMulticastSAMapRejectErrorCode INTEGER, 1268 docsBpi2CmIpMulticastSAMapRejectErrorString SnmpAdminString 1269 } 1271 docsBpi2CmIpMulticastIndex OBJECT-TYPE 1272 SYNTAX Unsigned32 (1..4294967295) 1273 MAX-ACCESS not-accessible 1274 STATUS current 1275 DESCRIPTION 1276 "The index of this row." 1277 ::= { docsBpi2CmIpMulticastMapEntry 1 } 1279 docsBpi2CmIpMulticastAddressType OBJECT-TYPE 1280 SYNTAX InetAddressType 1281 MAX-ACCESS read-only 1282 STATUS current 1283 DESCRIPTION 1284 "The type of internet address for 1285 docsBpi2CmIpMulticastAddress." 1286 ::= { docsBpi2CmIpMulticastMapEntry 2 } 1288 docsBpi2CmIpMulticastAddress OBJECT-TYPE 1289 SYNTAX InetAddress 1290 MAX-ACCESS read-only 1291 STATUS current 1292 DESCRIPTION 1293 "This object represents the IP multicast address 1294 to be mapped. The type of this address is determined by 1295 the value of the docsBpi2CmIpMulticastAddressType object." 1296 REFERENCE 1297 "DOCSIS Baseline Privacy Plus Interface Specification, 1298 Section 5.4." 1299 ::= { docsBpi2CmIpMulticastMapEntry 3 } 1300 DOCSIS BPI Plus MIB November 2004 1302 docsBpi2CmIpMulticastSAId OBJECT-TYPE 1303 SYNTAX DocsSAIdOrZero 1304 MAX-ACCESS read-only 1305 STATUS current 1306 DESCRIPTION 1307 "This object represents the SAID to which the IP 1308 multicast address has been mapped. If no SA Map Reply has 1309 been received for the IP address, this object should have 1310 the value 0." 1311 REFERENCE 1312 "DOCSIS Baseline Privacy Plus Interface Specification, 1313 Section 4.2.2.12." 1314 ::= { docsBpi2CmIpMulticastMapEntry 4 } 1316 docsBpi2CmIpMulticastSAMapState OBJECT-TYPE 1317 SYNTAX INTEGER { 1318 start(1), 1319 mapWait(2), 1320 mapped(3) 1322 } 1323 MAX-ACCESS read-only 1324 STATUS current 1325 DESCRIPTION 1326 "The value of this object is the state of the SA 1327 Mapping FSM for this IP." 1328 REFERENCE 1329 "DOCSIS Baseline Privacy Plus Interface Specification, 1330 Section 5.3.1." 1331 ::= { docsBpi2CmIpMulticastMapEntry 5 } 1333 docsBpi2CmIpMulticastSAMapRequests OBJECT-TYPE 1334 SYNTAX Counter32 1335 MAX-ACCESS read-only 1336 STATUS current 1337 DESCRIPTION 1338 "The value of this object is the count of times the 1339 CM has transmitted an SA Map Request message for this IP. 1340 Discontinuities in the value of this counter can occur at 1341 re-initialization of the management system, and at other 1342 times as indicated by the value of 1343 ifCounterDiscontinuityTime." 1344 REFERENCE 1345 "DOCSIS Baseline Privacy Plus Interface Specification, 1346 Section 4.2.1.10." 1347 ::= { docsBpi2CmIpMulticastMapEntry 6 } 1349 docsBpi2CmIpMulticastSAMapReplies OBJECT-TYPE 1350 DOCSIS BPI Plus MIB November 2004 1352 SYNTAX Counter32 1353 MAX-ACCESS read-only 1354 STATUS current 1355 DESCRIPTION 1356 "The value of this object is the count of times the 1357 CM has received an SA Map Reply message for this IP. 1358 Discontinuities in the value of this counter can occur at 1359 re-initialization of the management system, and at other 1360 times as indicated by the value of 1361 ifCounterDiscontinuityTime." 1362 REFERENCE 1363 "DOCSIS Baseline Privacy Plus Interface Specification, 1364 Section 4.2.1.11." 1365 ::= { docsBpi2CmIpMulticastMapEntry 7 } 1367 docsBpi2CmIpMulticastSAMapRejects OBJECT-TYPE 1368 SYNTAX Counter32 1369 MAX-ACCESS read-only 1370 STATUS current 1371 DESCRIPTION 1372 "The value of this object is the count of times the 1373 CM has received an SA MAP Reject message for this IP. 1374 Discontinuities in the value of this counter can occur at 1375 re-initialization of the management system, and at other 1376 times as indicated by the value of 1377 ifCounterDiscontinuityTime." 1378 REFERENCE 1379 "DOCSIS Baseline Privacy Plus Interface Specification, 1380 Section 4.2.1.12." 1381 ::= { docsBpi2CmIpMulticastMapEntry 8 } 1383 docsBpi2CmIpMulticastSAMapRejectErrorCode OBJECT-TYPE 1384 SYNTAX INTEGER { 1385 none(1), 1386 unknown(2), 1387 noAuthForRequestedDSFlow(9), 1388 dsFlowNotMappedToSA(10) 1389 } 1390 MAX-ACCESS read-only 1391 STATUS current 1392 DESCRIPTION 1393 "The value of this object is the enumerated 1394 description of the Error-Code in the most recent SA Map 1395 Reject message sent in response to an SA Map Request for 1396 This IP. It has the value none(1) if no SA MAP Reject 1397 message has been received since entry creation." 1398 REFERENCE 1399 "DOCSIS Baseline Privacy Plus Interface Specification, 1400 Sections 4.2.1.12 and 4.2.2.15." 1401 DOCSIS BPI Plus MIB November 2004 1403 ::= { docsBpi2CmIpMulticastMapEntry 9 } 1405 docsBpi2CmIpMulticastSAMapRejectErrorString OBJECT-TYPE 1406 SYNTAX SnmpAdminString (SIZE (0..128)) 1407 MAX-ACCESS read-only 1408 STATUS current 1409 DESCRIPTION 1410 "The value of this object is the text string in 1411 the most recent SA Map Reject message sent in response to 1412 an SA Map Request for this IP. It is a zero length string 1413 if no SA Map Reject message has been received since entry 1414 creation." 1415 REFERENCE 1416 "DOCSIS Baseline Privacy Plus Interface Specification, 1417 Sections 4.2.1.12 and 4.2.2.6." 1418 ::= { docsBpi2CmIpMulticastMapEntry 10 } 1420 -- 1421 -- CM Cert Objects 1422 -- 1424 docsBpi2CmCertObjects OBJECT IDENTIFIER 1425 ::= { docsBpi2CmObjects 4 } 1427 -- 1428 -- CM Device Cert Table 1429 -- 1431 docsBpi2CmDeviceCertTable OBJECT-TYPE 1432 SYNTAX SEQUENCE OF DocsBpi2CmDeviceCertEntry 1433 MAX-ACCESS not-accessible 1434 STATUS current 1435 DESCRIPTION 1436 "This table describes the Baseline Privacy Plus 1437 device certificates for each CM MAC interface." 1438 ::= { docsBpi2CmCertObjects 1 } 1440 docsBpi2CmDeviceCertEntry OBJECT-TYPE 1441 SYNTAX DocsBpi2CmDeviceCertEntry 1442 MAX-ACCESS not-accessible 1443 STATUS current 1444 DESCRIPTION 1445 "Each entry contains the device certificates of 1446 one CM MAC interface. An entry in this table exists for 1447 each ifEntry with an ifType of docsCableMaclayer(127)." 1448 INDEX { ifIndex } 1449 ::= { docsBpi2CmDeviceCertTable 1 } 1450 DOCSIS BPI Plus MIB November 2004 1452 DocsBpi2CmDeviceCertEntry ::= SEQUENCE { 1453 docsBpi2CmDeviceCmCert 1454 DocsX509ASN1DEREncodedCertificate, 1455 docsBpi2CmDeviceManufCert 1456 DocsX509ASN1DEREncodedCertificate 1457 } 1459 docsBpi2CmDeviceCmCert OBJECT-TYPE 1460 SYNTAX DocsX509ASN1DEREncodedCertificate 1461 MAX-ACCESS read-write 1462 STATUS current 1463 DESCRIPTION 1464 "The X509 DER-encoded cable modem certificate. 1465 Note: This object can be set only when the value is the 1466 zero-length OCTET STRING, otherwise an error 1467 'inconsistentValue' is returned. Once the object 1468 contains the certificate, its access MUST be read-only 1469 and persists after re-initialization of the 1470 managed system." 1471 REFERENCE 1472 "DOCSIS Baseline Privacy Plus Interface Specification, 1473 Section 9.1." 1474 ::= { docsBpi2CmDeviceCertEntry 1 } 1476 docsBpi2CmDeviceManufCert OBJECT-TYPE 1477 SYNTAX DocsX509ASN1DEREncodedCertificate 1478 MAX-ACCESS read-only 1479 STATUS current 1480 DESCRIPTION 1481 "The X509 DER-encoded manufacturer certificate which 1482 signed the cable modem certificate." 1483 REFERENCE 1484 "DOCSIS Baseline Privacy Plus Interface Specification, 1485 Section 9.1." 1486 ::= { docsBpi2CmDeviceCertEntry 2 } 1488 -- 1489 -- CM Crypto Suite Table 1490 -- 1492 docsBpi2CmCryptoSuiteTable OBJECT-TYPE 1493 SYNTAX SEQUENCE OF DocsBpi2CmCryptoSuiteEntry 1494 MAX-ACCESS not-accessible 1495 STATUS current 1496 DESCRIPTION 1497 "This table describes the Baseline Privacy Plus 1498 cryptographic suite capabilities for each CM MAC 1499 interface." 1500 DOCSIS BPI Plus MIB November 2004 1502 ::= { docsBpi2CmObjects 5 } 1504 docsBpi2CmCryptoSuiteEntry OBJECT-TYPE 1505 SYNTAX DocsBpi2CmCryptoSuiteEntry 1506 MAX-ACCESS not-accessible 1507 STATUS current 1508 DESCRIPTION 1509 "Each entry contains a cryptographic suite pair 1510 which this CM MAC supports." 1511 INDEX { ifIndex, docsBpi2CmCryptoSuiteIndex } 1512 ::= { docsBpi2CmCryptoSuiteTable 1 } 1514 DocsBpi2CmCryptoSuiteEntry ::= SEQUENCE { 1515 docsBpi2CmCryptoSuiteIndex Unsigned32, 1516 docsBpi2CmCryptoSuiteDataEncryptAlg 1517 DocsBpkmDataEncryptAlg, 1518 docsBpi2CmCryptoSuiteDataAuthentAlg 1519 DocsBpkmDataAuthentAlg 1520 } 1522 docsBpi2CmCryptoSuiteIndex OBJECT-TYPE 1523 SYNTAX Unsigned32 (1..1000) 1524 MAX-ACCESS not-accessible 1525 STATUS current 1526 DESCRIPTION 1527 "The index for a cryptographic suite row." 1528 ::= { docsBpi2CmCryptoSuiteEntry 1 } 1530 docsBpi2CmCryptoSuiteDataEncryptAlg OBJECT-TYPE 1531 SYNTAX DocsBpkmDataEncryptAlg 1532 MAX-ACCESS read-only 1533 STATUS current 1534 DESCRIPTION 1535 "The value of this object is the data encryption 1536 algorithm for this cryptographic suite capability." 1537 REFERENCE 1538 "DOCSIS Baseline Privacy Plus Interface Specification, 1539 Section 4.2.2.20." 1540 ::= { docsBpi2CmCryptoSuiteEntry 2 } 1542 docsBpi2CmCryptoSuiteDataAuthentAlg OBJECT-TYPE 1543 SYNTAX DocsBpkmDataAuthentAlg 1544 MAX-ACCESS read-only 1545 STATUS current 1546 DESCRIPTION 1547 "The value of this object is the data authentication 1548 algorithm for this cryptographic suite capability." 1549 REFERENCE 1550 "DOCSIS Baseline Privacy Plus Interface Specification, 1551 DOCSIS BPI Plus MIB November 2004 1553 Section 4.2.2.20." 1554 ::= { docsBpi2CmCryptoSuiteEntry 3 } 1556 -- Cable Modem Termination System Group 1558 docsBpi2CmtsObjects OBJECT IDENTIFIER ::= { docsBpi2MIBObjects 2 } 1560 -- 1561 -- SPECIAL NOTE: For the following CMTS tables, when a CM is 1562 -- running 1563 -- in BPI mode, replace SAID (Security Association ID) 1564 -- with SID (Service ID). The CMTS is required to map SAIDs and 1565 -- SIDs to one contiguous space. 1566 -- 1568 -- 1569 -- The BPI+ base table for CMTSs, indexed by ifIndex 1570 -- 1572 docsBpi2CmtsBaseTable OBJECT-TYPE 1573 SYNTAX SEQUENCE OF DocsBpi2CmtsBaseEntry 1574 MAX-ACCESS not-accessible 1575 STATUS current 1576 DESCRIPTION 1577 "This table describes the basic Baseline Privacy 1578 attributes of each CMTS MAC interface." 1579 ::= { docsBpi2CmtsObjects 1 } 1581 docsBpi2CmtsBaseEntry OBJECT-TYPE 1582 SYNTAX DocsBpi2CmtsBaseEntry 1583 MAX-ACCESS not-accessible 1584 STATUS current 1585 DESCRIPTION 1586 "Each entry contains objects describing attributes of 1587 one CMTS MAC interface. An entry in this table exists for 1588 each ifEntry with an ifType of docsCableMaclayer(127)." 1589 INDEX { ifIndex } 1590 ::= { docsBpi2CmtsBaseTable 1 } 1592 DocsBpi2CmtsBaseEntry ::= SEQUENCE { 1593 docsBpi2CmtsDefaultAuthLifetime Integer32, 1594 docsBpi2CmtsDefaultTEKLifetime Integer32, 1595 docsBpi2CmtsDefaultSelfSignedManufCertTrust INTEGER, 1596 DOCSIS BPI Plus MIB November 2004 1598 docsBpi2CmtsCheckCertValidityPeriods TruthValue, 1599 docsBpi2CmtsAuthentInfos Counter32, 1600 docsBpi2CmtsAuthRequests Counter32, 1601 docsBpi2CmtsAuthReplies Counter32, 1602 docsBpi2CmtsAuthRejects Counter32, 1603 docsBpi2CmtsAuthInvalids Counter32, 1604 docsBpi2CmtsSAMapRequests Counter32, 1605 docsBpi2CmtsSAMapReplies Counter32, 1606 docsBpi2CmtsSAMapRejects Counter32 1607 } 1609 docsBpi2CmtsDefaultAuthLifetime OBJECT-TYPE 1610 SYNTAX Integer32 (1..6048000) 1611 UNITS "seconds" 1612 MAX-ACCESS read-write 1613 STATUS current 1614 DESCRIPTION 1615 "The value of this object is the default lifetime, in 1616 seconds, the CMTS assigns to a new authorization key. 1617 This object value persist after re-initialization of the 1618 managed system." 1619 REFERENCE 1620 "DOCSIS Baseline Privacy Plus Interface Specification, 1621 Appendix A.2." 1622 DEFVAL { 604800 } 1623 ::= { docsBpi2CmtsBaseEntry 1 } 1625 docsBpi2CmtsDefaultTEKLifetime OBJECT-TYPE 1626 SYNTAX Integer32 (1..604800) 1627 UNITS "seconds" 1628 MAX-ACCESS read-write 1629 STATUS current 1630 DESCRIPTION 1631 "The value of this object is the default lifetime, in 1632 seconds, the CMTS assigns to a new Traffic Encryption Key 1633 (TEK). 1634 This object value persist after re-initialization of the 1635 managed system." 1636 REFERENCE 1637 "DOCSIS Baseline Privacy Plus Interface Specification, 1638 Appendix A.2." 1639 DEFVAL { 43200 } 1640 ::= { docsBpi2CmtsBaseEntry 2 } 1642 docsBpi2CmtsDefaultSelfSignedManufCertTrust OBJECT-TYPE 1643 SYNTAX INTEGER { 1644 trusted (1), 1645 untrusted (2) 1646 } 1647 DOCSIS BPI Plus MIB November 2004 1649 MAX-ACCESS read-write 1650 STATUS current 1651 DESCRIPTION 1652 "This object determines the default trust of 1653 self-signed manufacturer certificate entries, contained 1654 in docsBpi2CmtsCACertTable, created after setting this 1655 object. 1656 This object needs not to persist after re-initialization 1657 of the managed system." 1658 REFERENCE 1659 "DOCSIS Baseline Privacy Plus Interface Specification, 1660 Section 9.4.1" 1661 ::= { docsBpi2CmtsBaseEntry 3 } 1663 docsBpi2CmtsCheckCertValidityPeriods OBJECT-TYPE 1664 SYNTAX TruthValue 1665 MAX-ACCESS read-write 1666 STATUS current 1667 DESCRIPTION 1668 "Setting this object to 'true' causes all chained and 1669 root certificates in the chain to have their validity 1670 periods checked against the current time of day, when 1671 the CMTS receives an Authorization Request from the 1672 CM. 1673 A 'false' setting causes all certificates in the chain 1674 not to have their validity periods checked against the 1675 current time of day. 1676 This object needs not to persist after re-initialization 1677 of the managed system." 1678 REFERENCE 1679 "DOCSIS Baseline Privacy Plus Interface Specification, 1680 Section 9.4.2" 1681 ::= { docsBpi2CmtsBaseEntry 4 } 1683 docsBpi2CmtsAuthentInfos OBJECT-TYPE 1684 SYNTAX Counter32 1685 MAX-ACCESS read-only 1686 STATUS current 1687 DESCRIPTION 1688 "The value of this object is the count of times the 1689 CMTS has received an Authentication Information message 1690 from any CM. 1691 Discontinuities in the value of this counter can occur at 1692 re-initialization of the management system, and at other 1693 times as indicated by the value of 1694 ifCounterDiscontinuityTime." 1695 REFERENCE 1696 "DOCSIS Baseline Privacy Plus Interface Specification, 1697 Section 4.2.1.9." 1698 DOCSIS BPI Plus MIB November 2004 1700 ::= { docsBpi2CmtsBaseEntry 5 } 1702 docsBpi2CmtsAuthRequests OBJECT-TYPE 1703 SYNTAX Counter32 1704 MAX-ACCESS read-only 1705 STATUS current 1706 DESCRIPTION 1707 "The value of this object is the count of times the 1708 CMTS has received an Authorization Request message from any 1709 CM. 1710 Discontinuities in the value of this counter can occur at 1711 re-initialization of the management system, and at other 1712 times as indicated by the value of 1713 ifCounterDiscontinuityTime." 1714 REFERENCE 1715 "DOCSIS Baseline Privacy Plus Interface Specification, 1716 Section 4.2.1.1." 1717 ::= { docsBpi2CmtsBaseEntry 6 } 1719 docsBpi2CmtsAuthReplies OBJECT-TYPE 1720 SYNTAX Counter32 1721 MAX-ACCESS read-only 1722 STATUS current 1723 DESCRIPTION 1724 "The value of this object is the count of times the 1725 CMTS has transmitted an Authorization Reply message to any 1726 CM. 1727 Discontinuities in the value of this counter can occur at 1728 re-initialization of the management system, and at other 1729 times as indicated by the value of 1730 ifCounterDiscontinuityTime." 1731 REFERENCE 1732 "DOCSIS Baseline Privacy Plus Interface Specification, 1733 Section 4.2.1.2." 1734 ::= { docsBpi2CmtsBaseEntry 7 } 1736 docsBpi2CmtsAuthRejects OBJECT-TYPE 1737 SYNTAX Counter32 1738 MAX-ACCESS read-only 1739 STATUS current 1740 DESCRIPTION 1741 "The value of this object is the count of times the 1742 CMTS has transmitted an Authorization Reject message to any 1743 CM. 1744 Discontinuities in the value of this counter can occur at 1745 re-initialization of the management system, and at other 1746 times as indicated by the value of 1747 ifCounterDiscontinuityTime." 1748 REFERENCE 1749 DOCSIS BPI Plus MIB November 2004 1751 "DOCSIS Baseline Privacy Plus Interface Specification, 1752 Section 4.2.1.3." 1753 ::= { docsBpi2CmtsBaseEntry 8 } 1755 docsBpi2CmtsAuthInvalids OBJECT-TYPE 1756 SYNTAX Counter32 1757 MAX-ACCESS read-only 1758 STATUS current 1759 DESCRIPTION 1760 "The value of this object is the count of times 1761 the CMTS has transmitted an Authorization Invalid message 1762 to any CM. 1763 Discontinuities in the value of this counter can occur at 1764 re-initialization of the management system, and at other 1765 times as indicated by the value of 1766 ifCounterDiscontinuityTime." 1767 REFERENCE 1768 "DOCSIS Baseline Privacy Plus Interface Specification, 1769 Section 4.2.1.7." 1770 ::= { docsBpi2CmtsBaseEntry 9 } 1772 docsBpi2CmtsSAMapRequests OBJECT-TYPE 1773 SYNTAX Counter32 1774 MAX-ACCESS read-only 1775 STATUS current 1776 DESCRIPTION 1777 "The value of this object is the count of times the 1778 CMTS has received an SA Map Request message from any CM. 1779 Discontinuities in the value of this counter can occur at 1780 re-initialization of the management system, and at other 1781 times as indicated by the value of 1782 ifCounterDiscontinuityTime." 1783 REFERENCE 1784 "DOCSIS Baseline Privacy Plus Interface Specification, 1785 Section 4.2.1.10." 1786 ::= { docsBpi2CmtsBaseEntry 10 } 1788 docsBpi2CmtsSAMapReplies OBJECT-TYPE 1789 SYNTAX Counter32 1790 MAX-ACCESS read-only 1791 STATUS current 1792 DESCRIPTION 1793 "The value of this object is the count of times the 1794 CMTS has transmitted an SA Map Reply message to any CM. 1795 Discontinuities in the value of this counter can occur at 1796 re-initialization of the management system, and at other 1797 times as indicated by the value of 1798 ifCounterDiscontinuityTime." 1799 REFERENCE 1800 DOCSIS BPI Plus MIB November 2004 1802 "DOCSIS Baseline Privacy Plus Interface Specification, 1803 Section 4.2.1.11." 1804 ::= { docsBpi2CmtsBaseEntry 11 } 1806 docsBpi2CmtsSAMapRejects OBJECT-TYPE 1807 SYNTAX Counter32 1808 MAX-ACCESS read-only 1809 STATUS current 1810 DESCRIPTION 1811 "The value of this object is the count of times the 1812 CMTS has transmitted an SA Map Reject message to any CM. 1813 Discontinuities in the value of this counter can occur at 1814 re-initialization of the management system, and at other 1815 times as indicated by the value of 1816 ifCounterDiscontinuityTime." 1817 REFERENCE 1818 "DOCSIS Baseline Privacy Plus Interface Specification, 1819 Section 4.2.1.12." 1820 ::= { docsBpi2CmtsBaseEntry 12 } 1822 -- 1823 -- The CMTS Authorization Table, indexed by ifIndex and CM MAC 1824 -- address 1825 -- 1827 docsBpi2CmtsAuthTable OBJECT-TYPE 1828 SYNTAX SEQUENCE OF DocsBpi2CmtsAuthEntry 1829 MAX-ACCESS not-accessible 1830 STATUS current 1831 DESCRIPTION 1832 "This table describes the attributes of each CM 1833 authorization association. The CMTS maintains one 1834 authorization association with each Baseline Privacy- 1835 enabled CM, registered on each CMTS MAC interface, 1836 regardless of whether the CM is authorized or rejected." 1837 ::= { docsBpi2CmtsObjects 2 } 1839 docsBpi2CmtsAuthEntry OBJECT-TYPE 1840 SYNTAX DocsBpi2CmtsAuthEntry 1841 MAX-ACCESS not-accessible 1842 STATUS current 1843 DESCRIPTION 1844 "Each entry contains objects describing attributes of 1845 one authorization association. The CMTS MUST create one 1846 entry per CM per MAC interface, based on the receipt of an 1847 Authorization Request message, and MUST not delete the 1848 entry until the CM loses registration." 1849 INDEX { ifIndex, docsBpi2CmtsAuthCmMacAddress } 1850 ::= { docsBpi2CmtsAuthTable 1 } 1851 DOCSIS BPI Plus MIB November 2004 1853 DocsBpi2CmtsAuthEntry ::= SEQUENCE { 1854 docsBpi2CmtsAuthCmMacAddress MacAddress, 1855 docsBpi2CmtsAuthCmBpiVersion INTEGER, 1856 docsBpi2CmtsAuthCmPublicKey OCTET STRING, 1857 docsBpi2CmtsAuthCmKeySequenceNumber Integer32, 1858 docsBpi2CmtsAuthCmExpiresOld DateAndTime, 1859 docsBpi2CmtsAuthCmExpiresNew DateAndTime, 1860 docsBpi2CmtsAuthCmLifetime Integer32, 1861 docsBpi2CmtsAuthCmReset INTEGER, 1862 docsBpi2CmtsAuthCmInfos Counter32, 1863 docsBpi2CmtsAuthCmRequests Counter32, 1864 docsBpi2CmtsAuthCmReplies Counter32, 1865 docsBpi2CmtsAuthCmRejects Counter32, 1866 docsBpi2CmtsAuthCmInvalids Counter32, 1867 docsBpi2CmtsAuthRejectErrorCode INTEGER, 1868 docsBpi2CmtsAuthRejectErrorString SnmpAdminString, 1869 docsBpi2CmtsAuthInvalidErrorCode INTEGER, 1870 docsBpi2CmtsAuthInvalidErrorString SnmpAdminString, 1871 docsBpi2CmtsAuthPrimarySAId DocsSAIdOrZero, 1872 docsBpi2CmtsAuthBpkmCmCertValid INTEGER, 1873 docsBpi2CmtsAuthBpkmCmCert 1874 DocsX509ASN1DEREncodedCertificate, 1875 docsBpi2CmtsAuthCACertIndexPtr Unsigned32 1876 } 1878 docsBpi2CmtsAuthCmMacAddress OBJECT-TYPE 1879 SYNTAX MacAddress 1880 MAX-ACCESS not-accessible 1881 STATUS current 1882 DESCRIPTION 1883 "The value of this object is the physical address of 1884 the CM to which the authorization association applies." 1885 ::= { docsBpi2CmtsAuthEntry 1 } 1887 docsBpi2CmtsAuthCmBpiVersion OBJECT-TYPE 1888 SYNTAX INTEGER { 1889 bpi (0), 1890 bpiPlus (1) 1891 } 1892 MAX-ACCESS read-only 1893 STATUS current 1894 DESCRIPTION 1895 "The value of this object is the version of Baseline 1896 Privacy for which this CM has registered. The value 1897 'bpiplus' represents the value of BPI-Version Attribute of 1898 the Baseline Privacy Key Management BPKM attribute 1899 BPI-Version (1). The value 'bpi' is used to represent the 1900 CM registered using DOCSIS 1.0 Baseline Privacy." 1901 DOCSIS BPI Plus MIB November 2004 1903 REFERENCE 1904 "DOCSIS Baseline Privacy Plus Interface Specification 1905 Section 4.2.2.22; ANSI/SCTE 22-2 2002(formerly DSS 02-03) 1906 Data-Over-Cable Service Interface Specification DOCSIS 1.0 1907 Baseline Privacy Interface (BPI)" 1909 ::= { docsBpi2CmtsAuthEntry 2 } 1911 docsBpi2CmtsAuthCmPublicKey OBJECT-TYPE 1912 SYNTAX OCTET STRING (SIZE (0..524)) 1913 MAX-ACCESS read-only 1914 STATUS current 1915 DESCRIPTION 1916 "The value of this object is a DER-encoded 1917 RSAPublicKey ASN.1 type string, as defined in the RSA 1918 Encryption Standard (PKCS #1), corresponding to the 1919 public key of the CM. This is the zero-length OCTET 1920 STRING if the CMTS does not retain the public key." 1921 REFERENCE 1922 "DOCSIS Baseline Privacy Plus Interface Specification, 1923 Section 4.2.2.4." 1924 ::= { docsBpi2CmtsAuthEntry 3 } 1926 docsBpi2CmtsAuthCmKeySequenceNumber OBJECT-TYPE 1927 SYNTAX Integer32 (0..15) 1928 MAX-ACCESS read-only 1929 STATUS current 1930 DESCRIPTION 1931 "The value of this object is the most recent 1932 authorization key sequence number for this CM." 1933 REFERENCE 1934 "DOCSIS Baseline Privacy Plus Interface Specification, 1935 Sections 4.2.1.2 and 4.2.2.10." 1936 ::= { docsBpi2CmtsAuthEntry 4 } 1938 docsBpi2CmtsAuthCmExpiresOld OBJECT-TYPE 1939 SYNTAX DateAndTime 1940 MAX-ACCESS read-only 1941 STATUS current 1942 DESCRIPTION 1943 "The value of this object is the actual clock time 1944 for expiration of the immediate predecessor of the most 1945 recent authorization key for this FSM. If this FSM has only 1946 one authorization key, then the value is the time of 1947 activation of this FSM. 1948 Note: This object has no meaning for CMs running in BPI 1949 mode, therefore this object is not instantiated for entries 1950 associated to those CMs." 1951 REFERENCE 1952 DOCSIS BPI Plus MIB November 2004 1954 "DOCSIS Baseline Privacy Plus Interface Specification, 1955 Sections 4.2.1.2 and 4.2.2.9." 1956 ::= { docsBpi2CmtsAuthEntry 5 } 1958 docsBpi2CmtsAuthCmExpiresNew OBJECT-TYPE 1959 SYNTAX DateAndTime 1960 MAX-ACCESS read-only 1961 STATUS current 1962 DESCRIPTION 1963 "The value of this object is the actual clock 1964 time for expiration of the most recent authorization key 1965 for this FSM." 1966 REFERENCE 1967 "DOCSIS Baseline Privacy Plus Interface Specification, 1968 Sections 4.2.1.2 and 4.2.2.9." 1969 ::= { docsBpi2CmtsAuthEntry 6 } 1971 docsBpi2CmtsAuthCmLifetime OBJECT-TYPE 1972 SYNTAX Integer32 (1..6048000) 1973 UNITS "seconds" 1974 MAX-ACCESS read-write 1975 STATUS current 1976 DESCRIPTION 1977 "The value of this object is the lifetime, in seconds, 1978 the CMTS assigns to an authorization key for this CM." 1979 REFERENCE 1980 "DOCSIS Baseline Privacy Plus Interface Specification, 1981 Section 4.2.1.2 and Appendix A.2." 1982 ::= { docsBpi2CmtsAuthEntry 7 } 1984 docsBpi2CmtsAuthCmReset OBJECT-TYPE 1985 SYNTAX INTEGER { 1986 noResetRequested(1), 1987 invalidateAuth(2), 1988 sendAuthInvalid(3), 1989 invalidateTeks(4) 1990 } 1991 MAX-ACCESS read-write 1992 STATUS current 1993 DESCRIPTION 1994 "Setting this object to invalidateAuth(2) causes the 1995 CMTS to invalidate the current CM authorization key(s), but 1996 not to transmit an Authorization Invalid message nor to 1997 invalidate the primary SAID's TEKs. Setting this object to 1998 sendAuthInvalid(3) causes the CMTS to invalidate the 1999 current CM authorization key(s), and to transmit an 2000 Authorization Invalid message to the CM, but not to 2001 invalidate the primary SAID's TEKs. Setting this object to 2002 invalidateTeks(4) causes the CMTS to invalidate the current 2003 DOCSIS BPI Plus MIB November 2004 2005 CM authorization key(s), to transmit an Authorization 2006 Invalid message to the CM, and to invalidate the TEKs 2007 associated with this CM's primary SAID. 2008 For BPI mode, substitute all of the CM's unicast 2009 TEK(s) for the primary SAID's TEKs in the previous 2010 paragraph. 2011 Reading this object returns the most recently set 2012 value of this object, or returns noResetRequested(1) if the 2013 object has not been set since entry creation." 2014 REFERENCE 2015 "DOCSIS Baseline Privacy Plus Interface Specification, 2016 Sections 4.1.2.3.4, 4.1.2.3.5, and 4.1.3.3.5." 2017 ::= { docsBpi2CmtsAuthEntry 8 } 2019 docsBpi2CmtsAuthCmInfos OBJECT-TYPE 2020 SYNTAX Counter32 2021 MAX-ACCESS read-only 2022 STATUS current 2023 DESCRIPTION 2024 "The value of this object is the count of times the 2025 CMTS has received an Authentication Information message 2026 from this CM. 2027 Discontinuities in the value of this counter can occur at 2028 re-initialization of the management system, and at other 2029 times as indicated by the value of 2030 ifCounterDiscontinuityTime." 2031 REFERENCE 2032 "DOCSIS Baseline Privacy Plus Interface Specification, 2033 Section 4.2.1.9." 2034 ::= { docsBpi2CmtsAuthEntry 9 } 2036 docsBpi2CmtsAuthCmRequests OBJECT-TYPE 2037 SYNTAX Counter32 2038 MAX-ACCESS read-only 2039 STATUS current 2040 DESCRIPTION 2041 "The value of this object is the count of times the 2042 CMTS has received an Authorization Request message from 2043 this CM. 2044 Discontinuities in the value of this counter can occur at 2045 re-initialization of the management system, and at other 2046 times as indicated by the value of 2047 ifCounterDiscontinuityTime." 2048 REFERENCE 2049 "DOCSIS Baseline Privacy Plus Interface Specification, 2050 Section 4.2.1.1." 2051 ::= { docsBpi2CmtsAuthEntry 10 } 2053 docsBpi2CmtsAuthCmReplies OBJECT-TYPE 2054 DOCSIS BPI Plus MIB November 2004 2056 SYNTAX Counter32 2057 MAX-ACCESS read-only 2058 STATUS current 2059 DESCRIPTION 2060 "The value of this object is the count of times the 2061 CMTS has transmitted an Authorization Reply message to this 2062 CM. 2063 Discontinuities in the value of this counter can occur at 2064 re-initialization of the management system, and at other 2065 times as indicated by the value of 2066 ifCounterDiscontinuityTime." 2067 REFERENCE 2068 "DOCSIS Baseline Privacy Plus Interface Specification, 2069 Section 4.2.1.2." 2070 ::= { docsBpi2CmtsAuthEntry 11 } 2072 docsBpi2CmtsAuthCmRejects OBJECT-TYPE 2073 SYNTAX Counter32 2074 MAX-ACCESS read-only 2075 STATUS current 2076 DESCRIPTION 2077 "The value of this object is the count of times the 2078 CMTS has transmitted an Authorization Reject message to 2079 this CM. 2080 Discontinuities in the value of this counter can occur at 2081 re-initialization of the management system, and at other 2082 times as indicated by the value of 2083 ifCounterDiscontinuityTime." 2084 REFERENCE 2085 "DOCSIS Baseline Privacy Plus Interface Specification, 2086 Section 4.2.1.3." 2087 ::= { docsBpi2CmtsAuthEntry 12 } 2089 docsBpi2CmtsAuthCmInvalids OBJECT-TYPE 2090 SYNTAX Counter32 2091 MAX-ACCESS read-only 2092 STATUS current 2093 DESCRIPTION 2094 "The value of this object is the count of times the 2095 CMTS has transmitted an Authorization Invalid message to 2096 this CM. 2097 Discontinuities in the value of this counter can occur at 2098 re-initialization of the management system, and at other 2099 times as indicated by the value of 2100 ifCounterDiscontinuityTime." 2101 REFERENCE 2102 "DOCSIS Baseline Privacy Plus Interface Specification, 2103 Section 4.2.1.7." 2104 ::= { docsBpi2CmtsAuthEntry 13 } 2105 DOCSIS BPI Plus MIB November 2004 2107 docsBpi2CmtsAuthRejectErrorCode OBJECT-TYPE 2108 SYNTAX INTEGER { 2109 none(1), 2110 unknown(2), 2111 unauthorizedCm(3), 2112 unauthorizedSaid(4), 2113 permanentAuthorizationFailure(8), 2114 timeOfDayNotAcquired(11) 2115 } 2116 MAX-ACCESS read-only 2117 STATUS current 2118 DESCRIPTION 2119 "The value of this object is the enumerated 2120 description of the Error-Code in most recent Authorization 2121 Reject message transmitted to the CM. This has value 2122 unknown(2) if the last Error-Code value was 0, and none(1) 2123 if no Authorization Reject message has been transmitted to 2124 the CM, since entry creation." 2125 REFERENCE 2126 "DOCSIS Baseline Privacy Plus Interface Specification, 2127 Sections 4.2.1.3 and 4.2.2.15." 2128 ::= { docsBpi2CmtsAuthEntry 14 } 2130 docsBpi2CmtsAuthRejectErrorString OBJECT-TYPE 2131 SYNTAX SnmpAdminString (SIZE (0..128)) 2132 MAX-ACCESS read-only 2133 STATUS current 2134 DESCRIPTION 2135 "The value of this object is the text string in 2136 most recent Authorization Reject message transmitted to the 2137 CM. This is a zero length string if no Authorization 2138 Reject message has been transmitted to the CM, since entry 2139 creation." 2140 REFERENCE 2141 "DOCSIS Baseline Privacy Plus Interface Specification, 2142 Sections 4.2.1.3 and 4.2.2.6." 2143 ::= { docsBpi2CmtsAuthEntry 15 } 2145 docsBpi2CmtsAuthInvalidErrorCode OBJECT-TYPE 2146 SYNTAX INTEGER { 2147 none(1), 2148 unknown(2), 2149 unauthorizedCm(3), 2150 unsolicited(5), 2151 invalidKeySequence(6), 2152 keyRequestAuthenticationFailure(7) 2153 } 2154 MAX-ACCESS read-only 2155 DOCSIS BPI Plus MIB November 2004 2157 STATUS current 2158 DESCRIPTION 2159 "The value of this object is the enumerated 2160 description of the Error-Code in most recent Authorization 2161 Invalid message transmitted to the CM. This has value 2162 unknown(2) if the last Error-Code value was 0, and none(1) 2163 if no Authorization Invalid message has been transmitted to 2164 the CM since entry creation." 2165 REFERENCE 2166 "DOCSIS Baseline Privacy Plus Interface Specification, 2167 Sections 4.2.1.7 and 4.2.2.15." 2168 ::= { docsBpi2CmtsAuthEntry 16 } 2170 docsBpi2CmtsAuthInvalidErrorString OBJECT-TYPE 2171 SYNTAX SnmpAdminString (SIZE (0..128)) 2172 MAX-ACCESS read-only 2173 STATUS current 2174 DESCRIPTION 2175 "The value of this object is the text string in 2176 most recent Authorization Invalid message transmitted to 2177 the CM. This is a zero length string if no Authorization 2178 Invalid message has been transmitted to the CM since entry 2179 creation." 2180 REFERENCE 2181 "DOCSIS Baseline Privacy Plus Interface Specification, 2182 Sections 4.2.1.7 and 4.2.2.6." 2183 ::= { docsBpi2CmtsAuthEntry 17 } 2185 docsBpi2CmtsAuthPrimarySAId OBJECT-TYPE 2186 SYNTAX DocsSAIdOrZero 2187 MAX-ACCESS read-only 2188 STATUS current 2189 DESCRIPTION 2190 "The value of this object is the Primary Security 2191 Association identifier. For BPI mode, the value must be 2192 any unicast SID." 2193 REFERENCE 2194 "DOCSIS Baseline Privacy Plus Interface Specification, 2195 Section 2.1.3." 2196 ::= { docsBpi2CmtsAuthEntry 18 } 2198 docsBpi2CmtsAuthBpkmCmCertValid OBJECT-TYPE 2199 SYNTAX INTEGER { 2200 unknown (0), 2201 validCmChained (1), 2202 validCmTrusted (2), 2203 invalidCmUntrusted (3), 2204 invalidCAUntrusted (4), 2205 invalidCmOther (5), 2207 DOCSIS BPI Plus MIB November 2004 2209 invalidCAOther (6) 2210 } 2211 MAX-ACCESS read-only 2212 STATUS current 2213 DESCRIPTION 2214 "Contains the reason why a CM's certificate is deemed 2215 valid or invalid. 2216 Return unknown(0) if the CM is running BPI mode. 2217 ValidCmChained(1) means the certificate is valid 2218 because it chains to a valid certificate. 2219 ValidCmTrusted(2) means the certificate is valid 2220 because it has been provisioned (in the 2221 docsBpi2CmtsProvisionedCmCert table) to be trusted. 2222 InvalidCmUntrusted(3) means the certificate is invalid 2223 because it has been provisioned (in the 2224 docsBpi2CmtsProvisionedCmCert table) to be untrusted. 2225 InvalidCAUntrusted(4) means the certificate is invalid 2226 because it chains to an untrusted certificate. 2227 InvalidCmOther(5) and InvalidCAOther(6) refer to 2228 errors in parsing, validity periods, etc, which are 2229 attributable to the CM certificate or its chain 2230 respectively; additional information may be found 2231 in docsBpi2AuthRejectErrorString for these types 2232 of errors." 2233 REFERENCE 2234 "DOCSIS Baseline Privacy Plus Interface Specification, 2235 Section 9.4.2." 2236 ::= { docsBpi2CmtsAuthEntry 19 } 2238 docsBpi2CmtsAuthBpkmCmCert OBJECT-TYPE 2239 SYNTAX DocsX509ASN1DEREncodedCertificate 2240 MAX-ACCESS read-only 2241 STATUS current 2242 DESCRIPTION 2243 "The X509 CM Certificate sent as part of a BPKM 2244 Authorization Request. 2245 Note: The zero-length OCTET STRING must be returned if the 2246 Entire certificate is not retained in the CMTS." 2247 REFERENCE 2248 "DOCSIS Baseline Privacy Plus Interface Specification, 2249 Section 9.2." 2250 ::= { docsBpi2CmtsAuthEntry 20 } 2252 docsBpi2CmtsAuthCACertIndexPtr OBJECT-TYPE 2253 SYNTAX Unsigned32 (0..4294967295) 2254 MAX-ACCESS read-only 2255 STATUS current 2256 DESCRIPTION 2257 "A row index into docsBpi2CmtsCACertTable. 2259 DOCSIS BPI Plus MIB November 2004 2261 Returns the index in docsBpi2CmtsCACertTable which 2262 CA certificate this CM is chained to. A value of 2263 0 means it could not be found or not applicable." 2264 REFERENCE 2265 "DOCSIS Baseline Privacy Plus Interface Specification, 2266 Section 9.2." 2267 ::= { docsBpi2CmtsAuthEntry 21 } 2269 -- 2270 -- The CMTS TEK Table, indexed by ifIndex and SAID 2271 -- 2273 docsBpi2CmtsTEKTable OBJECT-TYPE 2274 SYNTAX SEQUENCE OF DocsBpi2CmtsTEKEntry 2275 MAX-ACCESS not-accessible 2276 STATUS current 2277 DESCRIPTION 2278 "This table describes the attributes of each 2279 Traffic Encryption Key (TEK) association. The CMTS 2280 Maintains one TEK association per SAID on each CMTS MAC 2281 interface." 2282 ::= { docsBpi2CmtsObjects 3 } 2284 docsBpi2CmtsTEKEntry OBJECT-TYPE 2285 SYNTAX DocsBpi2CmtsTEKEntry 2286 MAX-ACCESS not-accessible 2287 STATUS current 2288 DESCRIPTION 2289 "Each entry contains objects describing attributes of 2290 one TEK association on a particular CMTS MAC interface. The 2291 CMTS MUST create one entry per SAID per MAC interface, 2292 based on the receipt of a Key Request message, and MUST not 2293 delete the entry before the CM authorization for the SAID 2294 permanently expires." 2295 INDEX { ifIndex, docsBpi2CmtsTEKSAId } 2296 ::= { docsBpi2CmtsTEKTable 1 } 2298 DocsBpi2CmtsTEKEntry ::= SEQUENCE { 2299 docsBpi2CmtsTEKSAId DocsSAId, 2300 docsBpi2CmtsTEKSAType DocsBpkmSAType, 2301 docsBpi2CmtsTEKDataEncryptAlg DocsBpkmDataEncryptAlg, 2302 docsBpi2CmtsTEKDataAuthentAlg DocsBpkmDataAuthentAlg, 2303 docsBpi2CmtsTEKLifetime Integer32, 2304 docsBpi2CmtsTEKKeySequenceNumber Integer32, 2305 docsBpi2CmtsTEKExpiresOld DateAndTime, 2306 docsBpi2CmtsTEKExpiresNew DateAndTime, 2307 docsBpi2CmtsTEKReset TruthValue, 2308 docsBpi2CmtsKeyRequests Counter32, 2309 DOCSIS BPI Plus MIB November 2004 2311 docsBpi2CmtsKeyReplies Counter32, 2312 docsBpi2CmtsKeyRejects Counter32, 2313 docsBpi2CmtsTEKInvalids Counter32, 2314 docsBpi2CmtsKeyRejectErrorCode INTEGER, 2315 docsBpi2CmtsKeyRejectErrorString SnmpAdminString, 2316 docsBpi2CmtsTEKInvalidErrorCode INTEGER, 2317 docsBpi2CmtsTEKInvalidErrorString SnmpAdminString 2318 } 2320 docsBpi2CmtsTEKSAId OBJECT-TYPE 2321 SYNTAX DocsSAId 2322 MAX-ACCESS not-accessible 2323 STATUS current 2324 DESCRIPTION 2325 "The value of this object is the DOCSIS Security 2326 Association ID (SAID)." 2327 REFERENCE 2328 "DOCSIS Baseline Privacy Plus Interface Specification, 2329 Section 4.2.2.12." 2330 ::= { docsBpi2CmtsTEKEntry 1 } 2332 docsBpi2CmtsTEKSAType OBJECT-TYPE 2333 SYNTAX DocsBpkmSAType 2334 MAX-ACCESS read-only 2335 STATUS current 2336 DESCRIPTION 2337 "The value of this object is the type of security 2338 association. 'dynamic' does not apply to CMs running in 2339 BPI mode. Unicast BPI TEKs must utilize the 'primary' 2340 encoding and multicast BPI TEKs must utilize the 'static' 2341 encoding." 2342 REFERENCE 2343 "DOCSIS Baseline Privacy Plus Interface Specification, 2344 Section 2.1.3." 2345 ::= { docsBpi2CmtsTEKEntry 2 } 2347 docsBpi2CmtsTEKDataEncryptAlg OBJECT-TYPE 2348 SYNTAX DocsBpkmDataEncryptAlg 2349 MAX-ACCESS read-only 2350 STATUS current 2351 DESCRIPTION 2352 "The value of this object is the data encryption 2353 algorithm for this SAID." 2354 REFERENCE 2355 "DOCSIS Baseline Privacy Plus Interface Specification, 2356 Section 4.2.2.20." 2357 ::= { docsBpi2CmtsTEKEntry 3 } 2359 docsBpi2CmtsTEKDataAuthentAlg OBJECT-TYPE 2360 DOCSIS BPI Plus MIB November 2004 2362 SYNTAX DocsBpkmDataAuthentAlg 2363 MAX-ACCESS read-only 2364 STATUS current 2365 DESCRIPTION 2366 "The value of this object is the data authentication 2367 algorithm for this SAID." 2368 REFERENCE 2369 "DOCSIS Baseline Privacy Plus Interface Specification, 2370 Section 4.2.2.20." 2371 ::= { docsBpi2CmtsTEKEntry 4 } 2373 docsBpi2CmtsTEKLifetime OBJECT-TYPE 2374 SYNTAX Integer32 (1..604800) 2375 UNITS "seconds" 2376 MAX-ACCESS read-write 2377 STATUS current 2378 DESCRIPTION 2379 "The value of this object is the lifetime, in 2380 seconds, the CMTS assigns to keys for this TEK 2381 association." 2382 REFERENCE 2383 "DOCSIS Baseline Privacy Plus Interface Specification, 2384 Section 4.2.1.5 and Appendix A.2." 2385 ::= { docsBpi2CmtsTEKEntry 5 } 2387 docsBpi2CmtsTEKKeySequenceNumber OBJECT-TYPE 2388 SYNTAX Integer32 (0..15) 2389 MAX-ACCESS read-only 2390 STATUS current 2391 DESCRIPTION 2392 "The value of this object is the most recent TEK 2393 key sequence number for this SAID." 2394 REFERENCE 2395 "DOCSIS Baseline Privacy Plus Interface Specification, 2396 Sections 4.2.2.10 and 4.2.2.13." 2397 ::= { docsBpi2CmtsTEKEntry 6 } 2399 docsBpi2CmtsTEKExpiresOld OBJECT-TYPE 2400 SYNTAX DateAndTime 2401 MAX-ACCESS read-only 2402 STATUS current 2403 DESCRIPTION 2404 "The value of this object is the actual clock time 2405 for expiration of the immediate predecessor of the most 2406 recent TEK for this FSM. If this FSM has only one TEK, then 2407 the value is the time of activation of this FSM." 2408 REFERENCE 2409 "DOCSIS Baseline Privacy Plus Interface Specification, 2410 DOCSIS BPI Plus MIB November 2004 2412 Sections 4.2.1.5 and 4.2.2.9." 2413 ::= { docsBpi2CmtsTEKEntry 7 } 2415 docsBpi2CmtsTEKExpiresNew OBJECT-TYPE 2416 SYNTAX DateAndTime 2417 MAX-ACCESS read-only 2418 STATUS current 2419 DESCRIPTION 2420 "The value of this object is the actual clock time 2421 for expiration of the most recent TEK for this FSM." 2422 REFERENCE 2423 "DOCSIS Baseline Privacy Plus Interface Specification, 2424 Sections 4.2.1.5 and 4.2.2.9." 2425 ::= { docsBpi2CmtsTEKEntry 8 } 2427 docsBpi2CmtsTEKReset OBJECT-TYPE 2428 SYNTAX TruthValue 2429 MAX-ACCESS read-write 2430 STATUS current 2431 DESCRIPTION 2432 "Setting this object to 'true' causes the CMTS to 2433 invalidate all currently active TEK(s) and to generate new 2434 TEK(s) for the associated SAID; the CMTS MAY also generate 2435 unsolicited TEK Invalid message(s), to optimize the TEK 2436 synchronization between the CMTS and the CM(s). Reading 2437 this object always returns FALSE." 2438 REFERENCE 2439 "DOCSIS Baseline Privacy Plus Interface Specification, 2440 Section 4.1.3.3.5." 2441 ::= { docsBpi2CmtsTEKEntry 9 } 2443 docsBpi2CmtsKeyRequests OBJECT-TYPE 2444 SYNTAX Counter32 2445 MAX-ACCESS read-only 2446 STATUS current 2447 DESCRIPTION 2448 "The value of this object is the count of times the 2449 CMTS has received a Key Request message. 2450 Discontinuities in the value of this counter can occur at 2451 re-initialization of the management system, and at other 2452 times as indicated by the value of 2453 ifCounterDiscontinuityTime." 2454 REFERENCE 2455 "DOCSIS Baseline Privacy Plus Interface Specification, 2456 Section 4.2.1.4." 2457 ::= { docsBpi2CmtsTEKEntry 10 } 2459 docsBpi2CmtsKeyReplies OBJECT-TYPE 2460 SYNTAX Counter32 2461 DOCSIS BPI Plus MIB November 2004 2463 MAX-ACCESS read-only 2464 STATUS current 2465 DESCRIPTION 2466 "The value of this object is the count of times the 2467 CMTS has transmitted a Key Reply message. 2468 Discontinuities in the value of this counter can occur at 2469 re-initialization of the management system, and at other 2470 times as indicated by the value of 2471 ifCounterDiscontinuityTime." 2472 REFERENCE 2473 "DOCSIS Baseline Privacy Plus Interface Specification, 2474 Section 4.2.1.5." 2475 ::= { docsBpi2CmtsTEKEntry 11 } 2477 docsBpi2CmtsKeyRejects OBJECT-TYPE 2478 SYNTAX Counter32 2479 MAX-ACCESS read-only 2480 STATUS current 2481 DESCRIPTION 2482 "The value of this object is the count of times the 2483 CMTS has transmitted a Key Reject message. 2484 Discontinuities in the value of this counter can occur at 2485 re-initialization of the management system, and at other 2486 times as indicated by the value of 2487 ifCounterDiscontinuityTime." 2488 REFERENCE 2489 "DOCSIS Baseline Privacy Plus Interface Specification, 2490 Section 4.2.1.6." 2491 ::= { docsBpi2CmtsTEKEntry 12 } 2493 docsBpi2CmtsTEKInvalids OBJECT-TYPE 2494 SYNTAX Counter32 2495 MAX-ACCESS read-only 2496 STATUS current 2497 DESCRIPTION 2498 "The value of this object is the count of times the 2499 CMTS has transmitted a TEK Invalid message. 2500 Discontinuities in the value of this counter can occur at 2501 re-initialization of the management system, and at other 2502 times as indicated by the value of 2503 ifCounterDiscontinuityTime." 2504 REFERENCE 2505 "DOCSIS Baseline Privacy Plus Interface Specification, 2506 Section 4.2.1.8." 2507 ::= { docsBpi2CmtsTEKEntry 13 } 2509 docsBpi2CmtsKeyRejectErrorCode OBJECT-TYPE 2510 SYNTAX INTEGER { 2511 none(1), 2513 DOCSIS BPI Plus MIB November 2004 2515 unknown(2), 2516 unauthorizedSaid(4) 2517 } 2518 MAX-ACCESS read-only 2519 STATUS current 2520 DESCRIPTION 2521 "The value of this object is the enumerated 2522 description of the Error-Code in the most recent Key Reject 2523 message sent in response to a Key Request for this SAID. 2524 This has value unknown(2) if the last Error-Code value 2525 was 0, and none(1) if no Key Reject message has been 2526 received since registration." 2527 REFERENCE 2528 "DOCSIS Baseline Privacy Plus Interface Specification, 2529 Sections 4.2.1.6 and 4.2.2.15." 2530 ::= { docsBpi2CmtsTEKEntry 14 } 2532 docsBpi2CmtsKeyRejectErrorString OBJECT-TYPE 2533 SYNTAX SnmpAdminString (SIZE (0..128)) 2534 MAX-ACCESS read-only 2535 STATUS current 2536 DESCRIPTION 2537 "The value of this object is the text string in 2538 the most recent Key Reject message sent in response to a 2539 Key Request for this SAID. This is a zero length string if 2540 no Key Reject message has been received since 2541 registration." 2542 REFERENCE 2543 "DOCSIS Baseline Privacy Plus Interface Specification, 2544 Sections 4.2.1.6 and 4.2.2.6." 2545 ::= { docsBpi2CmtsTEKEntry 15 } 2547 docsBpi2CmtsTEKInvalidErrorCode OBJECT-TYPE 2548 SYNTAX INTEGER { 2549 none(1), 2550 unknown(2), 2551 invalidKeySequence(6) 2552 } 2553 MAX-ACCESS read-only 2554 STATUS current 2555 DESCRIPTION 2556 "The value of this object is the enumerated 2557 description of the Error-Code in the most recent TEK 2558 Invalid message sent in association with this SAID. This 2559 has value unknown(2) if the last Error-Code value was 0, 2560 and none(1) if no TEK Invalid message has been received 2561 since registration." 2562 REFERENCE 2563 "DOCSIS Baseline Privacy Plus Interface Specification, 2564 DOCSIS BPI Plus MIB November 2004 2566 Sections 4.2.1.8 and 4.2.2.15." 2567 ::= { docsBpi2CmtsTEKEntry 16 } 2569 docsBpi2CmtsTEKInvalidErrorString OBJECT-TYPE 2570 SYNTAX SnmpAdminString (SIZE (0..128)) 2571 MAX-ACCESS read-only 2572 STATUS current 2573 DESCRIPTION 2574 "The value of this object is the text string in 2575 the most recent TEK Invalid message sent in association 2576 with this SAID. This is a zero length string if no TEK 2577 Invalid message has been received since registration." 2578 REFERENCE 2579 "DOCSIS Baseline Privacy Plus Interface Specification, 2580 Sections 4.2.1.8 and 4.2.2.6." 2581 ::= { docsBpi2CmtsTEKEntry 17 } 2583 -- 2584 -- The CMTS Multicast Objects Group 2585 -- 2587 docsBpi2CmtsMulticastObjects OBJECT IDENTIFIER 2588 ::= { docsBpi2CmtsObjects 4 } 2590 -- 2591 -- The CMTS IP Multicast Mapping Table, indexed by 2592 -- docsBpi2CmtsIpMulticastIndex, and by ifIndex 2593 -- 2595 docsBpi2CmtsIpMulticastMapTable OBJECT-TYPE 2596 SYNTAX SEQUENCE OF DocsBpi2CmtsIpMulticastMapEntry 2597 MAX-ACCESS not-accessible 2598 STATUS current 2599 DESCRIPTION 2600 "This table maps multicast IP addresses to SAIDs. 2601 If a multicast IP address is mapped by multiple rows 2602 in the table, the row with the lowest 2603 docsBpi2CmtsIpMulticastIndex must be utilized for the 2604 mapping." 2605 ::= { docsBpi2CmtsMulticastObjects 1 } 2607 docsBpi2CmtsIpMulticastMapEntry OBJECT-TYPE 2608 SYNTAX DocsBpi2CmtsIpMulticastMapEntry 2609 MAX-ACCESS not-accessible 2610 STATUS current 2611 DESCRIPTION 2612 "Each entry contains objects describing the mapping of 2613 DOCSIS BPI Plus MIB November 2004 2615 a set of multicast IP address and mask to one SAID 2616 associated to a CMTS MAC Interface, as well as associated 2617 message 2618 counters and error information." 2619 INDEX { ifIndex, docsBpi2CmtsIpMulticastIndex } 2620 ::= { docsBpi2CmtsIpMulticastMapTable 1 } 2622 DocsBpi2CmtsIpMulticastMapEntry ::= SEQUENCE { 2623 docsBpi2CmtsIpMulticastIndex Unsigned32, 2624 docsBpi2CmtsIpMulticastAddressType InetAddressType, 2625 docsBpi2CmtsIpMulticastAddress InetAddress, 2626 docsBpi2CmtsIpMulticastMask InetAddress, 2627 docsBpi2CmtsIpMulticastSAId DocsSAIdOrZero, 2628 docsBpi2CmtsIpMulticastSAType DocsBpkmSAType, 2629 docsBpi2CmtsIpMulticastDataEncryptAlg 2630 DocsBpkmDataEncryptAlg, 2631 docsBpi2CmtsIpMulticastDataAuthentAlg 2632 DocsBpkmDataAuthentAlg, 2633 docsBpi2CmtsIpMulticastSAMapRequests Counter32, 2634 docsBpi2CmtsIpMulticastSAMapReplies Counter32, 2635 docsBpi2CmtsIpMulticastSAMapRejects Counter32, 2636 docsBpi2CmtsIpMulticastSAMapRejectErrorCode 2637 INTEGER, 2638 docsBpi2CmtsIpMulticastSAMapRejectErrorString 2639 SnmpAdminString, 2640 docsBpi2CmtsIpMulticastMapControl RowStatus, 2641 docsBpi2CmtsIpMulticastMapStorageType StorageType 2642 } 2644 docsBpi2CmtsIpMulticastIndex OBJECT-TYPE 2645 SYNTAX Unsigned32 (1..4294967295) 2646 MAX-ACCESS not-accessible 2647 STATUS current 2648 DESCRIPTION 2649 "The index of this row. 2650 Conceptual rows having the value 'permanent' need not allow 2651 write-access to any columnar objects in the row." 2652 ::= { docsBpi2CmtsIpMulticastMapEntry 1 } 2654 docsBpi2CmtsIpMulticastAddressType OBJECT-TYPE 2655 SYNTAX InetAddressType 2656 MAX-ACCESS read-create 2657 STATUS current 2658 DESCRIPTION 2659 "The type of internet address for 2660 docsBpi2CmtsIpMulticastAddress 2661 and docsBpi2CmtsIpMulticastMask." 2662 DEFVAL { ipv4 } 2663 ::= { docsBpi2CmtsIpMulticastMapEntry 2 } 2664 DOCSIS BPI Plus MIB November 2004 2666 docsBpi2CmtsIpMulticastAddress OBJECT-TYPE 2667 SYNTAX InetAddress 2668 MAX-ACCESS read-create 2669 STATUS current 2670 DESCRIPTION 2671 "This object represents the IP multicast address 2672 to be mapped, in conjunction with 2673 docsBpi2CmtsIpMulticastMask. The type of this address is 2674 determined by the value of the object 2675 docsBpi2CmtsIpMulticastAddressType." 2676 ::= { docsBpi2CmtsIpMulticastMapEntry 3 } 2678 docsBpi2CmtsIpMulticastMask OBJECT-TYPE 2679 SYNTAX InetAddress 2680 MAX-ACCESS read-create 2681 STATUS current 2682 DESCRIPTION 2683 "This object represents the IP multicast address mask 2684 for this row. 2685 An IP multicast address matches this row if the logical 2686 AND of the address with docsBpi2CmtsIpMulticastMask is 2687 identical to the logical AND of 2688 docsBpi2CmtsIpMulticastAddr with 2689 docsBpi2CmtsIpMulticastMask. The type of this address is 2690 determined by the value of the object 2691 docsBpi2CmtsIpMulticastAddressType. 2692 Note: For IPv6 this object needs not to represent a 2693 contiguous netmask, e.g. to associate an SAID to a 2694 multicast group matching 'any' multicast scope. The TC 2695 InetAddressPrefixLength is not used because it only 2696 represents contiguous netmask." 2697 ::= { docsBpi2CmtsIpMulticastMapEntry 4 } 2699 docsBpi2CmtsIpMulticastSAId OBJECT-TYPE 2700 SYNTAX DocsSAIdOrZero 2701 MAX-ACCESS read-create 2702 STATUS current 2703 DESCRIPTION 2704 "This object represents the multicast SAID to be 2705 used in this IP multicast address mapping entry." 2706 ::= { docsBpi2CmtsIpMulticastMapEntry 5 } 2708 docsBpi2CmtsIpMulticastSAType OBJECT-TYPE 2709 SYNTAX DocsBpkmSAType 2710 MAX-ACCESS read-create 2711 STATUS current 2712 DOCSIS BPI Plus MIB November 2004 2714 DESCRIPTION 2715 "The value of this object is the type of security 2716 association. 'dynamic' does not apply to CMs running in 2717 BPI mode. Unicast BPI TEKs must utilize the 'primary' 2718 encoding and multicast BPI TEKs must utilize the 'static' 2719 encoding. SNMP created entries set this object by default 2720 to 'static' if not set at row creation." 2721 REFERENCE 2722 "DOCSIS Baseline Privacy Plus Interface Specification, 2723 Section 2.1.3." 2724 ::= { docsBpi2CmtsIpMulticastMapEntry 6 } 2726 docsBpi2CmtsIpMulticastDataEncryptAlg OBJECT-TYPE 2727 SYNTAX DocsBpkmDataEncryptAlg 2728 MAX-ACCESS read-create 2729 STATUS current 2730 DESCRIPTION 2731 "The value of this object is the data encryption 2732 algorithm for this IP." 2733 REFERENCE 2734 "DOCSIS Baseline Privacy Plus Interface Specification, 2735 Section 4.2.2.20." 2736 DEFVAL { des56CbcMode } 2737 ::= { docsBpi2CmtsIpMulticastMapEntry 7 } 2739 docsBpi2CmtsIpMulticastDataAuthentAlg OBJECT-TYPE 2740 SYNTAX DocsBpkmDataAuthentAlg 2741 MAX-ACCESS read-create 2742 STATUS current 2743 DESCRIPTION 2744 "The value of this object is the data authentication 2745 algorithm for this IP." 2746 REFERENCE 2747 "DOCSIS Baseline Privacy Plus Interface Specification, 2748 Section 4.2.2.20." 2749 DEFVAL { none } 2750 ::= { docsBpi2CmtsIpMulticastMapEntry 8 } 2752 docsBpi2CmtsIpMulticastSAMapRequests OBJECT-TYPE 2753 SYNTAX Counter32 2754 MAX-ACCESS read-only 2755 STATUS current 2756 DESCRIPTION 2757 "The value of this object is the count of times the 2758 CMTS has received an SA Map Request message for this IP. 2759 Discontinuities in the value of this counter can occur at 2760 re-initialization of the management system, and at other 2761 times as indicated by the value of 2762 ifCounterDiscontinuityTime." 2763 DOCSIS BPI Plus MIB November 2004 2765 REFERENCE 2766 "DOCSIS Baseline Privacy Plus Interface Specification, 2767 Section 4.2.1.10." 2768 ::= { docsBpi2CmtsIpMulticastMapEntry 9 } 2770 docsBpi2CmtsIpMulticastSAMapReplies OBJECT-TYPE 2771 SYNTAX Counter32 2772 MAX-ACCESS read-only 2773 STATUS current 2774 DESCRIPTION 2775 "The value of this object is the count of times the 2776 CMTS has transmitted an SA Map Reply message for this IP. 2777 Discontinuities in the value of this counter can occur at 2778 re-initialization of the management system, and at other 2779 times as indicated by the value of 2780 ifCounterDiscontinuityTime." 2781 REFERENCE 2782 "DOCSIS Baseline Privacy Plus Interface Specification, 2783 Section 4.2.1.11." 2784 ::= { docsBpi2CmtsIpMulticastMapEntry 10 } 2786 docsBpi2CmtsIpMulticastSAMapRejects OBJECT-TYPE 2787 SYNTAX Counter32 2788 MAX-ACCESS read-only 2789 STATUS current 2790 DESCRIPTION 2791 "The value of this object is the count of times the 2792 CMTS has transmitted an SA Map Reject message for this IP. 2793 Discontinuities in the value of this counter can occur at 2794 re-initialization of the management system, and at other 2795 times as indicated by the value of 2796 ifCounterDiscontinuityTime." 2797 REFERENCE 2798 "DOCSIS Baseline Privacy Plus Interface Specification, 2799 Section 4.2.1.12." 2800 ::= { docsBpi2CmtsIpMulticastMapEntry 11 } 2802 docsBpi2CmtsIpMulticastSAMapRejectErrorCode OBJECT-TYPE 2803 SYNTAX INTEGER { 2804 none(1), 2805 unknown(2), 2806 noAuthForRequestedDSFlow(9), 2807 dsFlowNotMappedToSA(10) 2808 } 2809 MAX-ACCESS read-only 2810 STATUS current 2811 DESCRIPTION 2812 "The value of this object is the enumerated 2813 description of the Error-Code in the most recent SA Map 2814 DOCSIS BPI Plus MIB November 2004 2816 Reject message sent in response to a SA Map Request for 2817 This IP. It has value unknown(2) if the last Error-Code 2818 Value was 0, and none(1) if no SA MAP Reject message has 2819 been received since entry creation." 2820 REFERENCE 2821 "DOCSIS Baseline Privacy Plus Interface Specification, 2822 Sections 4.2.1.12 and 4.2.2.15." 2823 ::= { docsBpi2CmtsIpMulticastMapEntry 12 } 2825 docsBpi2CmtsIpMulticastSAMapRejectErrorString OBJECT-TYPE 2826 SYNTAX SnmpAdminString (SIZE (0..128)) 2827 MAX-ACCESS read-only 2828 STATUS current 2829 DESCRIPTION 2830 "The value of this object is the text string in 2831 the most recent SA Map Reject message sent in response to 2832 an SA Map Request for this IP. It is a zero length string 2833 if no SA Map Reject message has been received since entry 2834 creation." 2835 REFERENCE 2836 "DOCSIS Baseline Privacy Plus Interface Specification, 2837 Sections 4.2.1.12 and 4.2.2.6." 2838 ::= { docsBpi2CmtsIpMulticastMapEntry 13 } 2840 docsBpi2CmtsIpMulticastMapControl OBJECT-TYPE 2841 SYNTAX RowStatus 2842 MAX-ACCESS read-create 2843 STATUS current 2844 DESCRIPTION 2845 "This object controls and reflects the IP multicast 2846 address mapping entry. There is no restriction on the 2847 ability to change values in this row while the row is 2848 active. 2849 A created row can be set to active only after the 2850 Corresponding instances of docsBpi2CmtsIpMulticastAddress, 2851 docsBpi2CmtsIpMulticastMask, docsBpi2CmtsIpMulticastSAId 2852 and docsBpi2CmtsIpMulticastSAType have all been set." 2853 ::= { docsBpi2CmtsIpMulticastMapEntry 14 } 2855 docsBpi2CmtsIpMulticastMapStorageType OBJECT-TYPE 2856 SYNTAX StorageType 2857 MAX-ACCESS read-only 2858 STATUS current 2859 DESCRIPTION 2860 "The storage type for this conceptual row. 2861 Conceptual rows having the value 'permanent' need not allow 2862 write-access to any columnar objects in the row." 2863 ::= { docsBpi2CmtsIpMulticastMapEntry 15 } 2864 DOCSIS BPI Plus MIB November 2004 2866 -- 2867 -- The CMTS Multicast SAID Authorization Table, 2868 -- indexed by ifIndex by 2869 -- multicast SAID by CM MAC address 2870 -- 2872 docsBpi2CmtsMulticastAuthTable OBJECT-TYPE 2873 SYNTAX SEQUENCE OF DocsBpi2CmtsMulticastAuthEntry 2874 MAX-ACCESS not-accessible 2875 STATUS current 2876 DESCRIPTION 2877 "This table describes the multicast SAID 2878 authorization for each CM on each CMTS MAC interface." 2879 ::= { docsBpi2CmtsMulticastObjects 2 } 2881 docsBpi2CmtsMulticastAuthEntry OBJECT-TYPE 2882 SYNTAX DocsBpi2CmtsMulticastAuthEntry 2883 MAX-ACCESS not-accessible 2884 STATUS current 2885 DESCRIPTION 2886 "Each entry contains objects describing the key 2887 authorization of one cable modem for one multicast SAID 2888 for one CMTS MAC interface. 2889 Row entries persist after re-initialization of 2890 the managed system." 2891 INDEX { ifIndex, docsBpi2CmtsMulticastAuthSAId, 2892 docsBpi2CmtsMulticastAuthCmMacAddress } 2893 ::= { docsBpi2CmtsMulticastAuthTable 1 } 2895 DocsBpi2CmtsMulticastAuthEntry ::= SEQUENCE 2896 { 2897 docsBpi2CmtsMulticastAuthSAId DocsSAId, 2898 docsBpi2CmtsMulticastAuthCmMacAddress MacAddress, 2899 docsBpi2CmtsMulticastAuthControl RowStatus 2900 } 2902 docsBpi2CmtsMulticastAuthSAId OBJECT-TYPE 2903 SYNTAX DocsSAId 2904 MAX-ACCESS not-accessible 2905 STATUS current 2906 DESCRIPTION 2907 "This object represents the multicast SAID for 2908 authorization." 2909 ::= { docsBpi2CmtsMulticastAuthEntry 1 } 2911 docsBpi2CmtsMulticastAuthCmMacAddress OBJECT-TYPE 2912 SYNTAX MacAddress 2913 MAX-ACCESS not-accessible 2914 DOCSIS BPI Plus MIB November 2004 2916 STATUS current 2917 DESCRIPTION 2918 "This object represents the MAC address of the CM 2919 to which the multicast SAID authorization applies." 2920 ::= { docsBpi2CmtsMulticastAuthEntry 2 } 2922 docsBpi2CmtsMulticastAuthControl OBJECT-TYPE 2923 SYNTAX RowStatus 2924 MAX-ACCESS read-create 2925 STATUS current 2926 DESCRIPTION 2927 "The status of this conceptual row for the 2928 authorization of multicast SAIDs to CMs. " 2929 ::= { docsBpi2CmtsMulticastAuthEntry 3 } 2931 -- 2932 -- CMTS Cert Objects 2933 -- 2935 docsBpi2CmtsCertObjects OBJECT IDENTIFIER 2936 ::= { docsBpi2CmtsObjects 5 } 2938 -- 2939 -- CMTS Provisioned CM Cert Table 2940 -- 2942 docsBpi2CmtsProvisionedCmCertTable OBJECT-TYPE 2943 SYNTAX SEQUENCE OF 2944 DocsBpi2CmtsProvisionedCmCertEntry 2945 MAX-ACCESS not-accessible 2946 STATUS current 2947 DESCRIPTION 2948 "A table of CM certificate trust entries provisioned 2949 to the CMTS. The trust object for a certificate in this 2950 table has an overriding effect on the validity object of a 2951 certificate in the authorization table, as long as the 2952 entire contents of the two certificates are identical." 2953 ::= { docsBpi2CmtsCertObjects 1 } 2955 docsBpi2CmtsProvisionedCmCertEntry OBJECT-TYPE 2956 SYNTAX DocsBpi2CmtsProvisionedCmCertEntry 2957 MAX-ACCESS not-accessible 2958 STATUS current 2959 DESCRIPTION 2960 "An entry in the CMTS's provisioned CM certificate 2961 table. Row entries persist after re-initialization of 2962 the managed system." 2963 REFERENCE 2964 DOCSIS BPI Plus MIB November 2004 2966 "Data-Over-Cable Service Interface Specifications: 2967 Operations Support System Interface Specification 2968 SP-OSSIv2.0-I05-040407, Section 6.2.14" 2969 INDEX { docsBpi2CmtsProvisionedCmCertMacAddress } 2970 ::= { docsBpi2CmtsProvisionedCmCertTable 1 } 2972 DocsBpi2CmtsProvisionedCmCertEntry ::= SEQUENCE 2973 { 2974 docsBpi2CmtsProvisionedCmCertMacAddress MacAddress, 2975 docsBpi2CmtsProvisionedCmCertTrust INTEGER, 2976 docsBpi2CmtsProvisionedCmCertSource INTEGER, 2977 docsBpi2CmtsProvisionedCmCertStatus RowStatus, 2978 docsBpi2CmtsProvisionedCmCert 2979 DocsX509ASN1DEREncodedCertificate 2980 } 2982 docsBpi2CmtsProvisionedCmCertMacAddress OBJECT-TYPE 2983 SYNTAX MacAddress 2984 MAX-ACCESS not-accessible 2985 STATUS current 2986 DESCRIPTION 2987 "The index of this row." 2988 ::= { docsBpi2CmtsProvisionedCmCertEntry 1 } 2990 docsBpi2CmtsProvisionedCmCertTrust OBJECT-TYPE 2991 SYNTAX INTEGER { 2992 trusted(1), 2993 untrusted(2) 2994 } 2995 MAX-ACCESS read-create 2996 STATUS current 2997 DESCRIPTION 2998 "Trust state for the provisioned CM certificate entry. 2999 Note: Setting this object need only override the validity 3000 of CM certificates sent in future authorization requests; 3001 instantaneous effect need not occur." 3002 REFERENCE 3003 "DOCSIS Baseline Privacy Plus Interface Specification, 3004 Section 9.4.1." 3005 DEFVAL { untrusted } 3006 ::= { docsBpi2CmtsProvisionedCmCertEntry 2 } 3008 docsBpi2CmtsProvisionedCmCertSource OBJECT-TYPE 3009 SYNTAX INTEGER { 3010 snmp(1), 3011 configurationFile(2), 3012 externalDatabase(3), 3013 other(4) 3014 } 3016 DOCSIS BPI Plus MIB November 2004 3018 MAX-ACCESS read-only 3019 STATUS current 3020 DESCRIPTION 3021 "This object indicates how the certificate reached the 3022 CMTS. Other(4) means is originated from a source not 3023 identified above." 3024 REFERENCE 3025 "DOCSIS Baseline Privacy Plus Interface Specification, 3026 Section 9.4.1." 3027 ::= { docsBpi2CmtsProvisionedCmCertEntry 3 } 3029 docsBpi2CmtsProvisionedCmCertStatus OBJECT-TYPE 3030 SYNTAX RowStatus 3031 MAX-ACCESS read-create 3032 STATUS current 3033 DESCRIPTION 3034 "The status of this conceptual row. Values in this row 3035 cannot be changed while the row is 'active'." 3036 ::= { docsBpi2CmtsProvisionedCmCertEntry 4 } 3038 docsBpi2CmtsProvisionedCmCert OBJECT-TYPE 3039 SYNTAX DocsX509ASN1DEREncodedCertificate 3040 MAX-ACCESS read-create 3041 STATUS current 3042 DESCRIPTION 3043 "An X509 DER-encoded Certificate Authority 3044 certificate. 3045 Note: The zero-length OCTET STRING must be returned, on 3046 reads, if the entire certificate is not retained in the 3047 CMTS." 3048 REFERENCE 3049 "DOCSIS Baseline Privacy Plus Interface Specification, 3050 Section 9.2." 3051 ::= { docsBpi2CmtsProvisionedCmCertEntry 5 } 3053 -- 3054 -- CMTS CA Cert Table 3055 -- 3057 docsBpi2CmtsCACertTable OBJECT-TYPE 3058 SYNTAX SEQUENCE OF DocsBpi2CmtsCACertEntry 3059 MAX-ACCESS not-accessible 3060 STATUS current 3061 DESCRIPTION 3062 "The table of known Certificate Authority certificates 3063 acquired by this device." 3064 ::= { docsBpi2CmtsCertObjects 2 } 3065 DOCSIS BPI Plus MIB November 2004 3067 docsBpi2CmtsCACertEntry OBJECT-TYPE 3068 SYNTAX DocsBpi2CmtsCACertEntry 3069 MAX-ACCESS not-accessible 3070 STATUS current 3071 DESCRIPTION 3072 "A row in the Certificate Authority certificate 3073 table. Row entries with trust status 'trusted', 3074 'untrusted', or 'root' persist after re-initialization 3075 of the managed system." 3076 REFERENCE 3077 "Data-Over-Cable Service Interface Specifications: 3078 Operations Support System Interface Specification 3079 SP-OSSIv2.0-I05-040407, Section 6.2.14" 3080 INDEX { docsBpi2CmtsCACertIndex } 3081 ::= {docsBpi2CmtsCACertTable 1 } 3083 DocsBpi2CmtsCACertEntry ::= SEQUENCE { 3084 docsBpi2CmtsCACertIndex Unsigned32, 3085 docsBpi2CmtsCACertSubject SnmpAdminString, 3086 docsBpi2CmtsCACertIssuer SnmpAdminString, 3087 docsBpi2CmtsCACertSerialNumber OCTET STRING, 3088 docsBpi2CmtsCACertTrust INTEGER, 3089 docsBpi2CmtsCACertSource INTEGER, 3090 docsBpi2CmtsCACertStatus RowStatus, 3091 docsBpi2CmtsCACert 3092 DocsX509ASN1DEREncodedCertificate, 3093 docsBpi2CmtsCACertThumbprint OCTET STRING 3094 } 3096 docsBpi2CmtsCACertIndex OBJECT-TYPE 3097 SYNTAX Unsigned32 (1.. 4294967295) 3098 MAX-ACCESS not-accessible 3099 STATUS current 3100 DESCRIPTION 3101 "The index for this row." 3102 ::= { docsBpi2CmtsCACertEntry 1 } 3104 docsBpi2CmtsCACertSubject OBJECT-TYPE 3105 SYNTAX SnmpAdminString 3106 MAX-ACCESS read-only 3107 STATUS current 3108 DESCRIPTION 3109 "The subject name exactly as it is encoded in the 3110 X509 certificate. 3111 The organizationName portion of the certificate's subject 3112 name must be present. All other fields are optional. Any 3113 optional field present must be pre pended with 3114 (carriage return, U+000D) (line feed, U+000A). 3115 Ordering of fields present must conform to: 3117 DOCSIS BPI Plus MIB November 2004 3119 organizationName 3120 countryName 3121 stateOrProvinceName 3122 localityName 3123 organizationalUnitName 3124 organizationalUnitName= 3125 commonName" 3126 REFERENCE 3127 "DOCSIS Baseline Privacy Plus Interface Specification, 3128 Section 9.2.4" 3129 ::= { docsBpi2CmtsCACertEntry 2 } 3131 docsBpi2CmtsCACertIssuer OBJECT-TYPE 3132 SYNTAX SnmpAdminString 3133 MAX-ACCESS read-only 3134 STATUS current 3135 DESCRIPTION 3136 "The issuer name exactly as it is encoded in the 3137 X509 certificate. 3138 The commonName portion of the certificate's issuer 3139 name must be present. All other fields are optional. Any 3140 optional field present must be pre pended with 3141 (carriage return, U+000D) (line feed, U+000A). 3142 Ordering of fields present must conform to: 3144 CommonName 3145 countryName 3146 stateOrProvinceName 3147 localityName 3148 organizationName 3149 organizationalUnitName 3150 organizationalUnitName=" 3151 REFERENCE 3152 "DOCSIS Baseline Privacy Plus Interface Specification, 3153 Section 9.2.4" 3154 ::= { docsBpi2CmtsCACertEntry 3 } 3156 docsBpi2CmtsCACertSerialNumber OBJECT-TYPE 3157 SYNTAX OCTET STRING (SIZE (1..32)) 3158 MAX-ACCESS read-only 3159 STATUS current 3160 DESCRIPTION 3161 "This CA certificate's serial number represented as 3162 an octet string." 3163 REFERENCE 3164 "DOCSIS Baseline Privacy Plus Interface Specification, 3165 Section 9.2.2" 3166 ::= { docsBpi2CmtsCACertEntry 4 } 3167 DOCSIS BPI Plus MIB November 2004 3169 docsBpi2CmtsCACertTrust OBJECT-TYPE 3170 SYNTAX INTEGER { 3171 trusted (1), 3172 untrusted (2), 3173 chained (3), 3174 root (4) 3175 } 3176 MAX-ACCESS read-create 3177 STATUS current 3178 DESCRIPTION 3179 "This object controls the trust status of this 3180 certificate. Root certificates must be given root(4) 3181 trust; manufacturer certificates must not be given root(4) 3182 trust. Trust on root certificates must not change. 3183 Note: Setting this object need only affect the validity of 3184 CM certificates sent in future authorization requests; 3185 instantaneous effect need not occur." 3186 REFERENCE 3187 "DOCSIS Baseline Privacy Plus Interface Specification, 3188 Section 9.4.1" 3189 DEFVAL { chained } 3190 ::= { docsBpi2CmtsCACertEntry 5 } 3192 docsBpi2CmtsCACertSource OBJECT-TYPE 3193 SYNTAX INTEGER { 3194 snmp (1), 3195 configurationFile (2), 3196 externalDatabase (3), 3197 other (4), 3198 authentInfo (5), 3199 compiledIntoCode (6) 3200 } 3201 MAX-ACCESS read-only 3202 STATUS current 3203 DESCRIPTION 3204 "This object indicates how the certificate reached 3205 the CMTS. Other(4) means it originated from a source not 3206 identified above." 3207 REFERENCE 3208 "DOCSIS Baseline Privacy Plus Interface Specification, 3209 Section 9.4.1" 3210 ::= { docsBpi2CmtsCACertEntry 6 } 3212 docsBpi2CmtsCACertStatus OBJECT-TYPE 3213 SYNTAX RowStatus 3214 MAX-ACCESS read-create 3215 STATUS current 3216 DESCRIPTION 3217 DOCSIS BPI Plus MIB November 2004 3219 "The status of this conceptual row. An attempt 3220 to set writable columnar values while this row is active 3221 behaves as follows: 3222 - Sets to the object docsBpi2CmtsCACertTrust are allowed. 3223 - Sets to the object docsBpi2CmtsCACert will return an 3224 error inconsistentValue'. 3225 A newly create entry cannot be set to active until the 3226 value of docsBpi2CmtsCACert is being set." 3227 ::= { docsBpi2CmtsCACertEntry 7 } 3229 docsBpi2CmtsCACert OBJECT-TYPE 3230 SYNTAX DocsX509ASN1DEREncodedCertificate 3231 MAX-ACCESS read-create 3232 STATUS current 3233 DESCRIPTION 3234 "An X509 DER-encoded Certificate Authority 3235 certificate. 3236 To help identify certificates, either this object or 3237 docsBpi2CmtsCACertThumbprint must be returned by a CMTS for 3238 self-signed CA certificates. 3240 Note: The zero-length OCTET STRING must be returned, on 3241 reads, if the entire certificate is not retained in the 3242 CMTS." 3243 REFERENCE 3244 "DOCSIS Baseline Privacy Plus Interface Specification, 3245 Section 9.2." 3246 ::= { docsBpi2CmtsCACertEntry 8 } 3248 docsBpi2CmtsCACertThumbprint OBJECT-TYPE 3249 SYNTAX OCTET STRING (SIZE (20)) 3250 MAX-ACCESS read-only 3251 STATUS current 3252 DESCRIPTION 3253 "The SHA-1 hash of a CA certificate. 3254 To help identify certificates, either this object or 3255 docsBpi2CmtsCACert must be returned by a CMTS for 3256 self-signed CA certificates. 3258 Note: The zero-length OCTET STRING must be returned, on 3259 reads, if the CA certificate thumb print is not retained 3260 in the CMTS." 3261 REFERENCE 3262 "DOCSIS Baseline Privacy Plus Interface Specification, 3263 Section 9.4.3" 3264 ::= { docsBpi2CmtsCACertEntry 9 } 3266 -- 3267 DOCSIS BPI Plus MIB November 2004 3269 -- Authenticated Software Download Objects 3270 -- 3272 -- 3273 -- Note: the authenticated software download objects are a 3274 -- CM requirement only. 3275 -- 3277 docsBpi2CodeDownloadControl OBJECT IDENTIFIER 3278 ::= { docsBpi2MIBObjects 4 } 3280 docsBpi2CodeDownloadStatusCode OBJECT-TYPE 3281 SYNTAX INTEGER { 3282 configFileCvcVerified (1), 3283 configFileCvcRejected (2), 3284 snmpCvcVerified (3), 3285 snmpCvcRejected (4), 3286 codeFileVerified (5), 3287 codeFileRejected (6), 3288 other (7) 3289 } 3290 MAX-ACCESS read-only 3291 STATUS current 3292 DESCRIPTION 3293 "The value indicates the result of the latest config 3294 file CVC verification, SNMP CVC verification, or code file 3295 verification." 3296 REFERENCE 3297 "DOCSIS Baseline Privacy Plus Interface Specification, 3298 Section D.3.3.2 & D.3.5.1." 3299 ::= { docsBpi2CodeDownloadControl 1 } 3301 docsBpi2CodeDownloadStatusString OBJECT-TYPE 3302 SYNTAX SnmpAdminString 3303 MAX-ACCESS read-only 3304 STATUS current 3305 DESCRIPTION 3306 "The value of this object indicates the additional 3307 information to the status code. The value will include 3308 the error code and error description which will be defined 3309 separately." 3310 REFERENCE 3311 "DOCSIS Baseline Privacy Plus Interface Specification, 3312 Section TBD (see D.3.7)" 3313 ::= { docsBpi2CodeDownloadControl 2 } 3315 docsBpi2CodeMfgOrgName OBJECT-TYPE 3316 SYNTAX SnmpAdminString 3317 MAX-ACCESS read-only 3318 DOCSIS BPI Plus MIB November 2004 3320 STATUS current 3321 DESCRIPTION 3322 "The value of this object is the device manufacturer's 3323 organizationName." 3324 REFERENCE 3325 "DOCSIS Baseline Privacy Plus Interface Specification, 3326 Section D.3.2.2." 3327 ::= { docsBpi2CodeDownloadControl 3 } 3329 docsBpi2CodeMfgCodeAccessStart OBJECT-TYPE 3330 SYNTAX DateAndTime (SIZE(11)) 3331 MAX-ACCESS read-only 3332 STATUS current 3333 DESCRIPTION 3334 "The value of this object is the device manufacturer's 3335 current codeAccessStart value. This value always be 3336 referenced to Greenwich Mean Time (GMT) and the value 3337 format must contain TimeZone information (fields 8-10)." 3338 REFERENCE 3339 "DOCSIS Baseline Privacy Plus Interface Specification, 3340 Section D.3.2.2." 3341 ::= { docsBpi2CodeDownloadControl 4 } 3343 docsBpi2CodeMfgCvcAccessStart OBJECT-TYPE 3344 SYNTAX DateAndTime (SIZE(11)) 3345 MAX-ACCESS read-only 3346 STATUS current 3347 DESCRIPTION 3348 "The value of this object is the device manufacturer's 3349 current cvcAccessStart value. This value always be 3350 referenced to Greenwich Mean Time (GMT) and the value 3351 format must contain TimeZone information (fields 8-10)." 3352 REFERENCE 3353 "DOCSIS Baseline Privacy Plus Interface Specification, 3354 Section D.3.2.2." 3355 ::= { docsBpi2CodeDownloadControl 5 } 3357 docsBpi2CodeCoSignerOrgName OBJECT-TYPE 3358 SYNTAX SnmpAdminString 3359 MAX-ACCESS read-only 3360 STATUS current 3361 DESCRIPTION 3362 "The value of this object is the Co-Signer's 3363 organizationName. The value is a zero length string if 3364 the co-signer is not specified." 3365 REFERENCE 3366 "DOCSIS Baseline Privacy Plus Interface Specification, 3367 Section D.3.2.2." 3368 ::= { docsBpi2CodeDownloadControl 6 } 3369 DOCSIS BPI Plus MIB November 2004 3371 docsBpi2CodeCoSignerCodeAccessStart OBJECT-TYPE 3372 SYNTAX DateAndTime (SIZE(11)) 3373 MAX-ACCESS read-only 3374 STATUS current 3375 DESCRIPTION 3376 "The value of this object is the Co-Signer's current 3377 codeAccessStart value. This value always be referenced to 3378 Greenwich Mean Time (GMT) and the value format must contain 3379 TimeZone information (fields 8-10). 3380 If docsBpi2CodeCoSignerOrgName is a zero 3381 length string, the value of this object is meaningless." 3382 REFERENCE 3383 "DOCSIS Baseline Privacy Plus Interface Specification, 3384 Section D.3.2.2." 3385 ::= { docsBpi2CodeDownloadControl 7 } 3387 docsBpi2CodeCoSignerCvcAccessStart OBJECT-TYPE 3388 SYNTAX DateAndTime (SIZE(11)) 3389 MAX-ACCESS read-only 3390 STATUS current 3391 DESCRIPTION 3392 "The value of this object is the Co-Signer's current 3393 cvcAccessStart value. This value always be referenced to 3394 Greenwich Mean Time (GMT) and the value format must contain 3395 TimeZone information (fields 8-10). 3396 If docsBpi2CodeCoSignerOrgName is a zero 3397 length string, the value of this object is meaningless." 3398 REFERENCE 3399 "DOCSIS Baseline Privacy Plus Interface Specification, 3400 Section D.3.2.2." 3401 ::= { docsBpi2CodeDownloadControl 8 } 3403 docsBpi2CodeCvcUpdate OBJECT-TYPE 3404 SYNTAX DocsX509ASN1DEREncodedCertificate 3405 MAX-ACCESS read-write 3406 STATUS current 3407 DESCRIPTION 3408 "Setting a CVC to this object triggers the device 3409 to verify the CVC and update the cvcAccessStart values, 3410 then the content of this object is discarded.. 3411 If the device is not enabled to upgrade codefiles, or 3412 the CVC verification fails, the CVC will be rejected. 3413 Reading this object always returns the zero-length OCTET 3414 STRING." 3415 REFERENCE 3416 "DOCSIS Baseline Privacy Plus Interface Specification, 3417 Section D.3.3.2.2." 3418 ::= { docsBpi2CodeDownloadControl 9 } 3419 DOCSIS BPI Plus MIB November 2004 3421 -- 3422 -- The BPI+ MIB Conformance Statements (with a placeholder for 3423 -- notifications) 3424 -- 3426 docsBpi2Notification OBJECT IDENTIFIER 3427 ::= { docsBpi2MIB 0 } 3428 docsBpi2Conformance OBJECT IDENTIFIER 3429 ::= { docsBpi2MIB 2 } 3430 docsBpi2Compliances OBJECT IDENTIFIER 3431 ::= { docsBpi2Conformance 1 } 3432 docsBpi2Groups OBJECT IDENTIFIER 3433 ::= { docsBpi2Conformance 2 } 3435 docsBpi2CmCompliance MODULE-COMPLIANCE 3436 STATUS current 3437 DESCRIPTION 3438 "This is the compliance statement for CMs which 3439 implement the DOCSIS Baseline Privacy Interface Plus." 3441 MODULE -- docsBpi2MIB 3443 -- unconditionally mandatory group 3444 MANDATORY-GROUPS { 3445 docsBpi2CmGroup, 3446 docsBpi2CodeDownloadGroup 3447 } 3449 -- constrain on Encryption algorithms 3450 OBJECT docsBpi2CmTEKDataEncryptAlg 3451 SYNTAX DocsBpkmDataEncryptAlg { 3452 none(0), 3453 des56CbcMode(1), 3454 des40CbcMode(2) 3455 } 3456 DESCRIPTION 3457 "It is compliant to support des56CbcMode(1) and 3458 des40CbcMode(2) for data encryption algorithms." 3460 -- constrain on Integrity algorithms 3461 OBJECT docsBpi2CmTEKDataAuthentAlg 3462 SYNTAX DocsBpkmDataAuthentAlg { 3463 none(0) 3464 } 3465 DOCSIS BPI Plus MIB November 2004 3467 DESCRIPTION 3468 "It is compliant to not support data message 3469 authentication algorithms." 3471 -- constrain on IP addressing 3472 OBJECT docsBpi2CmIpMulticastAddressType 3473 SYNTAX InetAddressType { ipv4(1) } 3474 DESCRIPTION 3475 "An implementation is only required to support IPv4 3476 addresses. Other address types support may be defined in 3477 future versions of this MIB module." 3479 -- constrain on IP addressing 3480 OBJECT docsBpi2CmIpMulticastAddress 3481 SYNTAX InetAddress (SIZE(4)) 3482 DESCRIPTION 3483 "An implementation is only required to support IPv4 3484 addresses Other address types support may be defined in 3485 future versions of this MIB module." 3487 -- constrain on Encryption algorithms 3488 OBJECT docsBpi2CmCryptoSuiteDataEncryptAlg 3489 SYNTAX DocsBpkmDataEncryptAlg { 3490 none(0), 3491 des56CbcMode(1), 3492 des40CbcMode(2) 3493 } 3494 DESCRIPTION 3495 "It is compliant to only support des56CbcMode(1) 3496 and des40CbcMode(2) for data encryption algorithms." 3498 -- constrain on Integrity algorithms 3499 OBJECT docsBpi2CmCryptoSuiteDataAuthentAlg 3500 SYNTAX DocsBpkmDataAuthentAlg { 3501 none(0) 3502 } 3503 DESCRIPTION 3504 "It is compliant to not support data message 3505 authentication algorithms." 3507 ::= { docsBpi2Compliances 1 } 3509 docsBpi2CmtsCompliance MODULE-COMPLIANCE 3510 STATUS current 3511 DESCRIPTION 3512 "This is the compliance statement for CMTSs which 3513 implement the DOCSIS Baseline Privacy Interface Plus." 3514 DOCSIS BPI Plus MIB November 2004 3516 MODULE -- docsBpi2MIB 3517 -- unconditionally mandatory group 3518 MANDATORY-GROUPS { 3519 docsBpi2CmtsGroup 3520 } 3522 -- unconditionally optional group 3523 GROUP docsBpi2CodeDownloadGroup 3524 DESCRIPTION 3525 "This group is optional for CMTSs. The implementation 3526 decision of this group is left to the vendor" 3528 -- constrain on mandatory range 3529 OBJECT docsBpi2CmtsDefaultAuthLifetime 3530 SYNTAX Integer32 (86400..6048000) 3531 DESCRIPTION 3532 "The refined range corresponds to the minimum and 3533 maximum values in operational networks." 3535 -- constrain on mandatory range 3536 OBJECT docsBpi2CmtsDefaultTEKLifetime 3537 SYNTAX Integer32 (1800..604800) 3538 DESCRIPTION 3539 "The refined range corresponds to the minimum and 3540 maximum values in operational networks." 3542 -- constrain on mandatory range 3543 OBJECT docsBpi2CmtsAuthCmLifetime 3544 SYNTAX Integer32 (86400..6048000) 3545 DESCRIPTION 3546 "The refined range corresponds to the minimum and 3547 maximum values in operational networks." 3549 -- constrain on Encryption algorithms 3550 OBJECT docsBpi2CmtsTEKDataEncryptAlg 3551 SYNTAX DocsBpkmDataEncryptAlg { 3552 none(0), 3553 des56CbcMode(1), 3554 des40CbcMode(2) 3555 } 3556 DESCRIPTION 3557 "It is compliant to only support des56CbcMode(1) 3558 and des40CbcMode(2) for data encryption." 3560 -- constrain on Integrity algorithms 3561 DOCSIS BPI Plus MIB November 2004 3563 OBJECT docsBpi2CmtsTEKDataAuthentAlg 3564 SYNTAX DocsBpkmDataAuthentAlg { 3565 none(0) 3566 } 3567 DESCRIPTION 3568 "It is compliant to not support data message 3569 authentication algorithms." 3571 -- constrain on mandatory range 3572 OBJECT docsBpi2CmtsTEKLifetime 3573 SYNTAX Integer32 (1800..604800) 3574 DESCRIPTION 3575 "The refined range corresponds to the minimum and 3576 maximum values in operational networks." 3578 -- constrain on access 3579 -- constrain on IP Addressing 3581 OBJECT docsBpi2CmtsIpMulticastAddressType 3582 SYNTAX InetAddressType { ipv4(1) } 3583 MIN-ACCESS read-only 3584 DESCRIPTION 3585 "Write access is not required. 3586 An implementation is only required to support IPv4 3587 addresses. Other address types support may be defined in 3588 future versions of this MIB module." 3590 OBJECT docsBpi2CmtsIpMulticastAddress 3591 SYNTAX InetAddress (SIZE(4)) 3592 MIN-ACCESS read-only 3593 DESCRIPTION 3594 "Write access is not required. 3595 An implementation is only required to support IPv4 3596 addresses. Other address types support may be defined in 3597 future versions of this MIB module." 3599 OBJECT docsBpi2CmtsIpMulticastMask 3600 SYNTAX InetAddress (SIZE(4)) 3601 MIN-ACCESS read-only 3602 DESCRIPTION 3603 "Write access is not required. 3604 An implementation is only required to support IPv4 3605 addresses. Other address types support may be defined in 3606 future versions of this MIB module." 3608 -- constrain on access 3610 OBJECT docsBpi2CmtsIpMulticastSAId 3611 MIN-ACCESS read-only 3612 DOCSIS BPI Plus MIB November 2004 3614 DESCRIPTION 3615 "Write access is not required." 3617 OBJECT docsBpi2CmtsIpMulticastSAType 3618 MIN-ACCESS read-only 3619 DESCRIPTION 3620 "Write access is not required." 3622 -- constrain on access 3623 -- constrain on Encryption algorithms 3625 OBJECT docsBpi2CmtsIpMulticastDataEncryptAlg 3626 SYNTAX DocsBpkmDataEncryptAlg { 3627 none(0), 3628 des56CbcMode(1), 3629 des40CbcMode(2) 3630 } 3631 MIN-ACCESS read-only 3632 DESCRIPTION 3633 "Write access is not required. 3634 It is compliant to only support des56CbcMode(1) 3635 and des40CbcMode(2) for data encryption" 3637 -- constrain on access 3638 -- constrain on Integrity algorithms 3639 OBJECT docsBpi2CmtsIpMulticastDataAuthentAlg 3640 SYNTAX DocsBpkmDataAuthentAlg { 3641 none(0) 3642 } 3643 MIN-ACCESS read-only 3644 DESCRIPTION 3645 "Write access is not required. 3646 It is compliant to not support data message 3647 authentication algorithms." 3649 -- constrain on access 3650 OBJECT docsBpi2CmtsMulticastAuthControl 3651 MIN-ACCESS read-only 3652 DESCRIPTION 3653 "Write access is not required." 3655 ::= { docsBpi2Compliances 2 } 3657 docsBpi2CmGroup OBJECT-GROUP 3658 OBJECTS { 3659 docsBpi2CmPrivacyEnable, 3660 DOCSIS BPI Plus MIB November 2004 3662 docsBpi2CmPublicKey, 3663 docsBpi2CmAuthState, 3664 docsBpi2CmAuthKeySequenceNumber, 3665 docsBpi2CmAuthExpiresOld, 3666 docsBpi2CmAuthExpiresNew, 3667 docsBpi2CmAuthReset, 3668 docsBpi2CmAuthGraceTime, 3669 docsBpi2CmTEKGraceTime, 3670 docsBpi2CmAuthWaitTimeout, 3671 docsBpi2CmReauthWaitTimeout, 3672 docsBpi2CmOpWaitTimeout, 3673 docsBpi2CmRekeyWaitTimeout, 3674 docsBpi2CmAuthRejectWaitTimeout, 3675 docsBpi2CmSAMapWaitTimeout, 3676 docsBpi2CmSAMapMaxRetries, 3677 docsBpi2CmAuthentInfos, 3678 docsBpi2CmAuthRequests, 3679 docsBpi2CmAuthReplies, 3680 docsBpi2CmAuthRejects, 3681 docsBpi2CmAuthInvalids, 3682 docsBpi2CmAuthRejectErrorCode, 3683 docsBpi2CmAuthRejectErrorString, 3684 docsBpi2CmAuthInvalidErrorCode, 3685 docsBpi2CmAuthInvalidErrorString, 3686 docsBpi2CmTEKSAType, 3687 docsBpi2CmTEKDataEncryptAlg, 3688 docsBpi2CmTEKDataAuthentAlg, 3689 docsBpi2CmTEKState, 3690 docsBpi2CmTEKKeySequenceNumber, 3691 docsBpi2CmTEKExpiresOld, 3692 docsBpi2CmTEKExpiresNew, 3693 docsBpi2CmTEKKeyRequests, 3694 docsBpi2CmTEKKeyReplies, 3695 docsBpi2CmTEKKeyRejects, 3696 docsBpi2CmTEKInvalids, 3697 docsBpi2CmTEKAuthPends, 3698 docsBpi2CmTEKKeyRejectErrorCode, 3699 docsBpi2CmTEKKeyRejectErrorString, 3700 docsBpi2CmTEKInvalidErrorCode, 3701 docsBpi2CmTEKInvalidErrorString, 3702 docsBpi2CmIpMulticastAddressType, 3703 docsBpi2CmIpMulticastAddress, 3704 docsBpi2CmIpMulticastSAId, 3705 docsBpi2CmIpMulticastSAMapState, 3706 docsBpi2CmIpMulticastSAMapRequests, 3707 docsBpi2CmIpMulticastSAMapReplies, 3708 docsBpi2CmIpMulticastSAMapRejects, 3709 docsBpi2CmIpMulticastSAMapRejectErrorCode, 3710 docsBpi2CmIpMulticastSAMapRejectErrorString, 3711 DOCSIS BPI Plus MIB November 2004 3713 docsBpi2CmDeviceCmCert, 3714 docsBpi2CmDeviceManufCert, 3715 docsBpi2CmCryptoSuiteDataEncryptAlg, 3716 docsBpi2CmCryptoSuiteDataAuthentAlg 3717 } 3718 STATUS current 3719 DESCRIPTION 3720 "This collection of objects provides CM BPI+ status 3721 and control." 3722 ::= { docsBpi2Groups 1 } 3724 docsBpi2CmtsGroup OBJECT-GROUP 3725 OBJECTS { 3726 docsBpi2CmtsDefaultAuthLifetime, 3727 docsBpi2CmtsDefaultTEKLifetime, 3728 docsBpi2CmtsDefaultSelfSignedManufCertTrust, 3729 docsBpi2CmtsCheckCertValidityPeriods, 3730 docsBpi2CmtsAuthentInfos, 3731 docsBpi2CmtsAuthRequests, 3732 docsBpi2CmtsAuthReplies, 3733 docsBpi2CmtsAuthRejects, 3734 docsBpi2CmtsAuthInvalids, 3735 docsBpi2CmtsSAMapRequests, 3736 docsBpi2CmtsSAMapReplies, 3737 docsBpi2CmtsSAMapRejects, 3738 docsBpi2CmtsAuthCmBpiVersion, 3739 docsBpi2CmtsAuthCmPublicKey, 3740 docsBpi2CmtsAuthCmKeySequenceNumber, 3741 docsBpi2CmtsAuthCmExpiresOld, 3742 docsBpi2CmtsAuthCmExpiresNew, 3743 docsBpi2CmtsAuthCmLifetime, 3744 docsBpi2CmtsAuthCmReset, 3745 docsBpi2CmtsAuthCmInfos, 3746 docsBpi2CmtsAuthCmRequests, 3747 docsBpi2CmtsAuthCmReplies, 3748 docsBpi2CmtsAuthCmRejects, 3749 docsBpi2CmtsAuthCmInvalids, 3750 docsBpi2CmtsAuthRejectErrorCode, 3751 docsBpi2CmtsAuthRejectErrorString, 3752 docsBpi2CmtsAuthInvalidErrorCode, 3753 docsBpi2CmtsAuthInvalidErrorString, 3754 docsBpi2CmtsAuthPrimarySAId, 3755 docsBpi2CmtsAuthBpkmCmCertValid, 3756 docsBpi2CmtsAuthBpkmCmCert, 3757 docsBpi2CmtsAuthCACertIndexPtr, 3758 docsBpi2CmtsTEKSAType, 3759 docsBpi2CmtsTEKDataEncryptAlg, 3760 docsBpi2CmtsTEKDataAuthentAlg, 3761 docsBpi2CmtsTEKLifetime, 3762 DOCSIS BPI Plus MIB November 2004 3764 docsBpi2CmtsTEKKeySequenceNumber, 3765 docsBpi2CmtsTEKExpiresOld, 3766 docsBpi2CmtsTEKExpiresNew, 3767 docsBpi2CmtsTEKReset, 3768 docsBpi2CmtsKeyRequests, 3769 docsBpi2CmtsKeyReplies, 3770 docsBpi2CmtsKeyRejects, 3771 docsBpi2CmtsTEKInvalids, 3772 docsBpi2CmtsKeyRejectErrorCode, 3773 docsBpi2CmtsKeyRejectErrorString, 3774 docsBpi2CmtsTEKInvalidErrorCode, 3775 docsBpi2CmtsTEKInvalidErrorString, 3776 docsBpi2CmtsIpMulticastAddressType, 3777 docsBpi2CmtsIpMulticastAddress, 3778 docsBpi2CmtsIpMulticastMask, 3779 docsBpi2CmtsIpMulticastSAId, 3780 docsBpi2CmtsIpMulticastSAType, 3781 docsBpi2CmtsIpMulticastDataEncryptAlg, 3782 docsBpi2CmtsIpMulticastDataAuthentAlg, 3783 docsBpi2CmtsIpMulticastSAMapRequests, 3784 docsBpi2CmtsIpMulticastSAMapReplies, 3785 docsBpi2CmtsIpMulticastSAMapRejects, 3786 docsBpi2CmtsIpMulticastSAMapRejectErrorCode, 3787 docsBpi2CmtsIpMulticastSAMapRejectErrorString, 3788 docsBpi2CmtsIpMulticastMapControl, 3789 docsBpi2CmtsIpMulticastMapStorageType, 3790 docsBpi2CmtsMulticastAuthControl, 3791 docsBpi2CmtsProvisionedCmCertTrust, 3792 docsBpi2CmtsProvisionedCmCertSource, 3793 docsBpi2CmtsProvisionedCmCertStatus, 3794 docsBpi2CmtsProvisionedCmCert, 3795 docsBpi2CmtsCACertSubject, 3796 docsBpi2CmtsCACertIssuer, 3797 docsBpi2CmtsCACertSerialNumber, 3798 docsBpi2CmtsCACertTrust, 3799 docsBpi2CmtsCACertSource, 3800 docsBpi2CmtsCACertStatus, 3801 docsBpi2CmtsCACert, 3802 docsBpi2CmtsCACertThumbprint 3803 } 3804 STATUS current 3805 DESCRIPTION 3806 "This collection of objects provides CMTS BPI+ status 3807 and control." 3808 ::= { docsBpi2Groups 2 } 3810 docsBpi2CodeDownloadGroup OBJECT-GROUP 3811 OBJECTS { 3812 docsBpi2CodeDownloadStatusCode, 3813 DOCSIS BPI Plus MIB November 2004 3815 docsBpi2CodeDownloadStatusString, 3816 docsBpi2CodeMfgOrgName, 3817 docsBpi2CodeMfgCodeAccessStart, 3818 docsBpi2CodeMfgCvcAccessStart, 3819 docsBpi2CodeCoSignerOrgName, 3820 docsBpi2CodeCoSignerCodeAccessStart, 3821 docsBpi2CodeCoSignerCvcAccessStart, 3822 docsBpi2CodeCvcUpdate 3823 } 3824 STATUS current 3825 DESCRIPTION 3826 "This collection of objects provide authenticated 3827 software 3828 download support." 3829 ::= { docsBpi2Groups 3 } 3831 END 3833 4. Acknowledgments 3835 Kaz Ozawa - Authenticated Software Download objects and 3836 general suggestions 3837 Rich Woundy - BPI MIB and general MIB expertise 3838 Mike St Johns - BPI MIB and 1st draft of BPI+ MIB 3839 Bert Wijnen - Extensive comments in MIB syntax and accuracy 3840 Thanks to Mike Sabin and Manson Wong for reviewing early BPI+ 3841 MIB Drafts and to Jean-Francois Mule for contributing to the 3842 last versions. 3844 5. Normative References 3846 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3847 Requirement Levels", BCP 14, RFC 2119, March 1997. 3849 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 3850 Rose, M. and S. Waldbusser, "Structure of Management 3851 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 3852 1999. 3854 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 3855 Rose, M. and S. Waldbusser, "Textual Conventions for 3856 SMIv2", STD 58, RFC 2579, April 1999. 3858 DOCSIS BPI Plus MIB November 2004 3860 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 3861 Rose, M. and S. Waldbusser, "Conformance Statements for 3862 SMIv2", RFC 2580, STD 58, April 1999. 3864 [RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An 3865 Architecture for Describing Simple Network Management 3866 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 3867 December 2002. 3869 [RFC2021] Waldbusser, S "Remote Network Monitoring Management 3870 Information Base Version 2 using SMIv2", RFC 2021, 3871 January 1997. 3873 ************************************************************ 3874 * NOTES TO RFC Editor (to be removed prior to publication) * 3875 * * 3876 * The I-D (or a * 3877 * successor) is expected to eventually replace RFC 2021 * 3878 * If that draft (or a successor) is published as a RFC * 3879 * prior to or concurrently with this document, then the * 3880 * normative reference [RFC2021] should be updated to * 3881 * point to the replacement RFC. * 3882 * * 3883 ************************************************************ 3885 [RFC3291] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder, 3886 J., "Textual Conventions for Internet Network Addresses", 3887 RFC 3291, May 2002. 3889 ************************************************************ 3890 * NOTES TO RFC Editor (to be removed prior to publication) * 3891 * * 3892 * 1.) The I-D (or a * 3893 * successor) is expected to eventually replace RFC 3291. * 3894 * If that draft (or a successor) is published as an RFC * 3895 * prior to or concurrently with this document, then the * 3896 * normative reference [RFC3291] should be updated to * 3897 * point to the replacement RFC, and the reference tag * 3898 * [RFC3291] should be updated to match. * 3899 * * 3900 ************************************************************ 3902 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 3903 MIB", RFC 2863, June 2000. 3905 [RFC2670] St. Johns, M., "Radio Frequency (RF) Interface Management 3906 Information Base for MCNS/DOCSIS compliant RF 3907 DOCSIS BPI Plus MIB November 2004 3909 interfaces", RFC 2670, August 1999. 3911 [1] "Data-Over-Cable Service Interface Specifications: Baseline 3912 Privacy Plus Interface Specification SP-BPI+-I11-040407", 3913 DOCSIS, April 2004, available at 3914 http://www.cablemodem.com. 3915 http://www.cablelabs.com/specifications/archives. 3917 6. Informative References 3919 [RFC3083] Woundy, R., "Baseline Privacy Interface Management 3920 Information Base for DOCSIS Compliant Cable Modems and 3921 Cable Modem Termination Systems", RFC 3083, March 2001. 3923 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 3924 "Introduction and Applicability Statements for 3925 Internet-Standard Management Framework", RFC 3410, 3926 December 2002. 3928 [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 3929 (IPv6) Addressing Architecture", RFC 3513, April 2003. 3931 [IANA] "Protocol Numbers and Assignment Services", IANA, 3932 http://www.iana.org/assignments/ianaiftype-mib. 3934 [2] "Data-Over-Cable Service Interface Specifications: DOCSIS 1.0 3935 Baseline Privacy Interface (BPI) ANSI/SCTE 22-2 2202, 3936 Available at http://www.scte.org. 3938 [3] "Data-Over-Cable Service Interface Specifications: Operations 3939 Support System Interface Specification 3940 SP-OSSIv1.1-I07-030730", DOCSIS 1.1 July 2003, available at 3941 http://www.cablemodem.com. 3942 http://www.cablelabs.com/specifications/archives. 3944 [4] " Data-Over-Cable Service Interface Specifications: Operations 3945 Support System Interface Specification 3946 SP-OSSIv2.0-I05-040407", DOCSIS 2.0 April 2004, 3947 http://www.cablemodem.com. 3948 http://www.cablelabs.com/specifications/archives. 3950 7. Security Considerations 3952 There are a number of management objects defined in this MIB 3953 module with a MAX-ACCESS clause of read-write and/or read-create. 3955 DOCSIS BPI Plus MIB November 2004 3957 Such objects may be considered sensitive or vulnerable in some 3958 network environments. The support for SET operations in a non- 3959 secure environment without proper protection can have a negative 3960 effect on network operations. These are the tables and objects 3961 and their sensitivity/vulnerability: 3963 - The following objects, if SNMP SET maliciously could constitute 3964 a denial of service, theft of service attacks or compromise the 3965 intended data privacy of users: 3967 Objects related to the Baseline Privacy Key Management (BPKM) 3969 docsBpi2CmAuthReset, 3970 docsBpi2CmtsAuthCmReset, 3971 docsBpi2CmtsTEKReset: 3972 These objects are used for initiating a re-key process. 3973 A malicious massive SET attack may cause CMTS 3974 processing overload and may compromise the service. 3976 docsBpi2CmtsDefaultAuthLifetime, 3977 docsBpi2CmtsDefaultTEKLifetime, 3978 docsBpi2CmtsAuthCmLifetime, 3979 docsBpi2CmtsTEKLifetime: 3980 Implementers are encouraged to follow these objects 3981 range constrains defined in docsBpi2CmtsCompliance 3982 MODULE-COMPLIANCE clause for operational deployments 3983 to minimize the risk of malicious or unintended short 3984 periods of time for keys updates that may lead into 3985 degradation or denial of service. 3987 docsBpi2CmtsDefaultSelfSignedManufCertTrust: 3988 A malicious SET in a self-signed certificate as 3989 'untrusted' may cause CM to receive an authorization 3990 reject message which may constitute denial of 3991 service. This object is designed for testing purposes, 3992 Therefore is not RECOMMENDED to be used for commercial 3993 Deployments [1]. Administrators can make usage of 3994 View-based Access Control (VACM) introduced in section 3995 7.9 of [RFC3410] to restrict write access to this object. 3997 docsBpi2CmtsCheckCertValidityPeriods: 3998 A malicious SET in this object enabling the period 3999 validity plus a wrong clock time in the CMTS, could 4000 cause denial of service as CM authorization requests 4001 will be rejected. 4003 For more details in the validation of CM certificates, 4004 refer to section 9 of [1]. 4006 DOCSIS BPI Plus MIB November 2004 4008 Objects related to the CM only: 4010 Objects in docsBpi2CmDeviceCertTable 4011 docsBpi2CmDeviceCmCert: 4012 This object is not harmful considering that a CM 4013 received a Certificate during the manufacturing process. 4014 Therefore the object access becomes read-only. See 4015 the object DESCRIPTION clause in section 3 for details. 4017 Objects for Secure Software Download in table 4018 docsBpi2CodeDownloadControl: 4020 docsBpi2CodeCvcUpdate: 4021 A malicious SET on this object may not constitute a risk 4022 since the CM holds the DOCSIS root key to verified the 4023 CVC authenticity. Operator if configured, could receive a 4024 notification for those events occurrences that may lead 4025 to detect the source of the attack. Moreover, [1] 4026 recommends that CMs CVC are regularly updated to minimize 4027 the risk of potential code-signing keys being (e.g. by 4028 configuration file) 4030 Objects related to the CMTS only: 4032 Objects in docsBpi2CmtsProvisionedCmCertTable and 4033 docsBpi2CmtsCACertTable containing CM Certificates and 4034 Certificate Authority information respectively: 4036 docsBpi2CmtsProvisionedCmCertTrust, 4037 docsBpi2CmtsProvisionedCmCertStatus, 4038 docsBpi2CmtsProvisionedCmCert, 4039 docsBpi2CmtsCACertStatus, 4040 docsBpi2CmtsCACert: 4041 Malicious SET on these objects may constitute a denial 4042 of service attack that will be experienced after the CMs 4043 perform authorization requests. It does not affect 4044 CMs in the authorized state. 4046 Objects in multicast tables docsBpi2CmtsIpMulticastMapTable 4047 and docsBpi2CmtsMulticastAuthTable: 4049 docsBpi2CmtsIpMulticastAddressType, 4050 docsBpi2CmtsIpMulticastAddress, 4051 docsBpi2CmtsIpMulticastMaskType, 4052 docsBpi2CmtsIpMulticastMask, 4053 docsBpi2CmtsIpMulticastSAId, 4054 docsBpi2CmtsIpMulticastSAType: 4055 Malicious SET on these objects may cause 4056 mis-configuration causing interruption of the users 4057 DOCSIS BPI Plus MIB November 2004 4059 active multicast applications. 4061 docsBpi2CmtsIpMulticastDataEncryptAlg, 4062 docsBpi2CmtsIpMulticastDataAuthentAlg: 4063 Malicious SETs on these objects may create service mis- 4064 configuration causing service interruption or theft of 4065 service if encryption algorithms are removed for the 4066 multicast groups. 4068 docsBpi2CmtsIpMulticastMapControl, 4069 docsBpi2CmtsMulticastAuthControl: 4070 Malicious SETs on these objects may remove and/or 4071 disable customers and/or multicast groups causing 4072 service disruption. Also may constitute theft of service 4073 by authorizing non subscribed user to multicast groups 4074 or by adding other multicast groups in the forward path. 4076 Some of the readable objects in this MIB module (i.e., objects 4077 with a MAX-ACCESS other than not-accessible) may be considered 4078 sensitive or vulnerable in some network environments. It is thus 4079 important to control even GET and/or NOTIFY access to these 4080 objects and possibly to even encrypt the values of these objects 4081 when sending them over the network via SNMP. These are the tables 4082 and objects and their sensitivity/vulnerability: 4084 Objects in docsBpi2CmBaseTable, docsBpi2CmTEKTable, 4085 docsBpi2CmtsBaseTable, docsBpi2CmtsAuthTable, 4086 docsBpi2CmtsTEKTable, docsBpi2CmtsProvisionedCmCertTable and 4087 docsBpi2CmtsCACertTable 4088 If accessible, attackers may use this information to 4089 discriminate users configured to work without data 4090 encryption (e.g. docsBpi2CmPrivacyEnable) and to know 4091 current Baseline Privacy parameters in the network. 4093 Objects in docsBpi2CmIpMulticastMapTable and 4094 docsBpi2CmtsMulticastAuthTable 4095 In addition to the vulnerabilities around BPI plus 4096 multicast objects described in a previous apart, the 4097 read-only objects of this table may help attackers to 4098 monitor the status of the intrusion 4100 Objects in docsBpi2CodeDownloadControl 4101 In addition to the vulnerability of the read-write object 4102 docsBpi2CodeCvcUpdate, Attackers may be able to monitor the 4103 status of a denial of service using Secure Software 4104 Download. 4106 SNMP versions prior to SNMPv3 did not include adequate security. 4108 DOCSIS BPI Plus MIB November 2004 4110 Even if the network itself is secure (for example by using IPSec), 4111 even then, there is no control as to who on the secure network is 4112 allowed to access and GET/SET (read/change/create/delete) the 4113 objects in this MIB module. 4115 It is RECOMMENDED that implementers consider the security features 4116 as provided by the SNMPv3 framework (see [RFC3410], section 8), 4117 including full support for the SNMPv3 cryptographic mechanisms 4118 (for authentication and privacy). 4120 Further, deployment of SNMP versions prior to SNMPv3 is NOT 4121 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 4122 enable cryptographic security. It is then a customer/operator 4123 responsibility to ensure that the SNMP entity giving access to an 4124 instance of this MIB module is properly configured to give access 4125 to the objects only to those principals (users) that have 4126 legitimate rights to indeed GET or SET (change/create/delete) 4127 them. 4129 BPI+ Encryption Algorithms: 4130 BPI+ Traffic Encryption Keys TEK (see [1]) uses DES 4131 (Data Encryption Standard) 56 or 40 bits encryption ciphers. 4132 Due DES cryptographic strength weakness, future revisions of BPI+ 4133 specification [1] should introduce advanced encryption algorithms 4134 to overcome the progress in cheaper and faster decryption tools. 4135 Traffic Encryption Keys (TEK) are configured per CM and per BPI+ 4136 multicast group which may reduce the threat of the DES weakness for 4137 the overall system. The time to crack DES could be additionally 4138 mitigated by a compromised value for the TEK lifetime and Grace Time 4139 (up to a minimum of 30 minutes for the TEK lifetime, see 4140 Appendix A [1]). 4141 Not exempt of the same recommendations as above, The CM BPI+ 4142 Authorization protocol uses triple DES encryption, 4143 which offers improved robustness compared to DES for CM 4144 Authorization and TEK re-key management. 4146 8. IANA Considerations 4147 The MIB module in this document uses the following IANA-assigned 4148 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 4150 Descriptor OBJECT IDENTIFIER Value 4151 ---------- ----------------------- 4152 docsBpi2MIB { mib-2 yy } 4154 Editor's Note (to be removed prior to publication): the IANA is 4155 requested to assign a value for yy under the mib-2 subtree and 4156 DOCSIS BPI Plus MIB November 2004 4158 to record the assignment in the SMI Numbers registry. When the 4159 assignment has been made, the RFC Editor is asked to replace yy 4160 (here and in the MIB module) with the assigned value and to remove 4161 this note. 4163 9. Authors' Addresses 4165 Stuart M. Green 4166 ADC Telecommunications, Inc. 4167 Mailstop 1641 4168 8 Technology Drive 4169 Westborough, MA 01581 4170 U.S.A. 4171 Phone: +1 508 870 2554 4172 Email: stuart.green@adc.com 4174 Kaz Ozawa 4175 Cable Modem & Network Dept. 4176 Server & Network Div. 4177 TOSHIBA CORPORATION Digital Media Network Company 4178 1-1, Shibaura 1-Chome, 4179 Minato-ku, Tokyo 105-8001 4180 Japan 4181 Phone: +81-3-3457-2726 4182 Email: Kazuyoshi.Ozawa@toshiba.co.jp 4184 Alexander Katsnelson 4185 Cable Television Laboratories, Inc. 4186 858 Coal Creek Circle 4187 Louisville, CO 80027- 9750 4188 U.S.A. 4189 Phone: +1 303 661 9100 4190 E-mail: a.katsnelson@cablelabs.com 4192 Eduardo Cardona 4193 Cable Television Laboratories, Inc. 4194 858 Coal Creek Circle 4195 Louisville, CO 80027- 9750 4196 U.S.A. 4197 Phone: +1 303 661 9100 4198 E-mail: e.cardona@cablelabs.com 4200 10. Disclaimer of Validity 4202 This document and the information contained herein are provided 4203 on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 4204 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND 4205 DOCSIS BPI Plus MIB November 2004 4207 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, 4208 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT 4209 THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR 4210 ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 4211 PARTICULAR PURPOSE. 4213 11. Intellectual Property 4215 The IETF takes no position regarding the validity or scope of 4216 Any Intellectual Property Rights or other rights that might be 4217 Claimed to pertain to the implementation or use of the technology 4218 described in this document or the extent to which any license 4219 under such rights might or might not be available; nor does it 4220 represent that it has made any independent effort to identify any 4221 such rights. Information on the procedures with respect to rights 4222 in RFC documents can be found in BCP 78 and BCP 79. 4224 Copies of IPR disclosures made to the IETF Secretariat and any 4225 assurances of licenses to be made available, or the result of an 4226 attempt made to obtain a general license or permission for the use 4227 of such proprietary rights by implementers or users of this 4228 specification can be obtained from the IETF on-line IPR repository 4229 at http://www.ietf.org/ipr. 4231 The IETF invites any interested party to bring to its attention 4232 any copyrights, patents or patent applications, or other 4233 proprietary rights that may cover technology that may be required 4234 to implement this standard. Please address the information to the 4235 IETF at ietf-ipr@ietf.org. 4237 12. Copyright Statement 4239 Copyright (C) The Internet Society (2004). This document is 4240 subject to the rights, licenses and restrictions contained in BCP 4241 78, and except as set forth therein, the authors retain all their 4242 rights. 4244 Acknowledgment 4245 Funding for the RFC Editor function is currently provided by the 4246 Internet Society. 4248 -- Note to RFC editor: 4249 -- delete text below between the start delete and stop 4250 -- delete marks when publishing the RFC 4251 DOCSIS BPI Plus MIB November 2004 4253 -- [start delete] 4255 drafts Revision History 4256 REVISION "200409070000Z" 4257 DESCRIPTION 4258 Reverted Counters to Counter32 instead of a mix of Counter32 4259 and ZeroBasedCounter32. 4260 Used generic MIB sentence for row entries with 'permanent' 4261 StorageType objects 4262 Updated text for non-contiguous netmask." 4263 REVISION "200408020000Z" 4264 DESCRIPTION 4265 "Details and explanation of selection of non-contiguous 4266 netmask instead of InetAddressPrefixLength syntax 4267 for docsBpi2CmtsIpMulticastMapTable: sections 2.1.2 and 4268 object docsBpi2CmtsIpMulticastMask 4269 Added section 2.3 'BPI+ MIB module relationship with The 4270 Interfaces Group MIB' to explain the ZeroBasedCounter32 4271 Usage. Updated discontinuity requirements in all counter 4272 objects 4273 Clarifications for the Zero-length OCTET STRING of 4274 docsBpi2CmtsCACertThumbprint, similar to docsBpi2CmtsCACert. 4275 Requirement of no instantiation of 4276 docsBpi2CmtsAuthCmExpiresOld for entries with associated CM 4277 in BPI mode. 4278 Added writable requirements for read-write and read-create 4279 objects within a row entry with StorageType 'permanent' 4280 status 4281 Small updates in objects docsBpi2CmtsIpMulticastMapControl 4282 entries docsBpi2CmtsIpMulticastMapStorageType 4283 REVISION "200407190000Z" 4284 DESCRIPTION 4285 "Comments received from Area Advisor incorporated and other 4286 Updates: 4287 Added persistent requirements for read-create and 4288 read-write objects. 4289 Added object docsBpi2CmtsIpMulticastMapStorageType with 4290 syntax read-only 4291 Correction in descriptions of objects of ZeroBasedCounter32 4292 And added discontinuity statements. 4293 Syntax for docsBpi2CmtsAuthCACertIndexPtr, 4294 docsBpi2CmtsCACertIndex, docsBpi2CmIpMulticastIndex and 4295 docsBpi2CmtsIpMulticastIndex refined as Unsigned32 4296 (1..4294967295). 4297 Clarified the use of Address Mask instead of prefixLength 4298 Deleted object docsBpi2CmtsIpMulticastMaskType, instead use 4299 docsBpi2CmtsIpMulticastAddressType for both 4300 docsBpi2CmtsIpMulticastAddress and 4301 DOCSIS BPI Plus MIB November 2004 4303 docsBpi2CmtsIpMulticastMask. 4304 Corrections and details for RowStatus objects considerations 4305 based on MIB review Guidelines 4306 draft-ietf-ops-mib-review-guidelines-03.txt. 4307 Changed OIDs for docsBpi2Notification and 4308 docsBpi2Conformance. 4309 Better handling of Unicode representation for 4310 Characters. 4311 Added return error message for invalid set of 4312 docsBpi2CmDeviceCmCert. 4313 Added note in security section for usage of DES considered 4314 Weak. 4315 Clarification in description of object 4316 docsBpi2CmtsDefaultSelfSignedManufCertTrust." 4318 REVISION "200310270000Z" 4319 DESCRIPTION 4320 "Added section 2.2 Relationship between BPI+ and BPI MIBs 4321 and added informative references 4322 Aligned Description and Syntax of TC DocsBpkmSAType 4323 Removed obsolete Group docsBpi2CmtsCompliance and its 4324 obsolete objects, OIDs sequence adjustments. 4325 Cleared used References and updated BPI 1.0 refs to SCTE 4326 Added TC DocsSAId and DocsSAIdOrZero 4327 Added Text to Ipv4 compliances 4328 Removed docsBpi2ObsoleteObjectsGroup OBJECT-GROUP and 4329 OBJECTS docsBpi2CmtsAuthCmGraceTime and 4330 docsBpi2CmtsTEKGraceTime" 4332 REVISION "200308010000Z" 4333 DESCRIPTION 4334 "Defined TEXTUAL-CONVENTION for SAType related objects: 4335 docsBpi2CmTEKSAType, docsBpi2CmtsTEKSAType and 4336 docsBpi2CmtsIpMulticastSAType 4337 Refined definition of docsBpi2CmtsAuthCmBpiVersion to 4338 clarify the usage of named-value bpi(0) 4339 Compliances statements for CM and CMTS in separated 4340 Modules and additional syntax corrections 4341 Updated SNMPv3 references 4342 More detail in section 7. Security Considerations for 4343 object or group of objects." 4345 REVISION "200306240000Z" 4346 DESCRIPTION 4347 "Modified security section and updated author's contact 4348 info" 4350 REVISION "200302090000Z" 4351 DESCRIPTION 4352 DOCSIS BPI Plus MIB November 2004 4354 "Removed extraneous CRL references in text and MIB. 4355 Modified encodings for docsBpi2CodeDownloadStatusCode 4356 Modified encodings for docsBpi2CmtsAuthBpkmCmCertValid. 4357 Added a new object docsBpi2CmtsAuthCACertIndexPtr into 4358 the docsBpi2CmtsAuthTable. 4359 Made modifications to object descriptions for 4360 docsBpi2CodeMfgCodeAccessStart 4361 docsBpi2CodeMfgCvcAccessStart 4362 docsBpi2CodeCoSignerCodeAccessStart 4363 docsBpi2CodeCoSignerCvcAccessStart. 4364 Changed several object descriptions in docsBpi2CmTEKTable 4365 and docsBpi2CmtsTEKTable." 4367 REVISION "200211010000Z" 4368 DESCRIPTION 4369 "Added encodings for docsBpi2CodeDownloadStatusCode, 4370 removed CRL object, table, & group, and made minor 4371 modifications to some object descriptions." 4373 REVISION "200111210000Z" 4374 DESCRIPTION 4375 "Added encodings for docsBpi2CmtsAuthBpkmCmCertValid, 4376 added CRL object, table, & group, and made minor 4377 modifications to many object descriptions." 4379 REVISION "200104170000Z" 4380 DESCRIPTION 4381 "Modified CM and CMTS IP Multicast table indexing in 4382 preparation for IPV6. Obsoleted grace time objects 4383 from the CMTS portion of the MIB." 4385 REVISION "200011171930Z" 4386 DESCRIPTION 4387 "Replaced DisplayString type with SnmpAdminString type. 4388 Several object descriptions were also changed." 4390 -- [stop delete]