idnits 2.17.1 draft-ietf-ipcdn-cable-device-mib-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 8 instances of too long lines in the document, the longest one being 4 characters in excess of 72. ** The abstract seems to contain references ([5], [6], [7]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 202 has weird spacing: '...MTS and vario...' == Line 492 has weird spacing: '...cribing acces...' == Line 720 has weird spacing: '...hese is appli...' == Line 1722 has weird spacing: '...matched packe...' == Line 1902 has weird spacing: '...ems and optio...' == (2 more instances...) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 1998) is 9325 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2271 (ref. '1') (Obsoleted by RFC 2571) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Obsolete normative reference: RFC 1902 (ref. '5') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '6') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '7') (Obsoleted by RFC 2580) ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2272 (ref. '11') (Obsoleted by RFC 2572) ** Obsolete normative reference: RFC 2274 (ref. '12') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2273 (ref. '14') (Obsoleted by RFC 2573) ** Obsolete normative reference: RFC 2275 (ref. '15') (Obsoleted by RFC 2575) -- Possible downref: Non-RFC (?) normative reference: ref. '16' ** Downref: Normative reference to an Experimental RFC: RFC 1224 (ref. '17') -- Possible downref: Non-RFC (?) normative reference: ref. '18' -- Possible downref: Non-RFC (?) normative reference: ref. '20' Summary: 24 errors (**), 0 flaws (~~), 7 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT MCNS Cable Device MIB October 1998 3 Cable Device Management Information Base 4 for MCNS compliant Cable Modems and 5 Cable Modem Termination Systems 6 draft-ietf-ipcdn-cable-device-mib-06.txt 8 Tue Oct 20 15:41:51 PDT 1998 10 Guenter Roeck (editor) 11 cisco Systems 12 groeck@cisco.com 14 Status of this Memo 16 This document is an Internet-Draft. Internet-Drafts are working 17 documents of the Internet Engineering Task Force (IETF), its Areas, and 18 its Working Groups. Note that other groups may also distribute working 19 documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference material 24 or to cite them other than as a "work in progress". 26 To view the entire list of current Internet-Drafts, please check the 27 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 28 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), 29 munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or 30 ftp.isi.edu (US West Coast). 32 Copyright (c) The Internet Society 1998. All Rights Reserved. 34 Abstract 36 This memo defines an experimental portion of the Management Information 37 Base (MIB) for use with network management protocols in the Internet 38 community. In particular, it defines a basic set of managed objects for 39 SNMP-based management of MCNS compliant Cable Modems and Cable Modem 40 Termination Systems. 42 This memo specifies a MIB module in a manner that is compliant to the 43 SNMP SMIv2[5][6][7]. The set of objects is consistent with the SNMP 44 framework and existing SNMP standards. 46 This memo is a product of the IPCDN working group within the Internet 47 Engineering Task Force. Comments are solicited and should be addressed 48 to the working group's mailing list at ipcdn@terayon.com and/or the 49 author. 51 Table of Contents 53 1 The SNMP Management Framework ................................... 3 54 2 Glossary ........................................................ 4 55 2.1 CATV .......................................................... 4 56 2.2 CM ............................................................ 4 57 2.3 CMTS .......................................................... 4 58 2.4 DOCSIS ........................................................ 4 59 2.5 Downstream .................................................... 4 60 2.6 Head-end ...................................................... 4 61 2.7 MAC Packet .................................................... 4 62 2.8 MCNS .......................................................... 4 63 2.9 RF ............................................................ 4 64 2.10 Upstream ..................................................... 4 65 3 Overview ........................................................ 5 66 3.1 Structure of the MIB .......................................... 5 67 3.2 Management requirements ....................................... 6 68 3.2.1 Handling of Software upgrades ............................... 6 69 3.2.2 Events and Traps ............................................ 6 70 3.2.3 Trap Throttling ............................................. 7 71 3.2.3.1 Trap rate throttling ...................................... 7 72 3.2.3.2 Limiting the trap rate .................................... 8 73 3.3 Protocol Filters .............................................. 8 74 4 Definitions ..................................................... 9 75 5 Acknowledgments ................................................. 42 76 6 References ...................................................... 42 77 7 Security Considerations ......................................... 44 78 8 Intellectual Property ........................................... 44 79 9 Copyright Section ............................................... 44 80 10 Author's Address ............................................... 45 81 1. The SNMP Management Framework The SNMP Management Framework 82 presently consists of five major components: 84 o An overall architecture, described in RFC 2271 [1]. 86 o Mechanisms for describing and naming objects and events for the 87 purpose of management. The first version of this Structure of 88 Management Information (SMI) is called SMIv1 and described in 89 RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, 90 called SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 91 1904 [7]. 93 o Message protocols for transferring management information. The 94 first version of the SNMP message protocol is called SNMPv1 and 95 described in RFC 1157 [8]. A second version of the SNMP message 96 protocol, which is not an Internet standards track protocol, is 97 called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. 98 The third version of the message protocol is called SNMPv3 and 99 described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12]. 101 o Protocol operations for accessing management information. The 102 first set of protocol operations and associated PDU formats is 103 described in RFC 1157 [8]. A second set of protocol operations 104 and associated PDU formats is described in RFC 1905 [13]. 106 o A set of fundamental applications described in RFC 2273 [14] and 107 the view-based access control mechanism described in RFC 2275 108 [15]. 110 Managed objects are accessed via a virtual information store, termed the 111 Management Information Base or MIB. Objects in the MIB are defined 112 using the mechanisms defined in the SMI. 114 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 115 conforming to the SMIv1 can be produced through the appropriate 116 translations. The resulting translated MIB must be semantically 117 equivalent, except where objects or events are omitted because no 118 translation is possible (use of Counter64). Some machine readable 119 information in SMIv2 will be converted into textual descriptions in 120 SMIv1 during the translation process. However, this loss of machine 121 readable information is not considered to change the semantics of the 122 MIB. 124 2. Glossary 126 The terms in this document are derived either from normal cable system 127 usage, or from the documents associated with the Data Over Cable Service 128 Interface Specification process. 130 2.1. CATV 132 Originally "Community Antenna Television", now used to refer to any 133 cable or hybrid fiber and cable system used to deliver video signals to 134 a community. 136 2.2. CM Cable Modem. A CM acts as a "slave" station in a DOCSIS 137 compliant cable data system. 139 2.3. CMTS Cable Modem Termination System. A generic term covering a 140 cable bridge or cable router in a head-end. A CMTS acts as the master 141 station in a DOCSIS compliant cable data system. It is the only station 142 that transmits downstream, and it controls the scheduling of upstream 143 transmissions by its associated CMs. 145 2.4. DOCSIS 147 "Data Over Cable Interface Specification". A term referring to the 148 ITU-T J.112 Annex B standard for cable modem systems. [20] 150 2.5. Downstream 152 >From the head-end towards the subscriber. 154 2.6. Head-end 156 The origination point in most cable systems of the subscriber video 157 signals. Generally also the location of the CMTS equipment. 159 2.7. MAC Packet 161 A DOCSIS PDU. 163 2.8. MCNS 165 "Multimedia Cable Network System". Generally replaced in usage by 166 DOCSIS. 168 2.9. RF 170 Radio Frequency. 172 2.10. Upstream 174 >From the subscriber towards the head-end. 176 3. Overview 178 This MIB provides a set of objects required for the management of MCNS 179 compliant Cable Modems (CM) and Cable Modem Termination Systems (CMTS). 180 The specification is derived from the MCNS Radio Frequency Interface 181 specification [16]. 183 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 184 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 185 document are to be interpreted as described in [19]. 187 3.1. Structure of the MIB 189 This MIB is structured into seven groups: 191 o The docsDevBase group extends the MIB-II 'system' group with 192 objects needed for cable device system management. 194 o The docsDevNmAccessGroup provides a minimum level of SNMP access 195 security (see Section 3 of [18]). 197 o The docsDevSoftware group provides information for network- 198 downloadable software upgrades. See "Handling of Software 199 Upgrades" below.. 201 o The docsDevServer group provides information about the progress of 202 the interaction between the CM or CMTS and various provisioning 203 servers. 205 o The docsDevEvent group provides control and logging for event 206 reporting. 208 o The docsDevFilter group configures filters at link layer and IP 209 layer for bridged data traffic. This group consists of a link- 210 layer filter table, docsDevFilterLLCTable, which is used to manage 211 the processing and forwarding of non-IP traffic; an IP packet 212 classifier table, docsDevFilterIpTable, which is used to map 213 classes of packets to specific policy actions; a policy table, 214 docsDevFilterPolicyTable, which maps zero or more policy actions 215 onto a specific packet classification, and one or more policy 216 action tables. 218 At this time, this MIB specifies only one policy action table, 219 docsDevFilterTosTable, which allows the manipulation of the type of 220 services bits in an IP packet based on matching some criteria. The 221 working group may add additional policy types and action tables in the 222 future, for example to allow QOS to modem service identifier assignment 223 based on destination. 225 o The docsDevCpe group provides control over which IP addresses may 226 be used by customer premises equipment (e.g. PCs) serviced by a 227 given cable modem. This provides anti-spoofing control at the 228 point of origin for a large cable modem system. This group is 229 seperate from docsDevFilter primarily this group is only 230 implemented on the Cable Modem (CM) and MUST NOT be implemented on 231 the Cable Modem Termination System (CMTS) 233 3.2. Management requirements 235 3.2.1. Handling of Software upgrades 237 The Cable Modem software upgrade process is documented in [16]. From a 238 network management station, the operator: 240 o sets docsDevSwServer to the address of the TFTP server for software 241 upgrades 243 o sets docsDevSwFilename to the file pathname of the software upgrade 244 image 246 o sets docsDevSwAdminStatus to upgrade-from-mgt 248 One reason for the SNMP-initiated upgrade is to allow loading of a 249 temporary software image (e.g., special diagnostic software) that 250 differs from the software normally used on that device without changing 251 the provisioning database. 253 Note that software upgrades should not be accepted blindly by the cable 254 device. The cable device may refuse an upgrade if: 256 o The download is incomplete. 258 o The file contents are incomplete or damaged. 260 o The software is not intended for that hardware device (may include 261 the case of a feature set that has not been purchased for this 262 device). 264 3.2.2. Events and Traps 266 This MIB provides control facilities for reporting events through 267 syslog, traps, and nonvolatile logging. If events are reported through 268 traps, the specified conventions must be followed. Other means of event 269 reporting are outside the scope of this document. 271 The definition and coding of events is vendor-specific. In deference to 272 the network operator who must troubleshoot multi-vendor networks, the 273 circumstances and meaning of each event should be reported as human- 274 readable text. Vendors SHOULD provide time-of-day clocks in CMs to 275 provide useful timestamping of events. 277 For each vendor-specific event that is reportable via TRAP, the vendor 278 must create an enterprise-specific trap definition. Trap definitions 279 MUST include the event reason encoded as DisplayString and should be 280 defined as: 282 trapName NOTIFICATION-TYPE 283 OBJECTS { 284 ifIndex, 285 eventReason, 286 other useful objects 287 } 288 STATUS current 289 DESCRIPTION 290 "trap description" 291 ::= Object Id 293 Note that ifIndex is only included if the event or trap is interface 294 related. 296 The last digit of the trap OID for enterprise-specific traps must match 297 docsDevEvId. For SNMPv1-capable Network Management systems, this is 298 necessary to correlate the event type to the trap type. Many Network 299 Management systems are only capable of trap filtering on an enterprise 300 and single-last-digit basis. 302 3.2.3. Trap Throttling 304 The CM and CMTS MUST provide support for trap message throttling as 305 described below. The network operator can employ message rate 306 throttling or trap limiting by manipulating the appropriate MIB 307 variables. 309 3.2.3.1. Trap rate throttling 311 Network operators may employ either of two rate control methods. In the 312 first method, the device ceases to send traps when the rate exceeds the 313 specified maximum message rate. It resumes sending traps only if 314 reactivated by a network management station request. 316 In the second method, the device resumes sending traps when the rate 317 falls below the specified maximum message rate. 319 The network operator configures the specified maximum message rate by 320 setting the measurement interval (in seconds), and the maximum number of 321 traps to be transmitted within the measurement interval. The operator 322 can query the operational throttling state (to determine whether traps 323 are enabled or blocked by throttling) of the device, as well as query 324 and set the administrative throttling state (to manage the rate control 325 method) of the device. 327 3.2.3.2. Limiting the trap rate 329 Network operators may wish to limit the number of traps sent by a device 330 over a specified time period. The device ceases to send traps when the 331 number of traps exceeds the specified threshold. It resumes sending 332 traps only when the measurement interval has passed. 334 The network operator defines the maximum number of traps he is willing 335 to handle and sets the measurement interval to a large number (in 336 hundredths of a second). For this case, the administrative throttling 337 state is set to stop at threshold which is the maximum number of traps. 339 See "Techniques for Managing Asynchronously Generated Alerts" [17] for 340 further information. 342 3.3. Protocol Filters 344 The Cable Device MIB provides objects for both LLC and IP protocol 345 filters. The LLC protocol filter entries can be used to limit CM 346 forwarding to a restricted set of network-layer protocols (such as IP, 347 IPX, NetBIOS, and Appletalk). The IP protocol filter entries can be 348 used to restrict upstream or downstream traffic based on source and 349 destination IP addresses, transport-layer protocols (such as TCP, UDP, 350 and ICMP), and source and destination TCP/UDP port numbers. 352 4. Definitions 354 DOCS-CABLE-DEVICE-MIB DEFINITIONS ::= BEGIN 356 IMPORTS 357 MODULE-IDENTITY, 358 OBJECT-TYPE, 359 BITS, 360 IpAddress, 361 Unsigned32, 362 Counter32, 363 Integer32, 364 experimental 365 FROM SNMPv2-SMI 366 DisplayString, 367 RowStatus, 368 DateAndTime, 369 TruthValue 370 FROM SNMPv2-TC 371 OBJECT-GROUP, 372 MODULE-COMPLIANCE 373 FROM SNMPv2-CONF 374 InterfaceIndexOrZero 375 FROM IF-MIB; -- RFC2233 377 docsDev MODULE-IDENTITY 378 LAST-UPDATED "9810201554Z" -- Oct 20, 1998 379 ORGANIZATION "IETF IPCDN Working Group" 380 CONTACT-INFO 381 " Guenter Roeck 382 Postal: cisco Systems 383 170 West Tasman Drive 384 San Jose, CA 95134 385 U.S.A. 386 Phone: +1 408 527 3143 387 E-mail: groeck@cisco.com" 388 DESCRIPTION 389 "This is the MIB Module for MCNS-compliant cable modems and 390 cable-modem termination systems." 391 REVISION "9810131935Z" 392 DESCRIPTION 393 "Modified by Mike StJohns to add/revise filtering, TOS 394 support, software version information objects." 395 ::= { experimental 83 } 397 docsDevMIBObjects OBJECT IDENTIFIER ::= { docsDev 1 } 398 docsDevBase OBJECT IDENTIFIER ::= { docsDevMIBObjects 1 } 400 -- 401 -- For the following object, there is no concept in the 402 -- RFI specification corresponding to a backup CMTS. The 403 -- enumeration is provided here in case someone is able 404 -- to define such a role or device. 405 -- 407 docsDevRole OBJECT-TYPE 408 SYNTAX INTEGER { 409 cm(1), 410 cmtsActive(2), 411 cmtsBackup(3) 412 } 413 MAX-ACCESS read-only 414 STATUS current 415 DESCRIPTION 416 "Defines the current role of this device. cm (1) is 417 a Cable Modem, cmtsActive(2) is a Cable Modem Termination 418 System which is controlling the system of cable modems, 419 and cmtsBackup(3) is a CMTS which is currently connected, 420 but not controlling the system (not currently used)." 421 ::= { docsDevBase 1 } 423 docsDevDateTime OBJECT-TYPE 424 SYNTAX DateAndTime 425 MAX-ACCESS read-write 426 STATUS current 427 DESCRIPTION 428 "The date and time, with optional timezone 429 information." 430 ::= { docsDevBase 2 } 432 docsDevResetNow OBJECT-TYPE 433 SYNTAX TruthValue 434 MAX-ACCESS read-write 435 STATUS current 436 DESCRIPTION 437 "Setting this object to true(1) causes the device to reset. 438 Reading this object always returns false(2)." 439 ::= { docsDevBase 3 } 441 docsDevSerialNumber OBJECT-TYPE 442 SYNTAX DisplayString 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION 446 "The manufacturer's serial number for this device." 447 ::= { docsDevBase 4 } 449 docsDevSTPControl OBJECT-TYPE 450 SYNTAX INTEGER { 451 stEnabled(1), 452 noStFilterBpdu(2), 453 noStPassBpdu(3) 454 } 455 MAX-ACCESS read-write 456 STATUS current 457 DESCRIPTION 458 "This object controls operation of the spanning tree 459 protocol (as distinguished from transparent bridging). 460 If set to stEnabled(1) then the spanning tree protocol 461 is enabled, subject to bridging constraints. If 462 noStFilterBpdu(2), then spanning tree is not active, 463 and Bridge PDUs received are discarded. 464 If noStPassBpdu(3) then spanning tree is not active 465 and Bridge PDUs are transparently forwarded. Note that 466 a device need not implement all of these options, 467 but that noStFilterBpdu(2) is required." 468 ::= { docsDevBase 5 } 470 -- 471 -- The following table provides one level of security for access 472 -- to the device by network management stations. 473 -- Note that access is also constrained by the 474 -- community strings and any vendor-specific security. 475 -- 477 docsDevNmAccessTable OBJECT-TYPE 478 SYNTAX SEQUENCE OF DocsDevNmAccessEntry 479 MAX-ACCESS not-accessible 480 STATUS current 481 DESCRIPTION 482 "This table controls access to SNMP objects by network 483 management stations. If the table is empty, access 484 to SNMP objects is unrestricted." 485 ::= { docsDevMIBObjects 2 } 487 docsDevNmAccessEntry OBJECT-TYPE 488 SYNTAX DocsDevNmAccessEntry 489 MAX-ACCESS not-accessible 490 STATUS current 491 DESCRIPTION 492 "An entry describing access to SNMP objects by a 493 particular network management station. An entry in 494 this table is not readable unless the management station 495 has read-write permission (either implicit if the table 496 is empty, or explicit through an entry in this table. 497 Entries are ordered by docsDevNmAccessIndex. The first 498 matching entry (e.g. matching IP address and community 499 string) is used to derive access." 500 INDEX { docsDevNmAccessIndex } 501 ::= { docsDevNmAccessTable 1 } 503 DocsDevNmAccessEntry ::= SEQUENCE { 504 docsDevNmAccessIndex Integer32, 505 docsDevNmAccessIp IpAddress, 506 docsDevNmAccessIpMask IpAddress, 507 docsDevNmAccessCommunity DisplayString, 508 docsDevNmAccessControl INTEGER, 509 docsDevNmAccessInterfaces OCTET STRING, 510 docsDevNmAccessStatus RowStatus 511 } 513 docsDevNmAccessIndex OBJECT-TYPE 514 SYNTAX Integer32 (1..2147483647) 515 MAX-ACCESS not-accessible 516 STATUS current 517 DESCRIPTION 518 "Index used to order the application of access 519 entries." 520 ::= { docsDevNmAccessEntry 1 } 522 docsDevNmAccessIp OBJECT-TYPE 523 SYNTAX IpAddress 524 MAX-ACCESS read-create 525 STATUS current 526 DESCRIPTION 527 "The IP address (or subnet) of the network management 528 station. The address 255.255.255.255 is defined to mean 529 any NMS. If traps are enabled for this entry, then the 530 value must be the address of a specific device." 531 DEFVAL { 'ffffffff'h } 532 ::= { docsDevNmAccessEntry 2 } 534 docsDevNmAccessIpMask OBJECT-TYPE 535 SYNTAX IpAddress 536 MAX-ACCESS read-create 537 STATUS current 538 DESCRIPTION 539 "The IP subnet mask of the network management stations. 540 If traps are enabled for this entry, then the value must 541 be 255.255.255.255." 542 DEFVAL { 'ffffffff'h } 543 ::= { docsDevNmAccessEntry 3 } 545 docsDevNmAccessCommunity OBJECT-TYPE 546 SYNTAX DisplayString 547 MAX-ACCESS read-create 548 STATUS current 549 DESCRIPTION 550 "The community string to be matched for access by this 551 entry. If set to a zero length string then any community string 552 will match. When read, this object SHOULD return a zero 553 length string." 554 DEFVAL { "public" } 555 ::= { docsDevNmAccessEntry 4 } 557 docsDevNmAccessControl OBJECT-TYPE 558 SYNTAX INTEGER { 559 none(1), 560 read(2), 561 readWrite(3), 562 roWithTraps(4), 563 rwWithTraps(5), 564 trapsOnly(6) 565 } 566 MAX-ACCESS read-create 567 STATUS current 568 DESCRIPTION 569 "Specifies the type of access allowed to this NMS. Setting 570 this object to none(1) causes the table entry to be 571 destroyed. Read(2) allows access by 'get' and 'get-next' 572 PDUs. ReadWrite(3) allows access by 'set' as well. 573 RoWithtraps(4), rwWithTraps(5), and trapsOnly(6) 574 control distribution of Trap PDUs transmitted by this 575 device." 576 DEFVAL { read } 577 ::= { docsDevNmAccessEntry 5 } 579 -- The syntax of the following object was copied from RFC1493, 580 -- dot1dStaticAllowedToGoTo. 582 docsDevNmAccessInterfaces OBJECT-TYPE 583 SYNTAX OCTET STRING 584 MAX-ACCESS read-create 585 STATUS current 586 DESCRIPTION 587 "Specifies the set of interfaces from which requests from 588 this NMS will be accepted. 589 Each octet within the value of this object specifies a set 590 of eight interfaces, with the first octet specifying ports 591 1 through 8, the second octet specifying interfaces 9 592 through 16, etc. Within each octet, the most significant 593 bit represents the lowest numbered interface, and the least 594 significant bit represents the highest numbered interface. 595 Thus, each interface is represented by a single bit within 596 the value of this object. If that bit has a value of '1' 597 then that interface is included in the set. 599 Note that entries in this table apply only to link-layer 600 interfaces (e.g., Ethernet and CATV MAC). Upstream and 601 downstream channel interfaces must not be specified." 602 -- DEFVAL is the bitmask corresponding to all interfaces 603 ::= { docsDevNmAccessEntry 6 } 605 docsDevNmAccessStatus OBJECT-TYPE 606 SYNTAX RowStatus 607 MAX-ACCESS read-create 608 STATUS current 609 DESCRIPTION 610 "Controls and reflects the status of rows in this 612 table. Rows in this table may be created by either the 613 create-and-go or create-and-wait paradigms. There is no 614 restriction on changing values in a row of this table while the 615 row is active." 616 ::= { docsDevNmAccessEntry 7 } 618 -- 619 -- Procedures for using the following group are described in section 620 -- 3.2.1 621 -- 623 docsDevSoftware OBJECT IDENTIFIER ::= { docsDevMIBObjects 3 } 625 docsDevSwServer OBJECT-TYPE 626 SYNTAX IpAddress 627 MAX-ACCESS read-write 628 STATUS current 629 DESCRIPTION 630 "The address of the TFTP server used for software upgrades. 631 If the TFTP server is unknown, return 0.0.0.0." 632 ::= { docsDevSoftware 1 } 634 docsDevSwFilename OBJECT-TYPE 635 SYNTAX DisplayString (SIZE (0..64)) 636 MAX-ACCESS read-write 637 STATUS current 638 DESCRIPTION 639 "The file name of the software image to be loaded into this 640 device. Unless set via SNMP, this is the file name 641 specified by the provisioning server that corresponds to 642 the software version that is desired for this device. 643 If unknown, the string '(unknown)' is returned." 644 ::= { docsDevSoftware 2 } 646 docsDevSwAdminStatus OBJECT-TYPE 647 SYNTAX INTEGER { 648 upgradeFromMgt(1), 649 allowProvisioningUpgrade(2), 650 ignoreProvisioningUpgrade(3) 651 } 652 MAX-ACCESS read-write 653 STATUS current 654 DESCRIPTION 655 "If set to upgradeFromMgt(1), the device will initiate a 656 TFTP software image download using docsDevSwFilename. 657 After successfully receiving an image, the device will 658 set its state to ignoreProvisioningUpgrade(3) and reboot. 659 If the download process is interrupted by a reset or 660 power failure, the device will load the previous image 661 and, after re-initialization, continue to attempt loading 662 the image specified in docsDevSwFilename. 664 If set to allowProvisioningUpgrade(2), the device will 665 use the software version information supplied by the 666 provisioning server when next rebooting (this does not 667 cause a reboot). 669 When set to ignoreProvisioningUpgrade(3), the device 670 will disregard software image upgrade information from the 671 provisioning server. 673 Note that reading this object can return upgradeFromMgt(1). 674 This indicates that a software download is currently in 675 progress, and that the device will reboot after 676 successfully receiving an image. 678 At initial startup, this object has the default value of 679 allowProvisioningUpgrade(2)." 680 ::= { docsDevSoftware 3 } 682 docsDevSwOperStatus OBJECT-TYPE 683 SYNTAX INTEGER { 684 inProgress(1), 685 completeFromProvisioning(2), 686 completeFromMgt(3), 687 failed(4), 688 other(5) 689 } 690 MAX-ACCESS read-only 691 STATUS current 692 DESCRIPTION 693 "InProgress(1) indicates that a TFTP download is underway, 694 either as a result of a version mismatch at provisioning 695 or as a result of a upgradeFromMgt request. 696 CompleteFromProvisioning(2) indicates that the last 697 software upgrade was a result of version mismatch at 698 provisioning. CompleteFromMgt(3) indicates that the last 699 software upgrade was a result of setting 700 docsDevSwAdminStatus to upgradeFromMgt. 701 Failed(4) indicates that the last attempted download 702 failed, ordinarily due to TFTP timeout." 703 REFERENCE 704 "DOCSIS Radio Frequency Interface Specification, Section 705 8.2, Downloading Cable Modem Operating Software." 706 ::= { docsDevSoftware 4 } 708 docsDevSwCurrentVers OBJECT-TYPE 709 SYNTAX DisplayString 710 MAX-ACCESS read-only 711 STATUS current 712 DESCRIPTION 713 "The software version currently operating in this device. 714 This object should be in the syntax used by the individual 715 vendor to identify software versions. Any CM MUST return a 716 string descriptive of the current software load. For a 717 CMTS, this object SHOULD contain either a human readable 718 representation of the vendor specific designation of the 719 software for the chassis, or of the software for the 720 control processor. If neither of these is applicable, 721 this MUST contain an empty string." 722 ::= { docsDevSoftware 5 } 724 -- 725 -- The following group describes server access and parameters used for 726 -- initial provisioning and bootstrapping. 727 -- 729 docsDevServer OBJECT IDENTIFIER ::= { docsDevMIBObjects 4 } 731 docsDevServerBootState OBJECT-TYPE 732 SYNTAX INTEGER { 733 operational(1), 734 disabled(2), 735 waitingForDhcpOffer(3), 736 waitingForDhcpResponse(4), 737 waitingForTimeServer(5), 738 waitingForTftp(6), 739 refusedByCmts(7), 740 forwardingDenied(8), 741 other(9), 742 unknown(10) 743 } 744 MAX-ACCESS read-only 745 STATUS current 746 DESCRIPTION 747 "If operational(1), the device has completed loading and 748 processing of configuration parameters and the CMTS has 749 completed the Registration exchange. 750 If disabled(2) then the device was administratively 751 disabled, possibly by being refused network access in the 752 configuration file. 753 If waitingForDhcpOffer(3) then a DHCP Discover has been 754 transmitted and no offer has yet been received. 755 If waitingForDhcpResponse(4) then a DHCP Request has been 756 transmitted and no response has yet been received. 757 If waitingForTimeServer(5) then a Time Request has been 758 transmitted and no response has yet been received. 759 If waitingForTftp(6) then a request to the TFTP parameter 760 server has been made and no response received. 761 If refusedByCmts(7) then the Registration Request/Response 762 exchange with the CMTS failed. 763 If forwardingDenied(8) then the registration process 764 completed, but the network access option in the received 765 configuration file prohibits forwarding. " 766 REFERENCE 767 "DOCSIS Radio Frequency Interface Specification, Figure 768 7-1, CM Initialization Overview." 769 ::= { docsDevServer 1 } 771 docsDevServerDhcp OBJECT-TYPE 772 SYNTAX IpAddress 773 MAX-ACCESS read-only 774 STATUS current 775 DESCRIPTION 776 "The IP address of the DHCP server that assigned an IP 777 address to this device. Returns 0.0.0.0 if DHCP was not 778 used for IP address assignment." 779 ::= { docsDevServer 2 } 781 docsDevServerTime OBJECT-TYPE 782 SYNTAX IpAddress 783 MAX-ACCESS read-only 784 STATUS current 785 DESCRIPTION 786 "The IP address of the Time server (RFC-868). Returns 787 0.0.0.0 if the time server IP address is unknown." 788 ::= { docsDevServer 3 } 790 docsDevServerTftp OBJECT-TYPE 791 SYNTAX IpAddress 792 MAX-ACCESS read-only 793 STATUS current 794 DESCRIPTION 795 "The IP address of the TFTP server responsible for 796 downloading provisioning and configuration parameters 797 to this device. Returns 0.0.0.0 if the TFTP server 798 address is unknown." 799 ::= { docsDevServer 4 } 801 docsDevServerConfigFile OBJECT-TYPE 802 SYNTAX DisplayString 803 MAX-ACCESS read-only 804 STATUS current 805 DESCRIPTION 806 "The name of the device configuration file read from the 807 TFTP server. Returns an empty string if the configuration 808 file name is unknown." 809 ::= { docsDevServer 5 } 811 -- 812 -- Event Reporting 813 -- 815 docsDevEvent OBJECT IDENTIFIER ::= { docsDevMIBObjects 5 } 817 docsDevEvControl OBJECT-TYPE 818 SYNTAX INTEGER { 819 resetLog(1), 820 useDefaultReporting(2) 821 } 822 MAX-ACCESS read-write 823 STATUS current 824 DESCRIPTION 825 "Setting this object to resetLog(1) empties the event log. 826 All data is deleted. Setting it to useDefaultReporting(2) 827 returns all event priorities to their factory-default 828 reporting. Reading this object always returns 829 useDefaultReporting(2)." 830 ::= { docsDevEvent 1 } 832 docsDevEvSyslog OBJECT-TYPE 833 SYNTAX IpAddress 834 MAX-ACCESS read-write 835 STATUS current 836 DESCRIPTION 837 "The IP address of the Syslog server. If 0.0.0.0, syslog 838 transmission is inhibited." 839 ::= { docsDevEvent 2 } 841 docsDevEvThrottleAdminStatus OBJECT-TYPE 842 SYNTAX INTEGER { 843 unconstrained(1), 844 maintainBelowThreshold(2), 845 stopAtThreshold(3), 846 inhibited(4) 847 } 848 MAX-ACCESS read-write 849 STATUS current 850 DESCRIPTION 851 "Controls the transmission of traps and syslog messages 852 with respect to the trap pacing threshold. 853 unconstrained(1) causes traps and syslog messages to be 854 transmitted without regard to the threshold settings. 855 maintainBelowThreshold(2) causes trap transmission and 856 syslog messages to be suppressed if the number of traps 857 would otherwise exceed the threshold. 858 stopAtThreshold(3) causes trap transmission to cease 859 at the threshold, and not resume until directed to do so. 860 inhibited(4) causes all trap transmission and syslog 861 messages to be suppressed. 863 A single event is always treated as a single event for 864 threshold counting. That is, an event causing both a trap 865 and a syslog message is still treated as a single event. 867 Writing to this object resets the thresholding state. 869 At initial startup, this object has a default value of 870 unconstrained(1)." 872 ::= { docsDevEvent 3 } 874 docsDevEvThrottleInhibited OBJECT-TYPE 875 SYNTAX TruthValue 876 MAX-ACCESS read-only 877 STATUS current 878 DESCRIPTION 879 "If true(1), trap and syslog transmission is currently 880 inhibited due to thresholds and/or the current setting of 881 docsDevEvThrottleAdminStatus." 882 ::= { docsDevEvent 4 } 884 docsDevEvThrottleThreshold OBJECT-TYPE 885 SYNTAX Unsigned32 886 MAX-ACCESS read-write 887 STATUS current 888 DESCRIPTION 889 "Number of trap/syslog events per docsDevEvThrottleInterval 890 to be transmitted before throttling. 892 A single event is always treated as a single event for 893 threshold counting. That is, an event causing both a trap 894 and a syslog message is still treated as a single event. 896 At initial startup, this object returns 0." 897 ::= { docsDevEvent 5 } 899 docsDevEvThrottleInterval OBJECT-TYPE 900 SYNTAX Integer32 (1..2147483647) 901 UNITS "seconds" 902 MAX-ACCESS read-write 903 STATUS current 904 DESCRIPTION 905 "The interval over which the trap threshold applies. 906 At initial startup, this object has a value of 1." 907 ::= { docsDevEvent 6 } 909 -- 910 -- The following table controls the reporting of the various classes of 911 -- events. For each event priority, 912 -- a combination of logging and reporting mechanisms may be chosen. The 913 -- mapping of event types 914 -- to priorities is vendor-dependent. Vendors may also choose to allow 915 -- the user to control that mapping 916 -- through proprietary means. 918 docsDevEvControlTable OBJECT-TYPE 919 SYNTAX SEQUENCE OF DocsDevEvControlEntry 920 MAX-ACCESS not-accessible 921 STATUS current 922 DESCRIPTION 923 "Allows control of the reporting of event classes." 925 ::= { docsDevEvent 7 } 927 docsDevEvControlEntry OBJECT-TYPE 928 SYNTAX DocsDevEvControlEntry 929 MAX-ACCESS not-accessible 930 STATUS current 931 DESCRIPTION 932 "Allows configuration of the reporting mechanisms for a 933 particular event priority." 934 INDEX { docsDevEvPriority } 935 ::= { docsDevEvControlTable 1 } 937 DocsDevEvControlEntry ::= SEQUENCE { 938 docsDevEvPriority INTEGER, 939 docsDevEvReporting BITS 940 } 942 docsDevEvPriority OBJECT-TYPE 943 SYNTAX INTEGER { 944 emergency(1), 945 alert(2), 946 critical(3), 947 error(4), 948 warning(5), 949 notice(6), 950 information(7), 951 debug(8) 952 } 953 MAX-ACCESS not-accessible 954 STATUS current 955 DESCRIPTION 956 "The priority level that is controlled by this 957 entry. These are ordered from most (emergency) to least (debug) 958 critical. Each event with a CM or CMTS has a particular 959 priority level associated with it (as defined by the 960 vendor). During normal operation no event more critical than 961 notice(6) should be generated. Events between warning and 962 emergency should be generated at appropriate levels of 963 problems (e.g. emergency when the box is about to 964 crash)." 965 ::= { docsDevEvControlEntry 1 } 967 docsDevEvReporting OBJECT-TYPE 968 SYNTAX BITS { 969 local(0), 970 traps(1), 971 syslog(2) 972 } 973 MAX-ACCESS read-write 974 STATUS current 975 DESCRIPTION 976 "Defines the action to be taken on occurrence of this 977 event class. Implementations may not necessarily support 978 all options for all event classes, but at minimum must 979 allow traps and syslogging to be disabled. If the 980 local(0) bit is set, then log to the internal log, if the 981 traps(1) bit is set, then generate a trap, if the 982 syslog(2) bit is set, then send a syslog message 983 (assuming the syslog address is set)." 984 ::= { docsDevEvControlEntry 2 } 986 docsDevEventTable OBJECT-TYPE 987 SYNTAX SEQUENCE OF DocsDevEventEntry 988 MAX-ACCESS not-accessible 989 STATUS current 990 DESCRIPTION 991 "Contains a log of network and device events that may be 992 of interest in fault isolation and troubleshooting." 993 ::= { docsDevEvent 8 } 995 docsDevEventEntry OBJECT-TYPE 996 SYNTAX DocsDevEventEntry 997 MAX-ACCESS not-accessible 998 STATUS current 999 DESCRIPTION 1000 "Describes a network or device event that may be of 1001 interest in fault isolation and troubleshooting. Multiple 1002 sequential identical events are represented by 1003 incrementing docsDevEvCounts and setting 1004 docsDevEvLastTime to the current time rather than creating 1005 multiple rows. 1006 Entries are created with the first occurrance of an event. 1007 docsDevEvControl can be used to clear the table. 1008 Individual events can not be deleted." 1009 INDEX { docsDevEvIndex } 1010 ::= { docsDevEventTable 1 } 1012 DocsDevEventEntry ::= SEQUENCE { 1013 docsDevEvIndex Integer32, 1014 docsDevEvFirstTime DateAndTime, 1015 docsDevEvLastTime DateAndTime, 1016 docsDevEvCounts Counter32, 1017 docsDevEvLevel INTEGER, 1018 docsDevEvId Unsigned32, 1019 docsDevEvText DisplayString 1020 } 1022 docsDevEvIndex OBJECT-TYPE 1023 SYNTAX Integer32 (1..2147483647) 1024 MAX-ACCESS not-accessible 1025 STATUS current 1026 DESCRIPTION 1027 "Provides relative ordering of the objects in the event 1028 log. This object will always increase except when 1029 (a) the log is reset via docsDevEvControl, 1030 (b) the device reboots and does not implement nonvolatile 1031 storage for this log, or (c) it reaches the value 2^31. 1032 The next entry for all the above cases is 1." 1033 ::= { docsDevEventEntry 1 } 1035 docsDevEvFirstTime OBJECT-TYPE 1036 SYNTAX DateAndTime 1037 MAX-ACCESS read-only 1038 STATUS current 1039 DESCRIPTION 1040 "The time that this entry was created." 1041 ::= { docsDevEventEntry 2 } 1043 docsDevEvLastTime OBJECT-TYPE 1044 SYNTAX DateAndTime 1045 MAX-ACCESS read-only 1046 STATUS current 1047 DESCRIPTION 1048 "If multiple events are reported via the same entry, the 1049 time that the last event for this entry occurred, 1050 otherwise this should have the same value as 1051 docsDevEvFirstTime. " 1052 ::= { docsDevEventEntry 3 } 1054 -- This object was renamed from docsDevEvCount to meet naming 1055 -- requirements for Counter32 1056 docsDevEvCounts OBJECT-TYPE 1057 SYNTAX Counter32 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "The number of consecutive event instances reported by 1062 this entry. This starts at 1 with the creation of this 1063 row and increments by 1 for each subsequent duplicate event." 1064 ::= { docsDevEventEntry 4 } 1066 docsDevEvLevel OBJECT-TYPE 1067 SYNTAX INTEGER { 1068 emergency(1), 1069 alert(2), 1070 critical(3), 1071 error(4), 1072 warning(5), 1073 notice(6), 1074 information(7), 1075 debug(8) 1076 } 1077 MAX-ACCESS read-only 1078 STATUS current 1079 DESCRIPTION 1080 "The priority level of this event as defined by the 1081 vendor. These are ordered from most serious (emergency) 1082 to least serious (debug)." 1083 ::= { docsDevEventEntry 5 } 1085 -- 1086 -- Vendors will provide their own enumerations for the following. 1087 -- The interpretation of the enumeration is unambiguous for a 1088 -- particular value of the vendor's enterprise number in sysObjectID. 1089 -- 1091 docsDevEvId OBJECT-TYPE 1092 SYNTAX Unsigned32 1093 MAX-ACCESS read-only 1094 STATUS current 1095 DESCRIPTION 1096 "For this product, uniquely identifies the type of event 1097 that is reported by this entry." 1098 ::= { docsDevEventEntry 6 } 1100 docsDevEvText OBJECT-TYPE 1101 SYNTAX DisplayString 1102 MAX-ACCESS read-only 1103 STATUS current 1104 DESCRIPTION 1105 "Provides a human-readable description of the event, 1106 including all relevant context (interface numbers, 1107 etc.)." 1108 ::= { docsDevEventEntry 7 } 1110 docsDevFilter OBJECT IDENTIFIER ::= { docsDevMIBObjects 6 } 1112 -- LLC (Link Level Control) filters can be defined on an inclusive or 1113 -- exclusive basis: CMs can be configured to forward only packets 1114 -- matching a set of layer three protocols, or to drop packets 1115 -- matching a set of layer three protocols. Typical use of these 1116 -- filters is to filter out possibly harmful (given the context of a 1117 -- large metropolitan LAN) protocols. 1119 docsDevFilterLLCDefault OBJECT-TYPE 1120 SYNTAX INTEGER { 1121 discard(1), 1122 accept(2) 1123 } 1124 MAX-ACCESS read-write 1125 STATUS current 1126 DESCRIPTION 1127 "If set to discard(1), all packets not matching an LLC 1128 filter will be discarded. If set to accept(2), all 1129 packets not matching an LLC filter will be accepted for 1130 further processing (e.g., bridging). 1131 At initial system startup, this object returns accept(2)." 1133 ::= { docsDevFilter 1 } 1135 docsDevFilterLLCTable OBJECT-TYPE 1136 SYNTAX SEQUENCE OF DocsDevFilterLLCEntry 1137 MAX-ACCESS not-accessible 1138 STATUS current 1139 DESCRIPTION 1140 "A list of filters to apply to (bridged) LLC traffic, which 1141 forwards or drops packets on the basis of the layer two 1142 protocol type." 1143 ::= { docsDevFilter 2 } 1145 docsDevFilterLLCEntry OBJECT-TYPE 1146 SYNTAX DocsDevFilterLLCEntry 1147 MAX-ACCESS not-accessible 1148 STATUS current 1149 DESCRIPTION 1150 "Describes a single filter to apply to (bridged) LLC traffic 1151 received on a specified interface. " 1152 INDEX { docsDevFilterLLCIndex } 1153 ::= { docsDevFilterLLCTable 1 } 1155 DocsDevFilterLLCEntry ::= SEQUENCE { 1156 docsDevFilterLLCIndex Integer32, 1157 docsDevFilterLLCStatus RowStatus, 1158 docsDevFilterLLCIfIndex InterfaceIndexOrZero, 1159 docsDevFilterLLCProtocolType INTEGER, 1160 docsDevFilterLLCProtocol Integer32, 1161 docsDevFilterLLCMatches Counter32 1162 } 1164 docsDevFilterLLCIndex OBJECT-TYPE 1165 SYNTAX Integer32 (1..2147483647) 1166 MAX-ACCESS not-accessible 1167 STATUS current 1168 DESCRIPTION 1169 "Index used for the identification of filters (note that LLC 1170 filter order is irrelevant)." 1171 ::= { docsDevFilterLLCEntry 1 } 1173 docsDevFilterLLCStatus OBJECT-TYPE 1174 SYNTAX RowStatus 1175 MAX-ACCESS read-create 1176 STATUS current 1177 DESCRIPTION 1178 "Controls and reflects the status of rows in this 1179 table. There is no restriction on changing any of the 1180 associated columns for this row while this object is set 1181 to active." 1183 ::= { docsDevFilterLLCEntry 2} 1185 docsDevFilterLLCIfIndex OBJECT-TYPE 1186 SYNTAX InterfaceIndexOrZero 1187 MAX-ACCESS read-create 1188 STATUS current 1189 DESCRIPTION 1190 "The entry interface to which this filter applies. 1191 The value corresponds to ifIndex for either a CATV MAC 1192 or another network interface. If the value is zero, the 1193 filter applies to all interfaces. In Cable Modems, the 1194 default value is the customer side interface. In Cable 1195 Modem Termination Systems, this object has to be 1196 specified to create a row in this table." 1197 ::= { docsDevFilterLLCEntry 3 } 1199 docsDevFilterLLCProtocolType OBJECT-TYPE 1200 SYNTAX INTEGER { 1201 ethertype(1), 1202 dsap(2) 1203 } 1204 MAX-ACCESS read-create 1205 STATUS current 1206 DESCRIPTION 1207 "The format of the value in docsDevFilterLLCProtocol: 1208 either a two-byte Ethernet Ethertype, or a one-byte 1209 802.2 SAP value. EtherType(1) also applies to SNAP- 1210 encapsulated frames." 1211 DEFVAL { ethertype } 1212 ::= { docsDevFilterLLCEntry 4 } 1214 docsDevFilterLLCProtocol OBJECT-TYPE 1215 SYNTAX Integer32 (0..65535) 1216 MAX-ACCESS read-create 1217 STATUS current 1218 DESCRIPTION 1219 "The layer three protocol for which this filter applies. 1220 The protocol value format depends on 1221 docsDevFilterLLCProtocolType. Note that for SNAP frames, 1222 etherType filtering is performed rather than DSAP=0xAA." 1223 DEFVAL { 0 } 1224 ::= { docsDevFilterLLCEntry 5 } 1226 docsDevFilterLLCMatches OBJECT-TYPE 1227 SYNTAX Counter32 1228 MAX-ACCESS read-only 1229 STATUS current 1230 DESCRIPTION 1231 "Counts the number of times this filter was matched." 1232 ::= { docsDevFilterLLCEntry 6 } 1234 -- The default behavior for (bridged) packets that do not match IP 1235 -- filters is defined by 1236 -- docsDevFilterIpDefault. 1238 docsDevFilterIpDefault OBJECT-TYPE 1239 SYNTAX INTEGER { 1240 discard(1), 1241 accept(2) 1242 } 1243 MAX-ACCESS read-write 1244 STATUS current 1245 DESCRIPTION 1246 "If set to discard(1), all packets not matching an IP filter 1247 will be discarded. If set to accept(2), all packets not 1248 matching an IP filter will be accepted for further 1249 processing (e.g., bridging). 1250 At initial system startup, this object returns accept(2)." 1251 ::= { docsDevFilter 3 } 1253 docsDevFilterIpTable OBJECT-TYPE 1254 SYNTAX SEQUENCE OF DocsDevFilterIpEntry 1255 MAX-ACCESS not-accessible 1256 STATUS current 1257 DESCRIPTION 1258 "An ordered list of filters or classifiers to apply to 1259 IP traffic. Filter application is ordered by the filter 1260 index, rather than by a best match algorithm (Note that 1261 this implies that the filter table may have gaps in the 1262 index values). Packets which match no filters will have 1263 policy 0 in the docsDevPolicyTable applied to them if 1264 it exists. Otherwise, Packets which match no filters 1265 are discarded or forwarded according to the setting of 1266 docsDevFilterIpDefault." 1267 ::= { docsDevFilter 4 } 1269 docsDevFilterIpEntry OBJECT-TYPE 1270 SYNTAX DocsDevFilterIpEntry 1271 MAX-ACCESS not-accessible 1272 STATUS current 1273 DESCRIPTION 1274 "Describes a filter to apply to IP traffic received on a 1275 specified interface. Both source and destination addresses 1276 must match for the filter to apply. 1277 To create an entry in this table, docsDevFilterIpIfIndex 1278 must be specified." 1279 INDEX { docsDevFilterIpIndex } 1280 ::= { docsDevFilterIpTable 1 } 1282 DocsDevFilterIpEntry ::= SEQUENCE { 1283 docsDevFilterIpIndex Integer32, 1284 docsDevFilterIpStatus RowStatus, 1285 docsDevFilterIpControl INTEGER, 1286 docsDevFilterIpIfIndex InterfaceIndexOrZero, 1287 docsDevFilterIpDirection INTEGER, 1288 docsDevFilterIpBroadcast TruthValue, 1289 docsDevFilterIpSaddr IpAddress, 1290 docsDevFilterIpSmask IpAddress, 1291 docsDevFilterIpDaddr IpAddress, 1292 docsDevFilterIpDmask IpAddress, 1293 docsDevFilterIpProtocol Integer32, 1294 docsDevFilterIpSourcePortLow Integer32, 1295 docsDevFilterIpSourcePortHigh Integer32, 1296 docsDevFilterIpDestPortLow Integer32, 1297 docsDevFilterIpDestPortHigh Integer32, 1298 docsDevFilterIpMatches Counter32, 1299 docsDevFilterIpTos OCTET STRING, 1300 docsDevFilterIpTosMask OCTET STRING, 1301 docsDevFilterIpContinue TruthValue, 1302 docsDevFilterIpPolicyId Integer32 1303 } 1305 docsDevFilterIpIndex OBJECT-TYPE 1306 SYNTAX Integer32 (1..2147483647) 1307 MAX-ACCESS not-accessible 1308 STATUS current 1309 DESCRIPTION 1310 "Index used to order the application of filters. 1311 The filter with the lowest index is always applied 1312 first." 1313 ::= { docsDevFilterIpEntry 1 } 1315 docsDevFilterIpStatus OBJECT-TYPE 1316 SYNTAX RowStatus 1317 MAX-ACCESS read-create 1318 STATUS current 1319 DESCRIPTION 1320 "Controls and reflects the status of rows in this 1321 table. Specifying only this object (with the appropriate 1322 index) on a CM is sufficient to create a filter row which 1323 matches all inbound packets on the ethernet interface, 1324 and results in the packets being 1325 discarded. docsDevFilterIpIfIndex (at least) must be 1326 specificed on a CMTS to create a row. Creation of the 1327 rows may be done via either create-and-wait or 1328 create-and-go, but the filter is not applied until this 1329 object is set to (or changes to) active. There is no 1330 restriction in changing any object in a row while this 1331 object is set to active." 1332 ::= { docsDevFilterIpEntry 2 } 1334 docsDevFilterIpControl OBJECT-TYPE 1335 SYNTAX INTEGER { 1336 discard(1), 1337 accept(2), 1338 policy(3) 1339 } 1340 MAX-ACCESS read-create 1341 STATUS current 1342 DESCRIPTION 1343 "If set to discard(1), all packets matching this filter 1344 will be discarded and scanning of the remainder of the 1345 filter list will be aborted. If set to accept(2), all 1346 packets matching this filter will be accepted for further 1347 processing (e.g., bridging). If docsDevFilterIpContinue 1348 is set to true, see if there are other matches, otherwise 1349 done. If set to policy (3), execute the policy entries 1350 matched by docsDevIpFilterPolicyId. 1351 If is docsDevFilterIpContinue set to true see if there 1352 are other matches, otherwise done." 1353 DEFVAL { discard } 1354 ::= { docsDevFilterIpEntry 3 } 1356 docsDevFilterIpIfIndex OBJECT-TYPE 1357 SYNTAX InterfaceIndexOrZero 1358 MAX-ACCESS read-create 1359 STATUS current 1360 DESCRIPTION 1361 "The entry interface to which this filter applies. The 1362 value corresponds to ifIndex for either a CATV MAC or 1363 another network interface. If the value is zero, the 1364 filter applies to all interfaces. Default value in Cable 1365 Modems is the index of the customer-side (e.g. ethernet) 1366 interface. In Cable Modem Termination Systems, this 1367 object MUST be specified to create a row in this table." 1368 ::= { docsDevFilterIpEntry 4 } 1370 docsDevFilterIpDirection OBJECT-TYPE 1371 SYNTAX INTEGER { 1372 inbound(1), 1373 outbound(2), 1374 both(3) 1375 } 1376 MAX-ACCESS read-create 1377 STATUS current 1378 DESCRIPTION 1379 "Determines whether the filter is applied to inbound(1) 1380 traffic, outbound(2) traffic, or traffic in both(3) 1381 directions." 1382 DEFVAL { inbound } 1383 ::= { docsDevFilterIpEntry 5 } 1385 docsDevFilterIpBroadcast OBJECT-TYPE 1386 SYNTAX TruthValue 1387 MAX-ACCESS read-create 1388 STATUS current 1389 DESCRIPTION 1390 "If set to true(1), the filter only applies to multicast 1391 and broadcast traffic. If set to false(2), the filter 1392 applies to all traffic." 1393 DEFVAL { false } 1394 ::= { docsDevFilterIpEntry 6 } 1396 docsDevFilterIpSaddr OBJECT-TYPE 1397 SYNTAX IpAddress 1398 MAX-ACCESS read-create 1399 STATUS current 1400 DESCRIPTION 1401 "The source IP address, or portion thereof, that is to be 1402 matched for this filter." 1403 DEFVAL { '00000000'h } 1404 ::= { docsDevFilterIpEntry 7 } 1406 docsDevFilterIpSmask OBJECT-TYPE 1407 SYNTAX IpAddress 1408 MAX-ACCESS read-create 1409 STATUS current 1410 DESCRIPTION 1411 "A bit mask that is to be applied to the source address 1412 prior to matching. This mask is not necessarily the same 1413 as a subnet mask, but 1's bits must be leftmost and 1414 contiguous." 1415 DEFVAL { '00000000'h } 1416 ::= { docsDevFilterIpEntry 8 } 1418 docsDevFilterIpDaddr OBJECT-TYPE 1419 SYNTAX IpAddress 1420 MAX-ACCESS read-create 1421 STATUS current 1422 DESCRIPTION 1423 "The destination IP address, or portion thereof, that is 1424 to be matched for this filter " 1425 DEFVAL { '00000000'h } 1426 ::= { docsDevFilterIpEntry 9 } 1428 docsDevFilterIpDmask OBJECT-TYPE 1429 SYNTAX IpAddress 1430 MAX-ACCESS read-create 1431 STATUS current 1432 DESCRIPTION 1433 "A bit mask that is to be applied to the destination 1434 address prior to matching. This mask is not necessarily 1435 the same as a subnet mask, but 1's bits must be leftmost 1436 and contiguous." 1437 DEFVAL { '00000000'h } 1438 ::= { docsDevFilterIpEntry 10 } 1440 docsDevFilterIpProtocol OBJECT-TYPE 1441 SYNTAX Integer32 (0..256) 1442 MAX-ACCESS read-create 1443 STATUS current 1444 DESCRIPTION 1445 "The IP protocol value that is to be matched. For example: 1447 icmp is 1, tcp is 6, udp is 17. A value of 256 matches 1448 ANY protocol." 1449 DEFVAL { 256 } 1450 ::= { docsDevFilterIpEntry 11 } 1452 docsDevFilterIpSourcePortLow OBJECT-TYPE 1453 SYNTAX Integer32 (0..65535) 1454 MAX-ACCESS read-create 1455 STATUS current 1456 DESCRIPTION 1457 "If docsDevFilterIpProtocol is udp or tcp, this is the 1458 inclusive lower bound of the transport-layer source port 1459 range that is to be matched." 1460 DEFVAL { 0 } 1461 ::= { docsDevFilterIpEntry 12 } 1463 docsDevFilterIpSourcePortHigh OBJECT-TYPE 1464 SYNTAX Integer32 (0..65535) 1465 MAX-ACCESS read-create 1466 STATUS current 1467 DESCRIPTION 1468 "If docsDevFilterIpProtocol is udp or tcp, this is the 1469 inclusive upper bound of the transport-layer source port 1470 range that is to be matched." 1471 DEFVAL { 65535 } 1472 ::= { docsDevFilterIpEntry 13 } 1474 docsDevFilterIpDestPortLow OBJECT-TYPE 1475 SYNTAX Integer32 (0..65535) 1476 MAX-ACCESS read-create 1477 STATUS current 1478 DESCRIPTION 1479 "If docsDevFilterIpProtocol is udp or tcp, this is the 1480 inclusive lower bound of the transport-layer destination 1481 port range that is to be matched." 1482 DEFVAL { 0 } 1483 ::= { docsDevFilterIpEntry 14 } 1485 docsDevFilterIpDestPortHigh OBJECT-TYPE 1486 SYNTAX Integer32 (0..65535) 1487 MAX-ACCESS read-create 1488 STATUS current 1489 DESCRIPTION 1490 "If docsDevFilterIpProtocol is udp or tcp, this is the 1491 inclusive upper bound of the transport-layer destination 1492 port range that is to be matched." 1493 DEFVAL { 65535 } 1494 ::= { docsDevFilterIpEntry 15 } 1496 docsDevFilterIpMatches OBJECT-TYPE 1497 SYNTAX Counter32 1498 MAX-ACCESS read-only 1499 STATUS current 1500 DESCRIPTION 1501 "Counts the number of times this filter was matched. 1502 This object is initialized to 0 at boot, or at row 1503 creation, and is reset only upon reboot." 1504 ::= { docsDevFilterIpEntry 16 } 1506 docsDevFilterIpTos OBJECT-TYPE 1507 SYNTAX OCTET STRING ( SIZE (1)) 1508 MAX-ACCESS read-create 1509 STATUS current 1510 DESCRIPTION 1511 "This is the value to be matched to the packet's 1512 TOS (Type of Service) value (after the TOS value 1513 is AND'd with docsDevFilterIpTosMask)." 1514 DEFVAL { '00'h } 1515 ::= { docsDevFilterIpEntry 17 } 1517 docsDevFilterIpTosMask OBJECT-TYPE 1518 SYNTAX OCTET STRING ( SIZE (1) ) 1519 MAX-ACCESS read-create 1520 STATUS current 1521 DESCRIPTION 1522 "The mask to be applied to the packet's TOS value before 1523 matching." 1524 DEFVAL { '00'h } 1525 ::= { docsDevFilterIpEntry 18 } 1527 docsDevFilterIpContinue OBJECT-TYPE 1528 SYNTAX TruthValue 1529 MAX-ACCESS read-create 1530 STATUS current 1531 DESCRIPTION 1532 "If this value is set to true, and docsDevFilterIpControl 1533 is anything but discard (1), continue scanning and 1534 applying policies." 1535 DEFVAL { false } 1536 ::= { docsDevFilterIpEntry 19 } 1538 docsDevFilterIpPolicyId OBJECT-TYPE 1539 SYNTAX Integer32 (0..2147483647) 1540 MAX-ACCESS read-create 1541 STATUS current 1542 DESCRIPTION 1543 "This object points to an entry in docsDevFilterPolicyTable. 1544 If docsDevFilterIpControl is set to policy (3), execute 1545 all matching policies in docsDevFilterPolicyTable. 1546 If no matching policy exists, treat as if 1547 docsDevFilterIpControl were set to accept (1). 1548 If this object is set to the value of 0, there is no 1549 matching policy, and docsDevFilterPolicyTable MUST NOT be 1550 consulted." 1552 DEFVAL { 0 } 1553 ::= { docsDevFilterIpEntry 20 } 1555 -- 1556 -- docsDevFilterPolicyTable exists to allow multiple policy actions 1557 -- to be applied to any given classified packet. The policy actions 1558 -- are applied in index order For example: 1559 -- 1560 -- Index ID Type Action 1561 -- 1 1 TOS 1 1562 -- 12 1 IPSEC 3 1563 -- 9 5 TOS 1 1565 -- This says that a packet which matches a filter with policy id 1, 1566 -- first has TOS policy 1 applied (which might set the TOS bits to 1567 -- enable a higher priority), and next has the IPSEC policy 3 applied 1568 -- (which may result in the packet being dumped into a secure VPN to a 1569 -- remote encryptor). 1570 -- 1572 docsDevFilterPolicyTable OBJECT-TYPE 1573 SYNTAX SEQUENCE OF DocsDevFilterPolicyEntry 1574 MAX-ACCESS not-accessible 1575 STATUS current 1576 DESCRIPTION 1577 "A Table which maps between a policy ID and a set of 1578 policies to be applied." 1579 ::= { docsDevFilter 5 } 1581 docsDevFilterPolicyEntry OBJECT-TYPE 1582 SYNTAX DocsDevFilterPolicyEntry 1583 MAX-ACCESS not-accessible 1584 STATUS current 1585 DESCRIPTION 1586 "An entry in the docsDevFilterPolicyTable. Entries are 1587 created by Network Management. To create an entry, 1588 docsDevFilterPolicyId and docsDevFilterPolicyAction 1589 must be specified." 1590 INDEX { docsDevFilterPolicyIndex } 1591 ::= { docsDevFilterPolicyTable 1 } 1593 DocsDevFilterPolicyEntry ::= SEQUENCE { 1594 docsDevFilterPolicyIndex Integer32, 1595 docsDevFilterPolicyId Integer32, 1596 docsDevFilterPolicyType INTEGER, 1597 docsDevFilterPolicyAction Integer32, 1598 docsDevFilterPolicyStatus RowStatus 1599 } 1601 docsDevFilterPolicyIndex OBJECT-TYPE 1602 SYNTAX Integer32 (1..2147483647) 1603 MAX-ACCESS not-accessible 1604 STATUS current 1605 DESCRIPTION "Index value for the table." 1606 ::= { docsDevFilterPolicyEntry 1 } 1608 docsDevFilterPolicyId OBJECT-TYPE 1609 SYNTAX Integer32 (0..2147483647) 1610 MAX-ACCESS read-create 1611 STATUS current 1612 DESCRIPTION 1613 "Policy ID for this entry. A policy ID can apply to 1614 multiple rows of this table, all relevant policies are 1615 executed. Policy 0 (if populated) is applied to all 1616 packets which do not match any of the filters. N.B. If 1617 docsDevFilterIpPolicyId is set to 0, it DOES NOT match 1618 policy 0 of this table. " 1619 ::= { docsDevFilterPolicyEntry 2 } 1621 docsDevFilterPolicyType OBJECT-TYPE 1622 SYNTAX INTEGER { 1623 other(1), 1624 tos (2) 1625 } 1626 MAX-ACCESS read-create 1627 STATUS current 1628 DESCRIPTION 1629 "The policy type to execute. For tos(1), look at the 1630 docsDevFilterTosTable table. 1631 This version of the Cable Device MIB only defines 1632 a policy type of tos(2). Other policy types will 1633 require further study. A policy type of other(1) 1634 indicates a vendor specific extension. An attempt to set 1635 this value to other(1) where a vendor extension does not 1636 exist will result on a returned error of badValue." 1637 DEFVAL { tos } 1638 ::= { docsDevFilterPolicyEntry 3 } 1640 docsDevFilterPolicyAction OBJECT-TYPE 1641 SYNTAX Integer32 (1..2147483647) 1642 MAX-ACCESS read-create 1643 STATUS current 1644 DESCRIPTION 1645 "Index into the table identified by 1646 docsDevFilterPolicyType. For a policy type of tos(2), 1647 this is an index into docsDevFilterTosTable. For a policy 1648 type of other(1), this is a pointer into a vendor 1649 specified table." 1650 ::= { docsDevFilterPolicyEntry 4 } 1652 docsDevFilterPolicyStatus OBJECT-TYPE 1653 SYNTAX RowStatus 1654 MAX-ACCESS read-create 1655 STATUS current 1656 DESCRIPTION 1657 "Object used to create an entry in this table." 1658 ::= { docsDevFilterPolicyEntry 5 } 1660 -- This table deserves a bit of explanation. If a packet makes it 1661 -- through the classifier and ends up in this table, do: 1662 -- Set the tosBits of the packet to 1663 -- (tosBits && docsDevFilterTosAndMask) || docsDevFilterTosOrMask 1664 -- 1665 -- This construct allows you to do a clear and set of all the bits in 1666 -- a flexible manner. 1668 docsDevFilterTosTable OBJECT-TYPE 1669 SYNTAX SEQUENCE OF DocsDevFilterTosEntry 1670 MAX-ACCESS not-accessible 1671 STATUS current 1672 DESCRIPTION 1673 "Table used to describe Type of Service (TOS) bits 1674 processing." 1675 ::= { docsDevFilter 6 } 1677 docsDevFilterTosEntry OBJECT-TYPE 1678 SYNTAX DocsDevFilterTosEntry 1679 MAX-ACCESS not-accessible 1680 STATUS current 1681 DESCRIPTION 1682 "A TOS policy entry." 1683 INDEX { docsDevFilterTosIndex } 1684 ::= { docsDevFilterTosTable 1 } 1686 DocsDevFilterTosEntry ::= SEQUENCE { 1687 docsDevFilterTosIndex Integer32, 1688 docsDevFilterTosStatus RowStatus, 1689 docsDevFilterTosAndMask OCTET STRING (SIZE (1)), 1690 docsDevFilterTosOrMask OCTET STRING (SIZE (1)) 1691 } 1693 docsDevFilterTosIndex OBJECT-TYPE 1694 SYNTAX Integer32 (1..2147483647) 1695 MAX-ACCESS not-accessible 1696 STATUS current 1697 DESCRIPTION 1698 "The unique index for this row. There are no ordering 1699 requirements for this table and any valid index may be 1700 specified." 1701 ::= { docsDevFilterTosEntry 1 } 1703 docsDevFilterTosStatus OBJECT-TYPE 1704 SYNTAX RowStatus 1705 MAX-ACCESS read-create 1706 STATUS current 1707 DESCRIPTION 1708 "The object used to create and delete entries in this 1709 table. A row created by specifying just this object 1710 results in a row which specifies no change to the TOS 1711 bits. A row may be created using either the create-and-go 1712 or create-and-wait paradigms. There is no restriction on 1713 the ability to change values in this row while the row is 1714 active." 1715 ::= { docsDevFilterTosEntry 2 } 1717 docsDevFilterTosAndMask OBJECT-TYPE 1718 SYNTAX OCTET STRING (SIZE (1)) 1719 MAX-ACCESS read-create 1720 STATUS current 1721 DESCRIPTION 1722 "This value is AND'd with the matched packet's TOS bits." 1723 DEFVAL { 'ff'h } 1724 ::= { docsDevFilterTosEntry 3 } 1726 docsDevFilterTosOrMask OBJECT-TYPE 1727 SYNTAX OCTET STRING (SIZE (1)) 1728 MAX-ACCESS read-create 1729 STATUS current 1730 DESCRIPTION 1731 "After AND'ing with the above bits, the packet's TOS bits 1732 are OR'd with these bits." 1733 DEFVAL { '00'h } 1734 ::= { docsDevFilterTosEntry 4 } 1736 -- 1737 -- CPE IP Management and anti spoofing group. Only implemented on 1738 -- Cable Modems. 1739 -- 1741 docsDevCpe OBJECT IDENTIFIER ::= { docsDevMIBObjects 7} 1743 docsDevCpeEnroll OBJECT-TYPE 1744 SYNTAX INTEGER { 1745 none(1), 1746 any(2) 1747 } 1748 MAX-ACCESS read-write 1749 STATUS current 1750 DESCRIPTION 1751 "This object controls the population of docsDevFilterCpeTable. 1752 If set to none, the filters must be set manually. 1753 If set to any, the CM wiretaps the packets originating 1754 from the ethernet and enrolls up to docsDevFilterMaxCpe 1755 addresses based on the source IP addresses of those 1756 packets. At initial system startup, default value for this 1757 object is any(2)." 1758 ::= { docsDevCpe 1 } 1760 docsDevCpeMax OBJECT-TYPE 1761 SYNTAX Integer32 (-1..2147483647) 1762 MAX-ACCESS read-write 1763 STATUS current 1764 DESCRIPTION 1765 "This object controls the maximum number of CPEs allowed to 1766 connect behind this device. If set to zero, any number of 1767 CPEs may connect up to the maximum permitted for the device. 1768 If set to -1, no filtering is done on CPE source addresses, 1769 and no entries are made in the docsDevFilterCpeTable. If an 1770 attempt is made to set this to a number greater than that 1771 permitted for the device, it is set to that maximum. 1772 At iniitial system startup, default value for this object 1773 is 1." 1774 ::= { docsDevCpe 2 } 1776 -- docsDevFilterDhcpGrace was deleted 1778 docsDevCpeTable OBJECT-TYPE 1779 SYNTAX SEQUENCE OF DocsDevCpeEntry 1780 MAX-ACCESS not-accessible 1781 STATUS current 1782 DESCRIPTION 1783 "This table list the IP addresses seen as source addresses 1784 in packets originating from the customer interface on 1785 this device. In addition, this table can be provisioned 1786 with the specific addresses permitted for the CPEs via 1787 the normal row creation mechanisms." 1788 ::= { docsDevCpe 3 } 1790 docsDevCpeEntry OBJECT-TYPE 1791 SYNTAX DocsDevCpeEntry 1792 MAX-ACCESS not-accessible 1793 STATUS current 1794 DESCRIPTION 1795 "An entry in the docsDevFilterCpeTable. There is one entry 1796 for each CPE seen or provisioned. If docsDevFilterMaxCpe 1797 is set to -1, this table is ignored, otherwise: Upon receipt 1798 of a packet from the customer interface of the CM, the 1799 source address is checked against this table. If the 1800 address is in the table, packet processing continues. 1801 If the address is not in the table, but docsDevCpeEnroll 1802 is set to any and the table size is less than 1803 docsDevFilterMaxCpe, the address is added to the table and 1804 packet processing continues. Otherwise, the packet is 1805 dropped." 1806 INDEX { docsDevCpeIp } 1807 ::= {docsDevCpeTable 1 } 1809 DocsDevCpeEntry ::= SEQUENCE { 1810 docsDevCpeIp IpAddress, 1811 docsDevCpeSource INTEGER, 1812 docsDevCpeStatus RowStatus 1813 } 1815 docsDevCpeIp OBJECT-TYPE 1816 SYNTAX IpAddress 1817 MAX-ACCESS not-accessible 1818 STATUS current 1819 DESCRIPTION 1820 "The IP address to which this entry applies." 1821 ::= { docsDevCpeEntry 1 } 1823 docsDevCpeSource OBJECT-TYPE 1824 SYNTAX INTEGER { 1825 other(1), 1826 manual(2), 1827 learned(3) 1828 } 1829 MAX-ACCESS read-only 1830 STATUS current 1831 DESCRIPTION 1832 "This object describes how this entry was created. If the 1833 value is manual(2), this row was created by a network 1834 management action (either configuration, or SNMP set). 1835 If set to learned(3), then it was found via 1836 looking at the source IP addresses." 1837 -- DEFVAL { set } 1838 ::= { docsDevCpeEntry 2 } 1840 -- docsDevFilterCpeExpires was deleted. 1842 docsDevCpeStatus OBJECT-TYPE 1843 SYNTAX RowStatus 1844 MAX-ACCESS read-create 1845 STATUS current 1846 DESCRIPTION 1847 "Standard object to manipulate rows. To create a row in this 1848 table, you only need to specify this object. Management 1849 stations SHOULD use the create-and-go mechanism for 1850 creating rows in this table." 1851 ::= { docsDevCpeEntry 3 } 1853 -- 1854 -- Placeholder for notifications/traps. 1855 -- 1856 docsDevNotification OBJECT IDENTIFIER ::= { docsDev 2 } 1858 -- 1859 -- Conformance definitions 1860 -- 1861 docsDevConformance OBJECT IDENTIFIER ::= { docsDev 3 } 1862 docsDevGroups OBJECT IDENTIFIER ::= { docsDevConformance 1 } 1863 docsDevCompliances OBJECT IDENTIFIER ::= { docsDevConformance 2 } 1865 docsDevBasicCompliance MODULE-COMPLIANCE 1866 STATUS current 1867 DESCRIPTION 1868 "The compliance statement for MCNS Cable Modems and 1869 Cable Modem Termination Systems." 1871 MODULE -- docsDev 1873 -- conditionally mandatory groups 1875 GROUP docsDevBaseGroup 1876 DESCRIPTION 1877 "Mandatory in Cable Modems, optional in Cable Modem 1878 Termination Systems." 1880 GROUP docsDevEventGroup 1881 DESCRIPTION 1882 "Mandatory in Cable Modems, optional in Cable Modem 1883 Termination Systems." 1885 GROUP docsDevFilterGroup 1886 DESCRIPTION 1887 "Mandatory in Cable Modems, optional in Cable Modem 1888 Termination Systems." 1890 GROUP docsDevNmAccessGroup 1891 DESCRIPTION 1892 "This group is Mandatory in Cable Modems and is optional 1893 in Cable Modem Termination Systems." 1895 GROUP docsDevServerGroup 1896 DESCRIPTION 1897 "This group is implemented only in Cable Modems and is 1898 not implemented in Cable Modem Termination Systems." 1900 GROUP docsDevSoftwareGroup 1901 DESCRIPTION 1902 "This group is Mandatory in Cable Modems and optional in 1903 Cable Modem Termination Systems." 1905 GROUP docsDevCpeGroup 1906 DESCRIPTION 1907 "This group is Mandatory in Cable Modems, and is 1908 not implemented in Cable Modem Termination Systems. A 1909 similar capability for CMTS devices may be proposed later 1910 after study." 1912 OBJECT docsDevSTPControl 1913 MIN-ACCESS read-only 1914 DESCRIPTION 1915 "It is compliant to implement this object as read-only. 1916 Devices need only support noStFilterBpdu(2)." 1918 OBJECT docsDevEvReporting 1919 MIN-ACCESS read-only 1920 DESCRIPTION 1921 "It is compliant to implement this object as read-only. 1922 Devices need only support local(0)." 1924 ::= { docsDevCompliances 1 } 1926 docsDevBaseGroup OBJECT-GROUP 1927 OBJECTS { 1928 docsDevRole, 1929 docsDevDateTime, 1930 docsDevResetNow, 1931 docsDevSerialNumber, 1932 docsDevSTPControl 1933 } 1934 STATUS current 1935 DESCRIPTION 1936 "A collection of objects providing device status and 1937 control." 1938 ::= { docsDevGroups 1 } 1940 docsDevNmAccessGroup OBJECT-GROUP 1941 OBJECTS { 1942 docsDevNmAccessIp, 1943 docsDevNmAccessIpMask, 1944 docsDevNmAccessCommunity, 1945 docsDevNmAccessControl, 1946 docsDevNmAccessInterfaces, 1947 docsDevNmAccessStatus 1948 } 1949 STATUS current 1950 DESCRIPTION 1951 "A collection of objects for controlling access to SNMP 1952 objects." 1953 ::= { docsDevGroups 2 } 1955 docsDevSoftwareGroup OBJECT-GROUP 1956 OBJECTS { 1957 docsDevSwServer, 1958 docsDevSwFilename, 1959 docsDevSwAdminStatus, 1960 docsDevSwOperStatus, 1961 docsDevSwCurrentVers 1962 } 1963 STATUS current 1964 DESCRIPTION 1965 "A collection of objects for controlling software 1966 downloads." 1967 ::= { docsDevGroups 3 } 1969 docsDevServerGroup OBJECT-GROUP 1970 OBJECTS { 1971 docsDevServerBootState, 1972 docsDevServerDhcp, 1973 docsDevServerTime, 1974 docsDevServerTftp, 1975 docsDevServerConfigFile 1976 } 1977 STATUS current 1978 DESCRIPTION 1979 "A collection of objects providing status about server 1980 provisioning." 1981 ::= { docsDevGroups 4 } 1983 docsDevEventGroup OBJECT-GROUP 1984 OBJECTS { 1985 docsDevEvControl, 1986 docsDevEvSyslog, 1987 docsDevEvThrottleAdminStatus, 1988 docsDevEvThrottleInhibited, 1989 docsDevEvThrottleThreshold, 1990 docsDevEvThrottleInterval, 1991 docsDevEvReporting, 1992 docsDevEvFirstTime, 1993 docsDevEvLastTime, 1994 docsDevEvCounts, 1995 docsDevEvLevel, 1996 docsDevEvId, 1997 docsDevEvText 1998 } 1999 STATUS current 2000 DESCRIPTION 2001 "A collection of objects used to control and monitor 2002 events." 2003 ::= { docsDevGroups 5 } 2005 docsDevFilterGroup OBJECT-GROUP 2006 OBJECTS { 2007 docsDevFilterLLCDefault, 2008 docsDevFilterIpDefault, 2009 docsDevFilterLLCStatus, 2010 docsDevFilterLLCIfIndex, 2011 docsDevFilterLLCProtocolType, 2012 docsDevFilterLLCProtocol, 2013 docsDevFilterLLCMatches, 2014 docsDevFilterIpControl, 2015 docsDevFilterIpIfIndex, 2016 docsDevFilterIpStatus, 2017 docsDevFilterIpDirection, 2018 docsDevFilterIpBroadcast, 2019 docsDevFilterIpSaddr, 2020 docsDevFilterIpSmask, 2021 docsDevFilterIpDaddr, 2022 docsDevFilterIpDmask, 2023 docsDevFilterIpProtocol, 2024 docsDevFilterIpSourcePortLow, 2025 docsDevFilterIpSourcePortHigh, 2026 docsDevFilterIpDestPortLow, 2027 docsDevFilterIpDestPortHigh, 2028 docsDevFilterIpMatches, 2029 docsDevFilterIpTos, 2030 docsDevFilterIpTosMask, 2031 docsDevFilterIpContinue, 2032 docsDevFilterIpPolicyId, 2033 docsDevFilterPolicyId, 2034 docsDevFilterPolicyType, 2035 docsDevFilterPolicyAction, 2036 docsDevFilterPolicyStatus, 2037 docsDevFilterTosStatus, 2038 docsDevFilterTosAndMask, 2039 docsDevFilterTosOrMask 2040 -- docsDevFilterCpeEnroll, 2041 -- docsDevFilterMaxCpe, 2042 -- docsDevFilterDhcpGrace, 2043 -- docsDevFilterCpeSource, 2044 -- docsDevFilterCpeExpires, 2045 -- docsDevFilterCpeStatus 2046 } 2047 STATUS current 2048 DESCRIPTION 2049 "A collection of objects to specify filters at link layer 2050 and IP layer." 2051 ::= { docsDevGroups 6 } 2053 docsDevCpeGroup OBJECT-GROUP 2054 OBJECTS { 2055 docsDevCpeEnroll, 2056 docsDevCpeMax, 2057 docsDevCpeSource, 2058 docsDevCpeStatus 2059 } 2060 STATUS current 2061 DESCRIPTION 2062 "A collection of objects used to control the number 2063 and specific values of IP addresses allowed for 2064 associated Customer Premises Equipment (CPE)." 2065 ::= { docsDevGroups 7 } 2067 END 2068 5. Acknowledgments 2070 This document was produced by the IPCDN Working Group. It is based on a 2071 document written by Pam Anderson from CableLabs, Wilson Sawyer from 2072 BayNetworks, and Rich Woundy from Continental Cablevision. 2074 Special thanks is also due to Azlina Palmer, who helped a lot reviewing 2075 the document. 2077 6. References 2079 [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 2080 Describing SNMP Management Frameworks", RFC 2271, Cabletron 2081 Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, 2082 January 1998 2084 [2] Rose, M., and K. McCloghrie, "Structure and Identification of 2085 Management Information for TCP/IP-based Internets", RFC 1155, 2086 Performance Systems International, Hughes LAN Systems, May 1990 2088 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, 2089 Performance Systems International, Hughes LAN Systems, March 1991 2091 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", 2092 RFC 1215, Performance Systems International, March 1991 2094 [5] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure 2095 of Management Information for Version 2 of the Simple Network 2096 Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco 2097 Systems, Inc., Dover Beach Consulting, Inc., International Network 2098 Services, January 1996. 2100 [6] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual 2101 Conventions for Version 2 of the Simple Network Management Protocol 2102 (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., 2103 Dover Beach Consulting, Inc., International Network Services, 2104 January 1996. 2106 [7] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance 2107 Statements for Version 2 of the Simple Network Management Protocol 2108 (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc., 2109 Dover Beach Consulting, Inc., International Network Services, 2110 January 1996. 2112 [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 2113 Management Protocol", RFC 1157, SNMP Research, Performance Systems 2114 International, Performance Systems International, MIT Laboratory 2115 for Computer Science, May 1990. 2117 [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 2118 "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, 2119 Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 2120 International Network Services, January 1996. 2122 [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 2123 Mappings for Version 2 of the Simple Network Management Protocol 2124 (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., 2125 Dover Beach Consulting, Inc., International Network Services, 2126 January 1996. 2128 [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 2129 Processing and Dispatching for the Simple Network Management 2130 Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, 2131 Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. 2133 [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for 2134 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2135 2274, IBM T. J. Watson Research, January 1998. 2137 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 2138 Operations for Version 2 of the Simple Network Management Protocol 2139 (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., 2140 Dover Beach Consulting, Inc., International Network Services, 2141 January 1996. 2143 [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2144 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco 2145 Systems, January 1998 2147 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 2148 Control Model (VACM) for the Simple Network Management Protocol 2149 (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., 2150 Cisco Systems, Inc., January 1998 2152 [16] " Data-Over-Cable Service Interface Specifications: Cable Modem 2153 Radio Frequency Interface Specification SP-RFI-I04-980724", DOCSIS, 2154 July 1998, http://www.cablemodem.com/public/pubtechspec/SP-RFI- 2155 I04-980724.pdf. 2157 [17] L. Steinberg, "Techniques for Managing Asynchronously Generated 2158 Alerts", RFC 1224, May 1991. 2160 [18] "Data-Over-Cable Service Interface Specifications: Operations 2161 Support System Interface Specification RF Interface SP-OSSI-RF- 2162 I02-980410", DOCSIS, April 1998, 2163 http://www.cablemodem.com/public/pubtechspec/ossi/sp-ossi.PDF. 2165 [19] Bradner, S., "Key words for use in RFCs to Indicate Requirement 2166 Levels", RFC2119, Harvard University, March 1997 2168 [20] "Data-Over-Cable Service Interface Specifications: Baseline Privacy 2169 Interface Specification SP-BPI-I01-970922", DOCSIS, September 1977, 2170 http://www.cablemodem.com/public/pubtechspec/ss/SP-BPI-I01- 2171 970922.pdf 2173 7. Security Considerations 2175 This MIB relates to a system which will provide metropolitan public 2176 internet access. As such, improper manipulation of the objects 2177 represented by this MIB may result in denial of service to a large 2178 number of end-users. In addition, manipulation of the 2179 docsDevNmAccessTable, docsDevFilterLLCTable, docsDevFilterIpTable and 2180 the elements of the docsDevCpe group may allow an end-user to increase 2181 their service levels, spoof their IP addresses, change the permitted 2182 management stations, or affect other end-users in either a positive or 2183 negative manner. 2185 The use of docsDevNmAccessTable to specify management stations is 2186 considered to be only limited protection and does not protect against 2187 attacks which spoof the management station's IP address. The use of 2188 stronger mechanisms such as SNMPv3 security should be considered where 2189 possible. 2191 This MIB does not affect confidentiality of services on a cable modem 2192 system. [20] specifies the implementation of the DOCSIS Baseline 2193 privacy mechanism. The working group expects to issue a MIB for the 2194 management of this mechanism at a later time. 2196 8. Intellectual Property 2198 The IETF takes no position regarding the validity or scope of any 2199 intellectual property or other rights that might be claimed to pertain 2200 to the implementation or use of the technology described in this 2201 document or the extent to which any license under such rights might or 2202 might not be available; neither does it represent that it has made any 2203 effort to identify any such rights. Information on the IETF's 2204 procedures with respect to rights in standards-track and standards- 2205 related documentation can be found in BCP-11. Copies of claims of 2206 rights made available for publication and any assurances of licenses to 2207 be made available, or the result of an attempt made to obtain a general 2208 license or permission for the use of such proprietary rights by 2209 implementors or users of this specification can be obtained from the 2210 IETF Secretariat. 2212 The IETF invites any interested party to bring to its attention any 2213 copyrights, patents or patent applications, or other proprietary rights 2214 which may cover technology that may be required to practice this 2215 standard. Please address the information to the IETF Executive 2216 Director. 2218 9. Copyright Section 2220 Copyright (C) The Internet Society 1998. All Rights Reserved. 2222 This document and translations of it may be copied and furnished to 2223 others, and derivative works that comment on or otherwise explain it or 2224 assist in its implmentation may be prepared, copied, published and 2225 distributed, in whole or in part, without restriction of any kind, 2226 provided that the above copyright notice and this paragraph are included 2227 on all such copies and derivative works. However, this document itself 2228 may not be modified in any way, such as by removing the copyright notice 2229 or references to the Internet Society or other Internet organizations, 2230 except as needed for the purpose of developing Internet standards in 2231 which case the procedures for copyrights defined in the Internet 2232 Standards process must be followed, or as required to translate it into 2233 languages other than English. 2235 The limited permissions granted above are perpetual and will not be 2236 revoked by the Internet Society or its successors or assigns. 2238 This document and the information contained herein is provided on an "AS 2239 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 2240 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 2241 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 2242 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 2243 FITNESS FOR A PARTICULAR PURPOSE. 2245 10. Author's Address 2247 Guenter Roeck 2248 cisco Systems 2249 170 West Tasman Drive 2250 San Jose, CA 95134 2251 U.S.A. 2253 Phone: +1 408 527 3143 2254 Email: groeck@cisco.com