view Side-By-Side changes
IPCDN
Network Working Group S. Green
Document: draft-ietf-ipcdn-bpiplus-mib-15 ADC Telecommunications,
Inc
Kaz
Request for Comments: 4131 Consultant
Category: Standards Track K. Ozawa
Toshiba
A. Katsnelson
CableLabs
E. Cardona Cardona, Ed.
CableLabs (Editor)
Expires: June 2004 November 2004
A. Katsnelson
September 2005
Management Information Base for DOCSIS
Data Over Cable Service Interface Specification (DOCSIS) Cable Modems
and Cable Modem Termination Systems for Baseline Privacy Plus
Status of this This Memo
By submitting this Internet-Draft, we certify that any applicable
patent or other IPR claims of which we are aware have been
disclosed, or will be disclosed, and any of which we become aware
will be disclosed, in accordance with RFC 3668.
Internet-Drafts are working documents of
This document specifies an Internet standards track protocol for the
Internet Engineering
Task Force (IETF), its areas, community, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid requests discussion and suggestions for a maximum
improvements. Please refer to the current edition of six
months the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
The list status of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list this protocol. Distribution of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it defines a set of managed objects for SNMP Simple Network
Management Protocol (SNMP) based management of the Baseline Privacy
Plus features of DOCSIS 1.1 and DOCSIS 2.0 (Data-over-Cable Service
Interface Specification) compliant Cable Modems and Cable Modem
Termination
Green/Ozawa/Katsnelson/Cardona Expires - June 2005 [Page 1]
DOCSIS BPI Plus MIB November 2004 Systems.
Note to RFC Editor (Remove this paragraph prior to publication)
This memo is a product of the IPCDN working group within the
Internet Engineering Task Force. Comments are solicited and
should be Addressed to the working group's mailing list at
ipcdn@ietf.org and/or the authors.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in BCP 14,
RFC 2119 [RFC2119].
Table of Contents
1. The Internet-Standard Management Framework......................2 Framework..................... 2
2. Overview........................................................3
2.1 Overview....................................................... 2
2.1. Structure of the MIB........................................3
2.2 MIB...................................... 3
2.2. Relationship of BPI+ and BPI MIB Modules....................5
2.3 Modules.................. 4
2.3. BPI+ MIB module relationship Module Relationship with The Interfaces Group MIB..5 MIB 5
3. Definitions.....................................................6 Definitions.................................................... 5
4. Acknowledgments................................................77 Acknowledgements............................................... 77
5. Normative References...........................................77 References........................................... 77
6. Informative References.........................................79 References......................................... 78
7. Security Considerations........................................79 Considerations........................................ 79
8. IANA Considerations............................................83
9. Authors' Addresses.............................................84
10. Disclaimer of Validity........................................84
11. Intellectual Property.........................................85
12. Copyright Statement...........................................85 Considerations............................................ 83
Green, et al. Standards Track [Page 1]
RFC 4131 DOCSIS BPI Plus MIB September 2005
1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 2]
DOCSIS BPI Plus MIB November 2004 RFC 2580
[RFC2580].
2. Overview
This MIB module (BPI+ MIB) provides a set of objects required for the
management of the Baseline Privacy Interface Plus features of DOCSIS
1.1 and DOCSIS 2.0 Cable Modem (CM) and Cable Modem Termination
System (CMTS). The specification is derived from the operational
model described in the DOCSIS Baseline Privacy Interface Plus
Specification [1]. [DOCSIS].
DOCSIS Baseline Privacy Plus is composed of four distinct functional
and manageable areas:
o Key Exchange exchange and Data Encryption data encryption
o Cable Modem Authentication
o modem authentication
o Multicast Encryption encryption
o Authentication of Downloaded Software Images downloaded software images
This MIB module is an extension of the DOCSIS 1.0 Baseline Privacy
MIB module [RFC3083] (BPI MIB), which is derived from the Operational
model described in the DOCSIS Baseline Privacy Interface
Specification [2]. [DOCSIS-1.0]. The original Baseline Privacy MIB
structure has been mostly been preserved in the Baseline Privacy Plus MIB.
Please note that the referenced DOCSIS specifications only require
that Cable Modems to process IPv4 customer traffic. Design choices in
this MIB module reflect those requirements. Future versions of the
DOCSIS specifications are expected to require support for IPv6 as
well.
2.1
Green, et al. Standards Track [Page 2]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in BCP 14, RFC
2119 [RFC2119].
2.1. Structure of the MIB
This MIB module is structured into several tables and objects: objects.
2.1.1. Cable Modem
o The docsBpi2CmBaseTable contains authorization key exchange
information for one CM MAC interface.
o The docsBpi2CmTEKTable contains traffic key exchange and data
encryption information for a particular security association ID of
the cable modem.
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 3]
DOCSIS BPI Plus MIB November 2004
o Multicast Encryption information is maintained under
Docsbpi2CmMulticastObjects. There is currently one multicast
table object which that manages IP multicast encryption,
docsBpi2CmIpMulticastMapTable.
o Digital certificates used for cable modem authentication are
accessible via docsBpi2CmDeviceCertTable.
o Cryptographic suite capabilities for a CM MAC are maintained in
the docsBpi2CmCryptoSuiteTable.
2.1.2. Cable Modem Termination System
o The docsBpi2CmtsBaseTable contains default settings and summary
counters for the cable modem termination system.
o The DocsBpi2CmtsAuthTable contains Authorization Key Exchange
information for each CM MAC interface, as well as data from CM
certificates used in cable modem authentication.
o The docsBpi2CmtsTEKTable contains traffic key exchange and data
encryption information for a particular security association ID.
o Multicast Encryption information is maintained under
Docsbpi2CmtsMulticastObjects. There are currently two multicast
table objects. The Table docsBpi2CmtsIpMulticastMapTable is
Green, et al. Standards Track [Page 3]
RFC 4131 DOCSIS BPI Plus MIB September 2005
specifically designed for IP multicast encryption, whereas
docsBpi2CmtsMulticastAuthTable is meant to manage all multicast
security associations.
In particular, the table docsBpi2CmtsIpMulticastMapTable
defines the object docsBpi2CmtsIpMulticastMask docsBpi2CmtsIpMulticastMask, which could be
a non-contiguous netmask; this is why the object syntax is
based on the INET-ADDRESS-MIB MIB Module [RFC3291] [RFC4001] Textual
Convention InetAddress instead of InetAddressPrefixLength.
This is to facilitate the assignment of same DOCSIS Security
Association ID (SAID) to one or more IPv6 multicast group
ID(s) IDs
matching one or more IPv6 multicast scope types within an entry
in this table. For example, multicast scopes labeled
"unassigned" [RFC3513] may be allocated by administrators to a
particular SAID SAID, regardless of their multicast scope; such
mapping transient multicast group 'Y' to SAID 'z' for ANY
multicast scope. The non-contiguous netmask will be FF10:Y, see
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 4]
DOCSIS BPI Plus MIB November 2004 FF10:Y.
See [RFC3513] for details on IPv6 multicast addressing.
o DocsBpi2CmtsCertObjects contains 2 manageable tables: one for
provisioned cable modem certificates and one for certification
authority certificates.
2.1.3. Common
o The docsBpi2CodeDownloadControl objects manage the authenticated
software download process for a given device.
2.2
2.2. Relationship of BPI+ and BPI MIB Modules
This section describes the relationship between the BPI+ MIB module
defined in this document and the BPI MIB module defined in RFC 3083
[RFC3083]. The BPI+ protocol interface is an enhancement to the BPI
protocol
protocol, and it is a distinct protocol from BPI. The associated
BPI+ managed objects should be considered separate from the BPI MIB
objects defined in RFC 3083.
DOCSIS 1.1 and 2.0 systems implement both the BPI+ and BPI protocols
to be backward compatible with 1.0 systems. For more information
regarding the interoperability between BPI and BPI+ compliant
systems, refer to appendix C of the DOCSIS BPI+ specification
[1] and for
[DOCSIS]. For MIB modules requirements, refers refer to section 4.6.1,
Figure 9 9, of the DOCSIS 1.1 OSSI specification [3] [DOCSIS-1.1] and to
section 7.6.1, Table 7-9 Tables 7-9, of the DOCSIS 2.0 OSSI specification [4].
2.3
[DOCSIS-2.0].
Green, et al. Standards Track [Page 4]
RFC 4131 DOCSIS BPI Plus MIB September 2005
2.3. BPI+ MIB module relationship Module Relationship with The the Interfaces Group MIB
The BPI+ MIB module is the management framework of Baseline Privacy
Plus Interface Specification [1], [DOCSIS], which provides the MAC layer
(Media Access Control) security Services services of DOCSIS through the
Baseline Privacy Key Management (BPKM) protocol. The BPI+ MIB module
objects are organized as extensions of the Radio Frequency (RF)
Interface Management [RFC2670].
The MIB table structures of this MIB Module are extensions of the
DOCSIS CATV (Community Antenna Television) MAC layer interface
(DocsCableMaclayer by [IANA]). In particular particular, the provisions of the
Interface Group MIB[RFC2863] MIB [RFC2863] for counters counter discontinuities and system
re-initialization apply to CM and CMTS to validate the difference
between two consecutive counters counter polls.
All BPI+ MIB module counters are 32 bits and are based on the minimum
time to wrap-up wrap up considerations of [RFC2863] and their possible
frequency
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 5]
DOCSIS BPI Plus MIB November 2004 occurrence as BPI+ FSM (Finite State Machine) event
counters. see
[1] See [DOCSIS] for BPI+ FSM parameter guidelines.
3. Definitions
DOCS-IETF-BPI2-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Integer32,
Unsigned32,
Counter32,
mib-2
FROM SNMPv2-SMI -- [RFC2578]
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- [RFC3411]
TEXTUAL-CONVENTION,
MacAddress,
RowStatus,
TruthValue,
DateAndTime,
StorageType
FROM SNMPv2-TC -- [RFC2579]
OBJECT-GROUP,
MODULE-COMPLIANCE
FROM SNMPv2-CONF -- [RFC2580]
ifIndex
FROM IF-MIB -- [RFC2863]
InetAddressType,
InetAddress
Green, et al. Standards Track [Page 5]
RFC 4131 DOCSIS BPI Plus MIB September 2005
FROM INET-ADDRESS-MIB; -- [RFC3291] [RFC4001]
docsBpi2MIB MODULE-IDENTITY
LAST-UPDATED "200409071700Z" "200507200000Z" -- September 7th, 2004 July 20, 2005
ORGANIZATION "IETF IP over Cable Data Network (IPCDN)
Working Group"
CONTACT-INFO "---------------------------------------
Stuart M. Green
Postal:
ADC Telecommunications, Inc.
Mailstop 1641
8 Technology Drive
Westborough, MA 01581
U.S.A.
Tel: +1 508 870 2554
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 6]
DOCSIS BPI Plus MIB November 2004
E-mail: stuart.green@adc.com rubbersoul3@yahoo.com
---------------------------------------
Kaz Ozawa
Cable Modem & Network Dept.
Server & Network Div.
Automotive Systems Development Center
TOSHIBA CORPORATION
Digital Media Network Company
1-1, Shibaura 1-Chome
Minato-ku, Tokyo 105-8001
Japan
Phone: +81-3-3457-2726
FAX: +81-3-5444-9359
Email: +81-3-3457-8569
Fax: +81-3-5444-9325
E-mail: Kazuyoshi.Ozawa@toshiba.co.jp
---------------------------------------
Alexander Katsnelson
Postal:
Cable Television Laboratories, Inc.
858 Coal Creek Circle
Louisville, CO 80027- 9750
U.S.A.
Tel: +1 303 661 9100
Fax: +1 303 661 9199 +1-303-680-3924
E-mail: a.katsnelson@cablelabs.com katsnelson6@peoplepc.com
---------------------------------------
Eduardo Cardona
Postal:
Cable Television Laboratories, Inc.
858 Coal Creek Circle
Louisville, CO 80027- 9750
U.S.A.
Tel: +1 303 661 9100
Fax: +1 303 661 9199
E-mail: e.cardona@cablelabs.com
---------------------------------------
IETF IPCDN Working Group
General Discussion: ipcdn@ietf.org
Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn.
Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn.
Co-chairs: Richard Woundy, rwoundy@cisco.com
Jean-Francois Mule, jfm@cablelabs.com"
DESCRIPTION
"This is the MIB module for the DOCSIS Baseline
Privacy Plus Interface (BPI+) at cable modems (CMs)
and cable modem termination systems (CMTSs).
Copyright (C) The Internet Society (2004). (2005). This
Green, et al. Standards Track [Page 6]
RFC 4131 DOCSIS BPI Plus MIB September 2005
version of this MIB module is part of RFC XXXX; 4131; see
the RFC itself for full legal notices."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 7]
DOCSIS BPI Plus MIB November 2004
REVISION "200409071700Z" "200507200000Z" -- July 20, 2005
DESCRIPTION
"Initial version of the IETF BPI+ MIB module.
This version published as RFC XXXX."
-- Note to RFC editor:
-- RFC editor to assign yy
-- Delete this note 4131."
::= { mib-2 yy 126 }
-- yy to be assigned by IANA
-- Textual conventions
DocsX509ASN1DEREncodedCertificate ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An X509 digital certificate encoded as an ASN.1 DER
object."
SYNTAX OCTET STRING (SIZE (0..4096))
DocsSAId ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"Security Association identifier (SAId)" (SAID)."
REFERENCE
" DOCSIS
"DOCSIS Baseline Privacy Plus Interface
specification, Section 2.1.3 2.1.3, BPI+ Security
Associations"
SYNTAX Integer32 (1..16383)
DocsSAIdOrZero ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"Security Association identifier (SAId). (SAID). The value
zero indicates that the SAId SAID is yet to be determined" determined."
REFERENCE
" DOCSIS
"DOCSIS Baseline Privacy Plus Interface
specification, Section 2.1.3 2.1.3, BPI+ Security
Associations"
SYNTAX Unsigned32 (0 | 1..16383)
DocsBpkmSAType ::= TEXTUAL-CONVENTION
STATUS current
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 8]
DOCSIS BPI Plus MIB November 2004
DESCRIPTION
"The type of security association (SA).
The values of the named-numbers are associated
with the BPKM SA-Type attributes:
'primary' corresponds to code '1', 'static' to code '2' '2',
Green, et al. Standards Track [Page 7]
RFC 4131 DOCSIS BPI Plus MIB September 2005
and 'dynamic' to code '3'.
The 'none' value must only be used if the SA type has yet
to be determined."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface
specification, Section 4.2.2.24"
SYNTAX INTEGER {
none(0),
primary(1),
static(2),
dynamic(3)
}
DocsBpkmDataEncryptAlg ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The list of data encryption algorithms defined for
the DOCSIS interface in the BPKM cryptographic-suite
parameter. The Value value 'none' is indicates that the SAID
being referenced has no data encryption."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
SYNTAX INTEGER {
none(0),
des56CbcMode(1),
des40CbcMode(2),
t3Des128CbcMode(3),
aes128CbcMode(4),
aes256CbcMode(5)
}
DocsBpkmDataAuthentAlg ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The list of data integrity algorithms defined for the
DOCSIS interface in the BPKM cryptographic-suite parameter.
The value 'none' indicates that no data integrity is used for
the SAID being referenced."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
SYNTAX INTEGER {
none(0),
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 9]
DOCSIS BPI Plus MIB November 2004
hmacSha196(1)
}
docsBpi2MIBObjects OBJECT IDENTIFIER ::= { docsBpi2MIB 1 }
Green, et al. Standards Track [Page 8]
RFC 4131 DOCSIS BPI Plus MIB September 2005
-- Cable Modem Group
docsBpi2CmObjects OBJECT IDENTIFIER ::= { docsBpi2MIBObjects 1 }
--
-- The BPI+ base and authorization table for CMs,
-- indexed by ifIndex
--
docsBpi2CmBaseTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmBaseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the basic and authorization authorization-
related Baseline Privacy Plus attributes of each CM MAC
interface."
::= { docsBpi2CmObjects 1 }
docsBpi2CmBaseEntry OBJECT-TYPE
SYNTAX DocsBpi2CmBaseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing attributes of
one CM MAC interface. An entry in this table exists for
each ifEntry with an ifType of docsCableMaclayer(127)."
INDEX { ifIndex }
::= { docsBpi2CmBaseTable 1 }
DocsBpi2CmBaseEntry ::= SEQUENCE {
docsBpi2CmPrivacyEnable TruthValue,
docsBpi2CmPublicKey OCTET STRING,
docsBpi2CmAuthState INTEGER,
docsBpi2CmAuthKeySequenceNumber Integer32,
docsBpi2CmAuthExpiresOld DateAndTime,
docsBpi2CmAuthExpiresNew DateAndTime,
docsBpi2CmAuthReset TruthValue,
docsBpi2CmAuthGraceTime Integer32,
docsBpi2CmTEKGraceTime Integer32,
docsBpi2CmAuthWaitTimeout Integer32,
docsBpi2CmReauthWaitTimeout Integer32,
docsBpi2CmOpWaitTimeout Integer32,
docsBpi2CmRekeyWaitTimeout Integer32,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 10]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmAuthRejectWaitTimeout Integer32,
docsBpi2CmSAMapWaitTimeout Integer32,
docsBpi2CmSAMapMaxRetries Integer32,
docsBpi2CmAuthentInfos Counter32,
Green, et al. Standards Track [Page 9]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmAuthRequests Counter32,
docsBpi2CmAuthReplies Counter32,
docsBpi2CmAuthRejects Counter32,
docsBpi2CmAuthInvalids Counter32,
docsBpi2CmAuthRejectErrorCode INTEGER,
docsBpi2CmAuthRejectErrorString SnmpAdminString,
docsBpi2CmAuthInvalidErrorCode INTEGER,
docsBpi2CmAuthInvalidErrorString SnmpAdminString
}
docsBpi2CmPrivacyEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object identifies whether this CM is
provisioned to run Baseline Privacy Plus."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1."
::= { docsBpi2CmBaseEntry 1 }
docsBpi2CmPublicKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..524))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is a DER-encoded
RSAPublicKey ASN.1 type string, as defined in the RSA
Encryption Standard (PKCS #1), corresponding to the
public key of the CM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.4."
::= { docsBpi2CmBaseEntry 2 }
docsBpi2CmAuthState OBJECT-TYPE
SYNTAX INTEGER {
start(1),
authWait(2),
authorized(3),
reauthWait(4),
authRejectWait(5),
silent(6)
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 11]
DOCSIS BPI Plus MIB November 2004
}
MAX-ACCESS read-only
STATUS current
Green, et al. Standards Track [Page 10]
RFC 4131 DOCSIS BPI Plus MIB September 2005
DESCRIPTION
"The value of this object is the state of the CM
authorization FSM. The start state indicates that FSM is
in its initial state."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.1.2.1."
::= { docsBpi2CmBaseEntry 3 }
docsBpi2CmAuthKeySequenceNumber OBJECT-TYPE
SYNTAX Integer32 (0..15)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the most recent
authorization key sequence number for this FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.2 and 4.2.2.10."
::= { docsBpi2CmBaseEntry 4 }
docsBpi2CmAuthExpiresOld OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock time for
expiration of the immediate predecessor of the most recent
authorization key for this FSM. If this FSM has only one
authorization key, then the value is the time of activation
of this FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.2 and 4.2.2.9."
::= { docsBpi2CmBaseEntry 5 }
docsBpi2CmAuthExpiresNew OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock time for
expiration of the most recent authorization key for this
FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 12]
DOCSIS BPI Plus MIB November 2004
Sections 4.2.1.2 and 4.2.2.9."
::= { docsBpi2CmBaseEntry 6 }
Green, et al. Standards Track [Page 11]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmAuthReset OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to 'true' generates a Reauthorize
event in the authorization FSM. Reading this object always
returns FALSE.
This object is for testing purposes only only, and therefore it
does
is not require required to be associated with a last reset
object."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.1.2.3.4."
::= { docsBpi2CmBaseEntry 7 }
docsBpi2CmAuthGraceTime OBJECT-TYPE
SYNTAX Integer32 (1..6047999)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the grace time for an
authorization key in seconds. A CM is expected to start
trying to get a new authorization key beginning
AuthGraceTime seconds before the most recent authorization
key actually expires."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.3."
::= { docsBpi2CmBaseEntry 8 }
docsBpi2CmTEKGraceTime OBJECT-TYPE
SYNTAX Integer32 (1..302399)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the grace time for
the TEK in seconds. The CM is expected to start trying to
acquire a new TEK beginning TEK GraceTime seconds before
the expiration of the most recent TEK."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.6."
::= { docsBpi2CmBaseEntry 9 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 13] 12]
RFC 4131 DOCSIS BPI Plus MIB November 2004 September 2005
docsBpi2CmAuthWaitTimeout OBJECT-TYPE
SYNTAX Integer32 (1..30)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Authorize Wait
Timeout in second." seconds."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.1."
::= { docsBpi2CmBaseEntry 10 }
docsBpi2CmReauthWaitTimeout OBJECT-TYPE
SYNTAX Integer32 (1..30)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Reauthorize Wait
Timeout in seconds."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.2."
::= { docsBpi2CmBaseEntry 11 }
docsBpi2CmOpWaitTimeout OBJECT-TYPE
SYNTAX Integer32 (1..10)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Operational Wait
Timeout in seconds."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.4."
::= { docsBpi2CmBaseEntry 12 }
docsBpi2CmRekeyWaitTimeout OBJECT-TYPE
SYNTAX Integer32 (1..10)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Rekey Wait Timeout
in seconds."
REFERENCE
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 14] 13]
RFC 4131 DOCSIS BPI Plus MIB November 2004 September 2005
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.5."
::= { docsBpi2CmBaseEntry 13 }
docsBpi2CmAuthRejectWaitTimeout OBJECT-TYPE
SYNTAX Integer32 (1..600)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Authorization Reject
Wait Timeout in seconds."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.7."
::= { docsBpi2CmBaseEntry 14 }
docsBpi2CmSAMapWaitTimeout OBJECT-TYPE
SYNTAX Integer32 (1..10)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the retransmission
interval, in seconds, of SA Map Requests from the MAP Wait
state."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.8."
::= { docsBpi2CmBaseEntry 15 }
docsBpi2CmSAMapMaxRetries OBJECT-TYPE
SYNTAX Integer32 (0..10)
UNITS "count"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the maximum number of
Map Request retries allowed."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.1.1.1.9."
::= { docsBpi2CmBaseEntry 16 }
docsBpi2CmAuthentInfos OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 15] 14]
RFC 4131 DOCSIS BPI Plus MIB November 2004 September 2005
DESCRIPTION
"The value of this object is the count number of times
the CM has transmitted an Authentication Information
message. Discontinuities in the value of this counter can
occur at re-initialization of the management system, and at
other times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.9."
::= { docsBpi2CmBaseEntry 17 }
docsBpi2CmAuthRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the CM
has transmitted an Authorization Request message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.1."
::= { docsBpi2CmBaseEntry 18 }
docsBpi2CmAuthReplies OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the CM
has received an Authorization Reply message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.2."
::= { docsBpi2CmBaseEntry 19 }
docsBpi2CmAuthRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 16] 15]
RFC 4131 DOCSIS BPI Plus MIB November 2004 September 2005
DESCRIPTION
"The value of this object is the count number of times the CM
has received an Authorization Reject message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.3."
::= { docsBpi2CmBaseEntry 20 }
docsBpi2CmAuthInvalids OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count of times the CM
has received an Authorization Invalid message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.7."
::= { docsBpi2CmBaseEntry 21 }
docsBpi2CmAuthRejectErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
unauthorizedCm(3),
unauthorizedSaid(4),
permanentAuthorizationFailure(8),
timeOfDayNotAcquired(11)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent
Authorization Reject message received by the CM. This has
the value unknown(2) if the last Error-Code value was 0, 0 and
none(1) if no Authorization Reject message has been received
since reboot."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green, et al. Standards Track [Page 16]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Sections 4.2.1.3 and 4.2.2.15."
::= { docsBpi2CmBaseEntry 22 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 17]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmAuthRejectErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in the
most recent Authorization Reject message received by the
CM. This is a zero length string if no Authorization
Reject message has been received since reboot."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.3 and 4.2.2.6."
::= { docsBpi2CmBaseEntry 23 }
docsBpi2CmAuthInvalidErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
unauthorizedCm(3),
unsolicited(5),
invalidKeySequence(6),
keyRequestAuthenticationFailure(7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent
Authorization Invalid message received by the CM. This has
the value unknown(2) if the last Error-Code value was 0, 0 and
none(1) if no Authorization Invalid message has been received
since reboot."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.7 and 4.2.2.15."
::= { docsBpi2CmBaseEntry 24 }
docsBpi2CmAuthInvalidErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in the
most recent Authorization Invalid message received by the
CM. This is a zero length string if no Authorization
Green, et al. Standards Track [Page 17]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Invalid message has been received since reboot."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 18]
DOCSIS BPI Plus MIB November 2004
Sections 4.2.1.7 and 4.2.2.6."
::= { docsBpi2CmBaseEntry 25 }
--
-- The CM TEK Table, indexed by ifIndex and SAID
--
docsBpi2CmTEKTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmTEKEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the attributes of each CM
Traffic Encryption Key (TEK) association. The CM maintains
(no more than) one TEK association per SAID per CM MAC
interface."
::= { docsBpi2CmObjects 2 }
docsBpi2CmTEKEntry OBJECT-TYPE
SYNTAX DocsBpi2CmTEKEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing the TEK
association attributes of one SAID. The CM MUST create one
entry per SAID, regardless of whether the SAID was obtained
from a Registration Response message, from an Authorization
Reply message, or from any dynamic SAID establishment
mechanisms."
INDEX { ifIndex, docsBpi2CmTEKSAId }
::= { docsBpi2CmTEKTable 1 }
DocsBpi2CmTEKEntry ::= SEQUENCE {
docsBpi2CmTEKSAId DocsSAId,
docsBpi2CmTEKSAType DocsBpkmSAType,
docsBpi2CmTEKDataEncryptAlg DocsBpkmDataEncryptAlg,
docsBpi2CmTEKDataAuthentAlg DocsBpkmDataAuthentAlg,
docsBpi2CmTEKState INTEGER,
docsBpi2CmTEKKeySequenceNumber Integer32,
docsBpi2CmTEKExpiresOld DateAndTime,
docsBpi2CmTEKExpiresNew DateAndTime,
docsBpi2CmTEKKeyRequests Counter32,
docsBpi2CmTEKKeyReplies Counter32,
docsBpi2CmTEKKeyRejects Counter32,
docsBpi2CmTEKInvalids Counter32,
docsBpi2CmTEKAuthPends Counter32,
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 19] 18]
RFC 4131 DOCSIS BPI Plus MIB November 2004 September 2005
docsBpi2CmTEKAuthPends Counter32,
docsBpi2CmTEKKeyRejectErrorCode INTEGER,
docsBpi2CmTEKKeyRejectErrorString SnmpAdminString,
docsBpi2CmTEKInvalidErrorCode INTEGER,
docsBpi2CmTEKInvalidErrorString SnmpAdminString
}
docsBpi2CmTEKSAId OBJECT-TYPE
SYNTAX DocsSAId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of this object is the DOCSIS Security
Association ID (SAID)."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.12."
::= { docsBpi2CmTEKEntry 1 }
docsBpi2CmTEKSAType OBJECT-TYPE
SYNTAX DocsBpkmSAType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the type of security
association."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 2.1.3."
::= { docsBpi2CmTEKEntry 2 }
docsBpi2CmTEKDataEncryptAlg OBJECT-TYPE
SYNTAX DocsBpkmDataEncryptAlg
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the data encryption
algorithm for this SAID."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
::= { docsBpi2CmTEKEntry 3 }
docsBpi2CmTEKDataAuthentAlg OBJECT-TYPE
SYNTAX DocsBpkmDataAuthentAlg
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 19]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The value of this object is the data authentication
algorithm for this SAID."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 20]
DOCSIS BPI Plus MIB November 2004
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
::= { docsBpi2CmTEKEntry 4 }
docsBpi2CmTEKState OBJECT-TYPE
SYNTAX INTEGER {
start(1),
opWait(2),
opReauthWait(3),
operational(4),
rekeyWait(5),
rekeyReauthWait(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the state of the
indicated TEK FSM. The start(1) state indicates that the
FSM is in its initial state."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.1.3.1."
::= { docsBpi2CmTEKEntry 5 }
docsBpi2CmTEKKeySequenceNumber OBJECT-TYPE
SYNTAX Integer32 (0..15)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the most recent TEK
key sequence number for this TEK FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.2.10 and 4.2.2.13."
::= { docsBpi2CmTEKEntry 6 }
docsBpi2CmTEKExpiresOld OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock time for
expiration of the immediate predecessor of the most recent
TEK for this FSM. If this FSM has only one TEK, then the
value is the time of activation of this FSM."
Green, et al. Standards Track [Page 20]
RFC 4131 DOCSIS BPI Plus MIB September 2005
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.5 and 4.2.2.9."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 21]
DOCSIS BPI Plus MIB November 2004
::= { docsBpi2CmTEKEntry 7 }
docsBpi2CmTEKExpiresNew OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock time for
expiration of the most recent TEK for this FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.5 and 4.2.2.9."
::= { docsBpi2CmTEKEntry 8 }
docsBpi2CmTEKKeyRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the CM
has transmitted a Key Request message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.4."
::= { docsBpi2CmTEKEntry 9 }
docsBpi2CmTEKKeyReplies OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the CM
has received a Key Reply message, including a message whose
authentication failed.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green, et al. Standards Track [Page 21]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Section 4.2.1.5."
::= { docsBpi2CmTEKEntry 10 }
docsBpi2CmTEKKeyRejects OBJECT-TYPE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 22]
DOCSIS BPI Plus MIB November 2004
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the CM
has received a Key Reject message, including a message
whose authentication failed.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.6."
::= { docsBpi2CmTEKEntry 11 }
docsBpi2CmTEKInvalids OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the CM
has received a TEK Invalid message, including a message
whose authentication failed.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.8."
::= { docsBpi2CmTEKEntry 12 }
docsBpi2CmTEKAuthPends OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count of times an
Authorization Pending (Auth Pend) event occurred in this
FSM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
Green, et al. Standards Track [Page 22]
RFC 4131 DOCSIS BPI Plus MIB September 2005
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.1.3.3.3."
::= { docsBpi2CmTEKEntry 13 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 23]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmTEKKeyRejectErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
unauthorizedSaid(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent Key Reject
message received by the CM. This has the value unknown(2) if
the last Error-Code value was 0, 0 and none(1) if no Key
Reject message has been received since registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.1.2.6 and 4.2.2.15."
::= { docsBpi2CmTEKEntry 14 }
docsBpi2CmTEKKeyRejectErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in the
most recent Key Reject message received by the CM. This is
a zero length string if no Key Reject message has been
received since registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.1.2.6 and 4.2.2.6."
::= { docsBpi2CmTEKEntry 15 }
docsBpi2CmTEKInvalidErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
invalidKeySequence(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
Green, et al. Standards Track [Page 23]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The value of this object is the enumerated
description of the Error-Code in the most recent TEK Invalid
message received by the CM. This has the value unknown(2) if
the last Error-Code value was 0, 0 and none(1) if no TEK
Invalid message has been received since registration."
REFERENCE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 24]
DOCSIS BPI Plus MIB November 2004
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.1.2.8 and 4.2.2.15."
::= { docsBpi2CmTEKEntry 16 }
docsBpi2CmTEKInvalidErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in the
most recent TEK Invalid message received by the CM. This is
a zero length string if no TEK Invalid message has been
received since registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.1.2.8 and 4.2.2.6."
::= { docsBpi2CmTEKEntry 17 }
--
-- The CM Multicast Objects Group
--
docsBpi2CmMulticastObjects OBJECT IDENTIFIER
::= { docsBpi2CmObjects 3 }
--
-- The CM Dynamic IP Multicast Mapping Table, indexed by
-- docsBpi2CmIpMulticastIndex and by ifIndex
--
docsBpi2CmIpMulticastMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmIpMulticastMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table maps multicast IP addresses to SAIDs per
CM MAC Interface.
It is intended to map multicast IP addresses associated
with SA MAP Request messages."
::= { docsBpi2CmMulticastObjects 1 }
docsBpi2CmIpMulticastMapEntry OBJECT-TYPE
Green, et al. Standards Track [Page 24]
RFC 4131 DOCSIS BPI Plus MIB September 2005
SYNTAX DocsBpi2CmIpMulticastMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing the mapping of
one multicast IP address to one SAID, as well as
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 25]
DOCSIS BPI Plus MIB November 2004
associated state, message counters, and error information.
An entry may be removed from this table upon the reception
of an SA Map Reject."
INDEX { ifIndex, docsBpi2CmIpMulticastIndex }
::= { docsBpi2CmIpMulticastMapTable 1 }
DocsBpi2CmIpMulticastMapEntry ::= SEQUENCE {
docsBpi2CmIpMulticastIndex Unsigned32,
docsBpi2CmIpMulticastAddressType InetAddressType,
docsBpi2CmIpMulticastAddress InetAddress,
docsBpi2CmIpMulticastSAId DocsSAIdOrZero,
docsBpi2CmIpMulticastSAMapState INTEGER,
docsBpi2CmIpMulticastSAMapRequests Counter32,
docsBpi2CmIpMulticastSAMapReplies Counter32,
docsBpi2CmIpMulticastSAMapRejects Counter32,
docsBpi2CmIpMulticastSAMapRejectErrorCode INTEGER,
docsBpi2CmIpMulticastSAMapRejectErrorString SnmpAdminString
}
docsBpi2CmIpMulticastIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this row."
::= { docsBpi2CmIpMulticastMapEntry 1 }
docsBpi2CmIpMulticastAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of internet Internet address for
docsBpi2CmIpMulticastAddress."
::= { docsBpi2CmIpMulticastMapEntry 2 }
docsBpi2CmIpMulticastAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 25]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"This object represents the IP multicast address
to be mapped. The type of this address is determined by
the value of the docsBpi2CmIpMulticastAddressType object."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 5.4."
::= { docsBpi2CmIpMulticastMapEntry 3 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 26]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmIpMulticastSAId OBJECT-TYPE
SYNTAX DocsSAIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the SAID to which the IP
multicast address has been mapped. If no SA Map Reply has
been received for the IP address, this object should have
the value 0."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.12."
::= { docsBpi2CmIpMulticastMapEntry 4 }
docsBpi2CmIpMulticastSAMapState OBJECT-TYPE
SYNTAX INTEGER {
start(1),
mapWait(2),
mapped(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the state of the SA
Mapping FSM for this IP."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 5.3.1."
::= { docsBpi2CmIpMulticastMapEntry 5 }
docsBpi2CmIpMulticastSAMapRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CM has transmitted an SA Map Request message for this IP.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
Green, et al. Standards Track [Page 26]
RFC 4131 DOCSIS BPI Plus MIB September 2005
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.10."
::= { docsBpi2CmIpMulticastMapEntry 6 }
docsBpi2CmIpMulticastSAMapReplies OBJECT-TYPE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 27]
DOCSIS BPI Plus MIB November 2004
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CM has received an SA Map Reply message for this IP.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.11."
::= { docsBpi2CmIpMulticastMapEntry 7 }
docsBpi2CmIpMulticastSAMapRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CM has received an SA MAP Reject message for this IP.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.12."
::= { docsBpi2CmIpMulticastMapEntry 8 }
docsBpi2CmIpMulticastSAMapRejectErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
noAuthForRequestedDSFlow(9),
dsFlowNotMappedToSA(10)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 27]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The value of this object is the enumerated
description of the Error-Code in the most recent SA Map
Reject message sent in response to an SA Map Request for
This IP. It has the value none(1) if no SA MAP Reject
message has been received since entry creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.12 and 4.2.2.15."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 28]
DOCSIS BPI Plus MIB November 2004
::= { docsBpi2CmIpMulticastMapEntry 9 }
docsBpi2CmIpMulticastSAMapRejectErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in
the most recent SA Map Reject message sent in response to
an SA Map Request for this IP. It is a zero length string
if no SA Map Reject message has been received since entry
creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.12 and 4.2.2.6."
::= { docsBpi2CmIpMulticastMapEntry 10 }
--
-- CM Cert Objects
--
docsBpi2CmCertObjects OBJECT IDENTIFIER
::= { docsBpi2CmObjects 4 }
--
-- CM Device Cert Table
--
docsBpi2CmDeviceCertTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmDeviceCertEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the Baseline Privacy Plus
device certificates for each CM MAC interface."
::= { docsBpi2CmCertObjects 1 }
docsBpi2CmDeviceCertEntry OBJECT-TYPE
SYNTAX DocsBpi2CmDeviceCertEntry
MAX-ACCESS not-accessible
Green, et al. Standards Track [Page 28]
RFC 4131 DOCSIS BPI Plus MIB September 2005
STATUS current
DESCRIPTION
"Each entry contains the device certificates of
one CM MAC interface. An entry in this table exists for
each ifEntry with an ifType of docsCableMaclayer(127)."
INDEX { ifIndex }
::= { docsBpi2CmDeviceCertTable 1 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 29]
DOCSIS BPI Plus MIB November 2004
DocsBpi2CmDeviceCertEntry ::= SEQUENCE {
docsBpi2CmDeviceCmCert
DocsX509ASN1DEREncodedCertificate,
docsBpi2CmDeviceManufCert
DocsX509ASN1DEREncodedCertificate
}
docsBpi2CmDeviceCmCert OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The X509 DER-encoded cable modem certificate.
Note: This object can be set only when the value is the
zero-length OCTET STRING, otherwise STRING; otherwise, an error of
'inconsistentValue' is returned. Once the object
contains the certificate, its access MUST be read-only
and persists after re-initialization of the
managed system."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.1."
::= { docsBpi2CmDeviceCertEntry 1 }
docsBpi2CmDeviceManufCert OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The X509 DER-encoded manufacturer certificate which that
signed the cable modem certificate."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.1."
::= { docsBpi2CmDeviceCertEntry 2 }
--
-- CM Crypto Suite Table
--
Green, et al. Standards Track [Page 29]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmCryptoSuiteTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmCryptoSuiteEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the Baseline Privacy Plus
cryptographic suite capabilities for each CM MAC
interface."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 30]
DOCSIS BPI Plus MIB November 2004
::= { docsBpi2CmObjects 5 }
docsBpi2CmCryptoSuiteEntry OBJECT-TYPE
SYNTAX DocsBpi2CmCryptoSuiteEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains a cryptographic suite pair
which
that this CM MAC supports."
INDEX { ifIndex, docsBpi2CmCryptoSuiteIndex }
::= { docsBpi2CmCryptoSuiteTable 1 }
DocsBpi2CmCryptoSuiteEntry ::= SEQUENCE {
docsBpi2CmCryptoSuiteIndex Unsigned32,
docsBpi2CmCryptoSuiteDataEncryptAlg
DocsBpkmDataEncryptAlg,
docsBpi2CmCryptoSuiteDataAuthentAlg
DocsBpkmDataAuthentAlg
}
docsBpi2CmCryptoSuiteIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..1000)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index for a cryptographic suite row."
::= { docsBpi2CmCryptoSuiteEntry 1 }
docsBpi2CmCryptoSuiteDataEncryptAlg OBJECT-TYPE
SYNTAX DocsBpkmDataEncryptAlg
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the data encryption
algorithm for this cryptographic suite capability."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
::= { docsBpi2CmCryptoSuiteEntry 2 }
Green, et al. Standards Track [Page 30]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmCryptoSuiteDataAuthentAlg OBJECT-TYPE
SYNTAX DocsBpkmDataAuthentAlg
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the data authentication
algorithm for this cryptographic suite capability."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 31]
DOCSIS BPI Plus MIB November 2004
Section 4.2.2.20."
::= { docsBpi2CmCryptoSuiteEntry 3 }
-- Cable Modem Termination System Group
docsBpi2CmtsObjects OBJECT IDENTIFIER ::= { docsBpi2MIBObjects 2 }
--
-- SPECIAL NOTE: For the following CMTS tables, when a CM is
-- running
-- in BPI mode, replace SAID (Security Association ID)
-- with SID (Service ID). The CMTS is required to map SAIDs and
-- SIDs to one contiguous space.
--
--
-- The BPI+ base table for CMTSs, indexed by ifIndex
--
docsBpi2CmtsBaseTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmtsBaseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the basic Baseline Privacy
attributes of each CMTS MAC interface."
::= { docsBpi2CmtsObjects 1 }
docsBpi2CmtsBaseEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsBaseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing attributes of
one CMTS MAC interface. An entry in this table exists for
each ifEntry with an ifType of docsCableMaclayer(127)."
INDEX { ifIndex }
::= { docsBpi2CmtsBaseTable 1 }
DocsBpi2CmtsBaseEntry ::= SEQUENCE {
Green, et al. Standards Track [Page 31]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsDefaultAuthLifetime Integer32,
docsBpi2CmtsDefaultTEKLifetime Integer32,
docsBpi2CmtsDefaultSelfSignedManufCertTrust INTEGER,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 32]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsCheckCertValidityPeriods TruthValue,
docsBpi2CmtsAuthentInfos Counter32,
docsBpi2CmtsAuthRequests Counter32,
docsBpi2CmtsAuthReplies Counter32,
docsBpi2CmtsAuthRejects Counter32,
docsBpi2CmtsAuthInvalids Counter32,
docsBpi2CmtsSAMapRequests Counter32,
docsBpi2CmtsSAMapReplies Counter32,
docsBpi2CmtsSAMapRejects Counter32
}
docsBpi2CmtsDefaultAuthLifetime OBJECT-TYPE
SYNTAX Integer32 (1..6048000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of this object is the default lifetime, in
seconds, that the CMTS assigns to a new authorization key.
This object value persist persists after re-initialization of the
managed system."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.2."
DEFVAL { 604800 }
::= { docsBpi2CmtsBaseEntry 1 }
docsBpi2CmtsDefaultTEKLifetime OBJECT-TYPE
SYNTAX Integer32 (1..604800)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of this object is the default lifetime, in
seconds, that the CMTS assigns to a new Traffic Encryption
Key (TEK).
This object value persist persists after re-initialization of the
managed system."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Appendix A.2."
DEFVAL { 43200 }
::= { docsBpi2CmtsBaseEntry 2 }
docsBpi2CmtsDefaultSelfSignedManufCertTrust OBJECT-TYPE
Green, et al. Standards Track [Page 32]
RFC 4131 DOCSIS BPI Plus MIB September 2005
SYNTAX INTEGER {
trusted (1),
untrusted (2)
}
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 33]
DOCSIS BPI Plus MIB November 2004
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines the default trust of
self-signed manufacturer certificate entries, contained
in docsBpi2CmtsCACertTable, and created after setting this
object.
object is set.
This object needs need not to persist after re-initialization
of the managed system."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.1"
::= { docsBpi2CmtsBaseEntry 3 }
docsBpi2CmtsCheckCertValidityPeriods OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to 'true' causes all chained and
root certificates in the chain to have their validity
periods checked against the current time of day, when
the CMTS receives an Authorization Request from the
CM.
A 'false' setting causes all certificates in the chain
not to have their validity periods checked against the
current time of day.
This object needs need not to persist after re-initialization
of the managed system."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.2"
::= { docsBpi2CmtsBaseEntry 4 }
docsBpi2CmtsAuthentInfos OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received an Authentication Information message
from any CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
Green, et al. Standards Track [Page 33]
RFC 4131 DOCSIS BPI Plus MIB September 2005
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.9."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 34]
DOCSIS BPI Plus MIB November 2004
::= { docsBpi2CmtsBaseEntry 5 }
docsBpi2CmtsAuthRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received an Authorization Request message from any
CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.1."
::= { docsBpi2CmtsBaseEntry 6 }
docsBpi2CmtsAuthReplies OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an Authorization Reply message to any
CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.2."
::= { docsBpi2CmtsBaseEntry 7 }
docsBpi2CmtsAuthRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an Authorization Reject message to any
Green, et al. Standards Track [Page 34]
RFC 4131 DOCSIS BPI Plus MIB September 2005
CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 35]
DOCSIS BPI Plus MIB November 2004
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.3."
::= { docsBpi2CmtsBaseEntry 8 }
docsBpi2CmtsAuthInvalids OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times
the CMTS has transmitted an Authorization Invalid message
to any CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.7."
::= { docsBpi2CmtsBaseEntry 9 }
docsBpi2CmtsSAMapRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received an SA Map Request message from any CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.10."
::= { docsBpi2CmtsBaseEntry 10 }
docsBpi2CmtsSAMapReplies OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 35]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The value of this object is the count number of times the
CMTS has transmitted an SA Map Reply message to any CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 36]
DOCSIS BPI Plus MIB November 2004
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.11."
::= { docsBpi2CmtsBaseEntry 11 }
docsBpi2CmtsSAMapRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an SA Map Reject message to any CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.12."
::= { docsBpi2CmtsBaseEntry 12 }
--
-- The CMTS Authorization Table, indexed by ifIndex and CM MAC
-- address
--
docsBpi2CmtsAuthTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmtsAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the attributes of each CM
authorization association. The CMTS maintains one
authorization association with each Baseline Privacy-
enabled CM, registered on each CMTS MAC interface,
regardless of whether the CM is authorized or rejected."
::= { docsBpi2CmtsObjects 2 }
docsBpi2CmtsAuthEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsAuthEntry
MAX-ACCESS not-accessible
STATUS current
Green, et al. Standards Track [Page 36]
RFC 4131 DOCSIS BPI Plus MIB September 2005
DESCRIPTION
"Each entry contains objects describing attributes of
one authorization association. The CMTS MUST create one
entry per CM per MAC interface, based on the receipt of an
Authorization Request message, and MUST not delete the
entry until the CM loses registration."
INDEX { ifIndex, docsBpi2CmtsAuthCmMacAddress }
::= { docsBpi2CmtsAuthTable 1 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 37]
DOCSIS BPI Plus MIB November 2004
DocsBpi2CmtsAuthEntry ::= SEQUENCE {
docsBpi2CmtsAuthCmMacAddress MacAddress,
docsBpi2CmtsAuthCmBpiVersion INTEGER,
docsBpi2CmtsAuthCmPublicKey OCTET STRING,
docsBpi2CmtsAuthCmKeySequenceNumber Integer32,
docsBpi2CmtsAuthCmExpiresOld DateAndTime,
docsBpi2CmtsAuthCmExpiresNew DateAndTime,
docsBpi2CmtsAuthCmLifetime Integer32,
docsBpi2CmtsAuthCmReset INTEGER,
docsBpi2CmtsAuthCmInfos Counter32,
docsBpi2CmtsAuthCmRequests Counter32,
docsBpi2CmtsAuthCmReplies Counter32,
docsBpi2CmtsAuthCmRejects Counter32,
docsBpi2CmtsAuthCmInvalids Counter32,
docsBpi2CmtsAuthRejectErrorCode INTEGER,
docsBpi2CmtsAuthRejectErrorString SnmpAdminString,
docsBpi2CmtsAuthInvalidErrorCode INTEGER,
docsBpi2CmtsAuthInvalidErrorString SnmpAdminString,
docsBpi2CmtsAuthPrimarySAId DocsSAIdOrZero,
docsBpi2CmtsAuthBpkmCmCertValid INTEGER,
docsBpi2CmtsAuthBpkmCmCert
DocsX509ASN1DEREncodedCertificate,
docsBpi2CmtsAuthCACertIndexPtr Unsigned32
}
docsBpi2CmtsAuthCmMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of this object is the physical address of
the CM to which the authorization association applies."
::= { docsBpi2CmtsAuthEntry 1 }
docsBpi2CmtsAuthCmBpiVersion OBJECT-TYPE
SYNTAX INTEGER {
bpi (0),
bpiPlus (1)
}
Green, et al. Standards Track [Page 37]
RFC 4131 DOCSIS BPI Plus MIB September 2005
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the version of Baseline
Privacy for which this CM has registered. The value
'bpiplus' represents the value of BPI-Version Attribute of
the Baseline Privacy Key Management BPKM attribute
BPI-Version (1). The value 'bpi' is used to represent the
CM registered using DOCSIS 1.0 Baseline Privacy."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 38]
DOCSIS BPI Plus MIB November 2004
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification Specification,
Section 4.2.2.22; ANSI/SCTE 22-2 2002(formerly DSS 02-03)
Data-Over-Cable Service Interface Specification DOCSIS 1.0
Baseline Privacy Interface (BPI)"
::= { docsBpi2CmtsAuthEntry 2 }
docsBpi2CmtsAuthCmPublicKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..524))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is a DER-encoded
RSAPublicKey ASN.1 type string, as defined in the RSA
Encryption Standard (PKCS #1), corresponding to the
public key of the CM. This is the zero-length OCTET
STRING if the CMTS does not retain the public key."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.4."
::= { docsBpi2CmtsAuthEntry 3 }
docsBpi2CmtsAuthCmKeySequenceNumber OBJECT-TYPE
SYNTAX Integer32 (0..15)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the most recent
authorization key sequence number for this CM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.2 and 4.2.2.10."
::= { docsBpi2CmtsAuthEntry 4 }
docsBpi2CmtsAuthCmExpiresOld OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 38]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The value of this object is the actual clock time
for expiration of the immediate predecessor of the most
recent authorization key for this FSM. If this FSM has only
one authorization key, then the value is the time of
activation of this FSM.
Note: This object has no meaning for CMs running in BPI
mode, therefore
mode; therefore, this object is not instantiated for entries
associated to those CMs."
REFERENCE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 39]
DOCSIS BPI Plus MIB November 2004
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.2 and 4.2.2.9."
::= { docsBpi2CmtsAuthEntry 5 }
docsBpi2CmtsAuthCmExpiresNew OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock
time for expiration of the most recent authorization key
for this FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.2 and 4.2.2.9."
::= { docsBpi2CmtsAuthEntry 6 }
docsBpi2CmtsAuthCmLifetime OBJECT-TYPE
SYNTAX Integer32 (1..6048000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of this object is the lifetime, in seconds,
that the CMTS assigns to an authorization key for this CM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.2 and Appendix A.2."
::= { docsBpi2CmtsAuthEntry 7 }
docsBpi2CmtsAuthCmReset OBJECT-TYPE
SYNTAX INTEGER {
noResetRequested(1),
invalidateAuth(2),
sendAuthInvalid(3),
invalidateTeks(4)
}
MAX-ACCESS read-write
STATUS current
Green, et al. Standards Track [Page 39]
RFC 4131 DOCSIS BPI Plus MIB September 2005
DESCRIPTION
"Setting this object to invalidateAuth(2) causes the
CMTS to invalidate the current CM authorization key(s), but
not to transmit an Authorization Invalid message nor to
invalidate the primary SAID's TEKs. Setting this object to
sendAuthInvalid(3) causes the CMTS to invalidate the
current CM authorization key(s), and to transmit an
Authorization Invalid message to the CM, but not to
invalidate the primary SAID's TEKs. Setting this object to
invalidateTeks(4) causes the CMTS to invalidate the current
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 40]
DOCSIS BPI Plus MIB November 2004
CM authorization key(s), to transmit an Authorization
Invalid message to the CM, and to invalidate the TEKs
associated with this CM's primary SAID.
For BPI mode, substitute all of the CM's unicast
TEK(s)
TEKs for the primary SAID's TEKs in the previous
paragraph.
Reading this object returns the most recently set
value of this object, or returns noResetRequested(1) object or, if the object has not been set
since entry creation." creation, returns noResetRequested(1)."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.1.2.3.4, 4.1.2.3.5, and 4.1.3.3.5."
::= { docsBpi2CmtsAuthEntry 8 }
docsBpi2CmtsAuthCmInfos OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received an Authentication Information message
from this CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.9."
::= { docsBpi2CmtsAuthEntry 9 }
docsBpi2CmtsAuthCmRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received an Authorization Request message from
Green, et al. Standards Track [Page 40]
RFC 4131 DOCSIS BPI Plus MIB September 2005
this CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.1."
::= { docsBpi2CmtsAuthEntry 10 }
docsBpi2CmtsAuthCmReplies OBJECT-TYPE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 41]
DOCSIS BPI Plus MIB November 2004
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an Authorization Reply message to this
CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.2."
::= { docsBpi2CmtsAuthEntry 11 }
docsBpi2CmtsAuthCmRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an Authorization Reject message to
this CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.3."
::= { docsBpi2CmtsAuthEntry 12 }
docsBpi2CmtsAuthCmInvalids OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
Green, et al. Standards Track [Page 41]
RFC 4131 DOCSIS BPI Plus MIB September 2005
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an Authorization Invalid message to
this CM.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.7."
::= { docsBpi2CmtsAuthEntry 13 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 42]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsAuthRejectErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
unauthorizedCm(3),
unauthorizedSaid(4),
permanentAuthorizationFailure(8),
timeOfDayNotAcquired(11)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent
Authorization Reject message transmitted to the CM. This has
the value unknown(2) if the last Error-Code value was 0, 0 and
none(1) if no Authorization Reject message has been
transmitted to the CM, CM since entry creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.3 and 4.2.2.15."
::= { docsBpi2CmtsAuthEntry 14 }
docsBpi2CmtsAuthRejectErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in the
most recent Authorization Reject message transmitted to the
CM. This is a zero length string if no Authorization
Reject message has been transmitted to the CM, CM since entry
creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green, et al. Standards Track [Page 42]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Sections 4.2.1.3 and 4.2.2.6."
::= { docsBpi2CmtsAuthEntry 15 }
docsBpi2CmtsAuthInvalidErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
unauthorizedCm(3),
unsolicited(5),
invalidKeySequence(6),
keyRequestAuthenticationFailure(7)
}
MAX-ACCESS read-only
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 43]
DOCSIS BPI Plus MIB November 2004
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent
Authorization Invalid message transmitted to the CM. This
has the value unknown(2) if the last Error-Code value was 0, 0
and none(1) if no Authorization Invalid message has been
transmitted to the CM since entry creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.7 and 4.2.2.15."
::= { docsBpi2CmtsAuthEntry 16 }
docsBpi2CmtsAuthInvalidErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in the
most recent Authorization Invalid message transmitted to
the CM. This is a zero length string if no Authorization
Invalid message has been transmitted to the CM since entry
creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.7 and 4.2.2.6."
::= { docsBpi2CmtsAuthEntry 17 }
docsBpi2CmtsAuthPrimarySAId OBJECT-TYPE
SYNTAX DocsSAIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Primary Security
Association identifier. For BPI mode, the value must be
Green, et al. Standards Track [Page 43]
RFC 4131 DOCSIS BPI Plus MIB September 2005
any unicast SID."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 2.1.3."
::= { docsBpi2CmtsAuthEntry 18 }
docsBpi2CmtsAuthBpkmCmCertValid OBJECT-TYPE
SYNTAX INTEGER {
unknown (0),
validCmChained (1),
validCmTrusted (2),
invalidCmUntrusted (3),
invalidCAUntrusted (4),
invalidCmOther (5),
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 44]
DOCSIS BPI Plus MIB November 2004
invalidCAOther (6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the reason why a CM's certificate is deemed
valid or invalid.
Return unknown(0) if the CM is running BPI mode.
ValidCmChained(1) means the certificate is valid
because it chains to a valid certificate.
ValidCmTrusted(2) means the certificate is valid
because it has been provisioned (in the
docsBpi2CmtsProvisionedCmCert table) to be trusted.
InvalidCmUntrusted(3) means the certificate is invalid
because it has been provisioned (in the
docsBpi2CmtsProvisionedCmCert table) to be untrusted.
InvalidCAUntrusted(4) means the certificate is invalid
because it chains to an untrusted certificate.
InvalidCmOther(5) and InvalidCAOther(6) refer to
errors in parsing, validity periods, etc, etc., which are
attributable to the CM certificate or its chain chain,
respectively; additional information may be found
in docsBpi2AuthRejectErrorString for these types
of errors."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.2."
::= { docsBpi2CmtsAuthEntry 19 }
docsBpi2CmtsAuthBpkmCmCert OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 44]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The X509 CM Certificate sent as part of a BPKM
Authorization Request.
Note: The zero-length OCTET STRING must be returned if the
Entire certificate is not retained in the CMTS."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.2."
::= { docsBpi2CmtsAuthEntry 20 }
docsBpi2CmtsAuthCACertIndexPtr OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A row index into docsBpi2CmtsCACertTable.
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 45]
DOCSIS BPI Plus MIB November 2004
Returns the index in docsBpi2CmtsCACertTable to which
CA certificate this CM is chained to. A value of
0 means it could not be found or not applicable."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.2."
::= { docsBpi2CmtsAuthEntry 21 }
--
-- The CMTS TEK Table, indexed by ifIndex and SAID
--
docsBpi2CmtsTEKTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmtsTEKEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the attributes of each
Traffic Encryption Key (TEK) association. The CMTS
Maintains one TEK association per SAID on each CMTS MAC
interface."
::= { docsBpi2CmtsObjects 3 }
docsBpi2CmtsTEKEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsTEKEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing attributes of
one TEK association on a particular CMTS MAC interface. The
CMTS MUST create one entry per SAID per MAC interface,
based on the receipt of a Key Request message, and MUST not
delete the entry before the CM authorization for the SAID
Green, et al. Standards Track [Page 45]
RFC 4131 DOCSIS BPI Plus MIB September 2005
permanently expires."
INDEX { ifIndex, docsBpi2CmtsTEKSAId }
::= { docsBpi2CmtsTEKTable 1 }
DocsBpi2CmtsTEKEntry ::= SEQUENCE {
docsBpi2CmtsTEKSAId DocsSAId,
docsBpi2CmtsTEKSAType DocsBpkmSAType,
docsBpi2CmtsTEKDataEncryptAlg DocsBpkmDataEncryptAlg,
docsBpi2CmtsTEKDataAuthentAlg DocsBpkmDataAuthentAlg,
docsBpi2CmtsTEKLifetime Integer32,
docsBpi2CmtsTEKKeySequenceNumber Integer32,
docsBpi2CmtsTEKExpiresOld DateAndTime,
docsBpi2CmtsTEKExpiresNew DateAndTime,
docsBpi2CmtsTEKReset TruthValue,
docsBpi2CmtsKeyRequests Counter32,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 46]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsKeyReplies Counter32,
docsBpi2CmtsKeyRejects Counter32,
docsBpi2CmtsTEKInvalids Counter32,
docsBpi2CmtsKeyRejectErrorCode INTEGER,
docsBpi2CmtsKeyRejectErrorString SnmpAdminString,
docsBpi2CmtsTEKInvalidErrorCode INTEGER,
docsBpi2CmtsTEKInvalidErrorString SnmpAdminString
}
docsBpi2CmtsTEKSAId OBJECT-TYPE
SYNTAX DocsSAId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of this object is the DOCSIS Security
Association ID (SAID)."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.12."
::= { docsBpi2CmtsTEKEntry 1 }
docsBpi2CmtsTEKSAType OBJECT-TYPE
SYNTAX DocsBpkmSAType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the type of security
association. 'dynamic' does not apply to CMs running in
BPI mode. Unicast BPI TEKs must utilize the 'primary'
encoding
encoding, and multicast BPI TEKs must utilize the 'static'
encoding."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green, et al. Standards Track [Page 46]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Section 2.1.3."
::= { docsBpi2CmtsTEKEntry 2 }
docsBpi2CmtsTEKDataEncryptAlg OBJECT-TYPE
SYNTAX DocsBpkmDataEncryptAlg
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the data encryption
algorithm for this SAID."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
::= { docsBpi2CmtsTEKEntry 3 }
docsBpi2CmtsTEKDataAuthentAlg OBJECT-TYPE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 47]
DOCSIS BPI Plus MIB November 2004
SYNTAX DocsBpkmDataAuthentAlg
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the data authentication
algorithm for this SAID."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
::= { docsBpi2CmtsTEKEntry 4 }
docsBpi2CmtsTEKLifetime OBJECT-TYPE
SYNTAX Integer32 (1..604800)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of this object is the lifetime, in
seconds, that the CMTS assigns to keys for this TEK
association."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.5 and Appendix A.2."
::= { docsBpi2CmtsTEKEntry 5 }
docsBpi2CmtsTEKKeySequenceNumber OBJECT-TYPE
SYNTAX Integer32 (0..15)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the most recent TEK
Green, et al. Standards Track [Page 47]
RFC 4131 DOCSIS BPI Plus MIB September 2005
key sequence number for this SAID."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.2.10 and 4.2.2.13."
::= { docsBpi2CmtsTEKEntry 6 }
docsBpi2CmtsTEKExpiresOld OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock time
for expiration of the immediate predecessor of the most
recent TEK for this FSM. If this FSM has only one TEK, then
the value is the time of activation of this FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 48]
DOCSIS BPI Plus MIB November 2004
Sections 4.2.1.5 and 4.2.2.9."
::= { docsBpi2CmtsTEKEntry 7 }
docsBpi2CmtsTEKExpiresNew OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the actual clock time
for expiration of the most recent TEK for this FSM."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.5 and 4.2.2.9."
::= { docsBpi2CmtsTEKEntry 8 }
docsBpi2CmtsTEKReset OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to 'true' causes the CMTS to
invalidate all currently active TEK(s) TEKs and to generate new
TEK(s)
TEKs for the associated SAID; the CMTS MAY also generate
unsolicited TEK Invalid message(s), messages, to optimize the TEK
synchronization between the CMTS and the CM(s). Reading
this object always returns FALSE."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.1.3.3.5."
::= { docsBpi2CmtsTEKEntry 9 }
Green, et al. Standards Track [Page 48]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsKeyRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received a Key Request message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.4."
::= { docsBpi2CmtsTEKEntry 10 }
docsBpi2CmtsKeyReplies OBJECT-TYPE
SYNTAX Counter32
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 49]
DOCSIS BPI Plus MIB November 2004
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted a Key Reply message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.5."
::= { docsBpi2CmtsTEKEntry 11 }
docsBpi2CmtsKeyRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted a Key Reject message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.6."
::= { docsBpi2CmtsTEKEntry 12 }
Green, et al. Standards Track [Page 49]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsTEKInvalids OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted a TEK Invalid message.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.8."
::= { docsBpi2CmtsTEKEntry 13 }
docsBpi2CmtsKeyRejectErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 50]
DOCSIS BPI Plus MIB November 2004
unknown(2),
unauthorizedSaid(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent Key Reject
message sent in response to a Key Request for this SAID.
This has the value unknown(2) if the last Error-Code value
was 0, 0 and none(1) if no Key Reject message has been
received since registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.6 and 4.2.2.15."
::= { docsBpi2CmtsTEKEntry 14 }
docsBpi2CmtsKeyRejectErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in
the most recent Key Reject message sent in response to a
Key Request for this SAID. This is a zero length string if
no Key Reject message has been received since
registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green, et al. Standards Track [Page 50]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Sections 4.2.1.6 and 4.2.2.6."
::= { docsBpi2CmtsTEKEntry 15 }
docsBpi2CmtsTEKInvalidErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
invalidKeySequence(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent TEK
Invalid message sent in association with this SAID. This
has the value unknown(2) if the last Error-Code value was 0, 0
and none(1) if no TEK Invalid message has been received
since registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 51]
DOCSIS BPI Plus MIB November 2004
Sections 4.2.1.8 and 4.2.2.15."
::= { docsBpi2CmtsTEKEntry 16 }
docsBpi2CmtsTEKInvalidErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in
the most recent TEK Invalid message sent in association
with this SAID. This is a zero length string if no TEK
Invalid message has been received since registration."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.8 and 4.2.2.6."
::= { docsBpi2CmtsTEKEntry 17 }
--
-- The CMTS Multicast Objects Group
--
docsBpi2CmtsMulticastObjects OBJECT IDENTIFIER
::= { docsBpi2CmtsObjects 4 }
--
-- The CMTS IP Multicast Mapping Table, indexed by
-- docsBpi2CmtsIpMulticastIndex, and by ifIndex
--
Green, et al. Standards Track [Page 51]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsIpMulticastMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmtsIpMulticastMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table maps multicast IP addresses to SAIDs.
If a multicast IP address is mapped by multiple rows
in the table, the row with the lowest
docsBpi2CmtsIpMulticastIndex must be utilized for the
mapping."
::= { docsBpi2CmtsMulticastObjects 1 }
docsBpi2CmtsIpMulticastMapEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsIpMulticastMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing the mapping of
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 52]
DOCSIS BPI Plus MIB November 2004
a set of multicast IP address and the mask to one SAID
associated to a CMTS MAC Interface, as well as associated
message counters and error information."
INDEX { ifIndex, docsBpi2CmtsIpMulticastIndex }
::= { docsBpi2CmtsIpMulticastMapTable 1 }
DocsBpi2CmtsIpMulticastMapEntry ::= SEQUENCE {
docsBpi2CmtsIpMulticastIndex Unsigned32,
docsBpi2CmtsIpMulticastAddressType InetAddressType,
docsBpi2CmtsIpMulticastAddress InetAddress,
docsBpi2CmtsIpMulticastMask InetAddress,
docsBpi2CmtsIpMulticastSAId DocsSAIdOrZero,
docsBpi2CmtsIpMulticastSAType DocsBpkmSAType,
docsBpi2CmtsIpMulticastDataEncryptAlg
DocsBpkmDataEncryptAlg,
docsBpi2CmtsIpMulticastDataAuthentAlg
DocsBpkmDataAuthentAlg,
docsBpi2CmtsIpMulticastSAMapRequests Counter32,
docsBpi2CmtsIpMulticastSAMapReplies Counter32,
docsBpi2CmtsIpMulticastSAMapRejects Counter32,
docsBpi2CmtsIpMulticastSAMapRejectErrorCode
INTEGER,
docsBpi2CmtsIpMulticastSAMapRejectErrorString
SnmpAdminString,
docsBpi2CmtsIpMulticastMapControl RowStatus,
docsBpi2CmtsIpMulticastMapStorageType StorageType
}
docsBpi2CmtsIpMulticastIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
Green, et al. Standards Track [Page 52]
RFC 4131 DOCSIS BPI Plus MIB September 2005
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this row. Conceptual rows having the
value 'permanent' need not allow write-access to any
columnar objects in the row."
::= { docsBpi2CmtsIpMulticastMapEntry 1 }
docsBpi2CmtsIpMulticastAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of internet Internet address for
docsBpi2CmtsIpMulticastAddress
and docsBpi2CmtsIpMulticastMask."
DEFVAL { ipv4 }
::= { docsBpi2CmtsIpMulticastMapEntry 2 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 53]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsIpMulticastAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents the IP multicast address
to be mapped, in conjunction with
docsBpi2CmtsIpMulticastMask. The type of this address is
determined by the value of the object
docsBpi2CmtsIpMulticastAddressType."
::= { docsBpi2CmtsIpMulticastMapEntry 3 }
docsBpi2CmtsIpMulticastMask OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents the IP multicast address mask
for this row.
An IP multicast address matches this row if the logical
AND of the address with docsBpi2CmtsIpMulticastMask is
identical to the logical AND of
docsBpi2CmtsIpMulticastAddr with
docsBpi2CmtsIpMulticastMask. The type of this address is
determined by the value of the object
docsBpi2CmtsIpMulticastAddressType.
Note: For IPv6 IPv6, this object needs need not to represent a
contiguous netmask, e.g. netmask; e.g., to associate an a SAID to a
multicast group matching 'any' multicast scope. The TC
Green, et al. Standards Track [Page 53]
RFC 4131 DOCSIS BPI Plus MIB September 2005
InetAddressPrefixLength is not used because used, as it only
represents contiguous netmask."
::= { docsBpi2CmtsIpMulticastMapEntry 4 }
docsBpi2CmtsIpMulticastSAId OBJECT-TYPE
SYNTAX DocsSAIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents the multicast SAID to be
used in this IP multicast address mapping entry."
::= { docsBpi2CmtsIpMulticastMapEntry 5 }
docsBpi2CmtsIpMulticastSAType OBJECT-TYPE
SYNTAX DocsBpkmSAType
MAX-ACCESS read-create
STATUS current
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 54]
DOCSIS BPI Plus MIB November 2004
DESCRIPTION
"The value of this object is the type of security
association. 'dynamic' does not apply to CMs running in
BPI mode. Unicast BPI TEKs must utilize the 'primary'
encoding
encoding, and multicast BPI TEKs must utilize the 'static'
encoding. By default, SNMP created entries set this object by default
to 'static' if not set at row creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 2.1.3."
::= { docsBpi2CmtsIpMulticastMapEntry 6 }
docsBpi2CmtsIpMulticastDataEncryptAlg OBJECT-TYPE
SYNTAX DocsBpkmDataEncryptAlg
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object is the data encryption
algorithm for this IP."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
DEFVAL { des56CbcMode }
::= { docsBpi2CmtsIpMulticastMapEntry 7 }
docsBpi2CmtsIpMulticastDataAuthentAlg OBJECT-TYPE
SYNTAX DocsBpkmDataAuthentAlg
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object is the data authentication
Green, et al. Standards Track [Page 54]
RFC 4131 DOCSIS BPI Plus MIB September 2005
algorithm for this IP."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.2.20."
DEFVAL { none }
::= { docsBpi2CmtsIpMulticastMapEntry 8 }
docsBpi2CmtsIpMulticastSAMapRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has received an SA Map Request message for this IP.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 55]
DOCSIS BPI Plus MIB November 2004
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.10."
::= { docsBpi2CmtsIpMulticastMapEntry 9 }
docsBpi2CmtsIpMulticastSAMapReplies OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an SA Map Reply message for this IP.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.11."
::= { docsBpi2CmtsIpMulticastMapEntry 10 }
docsBpi2CmtsIpMulticastSAMapRejects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the count number of times the
CMTS has transmitted an SA Map Reject message for this IP.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
Green, et al. Standards Track [Page 55]
RFC 4131 DOCSIS BPI Plus MIB September 2005
times as indicated by the value of
ifCounterDiscontinuityTime."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 4.2.1.12."
::= { docsBpi2CmtsIpMulticastMapEntry 11 }
docsBpi2CmtsIpMulticastSAMapRejectErrorCode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
unknown(2),
noAuthForRequestedDSFlow(9),
dsFlowNotMappedToSA(10)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the enumerated
description of the Error-Code in the most recent SA Map
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 56]
DOCSIS BPI Plus MIB November 2004
Reject message sent in response to a an SA Map Request for
This
this IP. It has the value unknown(2) if the last Error-Code
Value was 0, 0 and none(1) if no SA MAP Reject message has
been received since entry creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.12 and 4.2.2.15."
::= { docsBpi2CmtsIpMulticastMapEntry 12 }
docsBpi2CmtsIpMulticastSAMapRejectErrorString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the text string in
the most recent SA Map Reject message sent in response to
an SA Map Request for this IP. It is a zero length string
if no SA Map Reject message has been received since entry
creation."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Sections 4.2.1.12 and 4.2.2.6."
::= { docsBpi2CmtsIpMulticastMapEntry 13 }
docsBpi2CmtsIpMulticastMapControl OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
Green, et al. Standards Track [Page 56]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"This object controls and reflects the IP multicast
address mapping entry. There is no restriction on the
ability to change values in this row while the row is
active.
A created row can be set to active only after the
Corresponding instances of docsBpi2CmtsIpMulticastAddress,
docsBpi2CmtsIpMulticastMask, docsBpi2CmtsIpMulticastSAId docsBpi2CmtsIpMulticastSAId,
and docsBpi2CmtsIpMulticastSAType have all been set."
::= { docsBpi2CmtsIpMulticastMapEntry 14 }
docsBpi2CmtsIpMulticastMapStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not allow
write-access to any columnar objects in the row."
::= { docsBpi2CmtsIpMulticastMapEntry 15 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 57]
DOCSIS BPI Plus MIB November 2004
--
-- The CMTS Multicast SAID Authorization Table,
-- indexed by ifIndex by
-- multicast SAID by CM MAC address
--
docsBpi2CmtsMulticastAuthTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmtsMulticastAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the multicast SAID
authorization for each CM on each CMTS MAC interface."
::= { docsBpi2CmtsMulticastObjects 2 }
docsBpi2CmtsMulticastAuthEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsMulticastAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains objects describing the key
authorization of one cable modem for one multicast SAID
for one CMTS MAC interface.
Row entries persist after re-initialization of
the managed system."
INDEX { ifIndex, docsBpi2CmtsMulticastAuthSAId,
docsBpi2CmtsMulticastAuthCmMacAddress }
::= { docsBpi2CmtsMulticastAuthTable 1 }
Green, et al. Standards Track [Page 57]
RFC 4131 DOCSIS BPI Plus MIB September 2005
DocsBpi2CmtsMulticastAuthEntry ::= SEQUENCE
{
docsBpi2CmtsMulticastAuthSAId DocsSAId,
docsBpi2CmtsMulticastAuthCmMacAddress MacAddress,
docsBpi2CmtsMulticastAuthControl RowStatus
}
docsBpi2CmtsMulticastAuthSAId OBJECT-TYPE
SYNTAX DocsSAId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the multicast SAID for
authorization."
::= { docsBpi2CmtsMulticastAuthEntry 1 }
docsBpi2CmtsMulticastAuthCmMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 58]
DOCSIS BPI Plus MIB November 2004
STATUS current
DESCRIPTION
"This object represents the MAC address of the CM
to which the multicast SAID authorization applies."
::= { docsBpi2CmtsMulticastAuthEntry 2 }
docsBpi2CmtsMulticastAuthControl OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row for the
authorization of multicast SAIDs to CMs. " CMs."
::= { docsBpi2CmtsMulticastAuthEntry 3 }
--
-- CMTS Cert Objects
--
docsBpi2CmtsCertObjects OBJECT IDENTIFIER
::= { docsBpi2CmtsObjects 5 }
--
-- CMTS Provisioned CM Cert Table
--
docsBpi2CmtsProvisionedCmCertTable OBJECT-TYPE
SYNTAX SEQUENCE OF
DocsBpi2CmtsProvisionedCmCertEntry
Green, et al. Standards Track [Page 58]
RFC 4131 DOCSIS BPI Plus MIB September 2005
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of CM certificate trust entries provisioned
to the CMTS. The trust object for a certificate in this
table has an overriding effect on the validity object of a
certificate in the authorization table, as long as the
entire contents of the two certificates are identical."
::= { docsBpi2CmtsCertObjects 1 }
docsBpi2CmtsProvisionedCmCertEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsProvisionedCmCertEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in the CMTS's provisioned CM certificate
table. Row entries persist after re-initialization of
the managed system."
REFERENCE
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 59]
DOCSIS BPI Plus MIB November 2004
"Data-Over-Cable Service Interface Specifications:
Operations Support System Interface Specification
SP-OSSIv2.0-I05-040407, Section 6.2.14"
INDEX { docsBpi2CmtsProvisionedCmCertMacAddress }
::= { docsBpi2CmtsProvisionedCmCertTable 1 }
DocsBpi2CmtsProvisionedCmCertEntry ::= SEQUENCE
{
docsBpi2CmtsProvisionedCmCertMacAddress MacAddress,
docsBpi2CmtsProvisionedCmCertTrust INTEGER,
docsBpi2CmtsProvisionedCmCertSource INTEGER,
docsBpi2CmtsProvisionedCmCertStatus RowStatus,
docsBpi2CmtsProvisionedCmCert
DocsX509ASN1DEREncodedCertificate
}
docsBpi2CmtsProvisionedCmCertMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this row."
::= { docsBpi2CmtsProvisionedCmCertEntry 1 }
docsBpi2CmtsProvisionedCmCertTrust OBJECT-TYPE
SYNTAX INTEGER {
trusted(1),
untrusted(2)
}
Green, et al. Standards Track [Page 59]
RFC 4131 DOCSIS BPI Plus MIB September 2005
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Trust state for the provisioned CM certificate entry.
Note: Setting this object need only override the validity
of CM certificates sent in future authorization requests;
instantaneous effect need not occur."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.1."
DEFVAL { untrusted }
::= { docsBpi2CmtsProvisionedCmCertEntry 2 }
docsBpi2CmtsProvisionedCmCertSource OBJECT-TYPE
SYNTAX INTEGER {
snmp(1),
configurationFile(2),
externalDatabase(3),
other(4)
}
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 60]
DOCSIS BPI Plus MIB November 2004
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates how the certificate reached the
CMTS. Other(4) means is that it originated from a source not
identified above."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.1."
::= { docsBpi2CmtsProvisionedCmCertEntry 3 }
docsBpi2CmtsProvisionedCmCertStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row. Values in this row
cannot be changed while the row is 'active'."
::= { docsBpi2CmtsProvisionedCmCertEntry 4 }
docsBpi2CmtsProvisionedCmCert OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An X509 DER-encoded Certificate Authority
certificate.
Note: The zero-length OCTET STRING must be returned, on
Green, et al. Standards Track [Page 60]
RFC 4131 DOCSIS BPI Plus MIB September 2005
reads, if the entire certificate is not retained in the
CMTS."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.2."
::= { docsBpi2CmtsProvisionedCmCertEntry 5 }
--
-- CMTS CA Cert Table
--
docsBpi2CmtsCACertTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsBpi2CmtsCACertEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of known Certificate Authority certificates
acquired by this device."
::= { docsBpi2CmtsCertObjects 2 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 61]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsCACertEntry OBJECT-TYPE
SYNTAX DocsBpi2CmtsCACertEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in the Certificate Authority certificate
table. Row entries with the trust status 'trusted',
'untrusted', or 'root' persist after re-initialization
of the managed system."
REFERENCE
"Data-Over-Cable Service Interface Specifications:
Operations Support System Interface Specification
SP-OSSIv2.0-I05-040407, Section 6.2.14"
INDEX { docsBpi2CmtsCACertIndex }
::= {docsBpi2CmtsCACertTable 1 }
DocsBpi2CmtsCACertEntry ::= SEQUENCE {
docsBpi2CmtsCACertIndex Unsigned32,
docsBpi2CmtsCACertSubject SnmpAdminString,
docsBpi2CmtsCACertIssuer SnmpAdminString,
docsBpi2CmtsCACertSerialNumber OCTET STRING,
docsBpi2CmtsCACertTrust INTEGER,
docsBpi2CmtsCACertSource INTEGER,
docsBpi2CmtsCACertStatus RowStatus,
docsBpi2CmtsCACert
DocsX509ASN1DEREncodedCertificate,
docsBpi2CmtsCACertThumbprint OCTET STRING
}
Green, et al. Standards Track [Page 61]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsCACertIndex OBJECT-TYPE
SYNTAX Unsigned32 (1.. 4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index for this row."
::= { docsBpi2CmtsCACertEntry 1 }
docsBpi2CmtsCACertSubject OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The subject name exactly as it is encoded in the
X509 certificate.
The organizationName portion of the certificate's subject
name must be present. All other fields are optional. Any
optional field present must be pre pended prepended with <CR>
(carriage return, U+000D) <LF> (line feed, U+000A).
Ordering of fields present must conform to:
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 62]
DOCSIS BPI Plus MIB November 2004 to the following:
organizationName <CR> <LF>
countryName <CR> <LF>
stateOrProvinceName <CR> <LF>
localityName <CR> <LF>
organizationalUnitName <CR> <LF>
organizationalUnitName=<Manufacturing Location> <CR> <LF>
commonName"
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.2.4"
::= { docsBpi2CmtsCACertEntry 2 }
docsBpi2CmtsCACertIssuer OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The issuer name exactly as it is encoded in the
X509 certificate.
The commonName portion of the certificate's issuer
name must be present. All other fields are optional. Any
optional field present must be pre pended prepended with <CR>
(carriage return, U+000D) <LF> (line feed, U+000A).
Ordering of fields present must conform to: to the following:
CommonName <CR><LF>
countryName <CR><LF>
Green, et al. Standards Track [Page 62]
RFC 4131 DOCSIS BPI Plus MIB September 2005
stateOrProvinceName <CR><LF>
localityName <CR><LF>
organizationName <CR><LF>
organizationalUnitName <CR><LF>
organizationalUnitName=<Manufacturing Location>"
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.2.4"
::= { docsBpi2CmtsCACertEntry 3 }
docsBpi2CmtsCACertSerialNumber OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This CA certificate's serial number number, represented as
an octet string."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.2.2"
::= { docsBpi2CmtsCACertEntry 4 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 63]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsCACertTrust OBJECT-TYPE
SYNTAX INTEGER {
trusted (1),
untrusted (2),
chained (3),
root (4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object controls the trust status of this
certificate. Root certificates must be given root(4)
trust; manufacturer certificates must not be given root(4)
trust. Trust on root certificates must not change.
Note: Setting this object need only affect the validity of
CM certificates sent in future authorization requests;
instantaneous effect need not occur."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.1"
DEFVAL { chained }
::= { docsBpi2CmtsCACertEntry 5 }
docsBpi2CmtsCACertSource OBJECT-TYPE
SYNTAX INTEGER {
snmp (1),
Green, et al. Standards Track [Page 63]
RFC 4131 DOCSIS BPI Plus MIB September 2005
configurationFile (2),
externalDatabase (3),
other (4),
authentInfo (5),
compiledIntoCode (6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates how the certificate reached
the CMTS. Other(4) means that it originated from a source
not identified above."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.1"
::= { docsBpi2CmtsCACertEntry 6 }
docsBpi2CmtsCACertStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 64]
DOCSIS BPI Plus MIB November 2004
"The status of this conceptual row. An attempt
to set writable columnar values while this row is active
behaves as follows:
- Sets to the object docsBpi2CmtsCACertTrust are allowed.
- Sets to the object docsBpi2CmtsCACert will return an
error inconsistentValue'. of 'inconsistentValue'.
A newly create created entry cannot be set to active until the
value of docsBpi2CmtsCACert is being set."
::= { docsBpi2CmtsCACertEntry 7 }
docsBpi2CmtsCACert OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An X509 DER-encoded Certificate Authority
certificate.
To help identify certificates, either this object or
docsBpi2CmtsCACertThumbprint must be returned by a CMTS for
self-signed CA certificates.
Note: The zero-length OCTET STRING must be returned, on
reads, if the entire certificate is not retained in the
CMTS."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Green, et al. Standards Track [Page 64]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Section 9.2."
::= { docsBpi2CmtsCACertEntry 8 }
docsBpi2CmtsCACertThumbprint OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The SHA-1 hash of a CA certificate.
To help identify certificates, either this object or
docsBpi2CmtsCACert must be returned by a CMTS for
self-signed CA certificates.
Note: The zero-length OCTET STRING must be returned, on
reads, if the CA certificate thumb print is not retained
in the CMTS."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section 9.4.3"
::= { docsBpi2CmtsCACertEntry 9 }
--
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 65]
DOCSIS BPI Plus MIB November 2004
-- Authenticated Software Download Objects
--
--
-- Note: the authenticated software download objects are a
-- CM requirement only.
--
docsBpi2CodeDownloadControl OBJECT IDENTIFIER
::= { docsBpi2MIBObjects 4 }
docsBpi2CodeDownloadStatusCode OBJECT-TYPE
SYNTAX INTEGER {
configFileCvcVerified (1),
configFileCvcRejected (2),
snmpCvcVerified (3),
snmpCvcRejected (4),
codeFileVerified (5),
codeFileRejected (6),
other (7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value indicates the result of the latest config
file CVC verification, SNMP CVC verification, or code file
Green, et al. Standards Track [Page 65]
RFC 4131 DOCSIS BPI Plus MIB September 2005
verification."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section
Sections D.3.3.2 & and D.3.5.1."
::= { docsBpi2CodeDownloadControl 1 }
docsBpi2CodeDownloadStatusString OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object indicates the additional
information to the status code. The value will include
the error code and error description description, which will be defined
separately."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section TBD (see D.3.7)" D.3.7"
::= { docsBpi2CodeDownloadControl 2 }
docsBpi2CodeMfgOrgName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 66]
DOCSIS BPI Plus MIB November 2004
STATUS current
DESCRIPTION
"The value of this object is the device manufacturer's
organizationName."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.2.2."
::= { docsBpi2CodeDownloadControl 3 }
docsBpi2CodeMfgCodeAccessStart OBJECT-TYPE
SYNTAX DateAndTime (SIZE(11))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the device manufacturer's
current codeAccessStart value. This value will always be
referenced
refer to Greenwich Mean Time (GMT) (GMT), and the value
format must contain TimeZone information (fields 8-10)."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.2.2."
::= { docsBpi2CodeDownloadControl 4 }
docsBpi2CodeMfgCvcAccessStart OBJECT-TYPE
SYNTAX DateAndTime (SIZE(11))
Green, et al. Standards Track [Page 66]
RFC 4131 DOCSIS BPI Plus MIB September 2005
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the device manufacturer's
current cvcAccessStart value. This value will always be
referenced
refer to Greenwich Mean Time (GMT) (GMT), and the value
format must contain TimeZone information (fields 8-10)."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.2.2."
::= { docsBpi2CodeDownloadControl 5 }
docsBpi2CodeCoSignerOrgName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Co-Signer's co-signer's
organizationName. The value is a zero length string if
the co-signer is not specified."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.2.2."
::= { docsBpi2CodeDownloadControl 6 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 67]
DOCSIS BPI Plus MIB November 2004
docsBpi2CodeCoSignerCodeAccessStart OBJECT-TYPE
SYNTAX DateAndTime (SIZE(11))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Co-Signer's co-signer's current
codeAccessStart value. This value will always be referenced refer to
Greenwich Mean Time (GMT) (GMT), and the value format must contain
TimeZone information (fields 8-10).
If docsBpi2CodeCoSignerOrgName is a zero
length string, the value of this object is meaningless."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.2.2."
::= { docsBpi2CodeDownloadControl 7 }
docsBpi2CodeCoSignerCvcAccessStart OBJECT-TYPE
SYNTAX DateAndTime (SIZE(11))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object is the Co-Signer's co-signer's current
cvcAccessStart value. This value will always be referenced refer to
Green, et al. Standards Track [Page 67]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Greenwich Mean Time (GMT) (GMT), and the value format must contain
TimeZone information (fields 8-10).
If docsBpi2CodeCoSignerOrgName is a zero
length string, the value of this object is meaningless."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.2.2."
::= { docsBpi2CodeDownloadControl 8 }
docsBpi2CodeCvcUpdate OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting a CVC to this object triggers the device
to verify the CVC and update the cvcAccessStart values,
then the values.
The content of this object is discarded.. then discarded.
If the device is not enabled to upgrade codefiles, or if
the CVC verification fails, the CVC will be rejected.
Reading this object always returns the zero-length OCTET
STRING."
REFERENCE
"DOCSIS Baseline Privacy Plus Interface Specification,
Section D.3.3.2.2."
::= { docsBpi2CodeDownloadControl 9 }
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 68]
DOCSIS BPI Plus MIB November 2004
--
-- The BPI+ MIB Conformance Statements (with a placeholder for
-- notifications)
--
docsBpi2Notification OBJECT IDENTIFIER
::= { docsBpi2MIB 0 }
docsBpi2Conformance OBJECT IDENTIFIER
::= { docsBpi2MIB 2 }
docsBpi2Compliances OBJECT IDENTIFIER
::= { docsBpi2Conformance 1 }
docsBpi2Groups OBJECT IDENTIFIER
::= { docsBpi2Conformance 2 }
docsBpi2CmCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"This is the compliance statement for CMs which that
implement the DOCSIS Baseline Privacy Interface Plus."
MODULE -- docsBpi2MIB
Green, et al. Standards Track [Page 68]
RFC 4131 DOCSIS BPI Plus MIB September 2005
-- unconditionally mandatory group
MANDATORY-GROUPS {
docsBpi2CmGroup,
docsBpi2CodeDownloadGroup
}
-- constrain on Encryption algorithms
OBJECT docsBpi2CmTEKDataEncryptAlg
SYNTAX DocsBpkmDataEncryptAlg {
none(0),
des56CbcMode(1),
des40CbcMode(2)
}
DESCRIPTION
"It is compliant to support des56CbcMode(1) and
des40CbcMode(2) for data encryption algorithms."
-- constrain on Integrity algorithms
OBJECT docsBpi2CmTEKDataAuthentAlg
SYNTAX DocsBpkmDataAuthentAlg {
none(0)
}
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 69]
DOCSIS BPI Plus MIB November 2004
DESCRIPTION
"It is compliant to not support data message
authentication algorithms."
-- constrain on IP addressing
OBJECT docsBpi2CmIpMulticastAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other Support for other address types support may be defined
in future versions of this MIB module."
-- constrain on IP addressing
OBJECT docsBpi2CmIpMulticastAddress
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses Other address types support may be defined in
future versions of this MIB module."
-- constrain on Encryption algorithms
OBJECT docsBpi2CmCryptoSuiteDataEncryptAlg
SYNTAX DocsBpkmDataEncryptAlg {
none(0),
des56CbcMode(1),
des40CbcMode(2)
Green, et al. Standards Track [Page 69]
RFC 4131 DOCSIS BPI Plus MIB September 2005
}
DESCRIPTION
"It is compliant to only support des56CbcMode(1)
and des40CbcMode(2) for data encryption algorithms."
-- constrain on Integrity algorithms
OBJECT docsBpi2CmCryptoSuiteDataAuthentAlg
SYNTAX DocsBpkmDataAuthentAlg {
none(0)
}
DESCRIPTION
"It is compliant to not support data message
authentication algorithms."
::= { docsBpi2Compliances 1 }
docsBpi2CmtsCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"This is the compliance statement for CMTSs which that
implement the DOCSIS Baseline Privacy Interface Plus."
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 70]
DOCSIS BPI Plus MIB November 2004
MODULE -- docsBpi2MIB
-- unconditionally mandatory group
MANDATORY-GROUPS {
docsBpi2CmtsGroup
}
-- unconditionally optional group
GROUP docsBpi2CodeDownloadGroup
DESCRIPTION
"This group is optional for CMTSs. CMTSes. The implementation
decision of this group is left to the vendor"
-- constrain on mandatory range
OBJECT docsBpi2CmtsDefaultAuthLifetime
SYNTAX Integer32 (86400..6048000)
DESCRIPTION
"The refined range corresponds to the minimum and
maximum values in operational networks."
-- constrain on mandatory range
OBJECT docsBpi2CmtsDefaultTEKLifetime
SYNTAX Integer32 (1800..604800)
DESCRIPTION
Green, et al. Standards Track [Page 70]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"The refined range corresponds to the minimum and
maximum values in operational networks."
-- constrain on mandatory range
OBJECT docsBpi2CmtsAuthCmLifetime
SYNTAX Integer32 (86400..6048000)
DESCRIPTION
"The refined range corresponds to the minimum and
maximum values in operational networks."
-- constrain on Encryption algorithms
OBJECT docsBpi2CmtsTEKDataEncryptAlg
SYNTAX DocsBpkmDataEncryptAlg {
none(0),
des56CbcMode(1),
des40CbcMode(2)
}
DESCRIPTION
"It is compliant to only support des56CbcMode(1)
and des40CbcMode(2) for data encryption."
-- constrain on Integrity algorithms
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 71]
DOCSIS BPI Plus MIB November 2004
OBJECT docsBpi2CmtsTEKDataAuthentAlg
SYNTAX DocsBpkmDataAuthentAlg {
none(0)
}
DESCRIPTION
"It is compliant to not support data message
authentication algorithms."
-- constrain on mandatory range
OBJECT docsBpi2CmtsTEKLifetime
SYNTAX Integer32 (1800..604800)
DESCRIPTION
"The refined range corresponds to the minimum and
maximum values in operational networks."
-- constrain on access
-- constrain on IP Addressing
OBJECT docsBpi2CmtsIpMulticastAddressType
SYNTAX InetAddressType { ipv4(1) }
MIN-ACCESS read-only
DESCRIPTION
Green, et al. Standards Track [Page 71]
RFC 4131 DOCSIS BPI Plus MIB September 2005
"Write access is not required.
An implementation is only required to support IPv4
addresses. Other Support for other address types support may be defined
in future versions of this MIB module."
OBJECT docsBpi2CmtsIpMulticastAddress
SYNTAX InetAddress (SIZE(4))
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
An implementation is only required to support IPv4
addresses. Other Support for other address types support may be defined
in future versions of this MIB module."
OBJECT docsBpi2CmtsIpMulticastMask
SYNTAX InetAddress (SIZE(4))
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
An implementation is only required to support IPv4
addresses. Other Support for other address types support may be defined
in future versions of this MIB module."
-- constrain on access
OBJECT docsBpi2CmtsIpMulticastSAId
MIN-ACCESS read-only
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 72]
DOCSIS BPI Plus MIB November 2004
DESCRIPTION
"Write access is not required."
OBJECT docsBpi2CmtsIpMulticastSAType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
-- constrain on access
-- constrain on Encryption algorithms
OBJECT docsBpi2CmtsIpMulticastDataEncryptAlg
SYNTAX DocsBpkmDataEncryptAlg {
none(0),
des56CbcMode(1),
des40CbcMode(2)
}
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
It is compliant to only support des56CbcMode(1)
Green, et al. Standards Track [Page 72]
RFC 4131 DOCSIS BPI Plus MIB September 2005
and des40CbcMode(2) for data encryption"
-- constrain on access
-- constrain on Integrity algorithms
OBJECT docsBpi2CmtsIpMulticastDataAuthentAlg
SYNTAX DocsBpkmDataAuthentAlg {
none(0)
}
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
It is compliant to not support data message
authentication algorithms."
-- constrain on access
OBJECT docsBpi2CmtsMulticastAuthControl
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { docsBpi2Compliances 2 }
docsBpi2CmGroup OBJECT-GROUP
OBJECTS {
docsBpi2CmPrivacyEnable,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 73]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmPublicKey,
docsBpi2CmAuthState,
docsBpi2CmAuthKeySequenceNumber,
docsBpi2CmAuthExpiresOld,
docsBpi2CmAuthExpiresNew,
docsBpi2CmAuthReset,
docsBpi2CmAuthGraceTime,
docsBpi2CmTEKGraceTime,
docsBpi2CmAuthWaitTimeout,
docsBpi2CmReauthWaitTimeout,
docsBpi2CmOpWaitTimeout,
docsBpi2CmRekeyWaitTimeout,
docsBpi2CmAuthRejectWaitTimeout,
docsBpi2CmSAMapWaitTimeout,
docsBpi2CmSAMapMaxRetries,
docsBpi2CmAuthentInfos,
docsBpi2CmAuthRequests,
docsBpi2CmAuthReplies,
docsBpi2CmAuthRejects,
docsBpi2CmAuthInvalids,
docsBpi2CmAuthRejectErrorCode,
Green, et al. Standards Track [Page 73]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmAuthRejectErrorString,
docsBpi2CmAuthInvalidErrorCode,
docsBpi2CmAuthInvalidErrorString,
docsBpi2CmTEKSAType,
docsBpi2CmTEKDataEncryptAlg,
docsBpi2CmTEKDataAuthentAlg,
docsBpi2CmTEKState,
docsBpi2CmTEKKeySequenceNumber,
docsBpi2CmTEKExpiresOld,
docsBpi2CmTEKExpiresNew,
docsBpi2CmTEKKeyRequests,
docsBpi2CmTEKKeyReplies,
docsBpi2CmTEKKeyRejects,
docsBpi2CmTEKInvalids,
docsBpi2CmTEKAuthPends,
docsBpi2CmTEKKeyRejectErrorCode,
docsBpi2CmTEKKeyRejectErrorString,
docsBpi2CmTEKInvalidErrorCode,
docsBpi2CmTEKInvalidErrorString,
docsBpi2CmIpMulticastAddressType,
docsBpi2CmIpMulticastAddress,
docsBpi2CmIpMulticastSAId,
docsBpi2CmIpMulticastSAMapState,
docsBpi2CmIpMulticastSAMapRequests,
docsBpi2CmIpMulticastSAMapReplies,
docsBpi2CmIpMulticastSAMapRejects,
docsBpi2CmIpMulticastSAMapRejectErrorCode,
docsBpi2CmIpMulticastSAMapRejectErrorString,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 74]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmDeviceCmCert,
docsBpi2CmDeviceManufCert,
docsBpi2CmCryptoSuiteDataEncryptAlg,
docsBpi2CmCryptoSuiteDataAuthentAlg
}
STATUS current
DESCRIPTION
"This collection of objects provides CM BPI+ status
and control."
::= { docsBpi2Groups 1 }
docsBpi2CmtsGroup OBJECT-GROUP
OBJECTS {
docsBpi2CmtsDefaultAuthLifetime,
docsBpi2CmtsDefaultTEKLifetime,
docsBpi2CmtsDefaultSelfSignedManufCertTrust,
docsBpi2CmtsCheckCertValidityPeriods,
docsBpi2CmtsAuthentInfos,
docsBpi2CmtsAuthRequests,
docsBpi2CmtsAuthReplies,
Green, et al. Standards Track [Page 74]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsAuthRejects,
docsBpi2CmtsAuthInvalids,
docsBpi2CmtsSAMapRequests,
docsBpi2CmtsSAMapReplies,
docsBpi2CmtsSAMapRejects,
docsBpi2CmtsAuthCmBpiVersion,
docsBpi2CmtsAuthCmPublicKey,
docsBpi2CmtsAuthCmKeySequenceNumber,
docsBpi2CmtsAuthCmExpiresOld,
docsBpi2CmtsAuthCmExpiresNew,
docsBpi2CmtsAuthCmLifetime,
docsBpi2CmtsAuthCmReset,
docsBpi2CmtsAuthCmInfos,
docsBpi2CmtsAuthCmRequests,
docsBpi2CmtsAuthCmReplies,
docsBpi2CmtsAuthCmRejects,
docsBpi2CmtsAuthCmInvalids,
docsBpi2CmtsAuthRejectErrorCode,
docsBpi2CmtsAuthRejectErrorString,
docsBpi2CmtsAuthInvalidErrorCode,
docsBpi2CmtsAuthInvalidErrorString,
docsBpi2CmtsAuthPrimarySAId,
docsBpi2CmtsAuthBpkmCmCertValid,
docsBpi2CmtsAuthBpkmCmCert,
docsBpi2CmtsAuthCACertIndexPtr,
docsBpi2CmtsTEKSAType,
docsBpi2CmtsTEKDataEncryptAlg,
docsBpi2CmtsTEKDataAuthentAlg,
docsBpi2CmtsTEKLifetime,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 75]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsTEKKeySequenceNumber,
docsBpi2CmtsTEKExpiresOld,
docsBpi2CmtsTEKExpiresNew,
docsBpi2CmtsTEKReset,
docsBpi2CmtsKeyRequests,
docsBpi2CmtsKeyReplies,
docsBpi2CmtsKeyRejects,
docsBpi2CmtsTEKInvalids,
docsBpi2CmtsKeyRejectErrorCode,
docsBpi2CmtsKeyRejectErrorString,
docsBpi2CmtsTEKInvalidErrorCode,
docsBpi2CmtsTEKInvalidErrorString,
docsBpi2CmtsIpMulticastAddressType,
docsBpi2CmtsIpMulticastAddress,
docsBpi2CmtsIpMulticastMask,
docsBpi2CmtsIpMulticastSAId,
docsBpi2CmtsIpMulticastSAType,
docsBpi2CmtsIpMulticastDataEncryptAlg,
docsBpi2CmtsIpMulticastDataAuthentAlg,
Green, et al. Standards Track [Page 75]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsIpMulticastSAMapRequests,
docsBpi2CmtsIpMulticastSAMapReplies,
docsBpi2CmtsIpMulticastSAMapRejects,
docsBpi2CmtsIpMulticastSAMapRejectErrorCode,
docsBpi2CmtsIpMulticastSAMapRejectErrorString,
docsBpi2CmtsIpMulticastMapControl,
docsBpi2CmtsIpMulticastMapStorageType,
docsBpi2CmtsMulticastAuthControl,
docsBpi2CmtsProvisionedCmCertTrust,
docsBpi2CmtsProvisionedCmCertSource,
docsBpi2CmtsProvisionedCmCertStatus,
docsBpi2CmtsProvisionedCmCert,
docsBpi2CmtsCACertSubject,
docsBpi2CmtsCACertIssuer,
docsBpi2CmtsCACertSerialNumber,
docsBpi2CmtsCACertTrust,
docsBpi2CmtsCACertSource,
docsBpi2CmtsCACertStatus,
docsBpi2CmtsCACert,
docsBpi2CmtsCACertThumbprint
}
STATUS current
DESCRIPTION
"This collection of objects provides CMTS BPI+ status
and control."
::= { docsBpi2Groups 2 }
docsBpi2CodeDownloadGroup OBJECT-GROUP
OBJECTS {
docsBpi2CodeDownloadStatusCode,
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 76]
DOCSIS BPI Plus MIB November 2004
docsBpi2CodeDownloadStatusString,
docsBpi2CodeMfgOrgName,
docsBpi2CodeMfgCodeAccessStart,
docsBpi2CodeMfgCvcAccessStart,
docsBpi2CodeCoSignerOrgName,
docsBpi2CodeCoSignerCodeAccessStart,
docsBpi2CodeCoSignerCvcAccessStart,
docsBpi2CodeCvcUpdate
}
STATUS current
DESCRIPTION
"This collection of objects provide provides authenticated
software download support."
::= { docsBpi2Groups 3 }
END
Green, et al. Standards Track [Page 76]
RFC 4131 DOCSIS BPI Plus MIB September 2005
4. Acknowledgments Acknowledgements
Kaz Ozawa - Ozawa: Authenticated Software Download objects and general suggestions
suggestions.
Rich Woundy - Woundy: BPI MIB and general MIB expertise expertise.
Mike St Johns - St. Johns: BPI MIB and 1st draft first version of BPI+ MIB MIB.
Bert Wijnen - Wijnen: Extensive comments in MIB syntax and accuracy accuracy.
Thanks to Mike Sabin and Manson Wong for reviewing early BPI+ MIB Drafts
drafts and to Jean-Francois Mule for contributing to the last
versions.
5. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)",
STD 58, RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, J. Schoenwaelder,
"Textual Conventions for SMIv2", STD 58, RFC 2579, April
1999.
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 77]
DOCSIS BPI Plus MIB November 2004
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, J. Schoenwaelder,
"Conformance Statements for SMIv2", RFC 2580, STD 58, RFC 2580,
April 1999.
[RFC3411] Harrington, D., Presuhn, R. R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC
3411, December 2002.
[RFC2021] Waldbusser, S "Remote Network Monitoring Management
Information Base Version 2 using SMIv2", RFC 2021,
January 1997.
************************************************************
* NOTES TO RFC Editor (to be removed prior to publication) *
* *
* The I-D <draft-ietf-rmonmib-rmon2-v2-00.txt> (or a *
* successor) is expected to eventually replace RFC 2021 *
* If that draft (or a successor) is published as a RFC *
* prior to or concurrently with this document, then the *
* normative reference [RFC2021] should be updated to *
* point to the replacement RFC. *
* *
************************************************************
[RFC3291]
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder,
J., "Textual Conventions for Internet Network
Addresses", RFC 3291, May 2002.
************************************************************
* NOTES TO RFC Editor (to be removed prior to publication) *
* *
* 1.) The I-D <draft-ietf-ops-rfc3291bis-05.txt> (or a *
* successor) is expected to eventually replace RFC 3291. *
* If that draft (or a successor) is published as an RFC *
* prior to or concurrently with this document, then the *
* normative reference [RFC3291] should be updated to *
* point to the replacement RFC, and the reference tag *
* [RFC3291] should be updated to match. *
* *
************************************************************ 4001, February 2005.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000.
Green, et al. Standards Track [Page 77]
RFC 4131 DOCSIS BPI Plus MIB September 2005
[RFC2670] St. Johns, M., "Radio Frequency (RF) Interface
Management Information Base for MCNS/DOCSIS compliant RF
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 78]
DOCSIS BPI Plus MIB November 2004
interfaces", RFC 2670, August 1999.
[1]
[DOCSIS] "Data-Over-Cable Service Interface Specifications:
Baseline Privacy Plus Interface Specification SP-BPI+-I11-040407", SP-BPI+-
I11-040407", DOCSIS, April 2004, available at
http://www.cablemodem.com.
http://www.cablelabs.com/specifications/archives.
6. Informative References
[RFC3083] Woundy, R., "Baseline Privacy Interface Management
Information Base for DOCSIS Compliant Cable Modems and
Cable Modem Termination Systems", RFC 3083, March 2001.
[RFC3410] Case, J., Mundy, R., Partain, D. D., and B. Stewart,
"Introduction and Applicability Statements for
Internet-Standard Management Framework", RFC 3410,
December 2002.
[RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 3513, April 2003.
[IANA] "Protocol Numbers and Assignment Services", IANA,
http://www.iana.org/assignments/ianaiftype-mib.
[2]
[DOCSIS-1.0] "Data-Over-Cable Service Interface Specifications:
DOCSIS 1.0 Baseline Privacy Interface (BPI) ANSI/SCTE
22-2 2202, Available at http://www.scte.org.
[3]
[DOCSIS-1.1] "Data-Over-Cable Service Interface Specifications:
Operations Support System Interface Specification
SP-OSSIv1.1-I07-030730", SP-
OSSIv1.1-I07-030730", DOCSIS 1.1 July 2003, available at
http://www.cablemodem.com.
http://www.cablelabs.com/specifications/archives.
[4] " Data-Over-Cable
[DOCSIS-2.0] "Data-Over-Cable Service Interface Specifications:
Operations Support System Interface Specification
SP-OSSIv2.0-I05-040407", SP-
OSSIv2.0-I05-040407", DOCSIS 2.0 April 2004,
http://www.cablemodem.com.
http://www.cablelabs.com/specifications/archives.
7. Security Considerations
There are a number of management
[IANA] "Protocol Numbers and Assignment Services", IANA,
http://www.iana.org/assignments/ianaiftype-mib.
Green, et al. Standards Track [Page 78]
RFC 4131 DOCSIS BPI Plus MIB September 2005
7. Security Considerations
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create.
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 79]
DOCSIS BPI Plus MIB November 2004 Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-
secure non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
- The following objects, if SNMP SET maliciously maliciously, could constitute
a
denial of service, service or theft of service attacks or compromise the
intended data privacy of users:
Objects related to the Baseline Privacy Key Management (BPKM)
docsBpi2CmAuthReset,
docsBpi2CmtsAuthCmReset,
docsBpi2CmtsTEKReset:
These objects are used for initiating a re-key process. A
malicious massive SET attack may cause CMTS processing
overload and may compromise the service.
docsBpi2CmtsDefaultAuthLifetime,
docsBpi2CmtsDefaultTEKLifetime,
docsBpi2CmtsAuthCmLifetime,
docsBpi2CmtsTEKLifetime:
Implementers are encouraged to follow these objects
range constrains defined in docsBpi2CmtsCompliance
MODULE-COMPLIANCE clause for operational deployments
to
To minimize the risk of malicious or unintended short periods
of time for keys when key updates that may lead into to degradation or denial of service.
service, implementers are encouraged to follow these objects'
range constraints, as defined in the docsBpi2CmtsCompliance
MODULE-COMPLIANCE clause for operational deployments.
docsBpi2CmtsDefaultSelfSignedManufCertTrust:
A malicious SET in a self-signed certificate as
'untrusted' may cause CM to receive an authorization reject message
message, which may constitute denial of service. This object
is designed for testing purposes,
Therefore purposes; therefore, it is not
RECOMMENDED to be used for use in commercial
Deployments [1]. deployments [DOCSIS].
Administrators can make usage use of View-based Access Control
(VACM) introduced in section 7.9 of [RFC3410] to restrict
write access to this object.
docsBpi2CmtsCheckCertValidityPeriods:
A malicious SET in this object enabling that enables the period
validity plus and a wrong clock time in the CMTS, CMTS could cause denial
of service service, as CM authorization requests will be rejected.
Green, et al. Standards Track [Page 79]
RFC 4131 DOCSIS BPI Plus MIB September 2005
For more details in the validation of CM certificates, refer to
section 9 of [1].
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 80]
DOCSIS BPI Plus MIB November 2004 [DOCSIS] .
Objects related to the CM only:
Objects in docsBpi2CmDeviceCertTable
docsBpi2CmDeviceCmCert:
This object is not harmful harmful, considering that a CM received a
Certificate during the manufacturing process.
Therefore Therefore, the
object access becomes read-only. See the object DESCRIPTION
clause in section 3 for details.
Objects for Secure Software Download in table
docsBpi2CodeDownloadControl:
docsBpi2CodeCvcUpdate:
A malicious SET on this object may not constitute a risk risk,
since the CM holds the DOCSIS root key to verified verify the CVC
authenticity. Operator The operator, if configured, could receive a
notification for those events occurrences that event occurrences, which may lead to detect
detecting the source of the attack. Moreover, [1] [DOCSIS]
recommends that CMs CVC are be regularly updated to minimize the
risk of potential code-signing keys being (e.g. compromised (e.g.,
by configuration file) file).
Objects related to the CMTS only:
Objects in docsBpi2CmtsProvisionedCmCertTable and
docsBpi2CmtsCACertTable containing CM Certificates and Certificate
Authority information information, respectively:
docsBpi2CmtsProvisionedCmCertTrust,
docsBpi2CmtsProvisionedCmCertStatus,
docsBpi2CmtsProvisionedCmCert,
docsBpi2CmtsCACertStatus,
docsBpi2CmtsCACert:
Malicious
A malicious SET on these objects may constitute a denial of
service attack that will be experienced after the CMs perform
authorization requests. It does not affect CMs in the
authorized state.
Objects in multicast tables docsBpi2CmtsIpMulticastMapTable and
docsBpi2CmtsMulticastAuthTable:
docsBpi2CmtsIpMulticastAddressType,
docsBpi2CmtsIpMulticastAddress,
docsBpi2CmtsIpMulticastMaskType,
Green, et al. Standards Track [Page 80]
RFC 4131 DOCSIS BPI Plus MIB September 2005
docsBpi2CmtsIpMulticastMask,
docsBpi2CmtsIpMulticastSAId,
docsBpi2CmtsIpMulticastSAType:
Malicious SET on these objects may cause
mis-configuration misconfiguration,
causing interruption of the users
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 81]
DOCSIS BPI Plus MIB November 2004 users' active multicast
applications.
docsBpi2CmtsIpMulticastDataEncryptAlg,
docsBpi2CmtsIpMulticastDataAuthentAlg:
Malicious SETs on these objects may create service mis-
configuration
misconfiguration, causing service interruption or theft of
service if encryption algorithms are removed for the multicast
groups.
docsBpi2CmtsIpMulticastMapControl,
docsBpi2CmtsMulticastAuthControl:
Malicious SETs on these objects may remove and/or disable
customers and/or multicast groups groups, causing service disruption. Also
This may also constitute theft of service by authorizing non non-
subscribed user users to multicast groups or by adding other
multicast groups in the forward path.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
Objects in docsBpi2CmBaseTable, docsBpi2CmTEKTable,
docsBpi2CmtsBaseTable, docsBpi2CmtsAuthTable,
docsBpi2CmtsTEKTable, docsBpi2CmtsProvisionedCmCertTable docsBpi2CmtsProvisionedCmCertTable, and
docsBpi2CmtsCACertTable
docsBpi2CmtsCACertTable:
If this information is accessible, attackers may use this information it to
discriminate
distinguish users configured to work without data encryption (e.g.
(e.g., docsBpi2CmPrivacyEnable) and to know current Baseline
Privacy parameters in the network.
Objects in docsBpi2CmIpMulticastMapTable and
docsBpi2CmtsMulticastAuthTable
docsBpi2CmtsMulticastAuthTable:
In addition to the vulnerabilities around BPI plus multicast
objects described in a the previous apart, part, the read-only objects
of this table may help attackers to monitor the status of the intrusion
intrusion.
Green, et al. Standards Track [Page 81]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Objects in docsBpi2CodeDownloadControl docsBpi2CodeDownloadControl:
In addition to the vulnerability of the read-write object
docsBpi2CodeCvcUpdate, Attackers attackers may be able to monitor the
status of a denial of service using Secure Software Download.
SNMP versions prior to SNMPv3 did not include adequate security.
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 82]
DOCSIS BPI Plus MIB November 2004
Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
BPI+ Encryption Algorithms:
The BPI+ Traffic Encryption Keys TEK (see [1]) uses DES
(Data Encryption Standard) 56 (TEK) defined in the DOCSIS BPI+
specification [DOCSIS] use 40-bit or 40 bits 56-bit DES for encryption ciphers. (DES
CBC mode). Currently, there is no mechanism or algorithm defined for
data integrity.
Due to the DES cryptographic strength weakness, weaknesses, future revisions of the
DOCSIS BPI+ specification [1] should introduce more advanced encryption algorithms
algorithms, as proposed in the DocsBpkmDataEncryptAlg textual
convention, to overcome the progress in cheaper and faster hardware
or software decryption tools.
Traffic Encryption Keys (TEK) are configured per CM and per BPI+
multicast group which may reduce the threat Future revisions of the DES weakness for
the overall system. The time to crack DES could be additionally
mitigated by a compromised value for DOCSIS BPI+
specification [DOCSIS] should also adopt authentication algorithms,
as described in the TEK lifetime and Grace Time
(up DocsBpkmDataAuthentAlg textual convention.
It is important to a minimum note that frequent key changes do not necessarily
help in mitigating or reducing the risks of 30 minutes for a DES attack. Indeed,
the TEK lifetime, see
Appendix A [1]).
Not traffic encryption keys, which are configured on a per cable
modem basis and per BPI+ multicast group, can be utilized to decrypt
old traffic, even when they are no longer in active use.
Green, et al. Standards Track [Page 82]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Note that, not exempt of to the same recommendations as above, The the CM BPI+
Authorization
authorization protocol uses triple DES encryption, which offers
improved robustness compared in comparison to DES for CM
Authorization authorization and TEK
re-key management.
8. IANA Considerations
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values value, recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER Value
---------- -----------------------
docsBpi2MIB { mib-2 yy 126 }
Editor's Note (to be removed prior to publication): the IANA is
requested to assign a value for yy under the mib-2 subtree and
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 83]
RFC 4131 DOCSIS BPI Plus MIB November 2004
to record the assignment in the SMI Numbers registry. When the
assignment has been made, the RFC Editor is asked to replace yy
(here and in the MIB module) with the assigned value and to remove
this note.
9. September 2005
Authors' Addresses
Stuart M. Green
ADC Telecommunications, Inc.
Mailstop 1641
8 Technology Drive
Westborough, MA 01581
U.S.A.
Phone: +1 508 870 2554
Email: stuart.green@adc.com
EMail: rubbersoul3@yahoo.com
Kaz Ozawa
Cable Modem & Network Dept.
Server & Network Div.
Automotive Systems Development Center
TOSHIBA CORPORATION Digital Media Network Company
1-1, Shibaura 1-Chome, 1-Chome
Minato-ku, Tokyo 105-8001
Japan
Phone: +81-3-3457-2726
Email: +81-3-3457-8569
Fax: +81-3-5444-9325
EMail: Kazuyoshi.Ozawa@toshiba.co.jp
Alexander Katsnelson
Cable Television Laboratories, Inc.
858 Coal Creek Circle
Louisville, CO 80027- 9750
U.S.A.
Phone: +1 303 661 9100
E-mail: a.katsnelson@cablelabs.com +1-303-680-3924
EMail: katsnelson6@peoplepc.com
Eduardo Cardona
Cable Television Laboratories, Inc.
858 Coal Creek Circle
Louisville, CO 80027- 9750
U.S.A.
Phone: +1 303 661 9100
E-mail:
EMail: e.cardona@cablelabs.com
10. Disclaimer of Validity
Green, et al. Standards Track [Page 84]
RFC 4131 DOCSIS BPI Plus MIB September 2005
Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 84]
DOCSIS BPI Plus MIB November 2004 THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
11.
Intellectual Property
The IETF takes no position regarding the validity or scope of
Any any
Intellectual Property Rights or other rights that might be
Claimed claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
12. Copyright Statement
Copyright (C) The Internet Society (2004). This document ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is
subject to the rights, licenses and restrictions contained in BCP
78, and except as set forth therein, the authors retain all their
rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by currently provided by the
Internet Society.
-- Note to RFC editor:
-- delete text below between the start delete and stop
-- delete marks when publishing the RFC
Green/Ozawa/Katsnelson/Cardona Expires March 2005
Green, et al. Standards Track [Page 85]
DOCSIS BPI Plus MIB November 2004
-- [start delete]
drafts Revision History
REVISION "200409070000Z"
DESCRIPTION
Reverted Counters to Counter32 instead of a mix of Counter32
and ZeroBasedCounter32.
Used generic MIB sentence for row entries with 'permanent'
StorageType objects
Updated text for non-contiguous netmask."
REVISION "200408020000Z"
DESCRIPTION
"Details and explanation of selection of non-contiguous
netmask instead of InetAddressPrefixLength syntax
for docsBpi2CmtsIpMulticastMapTable: sections 2.1.2 and
object docsBpi2CmtsIpMulticastMask
Added section 2.3 'BPI+ MIB module relationship with The
Interfaces Group MIB' to explain the ZeroBasedCounter32
Usage. Updated discontinuity requirements in all counter
objects
Clarifications for the Zero-length OCTET STRING of
docsBpi2CmtsCACertThumbprint, similar to docsBpi2CmtsCACert.
Requirement of no instantiation of
docsBpi2CmtsAuthCmExpiresOld for entries with associated CM
in BPI mode.
Added writable requirements for read-write and read-create
objects within a row entry with StorageType 'permanent'
status
Small updates in objects docsBpi2CmtsIpMulticastMapControl
entries docsBpi2CmtsIpMulticastMapStorageType
REVISION "200407190000Z"
DESCRIPTION
"Comments received from Area Advisor incorporated and other
Updates:
Added persistent requirements for read-create and
read-write objects.
Added object docsBpi2CmtsIpMulticastMapStorageType with
syntax read-only
Correction in descriptions of objects of ZeroBasedCounter32
And added discontinuity statements.
Syntax for docsBpi2CmtsAuthCACertIndexPtr,
docsBpi2CmtsCACertIndex, docsBpi2CmIpMulticastIndex and
docsBpi2CmtsIpMulticastIndex refined as Unsigned32
(1..4294967295).
Clarified the use of Address Mask instead of prefixLength
Deleted object docsBpi2CmtsIpMulticastMaskType, instead use
docsBpi2CmtsIpMulticastAddressType for both
docsBpi2CmtsIpMulticastAddress and
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 86]
DOCSIS BPI Plus MIB November 2004
docsBpi2CmtsIpMulticastMask.
Corrections and details for RowStatus objects considerations
based on MIB review Guidelines
draft-ietf-ops-mib-review-guidelines-03.txt.
Changed OIDs for docsBpi2Notification and
docsBpi2Conformance.
Better handling of Unicode representation for <CR> <LF>
Characters.
Added return error message for invalid set of
docsBpi2CmDeviceCmCert.
Added note in security section for usage of DES considered
Weak.
Clarification in description of object
docsBpi2CmtsDefaultSelfSignedManufCertTrust."
REVISION "200310270000Z"
DESCRIPTION
"Added section 2.2 Relationship between BPI+ and BPI MIBs
and added informative references
Aligned Description and Syntax of TC DocsBpkmSAType
Removed obsolete Group docsBpi2CmtsCompliance and its
obsolete objects, OIDs sequence adjustments.
Cleared used References and updated BPI 1.0 refs to SCTE
Added TC DocsSAId and DocsSAIdOrZero
Added Text to Ipv4 compliances
Removed docsBpi2ObsoleteObjectsGroup OBJECT-GROUP and
OBJECTS docsBpi2CmtsAuthCmGraceTime and
docsBpi2CmtsTEKGraceTime"
REVISION "200308010000Z"
DESCRIPTION
"Defined TEXTUAL-CONVENTION for SAType related objects:
docsBpi2CmTEKSAType, docsBpi2CmtsTEKSAType and
docsBpi2CmtsIpMulticastSAType
Refined definition of docsBpi2CmtsAuthCmBpiVersion to
clarify the usage of named-value bpi(0)
Compliances statements for CM and CMTS in separated
Modules and additional syntax corrections
Updated SNMPv3 references
More detail in section 7. Security Considerations for
object or group of objects."
REVISION "200306240000Z"
DESCRIPTION
"Modified security section and updated author's contact
info"
REVISION "200302090000Z"
DESCRIPTION
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 87]
DOCSIS BPI Plus MIB November 2004
"Removed extraneous CRL references in text and MIB.
Modified encodings for docsBpi2CodeDownloadStatusCode
Modified encodings for docsBpi2CmtsAuthBpkmCmCertValid.
Added a new object docsBpi2CmtsAuthCACertIndexPtr into
the docsBpi2CmtsAuthTable.
Made modifications to object descriptions for
docsBpi2CodeMfgCodeAccessStart
docsBpi2CodeMfgCvcAccessStart
docsBpi2CodeCoSignerCodeAccessStart
docsBpi2CodeCoSignerCvcAccessStart.
Changed several object descriptions in docsBpi2CmTEKTable
and docsBpi2CmtsTEKTable."
REVISION "200211010000Z"
DESCRIPTION
"Added encodings for docsBpi2CodeDownloadStatusCode,
removed CRL object, table, & group, and made minor
modifications to some object descriptions."
REVISION "200111210000Z"
DESCRIPTION
"Added encodings for docsBpi2CmtsAuthBpkmCmCertValid,
added CRL object, table, & group, and made minor
modifications to many object descriptions."
REVISION "200104170000Z"
DESCRIPTION
"Modified CM and CMTS IP Multicast table indexing in
preparation for IPV6. Obsoleted grace time objects
from the CMTS portion of the MIB."
REVISION "200011171930Z"
DESCRIPTION
"Replaced DisplayString type with SnmpAdminString type.
Several object descriptions were also changed."
-- [stop delete]
Green/Ozawa/Katsnelson/Cardona Expires March 2005 [Page 88]
----