This is the MIB module for the DOCSIS Baseline Privacy Plus Interface (BPI+) at cable modems (CMs) and cable modem termination s...
Version: 2004-09-07
module DOCS-IETF-BPI2-MIB { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:smiv2:DOCS-IETF-BPI2-MIB"; prefix DOCS-IETF-BPI2-MIB; import IF-MIB { prefix if-mib; } import INET-ADDRESS-MIB { prefix inet-address; } import SNMP-FRAMEWORK-MIB { prefix snmp-framework; } import SNMPv2-TC { prefix snmpv2-tc; } import ietf-yang-smiv2 { prefix smiv2; } import ietf-yang-types { prefix yang; } organization "IETF IP over Cable Data Network (IPCDN) Working Group"; contact "--------------------------------------- Stuart M. Green Postal: ADC Telecommunications, Inc. Mailstop 1641 8 Technology Drive Westborough, MA 01581 U.S.A. Tel: +1 508 870 2554 E-mail: stuart.green@adc.com --------------------------------------- Kaz Ozawa Cable Modem & Network Dept. Server & Network Div. TOSHIBA CORPORATION Digital Media Network Company 1-1, Shibaura 1-Chome Minato-ku, Tokyo 105-8001 Japan Phone: +81-3-3457-2726 FAX: +81-3-5444-9359 Email: Kazuyoshi.Ozawa@toshiba.co.jp --------------------------------------- Alexander Katsnelson Postal: Cable Television Laboratories, Inc. 858 Coal Creek Circle Louisville, CO 80027- 9750 U.S.A. Tel: +1 303 661 9100 Fax: +1 303 661 9199 E-mail: a.katsnelson@cablelabs.com --------------------------------------- Eduardo Cardona Postal: Cable Television Laboratories, Inc. 858 Coal Creek Circle Louisville, CO 80027- 9750 U.S.A. Tel: +1 303 661 9100 Fax: +1 303 661 9199 E-mail: e.cardona@cablelabs.com --------------------------------------- IETF IPCDN Working Group General Discussion: ipcdn@ietf.org Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn. Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn. Co-chairs: Richard Woundy, rwoundy@cisco.com Jean-Francois Mule, jfm@cablelabs.com"; description "This is the MIB module for the DOCSIS Baseline Privacy Plus Interface (BPI+) at cable modems (CMs) and cable modem termination systems (CMTSs). Copyright (C) The Internet Society (2004). This version of this MIB module is part of RFC XXXX; see the RFC itself for full legal notices."; revision "2004-09-07" { description "Initial version of the IETF BPI+ MIB module. This version published as RFC 4131."; } smiv2:alias "docsIetfBpi2MIB" { smiv2:oid "1.3.6.1.2.1.126"; } smiv2:alias "docsIetfBpi2Notification" { smiv2:oid "1.3.6.1.2.1.126.0"; } smiv2:alias "docsIetfBpi2MIBObjects" { smiv2:oid "1.3.6.1.2.1.126.1"; } smiv2:alias "docsIetfBpi2CmObjects" { smiv2:oid "1.3.6.1.2.1.126.1.1"; } smiv2:alias "docsIetfBpi2CmMulticastObjects" { smiv2:oid "1.3.6.1.2.1.126.1.1.3"; } smiv2:alias "docsIetfBpi2CmCertObjects" { smiv2:oid "1.3.6.1.2.1.126.1.1.4"; } smiv2:alias "docsIetfBpi2CmtsObjects" { smiv2:oid "1.3.6.1.2.1.126.1.2"; } smiv2:alias "docsIetfBpi2CmtsMulticastObjects" { smiv2:oid "1.3.6.1.2.1.126.1.2.4"; } smiv2:alias "docsIetfBpi2CmtsCertObjects" { smiv2:oid "1.3.6.1.2.1.126.1.2.5"; } smiv2:alias "docsIetfBpi2CodeDownloadControl" { smiv2:oid "1.3.6.1.2.1.126.1.4"; } smiv2:alias "docsIetfBpi2Conformance" { smiv2:oid "1.3.6.1.2.1.126.2"; } smiv2:alias "docsIetfBpi2Compliances" { smiv2:oid "1.3.6.1.2.1.126.2.1"; } smiv2:alias "docsIetfBpi2Groups" { smiv2:oid "1.3.6.1.2.1.126.2.2"; } typedef DocsX509ASN1DEREncodedCertificate { type binary { length "0..4096"; } description "An X509 digital certificate encoded as an ASN.1 DER object."; } typedef DocsSAId { type int32 { smiv2:display-hint "d"; range "1..16383"; } description "Security Association identifier (SAId)"; reference " DOCSIS Baseline Privacy Plus Interface specification, Section 2.1.3 BPI+ Security Associations"; } typedef DocsSAIdOrZero { type uint32 { smiv2:display-hint "d"; range "0..16383"; } description "Security Association identifier (SAId). The value zero indicates the SAId is yet to be determined"; reference " DOCSIS Baseline Privacy Plus Interface specification, Section 2.1.3 BPI+ Security Associations"; } typedef DocsBpkmSAType { type enumeration { enum "none" { value 0; } enum "primary" { value 1; } enum "static" { value 2; } enum "dynamic" { value 3; } } description "The type of security association (SA). The values of the named-numbers are associated with the BPKM SA-Type attributes: 'primary' corresponds to code '1', 'static' to code '2' 'dynamic' to code '3'. 'none' value must only be used if the SA type has yet to be determined."; reference "DOCSIS Baseline Privacy Plus Interface specification, Section 4.2.2.24"; } typedef DocsBpkmDataEncryptAlg { type enumeration { enum "none" { value 0; } enum "des56CbcMode" { value 1; } enum "des40CbcMode" { value 2; } enum "t3Des128CbcMode" { value 3; } enum "aes128CbcMode" { value 4; } enum "aes256CbcMode" { value 5; } } description "The list of data encryption algorithms defined for the DOCSIS interface in the BPKM cryptographic-suite parameter. The Value 'none' is indicates that the SAID being referenced has no data encryption."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } typedef DocsBpkmDataAuthentAlg { type enumeration { enum "none" { value 0; } enum "hmacSha196" { value 1; } } description "The list of data integrity algorithms defined for the DOCSIS interface in the BPKM cryptographic-suite parameter. The value 'none' indicates no data integrity is used for the SAID being referenced."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } container DOCS-IETF-BPI2-MIB { config false; container docsIetfBpi2CodeDownloadControl { smiv2:oid "1.3.6.1.2.1.126.1.4"; leaf docsIetfBpi2CodeDownloadStatusCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.1"; type enumeration { enum "configFileCvcVerified" { value 1; } enum "configFileCvcRejected" { value 2; } enum "snmpCvcVerified" { value 3; } enum "snmpCvcRejected" { value 4; } enum "codeFileVerified" { value 5; } enum "codeFileRejected" { value 6; } enum "other" { value 7; } } description "The value indicates the result of the latest config file CVC verification, SNMP CVC verification, or code file verification."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.3.2 & D.3.5.1."; } leaf docsIetfBpi2CodeDownloadStatusString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.2"; type snmp-framework:SnmpAdminString; description "The value of this object indicates the additional information to the status code. The value will include the error code and error description which will be defined separately."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section TBD (see D.3.7)"; } leaf docsIetfBpi2CodeMfgOrgName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.3"; type snmp-framework:SnmpAdminString; description "The value of this object is the device manufacturer's organizationName."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.2.2."; } leaf docsIetfBpi2CodeMfgCodeAccessStart { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.4"; type snmpv2-tc:DateAndTime { length "11"; } description "The value of this object is the device manufacturer's current codeAccessStart value. This value always be referenced to Greenwich Mean Time (GMT) and the value format must contain TimeZone information (fields 8-10)."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.2.2."; } leaf docsIetfBpi2CodeMfgCvcAccessStart { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.5"; type snmpv2-tc:DateAndTime { length "11"; } description "The value of this object is the device manufacturer's current cvcAccessStart value. This value always be referenced to Greenwich Mean Time (GMT) and the value format must contain TimeZone information (fields 8-10)."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.2.2."; } leaf docsIetfBpi2CodeCoSignerOrgName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.6"; type snmp-framework:SnmpAdminString; description "The value of this object is the Co-Signer's organizationName. The value is a zero length string if the co-signer is not specified."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.2.2."; } leaf docsIetfBpi2CodeCoSignerCodeAccessStart { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.7"; type snmpv2-tc:DateAndTime { length "11"; } description "The value of this object is the Co-Signer's current codeAccessStart value. This value always be referenced to Greenwich Mean Time (GMT) and the value format must contain TimeZone information (fields 8-10). If docsIetfBpi2CodeCoSignerOrgName is a zero length string, the value of this object is meaningless."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.2.2."; } leaf docsIetfBpi2CodeCoSignerCvcAccessStart { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.4.8"; type snmpv2-tc:DateAndTime { length "11"; } description "The value of this object is the Co-Signer's current cvcAccessStart value. This value always be referenced to Greenwich Mean Time (GMT) and the value format must contain TimeZone information (fields 8-10). If docsIetfBpi2CodeCoSignerOrgName is a zero length string, the value of this object is meaningless."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.2.2."; } leaf docsIetfBpi2CodeCvcUpdate { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.4.9"; type DocsX509ASN1DEREncodedCertificate; description "Setting a CVC to this object triggers the device to verify the CVC and update the cvcAccessStart values, then the content of this object is discarded.. If the device is not enabled to upgrade codefiles, or the CVC verification fails, the CVC will be rejected. Reading this object always returns the zero-length OCTET STRING."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section D.3.3.2.2."; } } // container docsIetfBpi2CodeDownloadControl container docsIetfBpi2CmBaseTable { smiv2:oid "1.3.6.1.2.1.126.1.1.1"; description "This table describes the basic and authorization related Baseline Privacy Plus attributes of each CM MAC interface."; list docsIetfBpi2CmBaseEntry { smiv2:oid "1.3.6.1.2.1.126.1.1.1.1"; key "ifIndex"; description "Each entry contains objects describing attributes of one CM MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127)."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmPrivacyEnable { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.1"; type boolean; description "This object identifies whether this CM is provisioned to run Baseline Privacy Plus."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1."; } leaf docsIetfBpi2CmPublicKey { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.2"; type binary { length "0..524"; } description "The value of this object is a DER-encoded RSAPublicKey ASN.1 type string, as defined in the RSA Encryption Standard (PKCS #1), corresponding to the public key of the CM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.4."; } leaf docsIetfBpi2CmAuthState { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.3"; type enumeration { enum "start" { value 1; } enum "authWait" { value 2; } enum "authorized" { value 3; } enum "reauthWait" { value 4; } enum "authRejectWait" { value 5; } enum "silent" { value 6; } } description "The value of this object is the state of the CM authorization FSM. The start state indicates that FSM is in its initial state."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.1.2.1."; } leaf docsIetfBpi2CmAuthKeySequenceNumber { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.4"; type int32 { range "0..15"; } description "The value of this object is the most recent authorization key sequence number for this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.2 and 4.2.2.10."; } leaf docsIetfBpi2CmAuthExpiresOld { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.5"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent authorization key for this FSM. If this FSM has only one authorization key, then the value is the time of activation of this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.2 and 4.2.2.9."; } leaf docsIetfBpi2CmAuthExpiresNew { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.6"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the most recent authorization key for this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.2 and 4.2.2.9."; } leaf docsIetfBpi2CmAuthReset { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.7"; type boolean; description "Setting this object to 'true' generates a Reauthorize event in the authorization FSM. Reading this object always returns FALSE. This object is for testing purposes only and therefore it does not require to be associated with a last reset object."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.1.2.3.4."; } leaf docsIetfBpi2CmAuthGraceTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.8"; type int32 { range "1..6047999"; } units "seconds"; description "The value of this object is the grace time for an authorization key in seconds. A CM is expected to start trying to get a new authorization key beginning AuthGraceTime seconds before the most recent authorization key actually expires."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.3."; } leaf docsIetfBpi2CmTEKGraceTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.9"; type int32 { range "1..302399"; } units "seconds"; description "The value of this object is the grace time for the TEK in seconds. The CM is expected to start trying to acquire a new TEK beginning TEK GraceTime seconds before the expiration of the most recent TEK."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.6."; } leaf docsIetfBpi2CmAuthWaitTimeout { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.10"; type int32 { range "1..30"; } units "seconds"; description "The value of this object is the Authorize Wait Timeout in second."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.1."; } leaf docsIetfBpi2CmReauthWaitTimeout { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.11"; type int32 { range "1..30"; } units "seconds"; description "The value of this object is the Reauthorize Wait Timeout in seconds."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.2."; } leaf docsIetfBpi2CmOpWaitTimeout { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.12"; type int32 { range "1..10"; } units "seconds"; description "The value of this object is the Operational Wait Timeout in seconds."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.4."; } leaf docsIetfBpi2CmRekeyWaitTimeout { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.13"; type int32 { range "1..10"; } units "seconds"; description "The value of this object is the Rekey Wait Timeout in seconds."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.5."; } leaf docsIetfBpi2CmAuthRejectWaitTimeout { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.14"; type int32 { range "1..600"; } units "seconds"; description "The value of this object is the Authorization Reject Wait Timeout in seconds."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.7."; } leaf docsIetfBpi2CmSAMapWaitTimeout { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.15"; type int32 { range "1..10"; } units "seconds"; description "The value of this object is the retransmission interval, in seconds, of SA Map Requests from the MAP Wait state."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.8."; } leaf docsIetfBpi2CmSAMapMaxRetries { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.16"; type int32 { range "0..10"; } units "count"; description "The value of this object is the maximum number of Map Request retries allowed."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.1.1.1.9."; } leaf docsIetfBpi2CmAuthentInfos { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.17"; type yang:counter32; description "The value of this object is the count of times the CM has transmitted an Authentication Information message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.9."; } leaf docsIetfBpi2CmAuthRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.18"; type yang:counter32; description "The value of this object is the count of times the CM has transmitted an Authorization Request message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.1."; } leaf docsIetfBpi2CmAuthReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.19"; type yang:counter32; description "The value of this object is the count of times the CM has received an Authorization Reply message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.2."; } leaf docsIetfBpi2CmAuthRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.20"; type yang:counter32; description "The value of this object is the count of times the CM has received an Authorization Reject message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.3."; } leaf docsIetfBpi2CmAuthInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.21"; type yang:counter32; description "The value of this object is the count of times the CM has received an Authorization Invalid message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.7."; } leaf docsIetfBpi2CmAuthRejectErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.22"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "unauthorizedCm" { value 3; } enum "unauthorizedSaid" { value 4; } enum "permanentAuthorizationFailure" { value 8; } enum "timeOfDayNotAcquired" { value 11; } } description "The value of this object is the enumerated description of the Error-Code in most recent Authorization Reject message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Reject message has been received since reboot."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.3 and 4.2.2.15."; } leaf docsIetfBpi2CmAuthRejectErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.23"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in most recent Authorization Reject message received by the CM. This is a zero length string if no Authorization Reject message has been received since reboot."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.3 and 4.2.2.6."; } leaf docsIetfBpi2CmAuthInvalidErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.24"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "unauthorizedCm" { value 3; } enum "unsolicited" { value 5; } enum "invalidKeySequence" { value 6; } enum "keyRequestAuthenticationFailure" { value 7; } } description "The value of this object is the enumerated description of the Error-Code in most recent Authorization Invalid message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Invalid message has been received since reboot."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.7 and 4.2.2.15."; } leaf docsIetfBpi2CmAuthInvalidErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.1.1.25"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in most recent Authorization Invalid message received by the CM. This is a zero length string if no Authorization Invalid message has been received since reboot."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.7 and 4.2.2.6."; } } // list docsIetfBpi2CmBaseEntry } // container docsIetfBpi2CmBaseTable container docsIetfBpi2CmTEKTable { smiv2:oid "1.3.6.1.2.1.126.1.1.2"; description "This table describes the attributes of each CM Traffic Encryption Key (TEK) association. The CM maintains (no more than) one TEK association per SAID per CM MAC interface."; list docsIetfBpi2CmTEKEntry { smiv2:oid "1.3.6.1.2.1.126.1.1.2.1"; key "ifIndex docsIetfBpi2CmTEKSAId"; description "Each entry contains objects describing the TEK association attributes of one SAID. The CM MUST create one entry per SAID, regardless of whether the SAID was obtained from a Registration Response message, from an Authorization Reply message, or from any dynamic SAID establishment mechanisms."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmTEKSAId { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.1"; type DocsSAId; description "The value of this object is the DOCSIS Security Association ID (SAID)."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.12."; } leaf docsIetfBpi2CmTEKSAType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.2"; type DocsBpkmSAType; description "The value of this object is the type of security association."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 2.1.3."; } leaf docsIetfBpi2CmTEKDataEncryptAlg { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.3"; type DocsBpkmDataEncryptAlg; description "The value of this object is the data encryption algorithm for this SAID."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmTEKDataAuthentAlg { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.4"; type DocsBpkmDataAuthentAlg; description "The value of this object is the data authentication algorithm for this SAID."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmTEKState { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.5"; type enumeration { enum "start" { value 1; } enum "opWait" { value 2; } enum "opReauthWait" { value 3; } enum "operational" { value 4; } enum "rekeyWait" { value 5; } enum "rekeyReauthWait" { value 6; } } description "The value of this object is the state of the indicated TEK FSM. The start(1) state indicates that FSM is in its initial state."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.1.3.1."; } leaf docsIetfBpi2CmTEKKeySequenceNumber { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.6"; type int32 { range "0..15"; } description "The value of this object is the most recent TEK key sequence number for this TEK FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.2.10 and 4.2.2.13."; } leaf docsIetfBpi2CmTEKExpiresOld { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.7"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent TEK for this FSM. If this FSM has only one TEK, then the value is the time of activation of this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.5 and 4.2.2.9."; } leaf docsIetfBpi2CmTEKExpiresNew { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.8"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the most recent TEK for this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.5 and 4.2.2.9."; } leaf docsIetfBpi2CmTEKKeyRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.9"; type yang:counter32; description "The value of this object is the count of times the CM has transmitted a Key Request message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.4."; } leaf docsIetfBpi2CmTEKKeyReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.10"; type yang:counter32; description "The value of this object is the count of times the CM has received a Key Reply message, including a message whose authentication failed. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.5."; } leaf docsIetfBpi2CmTEKKeyRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.11"; type yang:counter32; description "The value of this object is the count of times the CM has received a Key Reject message, including a message whose authentication failed. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.6."; } leaf docsIetfBpi2CmTEKInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.12"; type yang:counter32; description "The value of this object is the count of times the CM has received a TEK Invalid message, including a message whose authentication failed. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.8."; } leaf docsIetfBpi2CmTEKAuthPends { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.13"; type yang:counter32; description "The value of this object is the count of times an Authorization Pending (Auth Pend) event occurred in this FSM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.1.3.3.3."; } leaf docsIetfBpi2CmTEKKeyRejectErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.14"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "unauthorizedSaid" { value 4; } } description "The value of this object is the enumerated description of the Error-Code in most recent Key Reject message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Key Reject message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.1.2.6 and 4.2.2.15."; } leaf docsIetfBpi2CmTEKKeyRejectErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.15"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in most recent Key Reject message received by the CM. This is a zero length string if no Key Reject message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.1.2.6 and 4.2.2.6."; } leaf docsIetfBpi2CmTEKInvalidErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.16"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "invalidKeySequence" { value 6; } } description "The value of this object is the enumerated description of the Error-Code in most recent TEK Invalid message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no TEK Invalid message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.1.2.8 and 4.2.2.15."; } leaf docsIetfBpi2CmTEKInvalidErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.2.1.17"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in most recent TEK Invalid message received by the CM. This is a zero length string if no TEK Invalid message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.1.2.8 and 4.2.2.6."; } } // list docsIetfBpi2CmTEKEntry } // container docsIetfBpi2CmTEKTable container docsIetfBpi2CmIpMulticastMapTable { smiv2:oid "1.3.6.1.2.1.126.1.1.3.1"; description "This table maps multicast IP addresses to SAIDs per CM MAC Interface. It is intended to map multicast IP addresses associated with SA MAP Request messages."; list docsIetfBpi2CmIpMulticastMapEntry { smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1"; key "ifIndex docsIetfBpi2CmIpMulticastIndex"; description "Each entry contains objects describing the mapping of one multicast IP address to one SAID, as well as associated state, message counters, and error information. An entry may be removed from this table upon the reception of an SA Map Reject."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmIpMulticastIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.1"; type uint32 { range "1..4294967295"; } description "The index of this row."; } leaf docsIetfBpi2CmIpMulticastAddressType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.2"; type inet-address:InetAddressType; description "The type of internet address for docsIetfBpi2CmIpMulticastAddress."; } leaf docsIetfBpi2CmIpMulticastAddress { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.3"; type inet-address:InetAddress; description "This object represents the IP multicast address to be mapped. The type of this address is determined by the value of the docsIetfBpi2CmIpMulticastAddressType object."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 5.4."; } leaf docsIetfBpi2CmIpMulticastSAId { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.4"; type DocsSAIdOrZero; description "This object represents the SAID to which the IP multicast address has been mapped. If no SA Map Reply has been received for the IP address, this object should have the value 0."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.12."; } leaf docsIetfBpi2CmIpMulticastSAMapState { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.5"; type enumeration { enum "start" { value 1; } enum "mapWait" { value 2; } enum "mapped" { value 3; } } description "The value of this object is the state of the SA Mapping FSM for this IP."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 5.3.1."; } leaf docsIetfBpi2CmIpMulticastSAMapRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.6"; type yang:counter32; description "The value of this object is the count of times the CM has transmitted an SA Map Request message for this IP. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.10."; } leaf docsIetfBpi2CmIpMulticastSAMapReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.7"; type yang:counter32; description "The value of this object is the count of times the CM has received an SA Map Reply message for this IP. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.11."; } leaf docsIetfBpi2CmIpMulticastSAMapRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.8"; type yang:counter32; description "The value of this object is the count of times the CM has received an SA MAP Reject message for this IP. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.12."; } leaf docsIetfBpi2CmIpMulticastSAMapRejectErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.9"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "noAuthForRequestedDSFlow" { value 9; } enum "dsFlowNotMappedToSA" { value 10; } } description "The value of this object is the enumerated description of the Error-Code in the most recent SA Map Reject message sent in response to an SA Map Request for This IP. It has the value none(1) if no SA MAP Reject message has been received since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.12 and 4.2.2.15."; } leaf docsIetfBpi2CmIpMulticastSAMapRejectErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.3.1.1.10"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in the most recent SA Map Reject message sent in response to an SA Map Request for this IP. It is a zero length string if no SA Map Reject message has been received since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.12 and 4.2.2.6."; } } // list docsIetfBpi2CmIpMulticastMapEntry } // container docsIetfBpi2CmIpMulticastMapTable container docsIetfBpi2CmDeviceCertTable { smiv2:oid "1.3.6.1.2.1.126.1.1.4.1"; description "This table describes the Baseline Privacy Plus device certificates for each CM MAC interface."; list docsIetfBpi2CmDeviceCertEntry { smiv2:oid "1.3.6.1.2.1.126.1.1.4.1.1"; key "ifIndex"; description "Each entry contains the device certificates of one CM MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127)."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmDeviceCmCert { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.1.4.1.1.1"; type DocsX509ASN1DEREncodedCertificate; description "The X509 DER-encoded cable modem certificate. Note: This object can be set only when the value is the zero-length OCTET STRING, otherwise an error 'inconsistentValue' is returned. Once the object contains the certificate, its access MUST be read-only and persists after re-initialization of the managed system."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.1."; } leaf docsIetfBpi2CmDeviceManufCert { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.4.1.1.2"; type DocsX509ASN1DEREncodedCertificate; description "The X509 DER-encoded manufacturer certificate which signed the cable modem certificate."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.1."; } } // list docsIetfBpi2CmDeviceCertEntry } // container docsIetfBpi2CmDeviceCertTable container docsIetfBpi2CmCryptoSuiteTable { smiv2:oid "1.3.6.1.2.1.126.1.1.5"; description "This table describes the Baseline Privacy Plus cryptographic suite capabilities for each CM MAC interface."; list docsIetfBpi2CmCryptoSuiteEntry { smiv2:oid "1.3.6.1.2.1.126.1.1.5.1"; key "ifIndex docsIetfBpi2CmCryptoSuiteIndex"; description "Each entry contains a cryptographic suite pair which this CM MAC supports."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmCryptoSuiteIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.1.5.1.1"; type uint32 { range "1..1000"; } description "The index for a cryptographic suite row."; } leaf docsIetfBpi2CmCryptoSuiteDataEncryptAlg { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.5.1.2"; type DocsBpkmDataEncryptAlg; description "The value of this object is the data encryption algorithm for this cryptographic suite capability."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmCryptoSuiteDataAuthentAlg { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.1.5.1.3"; type DocsBpkmDataAuthentAlg; description "The value of this object is the data authentication algorithm for this cryptographic suite capability."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } } // list docsIetfBpi2CmCryptoSuiteEntry } // container docsIetfBpi2CmCryptoSuiteTable container docsIetfBpi2CmtsBaseTable { smiv2:oid "1.3.6.1.2.1.126.1.2.1"; description "This table describes the basic Baseline Privacy attributes of each CMTS MAC interface."; list docsIetfBpi2CmtsBaseEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.1.1"; key "ifIndex"; description "Each entry contains objects describing attributes of one CMTS MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127)."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmtsDefaultAuthLifetime { smiv2:defval "604800"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.1"; type int32 { range "1..6048000"; } units "seconds"; description "The value of this object is the default lifetime, in seconds, the CMTS assigns to a new authorization key. This object value persist after re-initialization of the managed system."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.2."; } leaf docsIetfBpi2CmtsDefaultTEKLifetime { smiv2:defval "43200"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.2"; type int32 { range "1..604800"; } units "seconds"; description "The value of this object is the default lifetime, in seconds, the CMTS assigns to a new Traffic Encryption Key (TEK). This object value persist after re-initialization of the managed system."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Appendix A.2."; } leaf docsIetfBpi2CmtsDefaultSelfSignedManufCertTrust { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.3"; type enumeration { enum "trusted" { value 1; } enum "untrusted" { value 2; } } description "This object determines the default trust of self-signed manufacturer certificate entries, contained in docsIetfBpi2CmtsCACertTable, created after setting this object. This object needs not to persist after re-initialization of the managed system."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.1"; } leaf docsIetfBpi2CmtsCheckCertValidityPeriods { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.4"; type boolean; description "Setting this object to 'true' causes all chained and root certificates in the chain to have their validity periods checked against the current time of day, when the CMTS receives an Authorization Request from the CM. A 'false' setting causes all certificates in the chain not to have their validity periods checked against the current time of day. This object needs not to persist after re-initialization of the managed system."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.2"; } leaf docsIetfBpi2CmtsAuthentInfos { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.5"; type yang:counter32; description "The value of this object is the count of times the CMTS has received an Authentication Information message from any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.9."; } leaf docsIetfBpi2CmtsAuthRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.6"; type yang:counter32; description "The value of this object is the count of times the CMTS has received an Authorization Request message from any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.1."; } leaf docsIetfBpi2CmtsAuthReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.7"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an Authorization Reply message to any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.2."; } leaf docsIetfBpi2CmtsAuthRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.8"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an Authorization Reject message to any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.3."; } leaf docsIetfBpi2CmtsAuthInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.9"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an Authorization Invalid message to any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.7."; } leaf docsIetfBpi2CmtsSAMapRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.10"; type yang:counter32; description "The value of this object is the count of times the CMTS has received an SA Map Request message from any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.10."; } leaf docsIetfBpi2CmtsSAMapReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.11"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an SA Map Reply message to any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.11."; } leaf docsIetfBpi2CmtsSAMapRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.1.1.12"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an SA Map Reject message to any CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.12."; } } // list docsIetfBpi2CmtsBaseEntry } // container docsIetfBpi2CmtsBaseTable container docsIetfBpi2CmtsAuthTable { smiv2:oid "1.3.6.1.2.1.126.1.2.2"; description "This table describes the attributes of each CM authorization association. The CMTS maintains one authorization association with each Baseline Privacy- enabled CM, registered on each CMTS MAC interface, regardless of whether the CM is authorized or rejected."; list docsIetfBpi2CmtsAuthEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.2.1"; key "ifIndex docsIetfBpi2CmtsAuthCmMacAddress"; description "Each entry contains objects describing attributes of one authorization association. The CMTS MUST create one entry per CM per MAC interface, based on the receipt of an Authorization Request message, and MUST not delete the entry until the CM loses registration."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmtsAuthCmMacAddress { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.1"; type yang:mac-address; description "The value of this object is the physical address of the CM to which the authorization association applies."; } leaf docsIetfBpi2CmtsAuthCmBpiVersion { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.2"; type enumeration { enum "bpi" { value 0; } enum "bpiPlus" { value 1; } } description "The value of this object is the version of Baseline Privacy for which this CM has registered. The value 'bpiplus' represents the value of BPI-Version Attribute of the Baseline Privacy Key Management BPKM attribute BPI-Version (1). The value 'bpi' is used to represent the CM registered using DOCSIS 1.0 Baseline Privacy."; reference "DOCSIS Baseline Privacy Plus Interface Specification Section 4.2.2.22; ANSI/SCTE 22-2 2002(formerly DSS 02-03) Data-Over-Cable Service Interface Specification DOCSIS 1.0 Baseline Privacy Interface (BPI)"; } leaf docsIetfBpi2CmtsAuthCmPublicKey { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.3"; type binary { length "0..524"; } description "The value of this object is a DER-encoded RSAPublicKey ASN.1 type string, as defined in the RSA Encryption Standard (PKCS #1), corresponding to the public key of the CM. This is the zero-length OCTET STRING if the CMTS does not retain the public key."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.4."; } leaf docsIetfBpi2CmtsAuthCmKeySequenceNumber { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.4"; type int32 { range "0..15"; } description "The value of this object is the most recent authorization key sequence number for this CM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.2 and 4.2.2.10."; } leaf docsIetfBpi2CmtsAuthCmExpiresOld { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.5"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent authorization key for this FSM. If this FSM has only one authorization key, then the value is the time of activation of this FSM. Note: This object has no meaning for CMs running in BPI mode, therefore this object is not instantiated for entries associated to those CMs."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.2 and 4.2.2.9."; } leaf docsIetfBpi2CmtsAuthCmExpiresNew { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.6"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the most recent authorization key for this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.2 and 4.2.2.9."; } leaf docsIetfBpi2CmtsAuthCmLifetime { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.7"; type int32 { range "1..6048000"; } units "seconds"; description "The value of this object is the lifetime, in seconds, the CMTS assigns to an authorization key for this CM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.2 and Appendix A.2."; } leaf docsIetfBpi2CmtsAuthCmReset { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.8"; type enumeration { enum "noResetRequested" { value 1; } enum "invalidateAuth" { value 2; } enum "sendAuthInvalid" { value 3; } enum "invalidateTeks" { value 4; } } description "Setting this object to invalidateAuth(2) causes the CMTS to invalidate the current CM authorization key(s), but not to transmit an Authorization Invalid message nor to invalidate the primary SAID's TEKs. Setting this object to sendAuthInvalid(3) causes the CMTS to invalidate the current CM authorization key(s), and to transmit an Authorization Invalid message to the CM, but not to invalidate the primary SAID's TEKs. Setting this object to invalidateTeks(4) causes the CMTS to invalidate the current CM authorization key(s), to transmit an Authorization Invalid message to the CM, and to invalidate the TEKs associated with this CM's primary SAID. For BPI mode, substitute all of the CM's unicast TEK(s) for the primary SAID's TEKs in the previous paragraph. Reading this object returns the most recently set value of this object, or returns noResetRequested(1) if the object has not been set since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.1.2.3.4, 4.1.2.3.5, and 4.1.3.3.5."; } leaf docsIetfBpi2CmtsAuthCmInfos { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.9"; type yang:counter32; description "The value of this object is the count of times the CMTS has received an Authentication Information message from this CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.9."; } leaf docsIetfBpi2CmtsAuthCmRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.10"; type yang:counter32; description "The value of this object is the count of times the CMTS has received an Authorization Request message from this CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.1."; } leaf docsIetfBpi2CmtsAuthCmReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.11"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an Authorization Reply message to this CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.2."; } leaf docsIetfBpi2CmtsAuthCmRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.12"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an Authorization Reject message to this CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.3."; } leaf docsIetfBpi2CmtsAuthCmInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.13"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an Authorization Invalid message to this CM. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.7."; } leaf docsIetfBpi2CmtsAuthRejectErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.14"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "unauthorizedCm" { value 3; } enum "unauthorizedSaid" { value 4; } enum "permanentAuthorizationFailure" { value 8; } enum "timeOfDayNotAcquired" { value 11; } } description "The value of this object is the enumerated description of the Error-Code in most recent Authorization Reject message transmitted to the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Reject message has been transmitted to the CM, since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.3 and 4.2.2.15."; } leaf docsIetfBpi2CmtsAuthRejectErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.15"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in most recent Authorization Reject message transmitted to the CM. This is a zero length string if no Authorization Reject message has been transmitted to the CM, since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.3 and 4.2.2.6."; } leaf docsIetfBpi2CmtsAuthInvalidErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.16"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "unauthorizedCm" { value 3; } enum "unsolicited" { value 5; } enum "invalidKeySequence" { value 6; } enum "keyRequestAuthenticationFailure" { value 7; } } description "The value of this object is the enumerated description of the Error-Code in most recent Authorization Invalid message transmitted to the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Invalid message has been transmitted to the CM since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.7 and 4.2.2.15."; } leaf docsIetfBpi2CmtsAuthInvalidErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.17"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in most recent Authorization Invalid message transmitted to the CM. This is a zero length string if no Authorization Invalid message has been transmitted to the CM since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.7 and 4.2.2.6."; } leaf docsIetfBpi2CmtsAuthPrimarySAId { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.18"; type DocsSAIdOrZero; description "The value of this object is the Primary Security Association identifier. For BPI mode, the value must be any unicast SID."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 2.1.3."; } leaf docsIetfBpi2CmtsAuthBpkmCmCertValid { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.19"; type enumeration { enum "unknown" { value 0; } enum "validCmChained" { value 1; } enum "validCmTrusted" { value 2; } enum "invalidCmUntrusted" { value 3; } enum "invalidCAUntrusted" { value 4; } enum "invalidCmOther" { value 5; } enum "invalidCAOther" { value 6; } enum "invalidCmRevoked" { value 7; } enum "invalidCARevoked" { value 8; } } description "Contains the reason why a CM's certificate is deemed valid or invalid. Return unknown(0) if the CM is running BPI mode. ValidCmChained(1) means the certificate is valid because it chains to a valid certificate. ValidCmTrusted(2) means the certificate is valid because it has been provisioned (in the docsIetfBpi2CmtsProvisionedCmCert table) to be trusted. InvalidCmUntrusted(3) means the certificate is invalid because it has been provisioned (in the docsIetfBpi2CmtsProvisionedCmCert table) to be untrusted. InvalidCAUntrusted(4) means the certificate is invalid because it chains to an untrusted certificate. InvalidCmOther(5) and InvalidCAOther(6) refer to errors in parsing, validity periods, etc, which are attributable to the CM certificate or its chain respectively; additional information may be found in docsIetfBpi2AuthRejectErrorString for these types of errors. InvalidCmRevoked(7) means the certificate is invalid as it was marked as revoked. InvalidCARevoked(8) means the CA certificate is invalid as it was marked as revoked."; reference "DOCSIS Security Specification CM-SP-SECv3.0-I08-080522, Certificate Revocation section."; } leaf docsIetfBpi2CmtsAuthBpkmCmCert { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.20"; type DocsX509ASN1DEREncodedCertificate; description "The X509 CM Certificate sent as part of a BPKM Authorization Request. Note: The zero-length OCTET STRING must be returned if the Entire certificate is not retained in the CMTS."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2."; } leaf docsIetfBpi2CmtsAuthCACertIndexPtr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.2.1.21"; type uint32 { range "0..4294967295"; } description "A row index into docsIetfBpi2CmtsCACertTable. Returns the index in docsIetfBpi2CmtsCACertTable which CA certificate this CM is chained to. A value of 0 means it could not be found or not applicable."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2."; } } // list docsIetfBpi2CmtsAuthEntry } // container docsIetfBpi2CmtsAuthTable container docsIetfBpi2CmtsTEKTable { smiv2:oid "1.3.6.1.2.1.126.1.2.3"; description "This table describes the attributes of each Traffic Encryption Key (TEK) association. The CMTS Maintains one TEK association per SAID on each CMTS MAC interface."; list docsIetfBpi2CmtsTEKEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.3.1"; key "ifIndex docsIetfBpi2CmtsTEKSAId"; description "Each entry contains objects describing attributes of one TEK association on a particular CMTS MAC interface. The CMTS MUST create one entry per SAID per MAC interface, based on the receipt of a Key Request message, and MUST not delete the entry before the CM authorization for the SAID permanently expires."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmtsTEKSAId { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.1"; type DocsSAId; description "The value of this object is the DOCSIS Security Association ID (SAID)."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.12."; } leaf docsIetfBpi2CmtsTEKSAType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.2"; type DocsBpkmSAType; description "The value of this object is the type of security association. 'dynamic' does not apply to CMs running in BPI mode. Unicast BPI TEKs must utilize the 'primary' encoding and multicast BPI TEKs must utilize the 'static' encoding."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 2.1.3."; } leaf docsIetfBpi2CmtsTEKDataEncryptAlg { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.3"; type DocsBpkmDataEncryptAlg; description "The value of this object is the data encryption algorithm for this SAID."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmtsTEKDataAuthentAlg { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.4"; type DocsBpkmDataAuthentAlg; description "The value of this object is the data authentication algorithm for this SAID."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmtsTEKLifetime { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.5"; type int32 { range "1..604800"; } units "seconds"; description "The value of this object is the lifetime, in seconds, the CMTS assigns to keys for this TEK association."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.5 and Appendix A.2."; } leaf docsIetfBpi2CmtsTEKKeySequenceNumber { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.6"; type int32 { range "0..15"; } description "The value of this object is the most recent TEK key sequence number for this SAID."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.2.10 and 4.2.2.13."; } leaf docsIetfBpi2CmtsTEKExpiresOld { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.7"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent TEK for this FSM. If this FSM has only one TEK, then the value is the time of activation of this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.5 and 4.2.2.9."; } leaf docsIetfBpi2CmtsTEKExpiresNew { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.8"; type snmpv2-tc:DateAndTime; description "The value of this object is the actual clock time for expiration of the most recent TEK for this FSM."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.5 and 4.2.2.9."; } leaf docsIetfBpi2CmtsTEKReset { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.9"; type boolean; description "Setting this object to 'true' causes the CMTS to invalidate all currently active TEK(s) and to generate new TEK(s) for the associated SAID; the CMTS MAY also generate unsolicited TEK Invalid message(s), to optimize the TEK synchronization between the CMTS and the CM(s). Reading this object always returns FALSE."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.1.3.3.5."; } leaf docsIetfBpi2CmtsKeyRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.10"; type yang:counter32; description "The value of this object is the count of times the CMTS has received a Key Request message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.4."; } leaf docsIetfBpi2CmtsKeyReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.11"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted a Key Reply message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.5."; } leaf docsIetfBpi2CmtsKeyRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.12"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted a Key Reject message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.6."; } leaf docsIetfBpi2CmtsTEKInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.13"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted a TEK Invalid message. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.8."; } leaf docsIetfBpi2CmtsKeyRejectErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.14"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "unauthorizedSaid" { value 4; } } description "The value of this object is the enumerated description of the Error-Code in the most recent Key Reject message sent in response to a Key Request for this SAID. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Key Reject message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.6 and 4.2.2.15."; } leaf docsIetfBpi2CmtsKeyRejectErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.15"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in the most recent Key Reject message sent in response to a Key Request for this SAID. This is a zero length string if no Key Reject message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.6 and 4.2.2.6."; } leaf docsIetfBpi2CmtsTEKInvalidErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.16"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "invalidKeySequence" { value 6; } } description "The value of this object is the enumerated description of the Error-Code in the most recent TEK Invalid message sent in association with this SAID. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no TEK Invalid message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.8 and 4.2.2.15."; } leaf docsIetfBpi2CmtsTEKInvalidErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.3.1.17"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in the most recent TEK Invalid message sent in association with this SAID. This is a zero length string if no TEK Invalid message has been received since registration."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.8 and 4.2.2.6."; } } // list docsIetfBpi2CmtsTEKEntry } // container docsIetfBpi2CmtsTEKTable container docsIetfBpi2CmtsIpMulticastMapTable { smiv2:oid "1.3.6.1.2.1.126.1.2.4.1"; description "This table maps multicast IP addresses to SAIDs. If a multicast IP address is mapped by multiple rows in the table, the row with the lowest docsIetfBpi2CmtsIpMulticastIndex must be utilized for the mapping."; list docsIetfBpi2CmtsIpMulticastMapEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1"; key "ifIndex docsIetfBpi2CmtsIpMulticastIndex"; description "Each entry contains objects describing the mapping of a set of multicast IP address and mask to one SAID associated to a CMTS MAC Interface, as well as associated message counters and error information."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmtsIpMulticastIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.1"; type uint32 { range "1..4294967295"; } description "The index of this row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row."; } leaf docsIetfBpi2CmtsIpMulticastAddressType { smiv2:defval "ipv4"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.2"; type inet-address:InetAddressType; description "The type of internet address for docsIetfBpi2CmtsIpMulticastAddress and docsIetfBpi2CmtsIpMulticastMask."; } leaf docsIetfBpi2CmtsIpMulticastAddress { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.3"; type inet-address:InetAddress; description "This object represents the IP multicast address to be mapped, in conjunction with docsIetfBpi2CmtsIpMulticastMask. The type of this address is determined by the value of the object docsIetfBpi2CmtsIpMulticastAddressType."; } leaf docsIetfBpi2CmtsIpMulticastMask { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.4"; type inet-address:InetAddress; description "This object represents the IP multicast address mask for this row. An IP multicast address matches this row if the logical AND of the address with docsIetfBpi2CmtsIpMulticastMask is identical to the logical AND of docsIetfBpi2CmtsIpMulticastAddr with docsIetfBpi2CmtsIpMulticastMask. The type of this address is determined by the value of the object docsIetfBpi2CmtsIpMulticastAddressType. Note: For IPv6 this object needs not to represent a contiguous netmask, e.g. to associate an SAID to a multicast group matching 'any' multicast scope. The TC InetAddressPrefixLength is not used because it only represents contiguous netmask."; } leaf docsIetfBpi2CmtsIpMulticastSAId { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.5"; type DocsSAIdOrZero; description "This object represents the multicast SAID to be used in this IP multicast address mapping entry."; } leaf docsIetfBpi2CmtsIpMulticastSAType { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.6"; type DocsBpkmSAType; description "The value of this object is the type of security association. 'dynamic' does not apply to CMs running in BPI mode. Unicast BPI TEKs must utilize the 'primary' encoding and multicast BPI TEKs must utilize the 'static' encoding. SNMP created entries set this object by default to 'static' if not set at row creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 2.1.3."; } leaf docsIetfBpi2CmtsIpMulticastDataEncryptAlg { smiv2:defval "des56CbcMode"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.7"; type DocsBpkmDataEncryptAlg; description "The value of this object is the data encryption algorithm for this IP."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmtsIpMulticastDataAuthentAlg { smiv2:defval "none"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.8"; type DocsBpkmDataAuthentAlg; description "The value of this object is the data authentication algorithm for this IP."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.2.20."; } leaf docsIetfBpi2CmtsIpMulticastSAMapRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.9"; type yang:counter32; description "The value of this object is the count of times the CMTS has received an SA Map Request message for this IP. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.10."; } leaf docsIetfBpi2CmtsIpMulticastSAMapReplies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.10"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an SA Map Reply message for this IP. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.11."; } leaf docsIetfBpi2CmtsIpMulticastSAMapRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.11"; type yang:counter32; description "The value of this object is the count of times the CMTS has transmitted an SA Map Reject message for this IP. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 4.2.1.12."; } leaf docsIetfBpi2CmtsIpMulticastSAMapRejectErrorCode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.12"; type enumeration { enum "none" { value 1; } enum "unknown" { value 2; } enum "noAuthForRequestedDSFlow" { value 9; } enum "dsFlowNotMappedToSA" { value 10; } } description "The value of this object is the enumerated description of the Error-Code in the most recent SA Map Reject message sent in response to a SA Map Request for This IP. It has value unknown(2) if the last Error-Code Value was 0, and none(1) if no SA MAP Reject message has been received since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.12 and 4.2.2.15."; } leaf docsIetfBpi2CmtsIpMulticastSAMapRejectErrorString { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.13"; type snmp-framework:SnmpAdminString { length "0..128"; } description "The value of this object is the text string in the most recent SA Map Reject message sent in response to an SA Map Request for this IP. It is a zero length string if no SA Map Reject message has been received since entry creation."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Sections 4.2.1.12 and 4.2.2.6."; } leaf docsIetfBpi2CmtsIpMulticastMapControl { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.14"; type snmpv2-tc:RowStatus; description "This object controls and reflects the IP multicast address mapping entry. There is no restriction on the ability to change values in this row while the row is active. A created row can be set to active only after the Corresponding instances of docsIetfBpi2CmtsIpMulticastAddress, docsIetfBpi2CmtsIpMulticastMask, docsIetfBpi2CmtsIpMulticastSAId and docsIetfBpi2CmtsIpMulticastSAType have all been set."; } leaf docsIetfBpi2CmtsIpMulticastMapStorageType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.1.1.15"; type snmpv2-tc:StorageType; description "The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row."; } } // list docsIetfBpi2CmtsIpMulticastMapEntry } // container docsIetfBpi2CmtsIpMulticastMapTable container docsIetfBpi2CmtsMulticastAuthTable { smiv2:oid "1.3.6.1.2.1.126.1.2.4.2"; description "This table describes the multicast SAID authorization for each CM on each CMTS MAC interface."; list docsIetfBpi2CmtsMulticastAuthEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.4.2.1"; key "ifIndex docsIetfBpi2CmtsMulticastAuthSAId docsIetfBpi2CmtsMulticastAuthCmMacAddress"; description "Each entry contains objects describing the key authorization of one cable modem for one multicast SAID for one CMTS MAC interface. Row entries persist after re-initialization of the managed system."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf docsIetfBpi2CmtsMulticastAuthSAId { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.2.1.1"; type DocsSAId; description "This object represents the multicast SAID for authorization."; } leaf docsIetfBpi2CmtsMulticastAuthCmMacAddress { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.2.1.2"; type yang:mac-address; description "This object represents the MAC address of the CM to which the multicast SAID authorization applies."; } leaf docsIetfBpi2CmtsMulticastAuthControl { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.4.2.1.3"; type snmpv2-tc:RowStatus; description "The status of this conceptual row for the authorization of multicast SAIDs to CMs. "; } } // list docsIetfBpi2CmtsMulticastAuthEntry } // container docsIetfBpi2CmtsMulticastAuthTable container docsIetfBpi2CmtsProvisionedCmCertTable { smiv2:oid "1.3.6.1.2.1.126.1.2.5.1"; description "A table of CM certificate trust entries provisioned to the CMTS. The trust object for a certificate in this table has an overriding effect on the validity object of a certificate in the authorization table, as long as the entire contents of the two certificates are identical."; list docsIetfBpi2CmtsProvisionedCmCertEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.5.1.1"; key "docsIetfBpi2CmtsProvisionedCmCertMacAddress"; description "An entry in the CMTS's provisioned CM certificate table. Row entries persist after re-initialization of the managed system."; reference "Data-Over-Cable Service Interface Specifications: Operations Support System Interface Specification SP-OSSIv2.0-I05-040407, Section 6.2.14"; leaf docsIetfBpi2CmtsProvisionedCmCertMacAddress { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.1.1.1"; type yang:mac-address; description "The index of this row."; } leaf docsIetfBpi2CmtsProvisionedCmCertTrust { smiv2:defval "untrusted"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.1.1.2"; type enumeration { enum "trusted" { value 1; } enum "untrusted" { value 2; } } description "Trust state for the provisioned CM certificate entry. Note: Setting this object need only override the validity of CM certificates sent in future authorization requests; instantaneous effect need not occur."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.1."; } leaf docsIetfBpi2CmtsProvisionedCmCertSource { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.1.1.3"; type enumeration { enum "snmp" { value 1; } enum "configurationFile" { value 2; } enum "externalDatabase" { value 3; } enum "other" { value 4; } } description "This object indicates how the certificate reached the CMTS. Other(4) means is originated from a source not identified above."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.1."; } leaf docsIetfBpi2CmtsProvisionedCmCertStatus { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.1.1.4"; type snmpv2-tc:RowStatus; description "The status of this conceptual row. Values in this row cannot be changed while the row is 'active'."; } leaf docsIetfBpi2CmtsProvisionedCmCert { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.1.1.5"; type DocsX509ASN1DEREncodedCertificate; description "An X509 DER-encoded Certificate Authority certificate. Note: The zero-length OCTET STRING must be returned, on reads, if the entire certificate is not retained in the CMTS."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2."; } } // list docsIetfBpi2CmtsProvisionedCmCertEntry } // container docsIetfBpi2CmtsProvisionedCmCertTable container docsIetfBpi2CmtsCACertTable { smiv2:oid "1.3.6.1.2.1.126.1.2.5.2"; description "The table of known Certificate Authority certificates acquired by this device."; list docsIetfBpi2CmtsCACertEntry { smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1"; key "docsIetfBpi2CmtsCACertIndex"; description "A row in the Certificate Authority certificate table. Row entries with trust status 'trusted', 'untrusted', or 'root' persist after re-initialization of the managed system."; reference "Data-Over-Cable Service Interface Specifications: Operations Support System Interface Specification SP-OSSIv2.0-I05-040407, Section 6.2.14"; leaf docsIetfBpi2CmtsCACertIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.1"; type uint32 { range "1..4294967295"; } description "The index for this row."; } leaf docsIetfBpi2CmtsCACertSubject { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.2"; type snmp-framework:SnmpAdminString; description "The subject name exactly as it is encoded in the X509 certificate. The organizationName portion of the certificate's subject name must be present. All other fields are optional. Any optional field present must be pre pended with <CR> (carriage return, U+000D) <LF> (line feed, U+000A). Ordering of fields present must conform to: organizationName <CR> <LF> countryName <CR> <LF> stateOrProvinceName <CR> <LF> localityName <CR> <LF> organizationalUnitName <CR> <LF> organizationalUnitName=<Manufacturing Location> <CR> <LF> commonName"; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2.4"; } leaf docsIetfBpi2CmtsCACertIssuer { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.3"; type snmp-framework:SnmpAdminString; description "The issuer name exactly as it is encoded in the X509 certificate. The commonName portion of the certificate's issuer name must be present. All other fields are optional. Any optional field present must be pre pended with <CR> (carriage return, U+000D) <LF> (line feed, U+000A). Ordering of fields present must conform to: CommonName <CR><LF> countryName <CR><LF> stateOrProvinceName <CR><LF> localityName <CR><LF> organizationName <CR><LF> organizationalUnitName <CR><LF> organizationalUnitName=<Manufacturing Location>"; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2.4"; } leaf docsIetfBpi2CmtsCACertSerialNumber { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.4"; type binary { length "1..32"; } description "This CA certificate's serial number represented as an octet string."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2.2"; } leaf docsIetfBpi2CmtsCACertTrust { smiv2:defval "chained"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.5"; type enumeration { enum "trusted" { value 1; } enum "untrusted" { value 2; } enum "chained" { value 3; } enum "root" { value 4; } } description "This object controls the trust status of this certificate. Root certificates must be given root(4) trust; manufacturer certificates must not be given root(4) trust. Trust on root certificates must not change. Note: Setting this object need only affect the validity of CM certificates sent in future authorization requests; instantaneous effect need not occur."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.1"; } leaf docsIetfBpi2CmtsCACertSource { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.6"; type enumeration { enum "snmp" { value 1; } enum "configurationFile" { value 2; } enum "externalDatabase" { value 3; } enum "other" { value 4; } enum "authentInfo" { value 5; } enum "compiledIntoCode" { value 6; } } description "This object indicates how the certificate reached the CMTS. Other(4) means it originated from a source not identified above."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.1"; } leaf docsIetfBpi2CmtsCACertStatus { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.7"; type snmpv2-tc:RowStatus; description "The status of this conceptual row. An attempt to set writable columnar values while this row is active behaves as follows: - Sets to the object docsIetfBpi2CmtsCACertTrust are allowed. - Sets to the object docsIetfBpi2CmtsCACert will return an error inconsistentValue'. A newly create entry cannot be set to active until the value of docsIetfBpi2CmtsCACert is being set."; } leaf docsIetfBpi2CmtsCACert { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.8"; type DocsX509ASN1DEREncodedCertificate; description "An X509 DER-encoded Certificate Authority certificate. To help identify certificates, either this object or docsIetfBpi2CmtsCACertThumbprint must be returned by a CMTS for self-signed CA certificates. Note: The zero-length OCTET STRING must be returned, on reads, if the entire certificate is not retained in the CMTS."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.2."; } leaf docsIetfBpi2CmtsCACertThumbprint { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.2.1.126.1.2.5.2.1.9"; type binary { length "20"; } description "The SHA-1 hash of a CA certificate. To help identify certificates, either this object or docsIetfBpi2CmtsCACert must be returned by a CMTS for self-signed CA certificates. Note: The zero-length OCTET STRING must be returned, on reads, if the CA certificate thumb print is not retained in the CMTS."; reference "DOCSIS Baseline Privacy Plus Interface Specification, Section 9.4.3"; } } // list docsIetfBpi2CmtsCACertEntry } // container docsIetfBpi2CmtsCACertTable } // container DOCS-IETF-BPI2-MIB } // module DOCS-IETF-BPI2-MIB
© 2023 YumaWorks, Inc. All rights reserved.