CISCO-TRUSTSEC-INTERFACE-MIB: View SNMP OID List / Download MIB

This MIB module defines management objects for configuration and monitoring of the interfaces in Cisco Trusted Security environment. Glossary: ACS - Cisco Secure Access Control Server IFC - TrustSec Interface Controller MACSec - Media Access Control (MAC) Security PMK - Pairwise Master Key SAP - Security Association Protocol SGT - Security Group Tag. A tag identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud. TrustSec - Cisco Trusted Security

A ctsiAuthorizationFailNotif is generated when the policy acquisition failed for the peer.

A ctsiIfAddSupplicantFailNotif is generated when the system fails to add dot1x supplicant for an interface.

A ctsiIfAuthenticationFailNotif is generated when an authentication error for the peer is detected for an interface.

A ctsiIfSapNegotiationFailNotif is generated when a SAP negotiation error with the peer is detected for an interface.

A ctsiIfUnauthorizedNotif is generated when a interface becomes unauthorized on the Cisco TrustSec link.

A list of the TrustSec capable interfaces.

An entry contains the configuration information for a particular TrustSec interface.

This object indicates the supported TrustSec mode on this interface. Bits: 'l3Forward': 2, 'manual': 1, 'dot1x': 0.

This object indicates the TrustSec mode currently configured on the interface. Each mode may have a corresponding entry in its corresponding configuration table. unknown - The configured TrustSec mode is none of the following. none - TrustSec is not configured in any mode. dot1x - TrustSec dot1x mode is configured for this interface. TrustSec system will use 802.1x for authentication, RADIUS for authorization and SAP negotiation for SA parameter. manual - TrustSec manual mode is configured for this interface. The authentication was bypassed in manual mode. User needs to manually to configure the policy and the SAP negotiation parameter. l3Forward - TrustSec L3 forwarding mode is configured for this interface. Enumeration: 'unknown': 1, 'none': 2, 'l3Forward': 5, 'manual': 4, 'dot1x': 3.

This object allows user to clear the cache for the specific TrustSec interface by setting the value to 'true'. Setting the value to 'false' has no effect. When read, this object always returns 'false'.

This object allows user to re-generate the SAP key for the specific TrustSec interface by setting the value to 'true'. Setting the value to 'false' has no effect. When read, this object always returns 'false'.

A list of the interfaces which have TrustSec dot1x mode configuration information.

An entry containing the TrustSec dot1x configuration for a particular interface. An entry can be created or deleted by using ctsiIfDot1xRowStatus. An entry can only be created if the value of corresponding instance of ctsiIfConfiguredMode is 'none' and the 'dot1x' BIT of corresponding instance ctsiIfModeCapability is set.

This object specifies whether the SGT propagation is enabled on this interface.

This object specifies the re-authentication interval applied to this interface when it is not provided from the ACS.

This object specifies the advertised modes for the SAP negotiation on this interface. Modes are executed in the order as specified in the mode list. Mode which is at the beginning of the method list will be executed first. Method which is at the end of mode list will be executed last. This object is not allowed to be set to a zero length string.

This object indicates the re-authentication interval which is downloaded from ACS. A value of zero indicates no re-authentication interval is downloaded from ACS. A value of -1 indicates that this object is not applicable on this interface.

This object indicates the operational re-authentication interval of the interface. A value of zero indicates that dot1x re-authentication is disabled on this interface. A value of -1 indicates that this object is not applicable on this interface.

This object indicates the leftover time of the current authentication session. A value of zero indicates the re-authentication is in progress. A value of -1 indicates that this object is not applicable on this interface.

The storage type for this conceptual row.

The status of this conceptual row. All writable objects in this row may be modified at any time.

A list of the interfaces which have TrustSec manual mode configuration information.

An entry containing the TrustSec manual configuration information for a particular interface. An entry can be created or deleted by using ctsiIfManualRowStatus. An entry can only be created if the value of corresponding instance of ctsiIfConfiguredMode is 'none' and the 'manual' BIT of corresponding instance ctsiIfModeCapability is set.

This object specifies the peer's device identity which is used to obtain the desired policy for authorization request. Setting a none-zero value on this object is not allowed if the value of ctsiIfManualStaticSgt is not set to zero. A zero length string indicates that the policy acquisition from the ACS using the peer's identity is disabled on this interface.

This object specifies the statically configured SGT for tagging the ingress traffic from the peer. Setting a none-zero value on this object is not allowed if the value of ctsiIfManualDynamicPeerId is not set to a zero length string. A value of zero indicates that no statically SGT tagging.

This object specifies the peer's SGT assignment trust state. This object only can be set when ctsiIfManualStaticSgt is none-zero.

This object specifies whether the SGT propagation is enabled on this interface.

This object specifies the PMK used by SAP. A zero length string for this object indicates the SAP negotiation is disabled on this interface.

This object specified the advertised modes for the SAP negotiation on this interface. Modes are executed in the order as specified in the mode list. Mode which is at the beginning of the mode list will be executed first. Mode which is at the end of mode list will be executed last. Value of this object will becomes zero length octet if SAP negotiation is disabled. This object is not allowed to be set to a zero length string.

The storage type for this conceptual row.

The status of this conceptual row. All writable objects in this row may be modified at any time.

A list of the interfaces which have TrustSec L3 forwarding configuration information.

An entry containing the TrustSec L3 forwarding configuration information for a particular interface. An entry can be created or deleted by using ctsiIfL3ForwardRowStatus. An entry can only be created if the value of corresponding instance of ctsiIfConfiguredMode is 'none' and the 'l3Forward' BIT of corresponding instance ctsiIfModeCapability is set.

This object specifies the type of L3 forwarding for the interface. l3Ipv4Forward - TrustSec L3 IPv4 forwarding. l3Ipv6Forward - TrustSec L3 IPv6 forwarding. l3IpForward - TrustSec L3 IPv6 and IPv4 forwarding. Enumeration: 'l3IpForward': 3, 'l3Ipv6Forward': 2, 'l3Ipv4Forward': 1.

The storage type for this conceptual row.

The status of this conceptual row. All writable objects in this row may be modified at any time.

A list of TrustSec enabled interfaces.

An entry contains the information of the specific TrustSec interface. A entry is created by system when TrustSec is enabled for an interface. An entry is deleted by system if TrustSec is disabled for an interface.

This object indicates the current IFC state of this interface.

This object indicates the current TrustSec authentication status of this interface. unknown - status not covered by any of the follow enumerations. succeeded - authentication is succeeded. rejected - authentication is rejected. logOff - peer logged off. noRespond - peer no respond. notApplicable - bypassing the authentication. incomplete - authentication is not completed. failed - authentication failed. Enumeration: 'noRespond': 5, 'succeeded': 2, 'failed': 8, 'unknown': 1, 'rejected': 3, 'notApplicable': 6, 'logOff': 4, 'incomplete': 7.

This object indicates the device identity or symbolic group name of the remote peer.

This object indicates the advertised capabilities of the remote peer associated with this interface. Bits: 'sap': 0.

This object indicates the current TrustSec authorization status of the interface. unknown - status not covered by any of the follow enumerations. inProgress - authorization in progress. succeeded - authorization succeeded. failed - authorization failed. fallBackPolicy - apply the fallback policy. incomplete - authorization aborted. peerSucceeded - apply the peer policy succeeded. rbaclSucceeded - apply the RBACL policy succeeded. policySucceeded - apply the all policy succeeded. Enumeration: 'policySucceeded': 9, 'succeeded': 3, 'rbaclSucceeded': 8, 'unknown': 1, 'peerSucceeded': 7, 'failed': 4, 'fallBackPolicy': 5, 'inProgress': 2, 'incomplete': 6.

This object indicates the SGT value of the remote peer.

This object indicates whether the SGT of the remote peer is trusted.

This object indicates the SAP negotiation status on this interface. notApplicable - SAP disabled on local or remote peer is not SAP capable. unknown - status not covered by any of the follow enumerations. inProgress - SAP negotiation in progress. succeeded - SAP negotiation completed. failed - SAP negotiation failed. licenseError - No MACSec software license. Enumeration: 'succeeded': 4, 'failed': 5, 'unknown': 2, 'notApplicable': 1, 'licenseError': 6, 'inProgress': 3.

This object indicates the operational SAP negotiation mode list on this interface.

This object indicates the time when the current cached data applied on the interface will be expired. A value of zero indicates that the cached data will never be expired.

This object indicates the source of cached data applied to the interface.

This object indicates the CTS Critical-Auth status of interface. disable - link is not in Critical-Auth mode. cache - link is in Critical-Auth cached mode. default - link is in Critical-Auth default mode. Enumeration: 'default': 3, 'cache': 2, 'disable': 1.

A list of Cisco Trusted Security capable interface.

An entry contains the statistics information of a particular TrustSec interface. An entry created by system for each interface is TrustSec enabled. An entry deleted by system for each interface is TrustSec disabled.

The number of times that peer has been successfully authenticated on this interface.

The number of times that peer has been rejected in authentication on this interface.

The number of times that peer has been failed in authentication on this interface.

The number of times that no authentication respond received from the remote peer associated with this interface.

The number of times that received authentication log off from the peer associated with this interface.

The number of times that the peer entity successfully passed the TrustSec authorization challenge on this interface.

The number of time that fail to access policy or refresh the policy for TrustSec authorization on this interface.

The number of times that peer has been failed in TrustSec authorization on this interface.

The number of times that SAP negotiation is succeed on this interface.

The number of times that SAP negotiation has failed on this interface.

A list of authorized remote peers on this device.

An entry containing the management information for a particular authorized peer. An entry is created when the policy acquired from the ACS for a new peer. An entry is deleted when the authorization of the peer has expired or fails to refresh its policy.

This object indicates the device identity or symbolic group name of the remote peer.

This object indicates the SGT of the remote peer.

This object indicates the current state of the authorization entity. unknown - none of the following states. start - authorization entity created and initialized. waitingRespond - a policy request has been made by remote peer to the ACS and waiting for the response. assessing - the policy been received from ACS and is being assessed. complete - policy has been received and assessed. failure - failed to download the policy from the ACS. Enumeration: 'assessing': 4, 'complete': 5, 'start': 2, 'unknown': 1, 'failure': 6, 'waitingRespond': 3.

The object indicates the date and time when the authorized peer was last refreshed.

This object indicates the leftover time for the current policy. A value of zero indicates that policy refresh is in progress. A value of -1 indicates that this object is not applicable on this authorization entry.

This object indicates the time left to start the policy refresh. A value of zero indicates that policy refresh is in progress. A value of -1 indicates that this object is not applicable on this authorization entry.

This object indicates the source of cached data.

This object indicates the status of this authorization peer. unknown - status not covered by any of the follow enumerations. inProgress - new authorization link created or add a new policy request for an existing link. succeeded - policy received successful. failed - policy download failed. fallbackPolicy - download policy failed apply fallback policy. incomplete - policy received incomplete. Enumeration: 'succeeded': 3, 'unknown': 1, 'failed': 4, 'fallbackPolicy': 5, 'inProgress': 2, 'incomplete': 6.

A list of IFC state statistic on this device.

An entry containing the total number of interfaces which are currently belong to a particular IFC state.

This object indicates the IFC state.

The total number of interfaces on the device which is currently in the IFC state.

The total number of times that remote peers authentication succeed on this device.

The total number of times that remote peers authentication rejected on this device.

The total number of times that remote peers authentication failed on this device

The total number of times that remote peer log off on this device.

The total number of times that not received authentication respond from remote peer on this device.

The total number of times that remote peer authorization succeed on this device.

The total number of times that remote peer TrustSec authorization failed on this device.

The number of time that fail to access policy or refresh the policy for TrustSec authorization on this device.

The total number of times that TrustSec SAP negotiation succeed on this device.

The total number of times that TrustSec SAP negotiation failure on this device.

The total number of interfaces on the device which is in TrustSec 802.1X mode.

The total number of interfaces on the device which is in TrustSec Manual mode.

The total number of interfaces on the device which is in TrustSec Layer 3 forwarding mode.

This object specifies whether the system generates the ctsiAuthorizationFailNotif. A value of 'false' will prevent ctsiAuthorizationFailNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsiIfAddSupplicantFailNotif. A value of 'false' will prevent ctsiIfAddSupplicantFailNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsiIfAuthenticationFailNotif. A value of 'false' will prevent ctsiIfAuthenticationFailNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsiIfSapNegotiationFailNotif. A value of 'false' will prevent ctsiIfSapNegotiationFailNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsiIfUnauthorizedNotif. A value of 'false' will prevent ctsiIfUnauthorizedNotif notifications from being generated by this system.

This object indicates detail message associated with notifications.

This object indicates dot1x PAE role information. notApplicable: Dot1x PAE role is not applicable in this notification. authenticator: PAE Authenticator. supplicant : PAE Supplicant. Enumeration: 'authenticator': 2, 'notApplicable': 1, 'supplicant': 3.

The compliance statement for the CISCO-TRUSTSEC-MIB.

The compliance statement for the CISCO-TRUSTSEC-MIB.

The compliance statement for the CISCO-TRUSTSEC-MIB.

A collection of objects that provides the interface configuration for Cisco Trusted Security capable interface in the system.

A collection of objects that provides the dot1x mode configuration for the Cisco Trusted Security capable interface in the system.

A collection of objects that provides the manual mode configuration for the Cisco Trusted Security capable interface in the system.

A collection of objects that provides the L3 forwarding mode configuration for the Cisco Trusted Security capable interface in the system.

A collection of objects that provides the status information for the Cisco Trusted Security capable interface in the system.

A collection of objects that provides the statistic information for the Cisco Trusted Security capable interface in the system.

A collection of objects that provides the status information for the authorization link in the system.

A collection of objects that provides the global IFC state statistic information in the system.

A collection of objects that provides the global statistic information for the TrustSec events.

A collection of objects that provides the global TrustSec mode statistic information.

A collection of objects that provides notification control for TrustSec interfaces.

A collection of objects that provides the notification information for TrustSec interfaces.

A collection of notifications for TrustSec interfaces.

A collection of objects that provides the Critical-Auth status information for the Cisco Trusted Security capable interface in the system.