DOCS-BPI2-MIB: View SNMP OID List / Download MIB

This table describes the basic and authorization related Baseline Privacy Plus attributes of each CM MAC interface.

Each entry contains objects describing attributes of one CM MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127).

This object identifies whether this CM is provisioned to run Baseline Privacy Plus.

The value of this object is a DER-encoded RSAPublicKey ASN.1 type string, as defined in the RSA Encryption Standard (PKCS #1) [10], corresponding to the public key of the CM. The 74, 106, 140, 204, and 270 byte key encoding lengths correspond to 512 bit, 768 bit, 1024 bit, 1536 bit, and 2048 public moduli respectively.

The value of this object is the state of the CM authorization FSM. The start state indicates that FSM is in its initial state. Enumeration: 'reauthWait': 4, 'silent': 6, 'authRejectWait': 5, 'authWait': 2, 'start': 1, 'authorized': 3.

The value of this object is the most recent authorization key sequence number for this FSM.

The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent authorization key for this FSM. If this FSM has only one authorization key, then the value is the time of activation of this FSM.

The value of this object is the actual clock time for expiration of the most recent authorization key for this FSM.

Setting this object to TRUE generates a Reauthorize event in the authorization FSM. Reading this object always returns FALSE.

The value of this object is the grace time for an authorization key. A CM is expected to start trying to get a new authorization key beginning AuthGraceTime seconds before the authorization key actually expires.

The value of this object is the grace time for the TEK in seconds. The CM is expected to start trying to acquire a new TEK beginning TEK GraceTime seconds before the expiration of the most recent TEK.

The value of this object is the Authorize Wait Timeout.

The value of this object is the Reauthorize Wait Timeout in seconds.

The value of this object is the Operational Wait Timeout in seconds.

The value of this object is the Rekey Wait Timeout in seconds.

The value of this object is the Authorization Reject Wait Timeout in seconds.

The value of this object is the retransmission interval, in seconds, of SA Map Requests from the MAP Wait state.

The value of this object is the maximum number of Map Request retries allowed.

The value of this object is the count of times the CM has transmitted an Authentication Information message.

The value of this object is the count of times the CM has transmitted an Authorization Request message.

The value of this object is the count of times the CM has received an Authorization Reply message.

The value of this object is the count of times the CM has received an Authorization Reject message.

The value of this object is the count of times the CM has received an Authorization Invalid message.

The value of this object is the enumerated description of the Error-Code in most recent Authorization Reject message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Reject message has been received since reboot. Enumeration: 'none': 1, 'unauthorizedSaid': 4, 'unknown': 2, 'timeOfDayNotAcquired': 11, 'permanentAuthorizationFailure': 8, 'unauthorizedCm': 3.

The value of this object is the Display-String in most recent Authorization Reject message received by the CM. This is a zero length string if no Authorization Reject message has been received since reboot.

The value of this object is the enumerated description of the Error-Code in most recent Authorization Invalid message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Invalid message has been received since reboot. Enumeration: 'none': 1, 'unknown': 2, 'invalidKeySequence': 6, 'unsolicited': 5, 'unauthorizedCm': 3, 'keyRequestAuthenticationFailure': 7.

The value of this object is the Display-String in most recent Authorization Invalid message received by the CM. This is a zero length string if no Authorization Invalid message has been received since reboot.

This table describes the attributes of each CM Traffic Encryption Key(TEK) association. The CM maintains (no more than) one TEK association per SAID per CM MAC interface.

Each entry contains objects describing the TEK association attributes of one SAID. The CM MUST create one entry per SAID, regardless of whether the SAID was obtained from a Registration Response message, from an Authorization Reply message, or from any dynamic SAID establishment mechanisms.

The value of this object is the DOCSIS Security Association ID (SAID).

The value of this object is the type of security association. Enumeration: 'dynamic': 3, 'none': 0, 'static': 2, 'primary': 1.

The value of this object is the data encryption algorithm being utilized. Enumeration: 'none': 0, 'des56CbcMode': 1, 'des40CbcMode': 2.

The value of this object is the data authentication algorithm being utilized. Enumeration: 'none': 0.

The value of this object is the state of the indicated TEK FSM. The start(1) state indicates that FSM is in its initial state. Enumeration: 'rekeyReauthWait': 6, 'opWait': 2, 'operational': 4, 'start': 1, 'rekeyWait': 5, 'opReauthWait': 3.

The value of this object is the most recent TEK key sequence number for this TEK FSM.

The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent TEK for this FSM. If this FSM has only one TEK, then the value is the time of activation of this FSM.

The value of this object is the actual clock time for expiration of the most recent TEK for this FSM.

The value of this object is the count of times the CM has transmitted a Key Request message.

The value of this object is the count of times the CM has received a Key Reply message, including a message whose authentication failed.

The value of this object is the count of times the CM has received a Key Reject message, including a message whose authentication failed.

The value of this object is the count of times the CM has received a TEK Invalid message, including a message whose authentication failed.

The value of this object is the count of times an Authorization Pending (Auth Pend) event occurred in this FSM.

The value of this object is the enumerated description of the Error-Code in most recent Key Reject message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Key Reject message has been received since reboot. Enumeration: 'unknown': 2, 'none': 1, 'unauthorizedSaid': 4.

The value of this object is the Display-String in most recent Key Reject message received by the CM. This is a zero length string if no Key Reject message has been received since reboot.

The value of this object is the enumerated description of the Error-Code in most recent TEK Invalid message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no TEK Invalid message has been received since reboot. Enumeration: 'unknown': 2, 'none': 1, 'invalidKeySequence': 6.

The value of this object is the Display-String in most recent TEK Invalid message received by the CM. This is a zero length string if no TEK Invalid message has been received since reboot.

This table maps multicast IP addresses to SAIDs. It is intended to map multicast IP addresses associated with SA MAP Request messages.

Each entry contains objects describing the mapping of one multicast IP address to one SAID, as well as associated state, message counters, and error information.

The index of this row.

The type of internet address for docsBpi2CmIpMulticastAddress.

This object represents the IP multicast address to be mapped.

This object represents the SAID to which the IP multicast address has been mapped. If no SA Map Reply has been received for the IP address, this object should have the value 0.

The value of this object is the state of the SA Mapping FSM for this IP. Enumeration: 'start': 1, 'mapWait': 2, 'mapped': 3.

The value of this object is the count of times the CM has transmitted an SA Map Request message for this IP.

The value of this object is the count of times the CM has received an SA Map Reply message for this IP.

The value of this object is the count of times the CM has received an SA MAP Reject message for this IP.

The value of this object is the enumerated description of the Error-Code in the most recent SA Map Reject message sent in response to an SA Map Request for this IP. It has value unknown(2) if the last Error-Code value was 0, and none(1) if no SA MAP Reject message has been received since reboot. Enumeration: 'unknown': 2, 'none': 1, 'noAuthForRequestedDSFlow': 9, 'dsFlowNotMappedToSA': 10.

The value of this object is the Display-String in the most recent SA Map Reject message sent in response to an SA Map Request for this IP. It is a zero length string if no SA Map Reject message has been received since reboot.

This table describes the Baseline Privacy Plus device certificates for each CM MAC interface.

Each entry contains the device certificates of one CM MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127).

The X509 DER-encoded cable modem certificate. Note: This object can be set only when the value is the null string. Once the object contains the certificate, its access MUST be read-only.

The X509 DER-encoded manufacturer certificate which signed the cable modem certificate.

This table describes the Baseline Privacy Plus cryptographic suite capabilites for each CM MAC interface.

Each entry contains a cryptographic suite pair which this CM MAC supports.

The index for a cryptographic suite row.

The value of this object is the data encryption algorithm for this cryptographic suite capability. Enumeration: 'none': 0, 'des56CbcMode': 1, 'des40CbcMode': 2.

The value of this object is the data authentication algorithm for this cryptographic suite capability. Enumeration: 'none': 0.

This table describes the basic Baseline Privacy attributes of each CMTS MAC interface.

Each entry contains objects describing attributes of one CMTS MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127).

The value of this object is the default lifetime, in seconds, the CMTS assigns to a new authorization key.

The value of this object is the default lifetime, in seconds, the CMTS assigns to a new Traffic Encryption Key (TEK).

This object determines the default trust of all (new) self-signed manufacturer certificates obtained after setting the object. Enumeration: 'untrusted': 2, 'trusted': 1.

Setting this object to TRUE causes all certificates obtained thereafter to have their validity periods (and their chain's validity periods) checked against the current time of day. A FALSE setting will cause all certificates obtained thereafter to not have their validity periods (nor their chain's validity periods) checked against the current time of day.

The value of this object is the count of times the CMTS has received an Authentication Information message from any CM.

The value of this object is the count of times the CMTS has received an Authorization Request message from any CM.

The value of this object is the count of times the CMTS has transmitted an Authorization Reply message to any CM.

The value of this object is the count of times the CMTS has transmitted an Authorization Reject message to any CM.

The value of this object is the count of times the CMTS has transmitted an Authorization Invalid message to any CM.

The value of this object is the count of times the CMTS has received an SA Map Request message from any CM.

The value of this object is the count of times the CMTS has transmitted an SA Map Reply message to any CM.

The value of this object is the count of times the CMTS has transmitted an SA Map Reject message to any CM.

This table describes the attributes of each CM authorization association. The CMTS maintains one authorization association with each Baseline Privacy-enabled CM on each CMTS MAC interface.

Each entry contains objects describing attributes of one authorization association. The CMTS MUST create one entry per CM per MAC interface, based on the receipt of an Authorization Request message, and MUST not delete the entry before the CM authorization permanently expires.

The value of this object is the physical address of the CM to which the authorization association applies.

The value of this object is the version of Baseline Privacy for which this CM has registered. Enumeration: 'bpi': 0, 'bpiPlus': 1.

The value of this object is a DER-encoded RSAPublicKey ASN.1 type string, as defined in the RSA Encryption Standard (PKCS #1) [10], corresponding to the public key of the CM. The 74, 106, 140, 204, and 270 byte key encoding lengths correspond to 512 bit, 768 bit, 1024 bit, 1536 bit, and 2048 public moduli respectively. This is a zero-length string if the CMTS does not retain the public key.

The value of this object is the most recent authorization key sequence number for this CM.

The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent authorization key for this FSM. If this FSM has only one authorization key, then the value is the time of activation of this FSM. Note: For CMs running in BPI mode, implementation of this object is optional and MAY vary.

The value of this object is the actual clock time for expiration of the most recent authorization key for this FSM.

The value of this object is the lifetime, in seconds, the CMTS assigns to an authorization key for this CM.

The value of this object is the grace time for the authorization key in seconds. The CM is expected to start trying to get a new authorization key beginning AuthGraceTime seconds before the authorization key actually expires. Note: Tracking this value is optional on certain CMTS implementations.

Setting this object to invalidateAuth(2) causes the CMTS to invalidate the current CM authorization key(s), but not to transmit an Authorization Invalid message nor to invalidate unicast TEKs. Setting this object to sendAuthInvalid(3) causes the CMTS to invalidate the current CM authorization key(s), and to transmit an Authorization Invalid message to the CM, but not to invalidate unicast TEKs. Setting this object to invalidateTeks(4) causes the CMTS to invalidate the current CM authorization key(s), to transmit an Authorization Invalid message to the CM, and to invalidate all unicast TEKs associated with this CM authorization. Reading this object returns the most-recently-set value of this object, or returns noResetRequested(1) if the object has not been set since the last CMTS reboot. Enumeration: 'sendAuthInvalid': 3, 'invalidateTeks': 4, 'noResetRequested': 1, 'invalidateAuth': 2.

The value of this object is the count of times the CMTS has received an Authentication Information message from this CM.

The value of this object is the count of times the CMTS has received an Authorization Request message from this CM.

The value of this object is the count of times the CMTS has transmitted an Authorization Reply message to this CM.

The value of this object is the count of times the CMTS has transmitted an Authorization Reject message to this CM.

The value of this object is the count of times the CMTS has transmitted an Authorization Invalid message to this CM.

The value of this object is the enumerated description of the Error-Code in most recent Authorization Reject message transmitted to the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Reject message has been transmitted to the CM. Enumeration: 'none': 1, 'unauthorizedSaid': 4, 'unknown': 2, 'timeOfDayNotAcquired': 11, 'permanentAuthorizationFailure': 8, 'unauthorizedCm': 3.

The value of this object is the Display-String in most recent Authorization Reject message transmitted to the CM. This is a zero length string if no Authorization Reject message has been transmitted to the CM.

The value of this object is the enumerated description of the Error-Code in most recent Authorization Invalid message transmitted to the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Invalid message has been transmitted to the CM. Enumeration: 'none': 1, 'unknown': 2, 'invalidKeySequence': 6, 'unsolicited': 5, 'unauthorizedCm': 3, 'keyRequestAuthenticationFailure': 7.

The value of this object is the Display-String in most recent Authorization Invalid message transmitted to the CM. This is a zero length string if no Authorization Invalid message has been transmitted to the CM.

The value of this object is the Primary Security Association identifier.

Contains the reason why a CM's certificate is deemed valid or invalid. Return unknown if the CM is running BPI mode. ValidCmChained means the certificate is valid because it chains to a valid certificate. ValidCmTrusted means the certificate is valid because it has been provisioned (in the docsBpi2CmtsProvisionedCmCert table) to be trusted. InvalidCmUntrusted means the certificate is invalid because it has been provisioned (in the docsBpi2CmtsProvisionedCmCert table) to be untrusted. InvalidCAUntrusted means the certificate is invalid because it chains to an untrusted certificate. InvalidCmOther and InvalidCAOther refer to errors in parsing, validity periods, etc, which are attributable to the cm certificate or its chain respectively; additional information may be found in docsBpi2AuthRejectErrorString for these types of errors. Enumeration: 'invalidCAOther': 6, 'unknown': 0, 'invalidCmUntrusted': 3, 'validCmChained': 1, 'invalidCAUntrusted': 4, 'invalidCmOther': 5, 'validCmTrusted': 2.

The X509 CM Certificate sent as part of a BPKM Authorization Request. Note: The NULL string must be returned if the entire certificate is not retained in the CMTS.

This table describes the attributes of each Traffic Encryption Key (TEK) association. The CMTS maintains one TEK association per SAID on each CMTS MAC interface.

Each entry contains objects describing attributes of one TEK association on a particular CMTS MAC interface. The CMTS MUST create one entry per SAID per MAC interface, based on the receipt of a Key Request message, and MUST not delete the entry before the CM authorization for the SAID permanently expires.

The value of this object is the DOCSIS Security Association ID (SAID).

The value of this object is the type of security association. Dynamic does not apply to CMs running in BPI mode. Enumeration: 'dynamic': 3, 'none': 0, 'static': 2, 'primary': 1.

The value of this object is the data encryption algorithm being utilized. Enumeration: 'none': 0, 'des56CbcMode': 1, 'des40CbcMode': 2.

The value of this object is the data authentication algorithm being utilized. Enumeration: 'none': 0.

The value of this object is the lifetime, in seconds, the CMTS assigns to keys for this TEK association.

The value of this object is the grace time for the TEK in seconds. The CM is expected to start trying to acquire a new TEK beginning TEK GraceTime seconds before the TEK actually expires. Note: The value of this object is vendor specific for multicast TEKs.

The value of this object is the most recent TEK key sequence number for this SAID.

The value of this object is the actual clock time for expiration of the immediate predecessor of the most recent TEK for this FSM. If this FSM has only one TEK, then the value is the time of activation of this FSM.

The value of this object is the actual clock time for expiration of the most recent TEK for this FSM.

Setting this object to TRUE causes the CMTS to invalidate the current active TEK(s) (plural due to key transition periods), and to generate a new TEK for the associated SAID; the CMTS MAY also generate an unsolicited TEK Invalid message, to optimize the TEK synchronization between the CMTS and the CM. Reading this object always returns FALSE.

The value of this object is the count of times the CMTS has received a Key Request message.

The value of this object is the count of times the CMTS has transmitted a Key Reply message.

The value of this object is the count of times the CMTS has transmitted a Key Reject message.

The value of this object is the count of times the CMTS has transmitted a TEK Invalid message.

The value of this object is the enumerated description of the Error-Code in the most recent Key Reject message sent in response to a Key Request for this SAID. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Key Reject message has been received since reboot. Enumeration: 'unknown': 2, 'none': 1, 'unauthorizedSaid': 4.

The value of this object is the Display-String in the most recent Key Reject message sent in response to a Key Request for this SAID. This is a zero length string if no Key Reject message has been received since reboot.

The value of this object is the enumerated description of the Error-Code in the most recent TEK Invalid message sent in association with this SAID. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no TEK Invalid message has been received since reboot. Enumeration: 'unknown': 2, 'none': 1, 'invalidKeySequence': 6.

The value of this object is the Display-String in the most recent TEK Invalid message sent in association with this SAID. This is a zero length string if no TEK Invalid message has been received since reboot.

This table maps multicast IP addresses to SAIDs.

Each entry contains objects describing the mapping of a set of multicast IP address and mask to one SAID, as well as associated message counters and error information.

The index of this row.

The type of internet address for docsBpi2CmtsIpMulticastAddress.

This object represents the IP multicast address to be mapped, in conjunction with docsBpi2CmtsIpMulticastMask.

The type of internet address for docsBpi2CmtsIpMulticastMask.

This object represents the IP multicast address mask for this row. An IP multicast address matches this row if it is equivalent to the logical AND of docsBpi2CmtsIpMulticastAddr with docsBpi2CmtsIpMulticastMask.

This object represents the multicast SAID to be used in this IP multicast address mapping entry.

The value of this object is the type of security association. Dynamic does not apply to CMs running in BPI mode. Enumeration: 'dynamic': 3, 'none': 0, 'static': 2, 'primary': 1.

The value of this object is the data encryption algorithm being utilized. Enumeration: 'none': 0, 'des56CbcMode': 1, 'des40CbcMode': 2.

The value of this object is the data authentication algorithm being utilized. Enumeration: 'none': 0.

The value of this object is the count of times the CMTS has received an SA Map Request message for this IP.

The value of this object is the count of times the CMTS has transmitted an SA Map Reply message for this IP.

The value of this object is the count of times the CMTS has transmitted an SA Map Reject message for this IP.

The value of this object is the enumerated description of the Error-Code in the most recent SA Map Reject message sent in response to a SA Map Request for this IP. It has value unknown(2) if the last Error-Code value was 0, and none(1) if no SA MAP Reject message has been received since reboot. Enumeration: 'unknown': 2, 'none': 1, 'noAuthForRequestedDSFlow': 9, 'dsFlowNotMappedToSA': 10.

The value of this object is the Display-String in the most recent SA Map Reject message sent in response to an SA Map Request for this IP. It is a zero length string if no SA Map Reject message has been received since reboot.

This object controls and reflects the IP multicast address mapping entry. There is no restriction on the ability to change values in this row while the row is active. Inactive rows need not be timed out.

This table describes the multicast SAID authorization for each CM on each CMTS MAC interface.

Each entry contains objects describing the key authorization of one cable modem for one multicast SAID for one CMTS MAC interface.

This object represents the multicast SAID for authorization.

This object represents the MAC address of the CM to which the multicast SAID authorization applies.

This object controls and reflects the CM authorization for each multicast SAID. There is no restriction on the ability to change values in this row while the row is active. Inactive rows need not be timed out.

A table of CM certificate trust entries provisioned to the CMTS. The trust object for a certificate in this table has an overriding effect on the validity object of a certificate in the authorization table, as long as the entire contents of the two certificates are identical.

An entry in the CMTS' provisioned CM certificate table.

The index of this row.

Trust state for the provisioned CM certificate entry. Note: Setting this object need only override the validity of CM certificates sent in future authorization requests; instantaneous effect need not occur. Enumeration: 'untrusted': 2, 'trusted': 1.

This object indicates how the certificate reached the CMTS. Other means it originated from a source not identified above. Enumeration: 'other': 4, 'snmp': 1, 'configurationFile': 2, 'externalDatabase': 3.

Standard RowStatus object except: a) if a row has ever been activated, a set to docsBpi2CmtsProvisionedCmCert need not succeed, b) inactive rows need not be timed out.

An X509 DER-encoded certificate authority certificate. Note: The NULL string must be returned, on reads, if the entire certificate is not retained in the CMTS.

The table of known certificate authority certificates acquired by this device.

A row in the Certificate Authority certificate table.

The index for this row.

The subject name exactly as it is encoded in the X509 certificate. The organizationName portion of the certificate's subject name must be present. All other fields are optional. Any optional field present must be prepended with CR (carriage return) LF (line feed) ASCII characters. Ordering of fields present must conform to: organizationName CR LF countryName CR LF stateOrProvinceName CR LF localityName CR LF organizationalUnitName CR LF organizationalUnitName= CR LF commonName

The issuer name exactly as it is encoded in the X509 certificate. The commonName portion of the certificate's issuer name must be present. All other fields are optional. Any optional field present must be prepended with CR (carriage return) LF (line feed) ASCII characters. Ordering of fields present must conform to: commonName CR LF countryName CR LF stateOrProvinceName CR LF localityName CR LF organizationName CR LF organizationalUnitName CR LF organizationalUnitName=

This CA certificate's serial number represented as an octet string.

This object controls the trust status of this certificate. Root certificates must be given root trust; manufacturer certificates must not be given root trust. Trust on root certificates must not change. Note: Setting this object need only affect the validity of CM certificates sent in future authorization requests; instantaneous effect need not occur. Enumeration: 'untrusted': 2, 'root': 4, 'trusted': 1, 'chained': 3.

This object indicates how the certificate reached the CMTS. Other means it originated from a source not identified above. Enumeration: 'externalDatabase': 3, 'snmp': 1, 'authentInfo': 5, 'compiledIntoCode': 6, 'other': 4, 'configurationFile': 2.

Standard RowStatus objects except: a) if a row has ever been activated, a set to docsBpi2CmtsCACert need not succeed, b) inactive rows need not be timed out, c) if a row has ever been activated, a destroy setting need not succeed.

An X509 DER-encoded certificate authority certificate. To help identify certificates, either this object or docsBpi2CmtsCACertThumbprint must be returned by a CMTS for self-signed CA certificates. Note: The NULL string must be returned, on reads, if the entire certificate is not retained in the CMTS.

The SHA-1 hash of a CA certificate. To help identify certificates, either this object or docsBpi2CmtsCACert must be returned by a CMTS for self-signed CA certificates. Note: The NULL string must be returned if this object is not supported by the CMTS.

The value indicates the result of the latest config file CVC verification, SNMP CVC verification, or code file verification. Enumeration: 'codeFileVerified': 5, 'snmpCvcVerified': 3, 'codeFileRejected': 6, 'configFileCvcRejected': 2, 'configFileCvcVerified': 1, 'other': 7, 'snmpCvcRejected': 4.

The value of this object indicates the additional information to the status code. The value will include the error code and error description which will be defined separately.

The value of this object is the device manufacturer's organizationName.

The value of this object is the device manufacturer's current codeAccessStart value referenced to Greenwich Mean Time (GMT).

The value of this object is the device manufacturer's current cvcAccessStart value referenced to Greenwich Mean Time (GMT).

The value of this object is the Co-Signer's organizationName. The value is a zero length string if the co-signer is not specified.

The value of this object is the Co-Signer's current codeAccessStart value referenced to Greenwich Mean Time (GMT). If docsBpi2CodeCoSignerOrgName is a zero length string, the value of this object is meaningless.

The value of this object is the Co-Signer's current cvcAccessStart value referenced to Greenwich Mean Time (GMT). If docsBpi2CodeCoSignerOrgName is a zero length string, the value of this object is meaningless.

Setting a CVC to this object triggers the device to verify the CVC and update the cvcAccessStart value. If the device is not enabled to upgrade codefiles, or the CVC verification fails, the CVC will be rejected. Reading this object always returns the null string.