DOCS-SEC-MIB: View SNMP OID List / Download MIB

The value of this object is a degenerate PKCS7 signedData structure that contains the CVC and the CVC CA certificate chain in the certificates field. Setting this object triggers the device to verify the CVC and update the cvcAccessStart values. The content of this object is then discarded. If the device is not enabled to upgrade codefiles, or if the CVC verification fails, the CVC will be rejected. Reading this object always returns the zero-length OCTET STRING.

This MIB module contains the management objects for the management of the security requirements in the DOCSIS Security Specification.

This attribute instructs the CMTS to insert the source IP address and/or MAC address of received TFTP packets into the TFTP option fields before forwarding the packets to the Config File server. This attribute is only applicable when the TftpProxyEnabled attribute of the MdCfg object is 'true'. Bits: 'hwAddr': 0, 'netAddr': 1.

This attribute enables and disables Configuration File Learning functionality. If this attribute is set to 'true' the CMTS will respond with Authentication Failure in the REG-RSP message when there is a mismatch between learned config file parameters and REG-REQ parameters. If this attribute is set to 'false', the CMTS will not execute config file learning and mismatch check. This attribute is only applicable when the TftpProxyEnabled attribute of the MdCfg object is 'true'.

This attribute allows for configuration of a prioritized list of encryption algorithms the CMTS will use when selecting the primary SAID encryption algorithm for a given CM. The CMTS selects the highest priority encryption algorithm from this list that the CM supports. By default the following encryption algorithms are listed from highest to lowest priority (left being the highest): 128 bit AES, 56 bit DES, 40 bit DES. An empty list indicates that the CMTS attempts to use the latest and robust encryption algorithm supported by the CM. The CMTS will ignore unknown values or unsupported algorithms.

This object defines a list of CMs or CM groups to exclude from Early Authentication and Encryption (EAE). This object allows overrides to the value of EAE Control for individual CMs or group of CMs for purposes such as debugging. The CMTS supports a minimum of 30 instances of the CmtsCmEaeExclusion object. This object is only applicable when the EarlyAuthEncryptCtrl attribute of the MdCfg object is enabled. This object supports the creation and deletion of multiple instances.

The conceptual row of docsSecCmtsCmEaeExclusion. The CMTS persists all instances of CmtsCmEaeExclusion across reinitializations.

This key uniquely identifies the exclusion MAC address rule.

This attribute identifies the CM MAC address. A match is made when a CM MAC address bitwise ANDed with the MacAddrMask attribute equals the value of this attribute.

This attribute identifies the CM MAC address mask and is used with the MacAddr attribute.

Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active.

This attribute enables or disables Source Address Verification (SAV) for CM configured policies in the SavCmAuth object. If this attribute is set to 'false', the CM configured policies in the SavCmAuth object are ignored. This attribute is only applicable when the SrcAddrVerificationEnabled attribute of the MdCfg object is 'true'.

This object defines a read-only set of SAV policies associated with a CM that the CMTS will use in addition to the CMTS verification of an operator assigned IP Address being associated with a CM. When the CMTS has not resolved a source address of a CM CPE, the CMTS verifies if the CM CPE is authorized to pass traffic based on this object. These object policies include a list of subnet prefixes (defined in the SavStaticList object) or a SAV Group Name that could reference a CMTS configured list of subnet prefixes (defined in SavCfgList object) or vendor-specific policies. The CMTS populates the attributes of this object for a CM from that CM's config file. This object is only applicable when the SrcAddrVerificationEnabled attribute of the MdCfg object is 'true' and the CmAuthEnable attribute of the CmtsSavCtrl object is 'true'. The CMTS is not required to persist instances of this object across reinitializations.

The conceptual row of docsSecSavCmAuth.

This attribute references the Name attribute of the SavCfgList object of a CM. If the CM signaled group name is not configured in the CMTS, the CMTS ignores this attribute value for the purpose of Source Address Verification. The CMTS must allow the modification of the GrpName object and use the updated SAV rules for newly discovered CPEs from CMs. When a source IP address is claimed by two CMs (e.g., detected as duplicated), the CMTS must use the current SAV rules defined for both CMs in case the SAV GrpName rules may have been updated. In the case of a persisting conflict, it is up to vendor-implementation to decide what CM should hold the SAV authorization. The zero-length string indicates that no SAV Group was signaled by the CM. The zero-length value or a non-existing reference in the SavCfgList object means the SavCfgListName is ignored for the purpose of SAV.

This attribute identifies the reference to a CMTS created subnet prefix list based on the CM signaled static prefix list TLV elements. The CMTS may reuse this attribute value to reference more than one CM when those CMs have signaled the same subnet prefix list to the CMTS. The value zero indicates that no SAV static prefix encodings were signaled by the CM.

This object defines the CMTS configured subnet prefix extension to the SavCmAuth object. This object supports the creation and deletion of multiple instances. Creation of a new instance of this object requires the PrefixAddrType and PrefixAddr attributes to be set.

The conceptual row of docsSecSavCfgList. The CMTS persists all instances of SavCfgList across reinitializations.

This attribute is the key that identifies the instance of the SavCmAuth object to which this object extension belongs.

This attribute is the key that identifies a particular subnet prefix rule of an instance of this object.

This attribute identifies the IP address type of this subnet prefix rule.

This attribute corresponds to the IP address of this subnet prefix rule in accordance to the PrefixAddrType attribute.

This attribute defines the length of the subnet prefix to be matched by this rule.

The row creation control of this conceptual row. An entry in this table can be set to active only when the following attributes are correctly assigned: PrefixAddrType PrefixAddress There are no restrictions to modify or delete entries in this table.

This object defines a subnet prefix extension to the SavCmAuth object based on CM statically signaled subnet prefixes to the CMTS. When a CM signals to the CMTS static subnet prefixes, the CMTS must create a List Id to be referenced by the CM in the SavCmAuth StaticPrefixListId attribute, or the CMTS may reference an existing List Id associated to previously registered CMs in case of those subnet prefixes associated with the List Id match the ones signaled by the CM.

The conceptual row of docsSecSavStaticList. The CMTS may persist instances of this object across reinitializations.

This key uniquely identifies the index that groups multiple subnet prefix rules. The CMTS assigns this value per CM or may reuse it among multiple CMs that share the same list of subnet prefixes.

This key identifies a particular static subnet prefix rule of an instance of this object.

This attribute identifies the IP address type of this subnet prefix rule.

This attribute corresponds to the IP address of this subnet prefix rule in accordance to the PrefixAddrType attribute.

This attribute defines the length of the subnet prefix to be matched by this rule.

This object provides a read-only list of SAV counters for different service theft indications.

The conceptual row of docsSecCmtsCmSavStats.

This attribute provides the information about number of dropped upstream packets due to SAV failure.

This attribute identifies which certificate revocation method is to be used by the CMTS to verify the cable modem certificate validity. The certificate revocation methods include Certification Revocation List (CRL) and Online Certificate Status Protocol (OCSP). The following options are available: The option 'none' indicates that the CMTS does not attempt to determine the revocation status of a certificate. The option 'crl' indicates the CMTS uses a Certificate Revocation List (CRL) as defined by the Url attribute of the CmtsCertRevocationList object. When the value of this attribute is changed to 'crl', it triggers the CMTS to retrieve the CRL from the URL specified by the Url attribute. If the value of this attribute is 'crl' when the CMTS starts up, it triggers the CMTS to retrieve the CRL from the URL specified by the Url attribute. The option 'ocsp' indicates the CMTS uses the Online Certificate Status Protocol (OCSP) as defined by the Url attribute of the CmtsOnlineCertStatusProtocol object. The option 'crlAndOcsp' indicates the CMTS uses both the CRL as defined by the Url attribute in the CmtsCertRevocationList object and OCSP as defined by the Url attribute in the CmtsOnlineCertStatusProtocol object. The CMTS persists the values of the CertRevocationMethod attribute across reinitializations. Enumeration: 'crlAndOcsp': 4, 'none': 1, 'crl': 2, 'ocsp': 3.

This attribute contains the URL from where the CMTS will retrieve the CRL. When this attribute is set to a URL value different from the current value, it triggers the CMTS to retrieve the CRL from that URL. If the value of this attribute is a zero-length string, the CMTS does not attempt to retrieve the CRL. The CMTS persists the value of Url across reinitializations.

This attribute contains the refresh interval for the CMTS to retrieve the CRL (referred to in the Url attribute) with the purpose of updating its Certificate Revocation List. This attribute is meaningful if the tbsCertList.nextUpdate attribute does not exist in the last retrieved CRL, otherwise the value 0 is returned. The CMTS persists the value of RefreshInterval across reinitializations.

This attribute contains the last date and time when the CRL was retrieved by the CMTS. If the CRL has not been updated, then this variable shall have the value corresponding to January 1, year 0000, 00:00:00.0, which is encoded as (hex)'00 00 01 01 00 00 00 00'.

This attribute contains the URL string to retrieve OCSP information. If the value of this attribute is a zero-length string, the CMTS does not attempt to request the status of a CM certificate. The CMTS persists the value of Url across reinitializations.

This attribute enables or disables signature checking on OCSP response messages. The CMTS persists the value of SignatureBypass across reinitializations.

This object defines a list of CMs or CM groups to exclude from BPI+ enforcement policies configured within the CMTS. This object allows overrides to the value of BPI+ enforcement control for individual CMs or group of CMs for purposes such as debugging. The CMTS supports a minimum of 30 instances of the CmtsCmBpi2EnforceExclusion object. This object supports the creation and deletion of multiple instances.

The conceptual row of docsSecCmtsCmBpi2EnforceExclusion. The CMTS persists all instances of CmtsCmBpi2EnforceExclusion across reinitializations.

This key uniquely identifies the exclusion MAC address rule.

This attribute identifies the CM MAC address. A match is made when a CM MAC address bitwise ANDed with the MacAddrMask attribute equals the value of this attribute.

This attribute identifies the CM MAC address mask and is used with the MacAddr attribute.

Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active.

The compliance statement for CMTSs that implement the DOCSIS Security MIB.

The compliance statement for CMs that implement the DOCSIS Security MIB.

Group of objects implemented in the CMTS.

Group of objects implemented in the CM.