TIMETRA-SECURITY-MIB: View SNMP OID List / Download MIB

This document is the SNMP MIB module to manage and provision Security features on Alcatel-Lucent SROS systems. Copyright 2003-2014 Alcatel-Lucent. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This SNMP MIB module (Specification) embodies Alcatel-Lucent's proprietary intellectual property. Alcatel-Lucent retains all title and ownership in the Specification, including any revisions. Alcatel-Lucent grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this Specification in connection with management of Alcatel-Lucent products, and without fee, provided this copyright notice and license appear on all copies. This Specification is supplied 'as is', and Alcatel-Lucent makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification.

The compliance statement for management of security features on Alcatel-Lucent 7450 ESS series systems release R4.0.

The compliance statement for management of security features on Alcatel-Lucent 7750 SR series systems release R4.0.

The compliance statement for management of security features on Alcatel-Lucent 7450 ESS series systems release R5.0.

The compliance statement for management of security features on Alcatel-Lucent 7750/7710 SR series systems release R5.0.

The compliance statement for management of security features on Alcatel-Lucent 7450 ESS series systems release R6.0.

The compliance statement for management of security features on Alcatel-Lucent 7750/7710 SR series systems release R6.0.

The compliance statement for management of security features on Alcatel-Lucent 7450 ESS series systems release R6.1.

The compliance statement for management of security features on Alcatel-Lucent 7750/7710 SR series systems release R6.1.

The compliance statement for management of security features on Alcatel-Lucent 7450 ESS series systems release R7.0.

The compliance statement for management of security features on Alcatel-Lucent 7750/7710 SR series systems release R7.0.

The compliance statement for management of security features on Alcatel-Lucent 7450 ESS series systems release R8.0.

The compliance statement for management of security features on Alcatel-Lucent 7710 SR series systems release R8.0.

The compliance statement for management of security features on Alcatel-Lucent 7750 SR series systems release R8.0.

The compliance statement for management of security features on Alcatel 7450 ESS series systems release R9.0.

The compliance statement for management of security features on Alcatel 7710 SR series systems release R9.0.

The compliance statement for management of security features on Alcatel 7750 SR series systems release R9.0.

The compliance statement for management of security features on Alcatel 7450 ESS series systems release R10.0.

The compliance statement for management of security features on Alcatel 7710 SR series systems release R10.0.

The compliance statement for management of security features on Alcatel 7750 SR series systems release R10.0.

The group of objects supporting management of user security capabilities on Alcatel-Lucent SROS series systems.

The group of objects supporting management of Management Access Filters (MAF) capabilities on Alcatel-Lucent SROS series systems release 2.1.

The group of objects supporting management of passwords on Alcatel-Lucent SROS series systems.

The group of objects supporting CPM security capabilities for revision 2.1 on Alcatel-Lucent SROS series systems.

The group of objects supporting password hashing capabilities for revision 2.1 on Alcatel-Lucent SROS series systems.

The group of notifications supporting security in revision 3.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting the CPM hardware filter capabilities for revision 3.0r2 on Alcatel-Lucent SROS series systems.

The group of objects supporting the CPM hardware filter IPv6 capabilities for revision 4.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of TELNET/SSH/FTP capabilities for revision 4.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of SSH capabilities for revision 4.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of application source-ip override capabilities for revision 4.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of RADIUS capabilities for revision 4.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of TACACS+ capabilities for revision 4.0 on Alcatel-Lucent SROS series systems.

The group of objects in TIMETRA-SECURITY-MIB which are obsoleted.

The group of objects supporting management of user security capabilities on Alcatel-Lucent SROS series systems.

The group of objects supporting management of Keychain capabilities for revision 5.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of RADIUS capabilities for revision 5.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of TACACS+ capabilities for revision 5.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting the CPM hardware filter capabilities for revision 5.0 on Alcatel-Lucent SROS series systems.

The group of notifications supporting security in revision 5.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting security notifications on Alcatel-Lucent SROS series systems 5.0 release.

The group of objects supporting management of TACACS+ capabilities for revision 6.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of passwords on Alcatel-Lucent SROS series systems.

The group of objects supporting management of Management Access Filters (MAF) capabilities on Alcatel-Lucent SROS series systems release 6.0

The group of objects that are obsoleted in on Alcatel-Lucent SROS series systems release 6.0

The group of objects supporting management of CPM Protection on Alcatel-Lucent SROS series systems.

The group of objects supporting management of Lawful Intercept (LI) users.

The group of notifications supporting CPM Protection on Alcatel-Lucent SROS series systems.

The group of objects supporting CPM Protection notifications.

The group of objects supporting the CPM hardware Mac filter capabilities on Alcatel-Lucent SROS series systems.

The group of objects supporting the Maf Mac filter capabilities on Alcatel-Lucent SROS series systems.

The group of objects supporting management of user security capabilities on Alcatel-Lucent SROS series systems.

The group of objects supporting management of RADIUS capabilities for revision 5.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting management of CPM Protection on Alcatel-Lucent SROS 7.0 series systems.

The group of notifications supporting CPM Protection on Alcatel-Lucent SROS 7.0 series systems.

The group of objects supporting management of TACACS+ capabilities on Alcatel-Lucent SROS series systems.

The group of objects that are made obsolete on Alcatel-Lucent SROS series systems in release 8.0

The group of objects supporting security notifications in revision 8.0 on Alcatel-Lucent SROS series systems.

The group of notifications supporting security in revision 8.0 on Alcatel-Lucent SROS series systems.

The group of objects supporting CPM protection policies for Ethernet CFM packets in revision 8.0 R5 on Alcatel-Lucent SROS systems.

The group of objects supporting CPM protection policies in revision 8.0 R5 on Alcatel-Lucent SROS systems.

The group of notifications supporting CPM protection policies in revision 8.0 R5 on Alcatel-Lucent SROS systems.

The tmnxSecPkiV9v0Grp indicates the group of objects supporting PKI objects in revision 9.0 R4 on Alcatel-Lucent SROS systems.

The group of objects supporting MPLS Network Exception capabilities for on Alcatel-Lucent SROS series systems.

The group of notifications supporting CA Profile certificate capabilities on Alcatel-Lucent SROS systems.

The group of objects supporting security notifications in revision 8.0 on Alcatel-Lucent SROS series systems.

The tmnxRadiusUserGroup indicates the group of objects supporting radius objects on Alcatel-Lucent SROS systems.

The group of objects supporting per-SAP, per-source rate limiting of IP packets in release 9.0 Alcatel-Lucent SROS series systems.

The group of notifications supporting CPM protection policies in Alcatel-Lucent SROS systems, release 9.0.

The group of objects supporting management of IP prefix lists in CPM filters on Alcatel-Lucent SROS series systems 10.0 release.

The tmnxRadiusUserGroup indicates the group of additional objects supporting radius objects on Alcatel-Lucent SROS systems.

The group of objects supporting management of user lock-out on Alcatel-Lucent SROS systems.

Table to store the user profiles for access to the commands in the command line interface.

Information about a single user profile.

The name of the profile is the index to the table.

Row Status for the user profile. The deletion of this row has an action of removing the dependent rows in the tmnxUserProfileTable.

The action to be given to the user profile in case if none of the entries match the command.

The value of tmnxUserProfileLi specifies whether or this profile can be assigned to a user to support Lawful Intercept (LI) operations. This object can only be modified from the SNMPv3 'li' context.

Table which stores multiple entries per user profile to define specific action to be taken in case if the command matches the entry.

Information about a single user profile.

The Secondary index for the table

Row Status for the user profile match.

User-provided description for the match entry.

Action to be used in case if a command matches this entry.

Match string to be used for this entry.

tmnxUserTable contains configuration information for the system users.

tmnxUserEntry is an entry (conceptual row) in the tmnxUserEntry. Each entry represents the configuration for a system user. Entries in this table can be created and deleted via SNMP SET operations to tmnxUserRowStatus.

The value of tmnxUserName specifies the name for a system user. This name must be unique amongst the table entries.

tmnxUserRowStatus controls the creation and deletion of rows in the table. To create a row in the tmnxUserTable, set tmnxUserRowStatus to createAndGo(4). All objects will take on default values and the agent will change tmnxUserRowStatus to active(1). To delete a row in the tmnxUserTable, set tmnxUserRowStatus to delete(6).

The value of tmnxUserPassword specifies the password used to authenticate the user for console and FTP access. tmnxUserPassword and tmnxUserPasswordEncrypted, which indicates whether or not the password string is encrypted, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error. The value of tmnxUserPassword cannot be more than 20 characters when the value of tmnxUserPasswordEncrypted is 'false'.

When the value of tmnxUserPasswordEncrypted is 'true', the password specified by tmnxUserPassword is in the encrypted form. When the value of tmnxUserPasswordEncrypted is 'false', the password specified by tmnxUserPassword is in plain text. tmnxUserPassword and tmnxUserPasswordEncrypted, which indicates whether or not the password string is encrypted, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error.

The value of tmnxUserAccess specifies the type of access the the user is permitted. To allow the user access to the console, FTP or SNMP, set the corresponding bit in tmnxUserAccess. Reset the bit to deny the access. 'li' access allows this user to access CLI commands in the Lawful Intercept (LI) context. The 'li' bit can only be modified from the SNMPv3 'li' context. Bits: 'ftp': 1, 'li': 3, 'console': 0, 'snmp': 2.

The value of tmnxUserHomeDirectory specifies the local home directory for the user for console and FTP access.

When the value of tmnxUserRestrictedToHome is 'true', the user is not allowed to navigate to directories above his home directory for file access. When the value of tmnxUserRestrictedToHome is 'false', the user is allowed access to directories above his home directory.

The value of tmnxUserConsoleLoginExecFile specifies the file that should be executed whenever the user successfully logs in to a console session.

When the value of tmnxUserConsoleCannotChangePswd is 'true', the user does not have the privilege to change the password for console and FTP login. When the value of tmnxUserConsoleCannotChangePswd is 'false', the user has the privilege to change the password for console and FTP login.

When the value of tmnxUserConsoleNewPswdAtLogin is 'true', the will be forced to change his password at the next console or FTP login. When the value of tmnxUserConsoleNewPswdAtLogin is 'false', the will not be forced to change his password at the next console or FTP login.

The value of tmnxUserConsoleMemberProfile1 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile2 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile3 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile4 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile5 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile6 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile7 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserConsoleMemberProfile8 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the n-th user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on.

The value of tmnxUserAttemptedLogins indicates the number of times the user has attempted to login irrespective of whether the login succeeded or failed.

The value of tmnxUserSuccessfulLogins indicates the number of times the user has successfully logged in.

The value of tmnxUserPasswordChanged indicates the value of sysUpTime when the login password was last changed.

This table has been replaced with tmnxGenMafTable. The new table allows to define both IPv4 and IPv6 MAFs. The tmnxMafTable has an entry for each Management Access Filter (MAF) configured on the system. Management Access Filters are used to restrict management of this Alcatel-Lucent SROS device by other nodes outside either specific (sub)networks or through designated ports. By default no Management Access Filters are defined and this table will be empty.

Each row entry contains information about a Management Access Filter (MAF).

The value of tmnxMafName specifies the Management Access Filter (MAF) represented by this row in the tmnxMafTable.

The tmnxMafRowStatus object is used to create and delete rows in the tmnxMafTable. The values supported during a set operation are createAndGo(4), createAndWait(5) and destroy(6).

The value of tmnxMafDefaultAction specifies the default action for management access in the absence of a specific management access filter entry match. The default action is applied to a packet that does not satisfy any match criteria in any of the management access filter match entries. Before a MAF can be active, a default action must have been specified.

The value of tmnxMafAdminState specifies the administrative state for this management access filter. A value of 'outOfService' disables this filter which results in permitting all traffic.

This tables has been replaced with the table tmnxIPMafMatchTable which allows for both IPv4 and IPv6 MAF entries. The tmnxMafMatchTable contains filter match criteria associated with Management Access Filters (MAFs) configured on the system.

Each row entry contains information about a management access filter entry associated with a specific Management Access Filter (MAF). The filter criter is applied in order according to the value of tmnxMafMatchIndex. The match algorithm is exited upon the first match found and then the action specified is executed. For this reason, entries must be sequenced from most to least explicit. An entry where tmnxMafMatchAction has a value of 'none' is not active.

The value of tmnxMafMatchIndex specifies the Management Access Filter Entry (MAFE) represented by this row in the tmnxMafMatchTable. It is associated to a specific Management Access Filter by the value of tmnxMafName index.

The tmnxMafMatchRowStatus object is used to create and delete rows in the tmnxMafMatchTable. The values supported during a set operation are createAndGo(4), createAndWait(5) and destroy(6).

The value of tmnxMafMatchLastChanged is the timestamp of last change to this row in tmnxMafMatchTable.

The value of tmnxMafMatchAction specifies the action to be taken when a packet matches the selection criteria configured in this management access filter entry. Before a filter entry can be active, tmnxMafMatchAction must be assigned some value other than 'none'.

The value of tmnxMafMatchDescription is a user provided description string for this Management Access Filter Entry. It can consist of any printable, seven-bit ASCII characters up to 80 characters in length.

The value of tmnxMafMatchSrcIpAddr specifies IP address used with the value of tmnxMafMatchSrcIpMask to indicate a source IP address range to be used as the match criteria for this Management Access Filter Entry.

The value of tmnxMafMatchSrcIpMask specifies the number of bits to match of the source Ip Address.

The value of tmnxMafMatchSrcPortType is used to restrict ingress management packets to either the configured management Ethernet port or any other logical port (LAG, port, or channel) on the device. By default, management traffic is accepted on any interface. Enumeration: 'port': 3, 'lag': 4, 'any': 1, 'cpm': 2.

When tmnxMafMatchSrcPortType has a value of 'port' or 'lag' the value of tmnxMafMatchSrcPortId specifies the port used to restrict ingress management packets. A value of zero indicated that this object is not initialized.

The value of tmnxMafMatchDestPort specifies a TCP or UDP port number to be used as a match criteria in this Management Access Filter Entry. A value of zero indicates that this object is not initialized.

The value of tmnxMafMatchDestPortMask specifies a mask to be used when the value of tmnxMafMatchDestPort is not equal to zero. The mask allows a range of TCP or UDP port values to be specified for the match criteria in this Management Access Filter Entry. A value of 65535, 0xFFFF, is used to indicate that this object is not initialized.

The value of tmnxMafMatchProtocol specifies an IP protocol type to be used in the match criteria for this Management Access Filter Entry. Some well-know protocol numbers are TCP (6), and UDP (7). The value of -1 is used to indicate that this object is not initialized.

The value of tmnxMafMatchCount indicates the number of times a management packet has matched this filter entry.

The value of tmnxMafMatchRouter specifies a router (VPRN) name or a service-id, expressed as an ASCII numeric string, to be used in the match criteria for the Management Access Filter Entry. The empty string value ''H is used to indicate that this object is not initialized.

When the value of tmnxMafMatchLog is 'true', entry match logging is enabled.

This value of the object tmnxGenMafTableLastChanged indicates the timestamp of the last change to the tmnxGenMafTable. A value of 0 indicates that no changes were made to this table since the system was last initialized.

This table replaces the tmnxMafTable. It allows to define both IPv4 and IPv6 MAFs. The tmnxGenMafTable has an entry for each Management Access Filter (MAF) configured on the system (IPv4 and IPv6). Management Access Filters are used to restrict management of this Alcatel-Lucent SROS device by other nodes outside either specific (sub)networks or through designated ports. By default a single IPv4 and a single IPv6 Management Access Filter is created by the system. No additional filters can be defined by the operator. When a filter is deleted, the system will re-create it with all default settings.

Each row entry contains information about a IPv4 or IPv6 Management Access Filter (MAF).

The value of tmnxGenMafType specifies the type of packets, destined for CPM, this management access filter applies to.

The value of tmnxGenMafName specifies the Management Access Filter (MAF) represented by this row in the tmnxGenMafTable.

The tmnxGenMafLastModified object indicates the timestamp of the last change to this row. A value of zero indicates that this row was not modified since the system was last initialized.

The tmnxGenMafRowStatus object is used to create and delete rows in the tmnxGenMafTable. The values supported during a set operation are - active(1) - createAndGo(4), - createAndWait(5) which is treated in the same way as createAndGo(4) - destroy(6).

The value of tmnxGenMafAdminState specifies the administrative state for this management access filter. A value of 'outOfService' disables this filter which results in permitting all traffic.

The value of tmnxGenMafDefaultAction specifies the default action for management access in the absence of a specific management access filter entry match. The default action is applied to a packet that does not satisfy any match criteria in any of the management access filter match entries. Before a MAF can be active, a default action must have been specified. The value denyHostUnreachable is not allowed for Mac Maf filters.

This value of the object tmnxMafIPMatchTableLastChanged indicates the timestamp of the last change to the tmnxIPMafMatchTable. A value of 0 indicates that no changes were made to this table since the system was last initialized.

This table replaces the tmnxMafMatchTable. It allows to define both IPv4 and IPv6 MAF IP entries. The tmnxIPMafMatchTable contains ipvx filter match criteria associated with Management Access Filters (MAFs) configured on the system.

Each row entry contains information about a management access filter entry associated with a specific Management Access Filter (MAF). The filter criter is applied in order according to the value of tmnxIPMafMatchIndex. The match algorithm is exited upon the first match found and then the action specified is executed. For this reason, entries must be sequenced from most to least explicit. An entry where tmnxIPMafMatchAction has a value of 'none' is not active. Rows can only be created for tmnxGenMafType's: - ipv4 (1), and. - ipv6 (2). For mac Maf filters a dedicated table is provided (tmnxMacMafMatchTable).

The value of tmnxIPMafMatchIndex specifies the Management Access Filter Entry (MAFE) represented by this row in the tmnxIPMafMatchTable. It is associated to a specific Management Access Filter by the value of tmnxGenMafName index.

The tmnxIPMafMatchRowStatus object is used to create and delete rows in the tmnxIPMafMatchTable. Following values are supported: - active(1) - createAndGo(4), - createAndWait(5) which is treated in the same way as createAndGo(4) - destroy(6).

The value of tmnxIPMafMatchLastChanged is the timestamp of last change to this row in tmnxIPMafMatchTable.

The value of tmnxIPMafMatchAction specifies the action to be taken when a packet matches the selection criteria configured in this management access filter entry. Before a filter entry can be active, tmnxIPMafMatchAction must be assigned some value other than 'none'. The value denyHostUnreachable is not allowed.

The value of tmnxIPMafMatchDescription is a user provided description string for this Management Access Filter Entry. It can consist of any printable, seven-bit ASCII characters up to 80 characters in length.

The value of tmnxIPMafMatchSrcIpAddrType specifies the type of IP address stored in the object tmnxIPMafMatchSrcIpAddr. If the value of tmnxGenMafType indicates 'ipv4' the only allowed values for this object are 'unknown' or 'ipv4'. If the value of tmnxGenMafType indicates 'ipv6' the only allowed values for this object are 'unknown' or 'ipv6'.

The value of tmnxIPMafMatchSrcIpAddr specifies IP address used with the value of tmnxIPMafMatchSrcIpMask to indicate a source IP address range to be used as the match criteria for this Management Access Filter Entry.

The value of tmnxIPMafMatchSrcIpMask specifies the number of bits to match of the source Ip Address.

The value of tmnxIPMafMatchSrcPortType is used to restrict ingress management packets to either the configured management Ethernet port or any other logical port (LAG, port, or channel) on the device. By default, management traffic is accepted on any interface. Reading the value of tmnxIPMafMatchSrcPortType when it is different from 'any' will cause it to be recalculated based on the value of tmnxIPMafMatchSrcPortId. Enumeration: 'port': 3, 'lag': 4, 'any': 1, 'cpm': 2.

When tmnxIPMafMatchSrcPortType is set to 'any' then the value of tmnxIPMafMatchSrcPortId will be forced to 503316480 (INVALID_PORT). When tmnxIPMafMatchSrcPortType is set to 'port' or 'lag' then the value of tmnxIPMafMatchSrcPortId specifies the port used to restrict ingress management packets. When tmnxIPMafMatchSrcPortType is set to 'cpm' then the value of tmnxIPMafMatchSrcPortId will be forced to 503316480 (INVALID_PORT).

The value of tmnxIPMafMatchDestPort specifies a TCP or UDP port number to be used as a match criteria in this Management Access Filter Entry. A value of zero indicates that this object is not initialized.

The value of tmnxIPMafMatchDestPortMask specifies a mask to be used when the value of tmnxIPMafMatchDestPort is not equal to zero. The mask allows a range of TCP or UDP port values to be specified for the match criteria in this Management Access Filter Entry. A value of 65535, 0xFFFF, is used to indicate that this object is not initialized.

The value of tmnxIPMafMatchProtNxtHdr specifies for IPv4 MAF the IP protocol field, and for IPv6 the next header type to be used in the match criteria for this Management Access Filter Entry. Some well-know protocol numbers are TCP (6), and UDP (7). The value of -1 is used to indicate that this object is not initialized. The value of -2 is used to indicate udp/tcp protocol matching

The value of tmnxIPMafMatchCount indicates the number of times a management packet has matched this filter entry.

The value of tmnxIPMafMatchRouter specifies a router (VPRN) name or a service-id, expressed as an ASCII numeric string, to be used in the match criteria for the Management Access Filter Entry. The empty string value ''H is used to indicate that this object is not initialized.

The value of tmnxIPMafMatchFlowLabel specifies the flow label to be matched. When the value is '-1', no flow label matching occurs. This object is only meaningfull in case of an IPv6 MAF entry. The value is ignored in IPv4 MAF entries.

When the value of tmnxIPMafMatchLog is 'true', entry match logging is enabled.

The value of tmnxIPMafMatchL4SrcPort specifies a TCP or UDP port number to be used as a match criteria in this Management Access Filter Entry. A value of zero indicates that this object is not initialized.

The value of tmnxIPMafMatchL4SrcPortMask specifies a mask to be used when the value of tmnxIPMafMatchL4SrcPort is not equal to zero. The mask allows a range of TCP or UDP port values to be specified for the match criteria in this Management Access Filter Entry. A value of 65535, 0xFFFF, is used to indicate that this object is not initialized.

When the value of tmnxIPMafMatchFragment is 'true', entry match fragmentation is enabled.

This value of the object tmnxMafMacMatchTableLastChanged indicates the timestamp of the last change to the tmnxMacMafMatchTable. A value of 0 indicates that no changes were made to this table since the system was last initialized.

This table allows to define Mac Maf filter entries. The tmnxMacMafMatchTable contains Mac filter match criteria associated with Management Access Filters (MAFs) configured on the system.

Each row entry contains information about a management access filter entry associated with a specific Mac Management Access Filter (MAF). The filter criter is applied in order according to the value of tmnxMacMafMatchIndex. The match algorithm is exited upon the first match found and then the action specified is executed. For this reason, entries must be sequenced from most to least explicit. An entry where tmnxMacMafMatchAction has a value of 'none' is not active.

The value of tmnxMacMafMatchIndex specifies the Management Access Filter Entry (MAFE) represented by this row in the tmnxMacMafMatchTable. It is associated to a specific Management Access Filter by the value of tmnxGenMafType and tmnxGenMafName.

The tmnxMacMafMatchRowStatus object is used to create and delete rows in the tmnxMacMafMatchTable. The values supported are - active(1) - createAndGo(4), - createAndWait(5) which is treated in the same way as createAndGo(4) - destroy(6).

The value of tmnxMacMafMatchLastChanged indicates the timestamp of the last change to this row in tmnxMacMafMatchTable.

The value of tmnxMacMafMatchAction specifies the action to be taken when a packet matches the selection criteria configured in this management access filter entry. Before a filter entry can be active, tmnxMacMafMatchAction must be assigned some value other than 'none'. The value denyHostUnreachable is not allowed for this object.

The value of tmnxMacMafMatchDescription specifies a user provided description string for this Management Access Filter Entry. It can consist of any printable, seven-bit ASCII characters up to 80 characters in length.

The value of the object tmnxMacMafMatchLog specifies whether or not logging is active for this filter entry.

The value of tmnxMacMafMatchFrameType specifies the type of mac frame for which we are defining this match criteria.

The value of the object tmnxMacMafMatchSvcId specifies the service-id in which the packet is to be received for this entry to match. A value of 0 indicates: any service.

The value of the object tmnxMacMafMatchDot1pValue specifies the IEEE 802.1p priority value for this MAC filter entry. Use -1 to disable matching this filter criteria.

The value of the object tmnxMacMafMatchDot1pMask specifies the IEEE 802.1p priority mask value for this policy MAC filter entry. Use zero to disable matching, use 7 to match everything.

The value of the object tmnxMacMafMatchDsap specifies the MAC DSAP to match for this MAC filter entry. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC.

The value of the object tmnxMacMafMatchDsapMask specifies the MAC DSAP mask for this MAC filter entry. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC.

The value of the object tmnxMacMafMatchSrcMAC specifies the source MAC to match for this policy MAC filter entry.

The value of the object tmnxMacMafMatchSrcMACMask specifies the source MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tmnxMacMafMatchSrcMAC. A zero bit means ignore this bit, do not match. A one bit means match this bit with tmnxMacMafMatchSrcMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria.

The value of the object tmnxMacMafMatchDstMAC specifies the Destination MAC mask value for this policy MAC filter entry.

The value of the object tmnxMacMafMatchDstMACMask specifies the destination MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tmnxMacMafMatchDstMAC. A zero bit means ignore this bit, do not match. a one bit means match this bit with tmnxMacMafMatchDstMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria.

The value of the object tmnxMacMafMatchEtherType specifies the Ethertype for this MAC filter entry. Use -1 to disable matching by this criteria. This object has no significance if the object tmnxMacMafMatchFrameType is not set to Ethernet_II.

The value of the object tmnxMacMafMatchSnapOui specifies the MAC SNAP OUI to match. The values zero(2) and nonZero(3) specify what to match. Matching can be disabled by the use of the value off(1). This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2SNAP. Enumeration: 'nonZero': 3, 'zero': 2, 'off': 1.

The value of the object tmnxMacMafMatchSnapPid specifies the MAC SNAP PID to match for this MAC filter entry. use -1 to disable matching by this criteria. This object has no significance if object tmnxMacMafMatchFrameType is not set to 802dot2SNAP.

The value of the object tmnxMacMafMatchSsap specifies the the MAC SSAP to match for this MAC filter entry. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC.

The value of the object tmnxMacMafMatchSsapMask specifies the MAC SSAP mask for this MAC filter entry. use 0 to disable matching by this criteria. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC.

The value of the object tmnxMacMafMatchCfmOpCodeOper specifies which type of opcode checking is to be performed. If different fron none, more info is provided in the objects tmnxMacMafMatchCfmOpCodeValue1 and tmnxMacMafMatchCfmOpCodeValue2. This object has significance only if the object tmnxMacMafMatchFrameType refers to either ieee802.1ag or Y1731.

The value of the object tmnxMacMafMatchCfmOpCodeValue1 specifies a cfm opcode. The value of this object is used as per the description for tmnxMacMafMatchCfmOpCodeOper.

The value of the object tmnxMacMafMatchCfmOpCodeValue2 specifies a cfm opcode. The value of this object is used as per the description for tmnxMacMafMatchCfmOpCodeOper.

The value of tmnxMacMafMatchCount indicates the number of times a management packet has matched this filter entry.

Number of days a user password is valid before the user must change his password. If the value of tmnxPasswordAging is set to '65535', password aging is disabled.

The minimum number of characters required in the password.

The complexity requirements for the passwords. 'alpha-numeric' - at least one numeric character must be present in the password. 'mixed-case' - at least one upper and one lower case character must be present in the password. 'special-character' - at least one non-alphanumeric character must be present in the password. Bits: 'mixed-case': 1, 'special-character': 2, 'alpha-numeric': 0.

The maximum number of unsuccessful login attempts allowed for a user. The value of tmnxPasswordAttemptsCount is used with the value of tmnxPasswordAttemptsTime to find out if the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod.

This is used in conjunction with tmnxPasswordAttemptsCount to find out if the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod.

The number of minutes the user is locked out if the threshold of unsuccessful login attempts has exceeded.

The most preferred method to authenticate and authorize a user. If this method fails, the next method in the sequence identified by tmnxPasswordAuthenOrder2 is used. Enumeration: 'radius': 2, 'none': 0, 'tacplus': 3, 'local': 1.

The second method to authenticate and authorize a user. Enumeration: 'radius': 2, 'none': 0, 'tacplus': 3, 'local': 1.

The least preferred method to authenticate and authorize a user. Enumeration: 'radius': 2, 'none': 0, 'tacplus': 3, 'local': 1.

If the value of tmnxPasswordAuthenExitOnReject is set to 'true' and if one of the AAA methods configured in tmnxPasswordAuthenOrder1, tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3 sends a reject, then the next method in the order will not be tried. If the value of this object is set to 'false' and if one AAA method sends a reject, the next AAA method will be attempted. If in this process, all the AAA methods are exhausted, it will be considered as a reject.

tmnxAdminPassword is used to configure the password which enables a user to become a system administrator. tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates whether or not the password string is encrypted, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error. The value of tmnxAdminPassword cannot be more than 20 characters when the value of tmnxAdminPasswordEncrypted is 'false'.

When the value of tmnxAdminPasswordEncrypted is 'true', the password specified by tmnxAdminPassword is in the encrypted form. When the value of tmnxAdminPasswordEncrypted is 'false', the password specified by tmnxAdminPassword is in plain text. tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates whether or not the password string is encrypted, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error.

When the value of tmnxPasswordHealthCheck is 'true', the Radius servers configured in tmnxRadiusServerTable and the 'TacPlus' servers configured in tmnxTacPlusServerTable will be periodically monitored. Each server will be contacted every 30 seconds. If in this process a server is found to be unreachable, or a previously unreachable server starts responding, based on the type of the server, a TIMETRA-SYSTEM-MIB:radiusServerOperStatusChange or a TIMETRA-SYSTEM-MIB:tacplusServerOperStatusChange trap will be sent. When the value of tmnxPasswordHealthCheck is 'false', periodic monitoring of the Radius and Tacplus servers is disabled.

The value of tmnxPasswordHealthCheckInterval specifies the polling interval for Radius servers configured in tmnxRadiusServerTable and the 'TacPlus' servers configured in tmnxTacPlusServerTable.

The desired administrative status of the RADIUS protocol operation. Enumeration: 'down': 2, 'up': 1.

When the value of tmnxRadiusAccounting is set to 'TRUE', RADIUS command accounting is enabled.

When the value of tmnxRadiusAuthorization is set to 'TRUE', RADIUS command authorization is enabled.

Number of attempts to retry contacting the RADIUS server.

Number of seconds to wait before timing out a RADIUS server.

The UDP port number on which to contact the RADIUS server.

The tmnxRadiusServerEntry has an entry for each RADIUS server. The table can have up to a maximum of 5 entries.

tmnxRadiusServerEntry is an entry (conceptual row) in the tmnxRadiusServerTable. Each entry represents the configuration for a RADIUS server. Entries in this table can be created and deleted via SNMP SET operations to tmnxRadiusServerRowStatus.

The unique value which identifies a specific radius server.

The IP address of the RADIUS server. tmnxRadiusServerAddress was made obsolete in 5.0 revision of Alcatel-Lucent SROS series system. Radius servers are now configured using tmnxRadiusServerInetAddress and tmnxRadiusServerInetAddressType objects.

The secret key associated with the RADIUS server. The value returned by tmnxRadiusServerSecret is always an empty string. The value of tmnxRadiusServerSecret cannot be set to an empty string.

Current status of the RADIUS server. Enumeration: 'down': 2, 'up': 1.

tmnxRadiusServerRowStatus controls the creation and deletion of rows in the table. To create a row in the tmnxRadiusServerTable, set tmnxRadiusServerRowStatus to createAndGo(4). All objects will take on default values and the agent will change tmnxRadiusServerRowStatus to active(1). To delete a row in the tmnxRadiusServerTable, set tmnxRadiusServerRowStatus to delete(6).

The value of tmnxRadiusServerInetAddressType specifies the address type of tmnxRadiusServerInetAddress address. The value of tmnxRadiusServerInetAddressType can be either of InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or InetAddressType - 'ipv6z'.

The value of tmnxRadiusServerInetAddress specifies the address of the Radius server.

tmnxRadiusSourceAddress is used to configure the source address of the Radius packet. It should be a valid unicast address. If this object is configured with the address of the router interface, the Radius client uses it while making a request to the server. If the address is not configured or is not the address of the one of interfaces, the source address is based on the address of the Radius server. If the server address is in-band, the client uses the system ip address. If it is out-of-band, the source address is the address of the management interface. tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of Alcatel-Lucent SROS series systems. The source address of the Radius packet can now be set by creating a tmnxSourceIPEntry for Radius application in the tmnxSourceIPTable.

When the value of tmnxRadiusConfigured is set to 'false', all the Radius objects under the tmnxRadiusInfo tree will be set to their default values and all the rows in the tmnxRadiusServerTable will be removed. The value of this object will be set to 'true' if non-default values are set to the Radius objects.

The value of tmnxRadiusPEDiscovery specifies whether RADIUS provider edge discovery is enabled for VPLS services. This object was made obsolete in release 5.0.

The value of tmnxRadiusPEDiscoveryPassword is used when contacting the RADIUS server for VPLS auto-discovery. This object was made obsolete in release 5.0.

The value of tmnxRadiusPEDiscoveryInterval specifies the polling interval for Radius PE discovery in minutes. This object was made obsolete in release 5.0.

When tmnxRadiusPEForceDiscovery is set to 'doAction', the RADIUS server is immediately contacted to attempt discovery.

The value of tmnxRadiusPEForceDiscoverySvcId specifies a specific service ID to query the RADIUS server about. Reading this object returns the value 0.

The UDP port number on which to contact the RADIUS server for accounting requests.

The value of tmnxRadiusUseTemplate specifies whether the RADIUS user template is actively applied to the RADIUS user if no VSAs are returned with the auth-accept from the RADIUS server. When the value of tmnxRadiusUseTemplate is set to 'TRUE', the RADIUS user template is actively applied if no VSAs are returned with the auth-accept from the RADIUS server.

The value of tmnxRadiusAuthAlgorithm specifies the algorithm used to select a RADIUS server from the list of configured servers (tmnxRadiusServerTable).

The tmnxRadiusUserStatsTable is the radius server statistics per user using specific policy. Entries are created and deleted by the system.

Information about radius server statistics per user per policy.

The tmnxRadiusPolicyName indicates the policy name used by the user to access the radius server.

The value of the tmnxRadiusUserServerIndex identifies a specific radius server.

The tmnxRadiusUserReqTx indicates the number of requests sent to the radius server from the user using this policy.

The tmnxRadiusUserReqRx indicates the number of requests received by the radius server by the user using this policy.

The tmnxRadiusUserOpenFail indicates the number of socket open failures to the radius server.

The tmnxRadiusUserReqTx indicates the number of socket bind failures to the radius server.

The tmnxRadiusUserSendFail indicates the number of socket send failures to the raidus server.

The tmnxRadiusUserRecvFail indicates the number of socket receive failures to the raidus server.

The tmnxRadiusUserSendTimeout indicates the number of sends which timed-out waiting for reply from the radius server.

The tmnxRadiusUserLoginPass indicates the number of authentication succeeded for the user using this policy to the radius server.

The tmnxRadiusUserLoginFail indicates the number of authentication failed for the user using this policy to the radius server.

The tmnxRadiusUserMd5Fail indicates the number of times authentication failed due to MD5 for the user using this policy to the radius server.

The tmnxRadiusUserPending indicates the number of requests pending for the user using this policy to the radius server.

The tmnxRadiusUserAcctReqTx indicates the number of accounting requests for the user using this policy to the radius server.

The tmnxRadiusUserAcctRejRx indicates the number of accounting rejections received for the user using this policy to the radius server.

The tmnxRadiusUserAcctConnError indicates the number of accounting connection failures for the user using this policy to the radius server.

The tmnxRadiusUserAccChallengePkt indicates the number of packets which challenged access to the user-account from the radius server.

The desired administrative status of the Tacacs+ protocol operation. Enumeration: 'down': 2, 'up': 1.

Number of seconds to wait before timing out a Tacacs+ server.

The tmnxTacPlusServerEntry has an entry for each Tacacs+ server. The table can have up to a maximum of 5 entries.

tmnxTacPlusServerEntry is an entry (conceptual row) in the tmnxTacPlusServerTable. Each entry represents the configuration for a Tacacs+ server. Entries in this table can be created and deleted via SNMP SET operations to tmnxTacPlusServerRowStatus.

The unique value which identifies a specific Tacacs+ server.

The IP address of the Tacacs+ server. tmnxTacPlusServerAddress was made obsolete in 5.0 revision of Alcatel-Lucent SROS series system. Tacacs+ servers are now configured using tmnxTacPlusServerInetAddress and tmnxTacPlusServerInetAddressType objects.

The secret key associated with the Tacacs+ server. The value returned by tmnxTacPlusServerSecret is always an empty string. The value of tmnxTacPlusServerSecret cannot be set to an empty string.

tmnxTacPlusServerRowStatus controls the creation and deletion of rows in the table. To create a row in the tmnxTacPlusServerTable, set tmnxTacPlusServerRowStatus to createAndGo(4). All objects will take on default values and the agent will change tmnxTacPlusServerRowStatus to active(1). To delete a row in the tmnxTacPlusServerTable, set tmnxTacPlusServerRowStatus to delete(6).

tmnxTacPlusServerOperStatus indicates the operational status of the TACACS+ server. Enumeration: 'down': 2, 'up': 1.

The value of tmnxTacPlusServerInetAddressType specifies the address type of tmnxTacPlusServerInetAddress address. The value of tmnxTacPlusServerInetAddressType can be either of InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or InetAddressType - 'ipv6z'.

The value of tmnxTacPlusServerInetAddress specifies the address of the Tacplus server.

The value of tmnxTacPlusServerPort specifies the TCP port on which to contact the Tacplus server.

When the value of tmnxTacPlusAccounting is set to 'TRUE', TACACS+ command accounting is enabled.

tmnxTacPlusAcctRecType is used to configure the type of accounting record packet that is to be sent to the TACACS+ server. The value indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent. TACACS+ start packet is sent whenever the user executes a command. A stop packet is sent whenever the command execution is complete. The default value for this object is 'stopOnly'. Enumeration: 'startStop': 1, 'stopOnly': 2.

When the value of tmnxTacPlusAuthorization is set to 'TRUE', TACACS+ command authorization is enabled.

When the value of tmnxTacPlusSingleConnection is set to 'TRUE', a single connection is established with the TACACS+ server. The connection is kept open and is used by all the TELNET/SSH/FTP sessions for AAA operations. This object is obsoleted in release 8.0.

tmnxTacPlusSourceAddress is used to configure the source address of the TACACS+ packet. It should be a valid unicast address. If this object is configured with the address of the router interface, the TACACS+ client uses it while making a request to the server. If the address is not configured or is not the address of the one of interfaces, the source address is based on the address of the TACACS+ server. If the server address is in-band, the client uses the system ip address as the source address. If it is out-of-band, the source address is the address of the management interface. tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of Alcatel-Lucent SROS series systems. The source address of the TACACS+ packet can now be set by creating a tmnxSourceIPEntry for TACACS+ application in the tmnxSourceIPTable.

When the value of tmnxTacPlusConfigured is set to 'false', all the Tacplus objects under the tmnxTacPlusInfo tree will be set to their default values and all the rows in the tmnxTacPlusServerTable will be removed. The value of this object will be set to 'true' if non-default values are set to the 'TacPlus' objects.

The value of tmnxTacplusUseTemplate specifies whether the TACACS+ user template is actively applied to the TACACS+ user. When the value of tmnxTacplusUseTemplate is set to 'TRUE', the TACACS+ user template is actively applied.

tmnxEnableServers is used to enable/disable telnet, SSH, FTP, and telnet v6 servers running on the system. By default, at system startup, only SSH server will be enabled. Bits: 'ftp': 2, 'ssh': 1, 'telnet': 0, 'telnet6': 3.

tmnxTelnetServerOperStatus indicates the operational status of the telnet server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent.

tmnxSSHServerOperStatus indicates the operational status of the SSH server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent.

tmnxFTPServerOperStatus indicates the operational status of the FTP server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent.

The value of tmnxTelnet6ServerOperStatus indicates the operational status of the IPv6 telnet server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent.

When tmnxCpmPerPeerQueuing is set to 'true', CPM hardware queuing per peer is enabled. This means that when a peering session is established, the router will automatically allocate a separate CPM hardware queue for that peer. When tmnxCpmPerPeerQueuing is set to 'false', CPM hardware queuing per peer is disabled. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The value of tmnxCpmQueuesTotal indicates the total number of CPM hardware queues. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The value of tmnxCpmQueuesInUse indicates the number of CPM hardware queues that are in use. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The tCpmFilterQueueTable has an entry for each CPM filter queue configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents a particular CPM Filter Queue. Entries are created/deleted by user. Entries have a presumed StorageType of nonVolatile.

The value of tCpmFilterQueueId is used to index into the tCpmFilterQueueTable. It uniquely identifies a CPM Queue as configured on this system.

The value of tCpmFilterQueueRowStatus specifies the row status. It allows entires to be created or deleted in the tCpmFilterQueueEntry table.

The value of tCpmFilterQueueLastChanged indicates the timestamp of the last change to this row in tCpmFilterQueueTable.

The value of tCpmFilterQueueAdminPIR specifies the Peak Information Rate associated with this queue. This object can only be set to 1 or -1, when the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'.

The value of tCpmFilterQueueAdminCIR specifies the Committed Information Rate associated with this queue. This object cannot be set when the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'.

The value of tCpmFilterQueueCBS specifies the Committed Burst Excess associated with this queue. This object cannot be set when the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'.

The value of tCpmFilterQueueMBS specifies the Maximum Burst Size associated with this queue.

The value of tCpmFilterQueueReferences indicates the count of filter entries using this particular queue to forward traffic to the main CPU.

The value of tCpmFilterQueueOperPIR indicates the operational value of the Peak Information Rate associated with this queue. This value can be zero if the queue is not instantiated.

The value of tCpmFilterQueueOperCIR indicates the operational value of the Committed Information Rate associated with this queue.

The value of tCpmFilterDefaultAction specifies the action to take for packets that do not match any filter entries. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The value of tCpmIpFilterAdminState specifies the administrative state of the CPM IPv4 filter. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The value of tCpmIPv6FilterAdminState specifies the administrative state of the CPM IPv6 filter. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The value of tCpmMacFilterAdminState specifies the administrative state of the CPM Mac filter. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

The tCpmIpFilterTable has an entry for each CPM IPv4 filter entry configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents a particular Cpm Filter match entry. Every Cpm Filter can have zero or more Cpm Filter match entries. A filter entry with no match criteria set will match every packet, and the entry action will be taken. Entries are created/deleted by user. There is no StorageType object, entries have a presumed StorageType of nonVolatile.

The value of tCpmIpFilterEntryId is used to index into the tCpmIpFilterTable. It uniquely identifies a CPM filter entry as configured on this system.

The value of tCpmIpFilterEntryRowStatus specifies the row status. It allows entries to be created and deleted in the tCpmIpFilterTable.

The value of tCpmIpFilterEntryLastChanged indicates the timestamp of the last change to this row in tCpmIpFilterTable.

The value of tCpmIpFilterEntryLogId specifies the log in which packets matching this entry should be entered. The value zero indicates that logging is disabled.

The value of tCpmIpFilterEntryDescription specifies the user-provided string describing this filter.

The value of tCpmIpFilterEntryAction specifies the action to take for packets that match this filter entry. The value default(4) specifies this entry to inherit the behavior defined as the default for the filter in tCpmFilterDefaultAction. The value queue(3) can only be specified if a valid queue id is entered in tCpmIpFilterEntryQueueId.

The value of tCpmIpFilterEntryQueueId specifies which queue to put the packet in when tCpmIpFilterEntryAction is queue (3). If the value of tCpmIpFilterEntryAction is different from queue (3) tCpmIpFilterEntryQueueId will be forced by the system to 0, and any change attempt will be silently discarded.

The value of tCpmIpFilterEntrySrcIPAddr specifies the IP address to match the source-ip of the packet.

The value of tCpmIpFilterEntrySrcIPMask specifies the IP Mask value for this policy Cpm FilterEntry entry. The mask is ANDed with the IP to match the tCpmIpFilterEntrySrcIPAddr.

The value of tCpmIpFilterEntryDestIPAddr specifies the IP address to match the destination-ip of the packet.

The value of tCpmIpFilterEntryDestIPMask specifies the IP Mask value for this policy Cpm FilterEntry entry. The mask is ANDed with the IP to match the tCpmIpFilterEntryDestIPAddr.

The value of tCpmIpFilterEntryProtocol specifies the IP protocol to match. It can be set to -1 to disable matching Cpm protocol. If the protocol is changed, the protocol specific parameters are reset. For instance, if protocol is changed from TCP to UDP, then the objects tCpmIpFilterEntryTcpSyn and tCpmIpFilterEntryTcpAck will be turned off.

The value of tCpmIpFilterEntrySrcPort specifies the TCP/UDP port to match the source-port of the packet.

The value of tCpmIpFilterEntrySrcPortMask specifies the 16 bit mask to be applied when matching tCpmIpFilterEntrySrcPort.

The value of tCpmIpFilterEntryDestPort specifies the TCP/UDP port to match the destination-port of the packet.

The value of tCpmIpFilterEntryDestPortMask specifies the 16 bit mask to be applied when matching tCpmIpFilterEntryDestPort.

The value of tCpmIpFilterEntryDSCP specifies the DSCP to be matched on the packet.

The value of tCpmIpFilterEntryFragment specifies whether fragment matching is enabled. When enabled, this object matches fragmented/unfragmented packets as per the value of the object.

The value of tCpmIpFilterEntryOptionPresent specifies whether IP options matching is enabled. When enables, this object matches packets if they have options present or not as per the value of the object.

The value of tCpmIpFilterEntryIPOptionValue specifies the specific IP option to match.

The value of tCpmIpFilterEntryIPOptionMask specifies the mask that is ANDed with the ip-option in the packet header before being compared to tCpmIpFilterEntryIPOptionValue.

The value of tCpmIpFilterEntryMultipleOption specifies whether multiple options are to be matched as per the value of the object.

The value of tCpmIpFilterEntryTcpSyn specifies whether a TCP Syn packet should match.

The value of tCpmIpFilterEntryTcpAck specifies whether a TCP Ack packet should match.

The value of tCpmIpFilterEntryIcmpCode specifies the ICMP code to be matched. tCpmIpFilterEntryIcmpCode complements the object tCpmIpFilterEntryIcmpType. Both of them need to be set to actually enable ICMP Code matching. The value -1 means Icmp code matching is disabled.

The value of tCpmIpFilterEntryIcmpType specifies the ICMP type to be matched. The value -1 means Icmp type matching is disabled.

The value of tCpmIpFilterEntryVRtrId specifies the virtual router ID to be matched. When the value is '0', no virtual router matching occurs.

The value of tCpmIpFilterEntryLogCreated indicates whether the filter log for this filter entry has been instantiated.

The value of the object tCpmIpFilterEntrySrcIpPrefixList specifies the ip-prefix-list to be used as match criterion for the source ip address. If the value of this object is empty the values of the objects tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask will be used as src-ip match criterion. The value specified for this object must correrspond to a prefix-list defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable. When set to a non zero value, the value of the objects tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask will set to their default values. The value of those object will be set to its default value by the system if a new (non default) value is provided for the objects tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask. An attempt to set tCpmIpFilterEntrySrcIpPrefixList to a non-default value in combination with setting any of tCpmIpFilterEntrySrcIPAddr or tCpmIpFilterEntrySrcIPMask to (a) non-default value(s) is rejected by the system. Also, setting both tCpmIpFilterEntrySrcIpPrefixList and tCpmIpFilterEntryDstIpPrefixList to non-default values is rejected by the system

The value of the object tCpmIpFilterEntryDstIpPrefixList specifies the ip-prefix-list to be used as match criterion for the destination ip address. If the value of this object is empty the values of the objects tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask will be used as src-ip match criterion. The value specified for this object must correrspond to a prefix-list defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable. When set to a non zero value, the value of the objects tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask will set to their default values. The value of thos object will be set to its default value by the system if a new (non default) value is provided for the objects tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask. An attempt to set tCpmIpFilterEntryDstIpPrefixList to a non-default value in combination with setting any of tCpmIpFilterEntryDestIPAddr or tCpmIpFilterEntryDestIPMask to (a) non-default value(s) is rejected by the system. Also, setting both tCpmIpFilterEntryDstIpPrefixList and tCpmIpFilterEntrySrcIpPrefixList to non-default values is rejected by the system

The tCpmIpFilterStatsTable has a stats entry for each entry in each CPM filter configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents the statistics related to the tCpmIpFilterEntry indexed by the same tCpmIpFilterEntryId. Entries are created when tCpmIpFilterEntry rows are created.

The value of tCpmIpFilterStatsDroppedPkts indicates the number of packets dropped due to the tCpmIpFilterEntry with the same index.

The value of tCpmIpFilterStatsForwardedPkts indicates the number of packets forwarded due to the tCpmIpFilterEntry with the same index.

The tCpmFilterQueueStatsTable has a stats entry for each CPM filter queue configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents the statistics related to the tCpmFilterQueueEntry indexed by the same tCpmFilterQueueId. Entries are created when tCpmFilterQueueEntry rows are created.

The value of tCpmFilterQInProfileDropPkts indicates the number of packets complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQInProfileFwdPkts indicates the number of packets complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQInProfileDropOctets indicates the number of octets complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQInProfileFwdOctets indicates the number of octets complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQOutProfileDropPkts indicates the number of packets not complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQOutProfileFwdPkts indicates the number of packets not complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQOutProfileDropOctets indicates the number of octets not complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index.

The value of tCpmFilterQOutProfileFwdOctets indicates the number of octets not complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index.

The tCpmIPv6FilterTable has an entry for each CPM IPv6 filter entry configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents a particular CPM IPv6 filter match entry. The CPM IPv6 Filter can have zero or more CPM IPv6 filter match entries. A filter entry with no match criteria set will match every packet, and the entry action will be taken. Entries are created/deleted by user. There is no StorageType object, entries have a presumed StorageType of nonVolatile.

The value of tCpmIPv6FilterEntryId is used to index into the tCpmIPv6FilterTable. It uniquely identifies a CPM IPv6 filter entry as configured on this system.

The value of tCpmIPv6FilterEntryRowStatus specifies the row status. It allows entries to be created and deleted in the tCpmIPv6FilterTable.

The value of tCpmIPv6FilterEntryLastChanged indicates the timestamp of the last change to this row in tCpmIPv6FilterTable.

The value of tCpmIPv6FilterEntryLogId specifies the log in which packets matching this entry should be entered. The value zero indicates that logging is disabled.

The value of tCpmIPv6FilterEntryDescription specifies the user-provided string describing this filter entry.

The value of tCpmIPv6FilterEntryAction specifies the action to take for packets that match this filter entry. The value default(4) specifies this entry to inherit the behavior defined as the default for the filter in tCpmFilterDefaultAction. The value queue(3) can only be specified if a valid queue id is entered in tCpmIPv6FilterEntryQueueId.

The value of tCpmIPv6FilterEntryQueueId specifies which queue to put the packet in when tCpmIPv6FilterEntryAction is queue (3). If the value of tCpmIPv6FilterEntryAction is different from queue (3) tCpmIPv6FilterEntryQueueId will be forced by the system to 0, and any change attempt will be silently discarded.

The value of tCpmIPv6FilterEntrySrcIPAddr specifies the IPv6 address to match the source IPv6 address in the packet.

tCpmIPv6FilterEntrySrcIPMask holds the IPv6 source address mask for this IPv6 CPM filter entry. The mask specifies the bits to be compared between tCpmIPv6FilterEntrySrcIPAddr and the IPv6 source address in the packet.

The value of tCpmIPv6FilterEntryDestIPAddr specifies the IPv6 address to match the destination IPv6 address in the packet.

tCpmIPv6FilterEntryDestIPMask holds the IPv6 destination address mask for this IPv6 CPM filter entry. The mask specifies the bits to be compared between tCpmIPv6FilterEntryDestIPAddr and the IPv6 destination address in the packet.

The value of tCpmIPv6FilterEntryNextHeader specifies the IPv6 protocol to match. '-1' specifies that the matching has been disabled. To change a protocol, the protocol specific values should be reset. For instance, to change the protocol from TCP(6) to UDP(7), the TCP specific attributes such as tCpmIPv6FilterEntryTcpSyn and tCpmIPv6FilterEntryTcpAck should be reset. Because the match criteria only pertains to the last next-header, the following values are not accepted: 0, 43, 44, 50, 51, and 60.

The value of tCpmIPv6FilterEntrySrcPort specifies the TCP/UDP port to match the source-port of the packet.

The value of tCpmIPv6FilterEntrySrcPortMask specifies the bits to be compared between tCpmIPv6FilterEntrySrcPort and the TCP/UDP source port in the packet.

The value of tCpmIPv6FilterEntryDestPort specifies the TCP/UDP port to match the destination-port of the packet.

The value of tCpmIPv6FilterEntryDestPortMask specifies the bits to be compared between tCpmIPv6FilterEntryDestPort and the TCP/UDP source port in the packet.

The value of tCpmIPv6FilterEntryDSCP specifies the DSCP to be matched on the packet.

The value of tCpmIPv6FilterEntryTcpSyn specifies whether a TCP Syn packet should match.

The value of tCpmIPv6FilterEntryTcpAck specifies whether a TCP Ack packet should match.

The value of tCpmIPv6FilterEntryIcmpCode specifies the ICMP code to be matched. tCpmIPv6FilterEntryIcmpCode complements the object tCpmIPv6FilterEntryIcmpType. Both of them need to be set to actually enable ICMP matching. The value '-1' means Icmp code matching is disabled.

The value of tCpmIPv6FilterEntryIcmpType specifies the ICMP type to be matched. tCpmIPv6FilterEntryIcmpType complements the object tCpmIPv6FilterEntryIcmpCode. Both of them need to be set to actually enable ICMP matching. The value '-1' means Icmp type matching is disabled.

The value of tCpmIPv6FilterEntryVRtrId specifies the virtual router ID to be matched. When the value is '0', no virtual router matching occurs.

The value of tCpmIPv6FilterEntryLogCreated indicates whether the filter log for this filter entry has been instantiated.

The value of tCpmIPv6FilterEntryFlowLabel specifies the flow label to be matched. When the value is '-1', no flow label matching occurs.

The tCpmIPv6FilterStatsTable has a stats entry for each entry in each CPM filter configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents the statistics related to the tCpmIPv6FilterEntry indexed by the same tCpmIPv6FilterEntryId. Entries are created when tCpmIPv6FilterEntry rows are created.

The value of tCpmIPv6FilterStatsDroppedPkts indicates the number of packets dropped due to the tCpmIPv6FilterEntry with the same index.

The value of tCpmIPv6FilterStatsForwardedPkts indicates the number of packets forwarded due to the tCpmIPv6FilterEntry with the same index.

The value of tmnxCpmProtPolTableLastChanged indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtPolTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtPolTable has an entry for each CPM Protection policy configured in the system. There are two default policies. CPM Protection policy (254) is the default Access CPM Protection policy. CPM Protection policy (255) is the default Network CPM Protection policy. The default CPM Protection policies are created by the system, and can be modified but cannot be destroyed. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

Each row entry represents the configuration information related to a CPM Protection policy.

The value of tmnxCpmProtPolicyId specifies the identification number of the CPM Protection policy.

The value of tmnxCpmProtPolRowStatus controls the creation and deletion of rows in this table.

The value of tmnxCpmProtPolLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value.

The value of tmnxCpmProtPolDescription specifies the user provided description of this CPM Protection policy. The default CPM Protection policies 254 and 255 have a default description which can be modified by the user.

The value of tmnxCpmProtPolPerSrcRateLimit specifies the packet arrival rate limit to be applied to each source of packets. Objects referring to this CPM Protection policy that do not support per-source rate limiting, may ignore the tmnxCpmProtPolPerSrcRateLimit.

The value of tmnxCpmProtPolOverallRateLimit specifies the overall packet arrival rate limit to be applied to all sources of packets. A default value of -1, specifies an unrestricted packet arrival rate on the interface. The value of tmnxCpmProtPolOverallRateLimit is equal to 6000 for the default access policy (policy 254).

The value of tmnxCpmProtPolAlarm specifies if a notification must be issued when one of the packet arrival rate limits is crossed. A value of 'true' specifies that a notification must be issued.

The value of tmnxCpmProtPolOutProfileRate specifies the threshold value at which incoming control packets are marked out of profile. A default value of -1 specifies absence of a set threshold on the interface. The value of tmnxCpmProtPolOutProfileRate is 6000 for the default access policy (policy 254).

The value of tmnxCpmProtPolLimDhcpCiAddrZero specifies whether or not to apply per-source rate limiting to DHCP packets containing Client IP address zero (e.g., for IPv4, ciaddr = 0.0.0.0). For example, suppose a SAP has the following configuration: a) TIMETRA-SAP-MIB::sapCpmProtMonitorIP = 'true', and b) TIMETRA-SAP-MIB::sapCpmProtPolicyId = 7. Then, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is 'true', DHCP packets arriving at the SAP are rate limited using tmnxCpmProtPolPerSrcRateLimit, whether or not the ciaddr field is zero. On the other hand, with the same SAP configuration, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is 'false', DHCP packets arriving at the SAP with ciaddr zero are exempt from the tmnxCpmProtPolPerSrcRateLimit. The value of this object is irrelevant if the SAP's TIMETRA-SAP-MIB::sapCpmProtMonitorIP value is 'false'.

The value of tmnxCpmProtDropUncfgdProtocolMsg specifies the administrative state of the protocol protection facility. When the value of this object is set to 'inService (2)', network control protocol traffic is dropped if it is received on an interface where the protocol is not configured. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The value of tmnxCpmProtLinkRateLimit specifies the link-specific packet arrival rate limit to be applied to link-level protocols such as LACP. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The value of tmnxCpmProtExcdTableLastChanged indicates the sysUpTime at the time of the last add, change, or delete of a row in the tmnxCpmProtExcdTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

tmnxCpmProtExcdTable has a row for each triple that has exceeded the per-source rate limit configured for the pair. MAC-layer per-source rate limiting is enabled for a pair by setting TIMETRA-SAP-MIB::sapCpmProtMonitorMac to 'true'. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

Each row contains statistics for a MAC packet stream that has exceeded its per-source rate limit. A row is created by the system the first time a triple exceeds its per-source rate limit. The row is updated by the system on subsequent violations. Rows are deleted when a clear operation is requested on the underlying statistics.

The value of tmnxCpmProtExcdMac indicates the MAC address of a source which has exceeded its per-source rate limit.

The value of tmnxCpmProtExcdPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtExcdTimeStarted indicates the sysUpTime at the time of the creation of this row.

The value of tmnxCpmProtExcdTime indicates the sysUpTime at the time of the last update of this row.

The value of tmnxCpmProtViolPortTableLastChgd indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolPortTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolPortTable has an entry for each port where either the link-specific packet arrival rate limit or the per-port overall packet rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

Each row entry represents the information related to a port where the link-specific packet arrival rate limit was violated. Rows are created or removed automatically by the system.

The value of tmnxCpmProtViolPortPeriods indicates the number of times the link-specific rate limit violation was detected at this port. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtViolPortTimeStarted indicates the sysUpTime when the link-specific rate limit violation was detected the first time at this port.

The value of tmnxCpmProtViolPortTime indicates the sysUpTime when the link-specific rate limit violation was detected the last time at this port.

The value of tmnxCpmProtViolPortAggPeriods indicates the number of times the per-port overall rate limit violation was detected at this port.

The value of tmnxCpmProtViolPortAggTimeStart indicates the sysUpTime when the per-port overall rate limit violation was detected the first time at this port.

The value of tmnxCpmProtViolPortAggTime indicates the sysUpTime when the per-port overall rate limit violation was detected the last time at this port.

The value of tmnxCpmProtViolIfTableLastChgd indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolIfTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolIfTable has an entry for each router interface where the overall packet arrival rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

Each row entry represents the information related to a router interface where the overall packet arrival rate limit was violated. Rows are created or removed automatically by the system.

The value of tmnxCpmProtViolIfPeriods indicates the number of times the rate limit violation was detected at this router interface. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtViolIfTimeStarted indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtViolIfTime indicates the sysUpTime at the time of the last modification of this entry.

The value of tmnxCpmProtViolSapTableLastChgd indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolSapTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolSapTable has an entry for each SAP where the overall packet arrival rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

Each row entry represents the information related to a SAP where the overall packet arrival rate limit was violated. Rows are created or removed automatically by the system.

The value of tmnxCpmProtViolSapPeriods indicates the number of times the rate limit violation was detected at this SAP. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtViolSapTimeStarted indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtViolSapTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmProtPortOverallRateLimit specifies the per-port packet arrival rate limit to be applied to all protocol messages that are to be processed by the CPM. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The value of tmnxCpmProtDetectPeriod indicates the length of a packet arrival rate limit detection period. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tCpmMacFilterTable has an entry for each CPM Mac filter entry configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents a particular Cpm Mac Filter match entry. The Cpm Mac Filter can have zero or more Cpm Mac Filter match entries. A filter entry with no match criteria set will match every packet, and the entry action will be taken. Entries are created/deleted by user.

The value of tCpmMacFltrEntryId is used to index into the tCpmMacFilterTable. It uniquely identifies a CPM Mac filter entry as configured on this system.

The value of tCpmMacFltrEntryRowStatus specifies the row status. It allows entries to be created and deleted in the tCpmMacFilterTable.

The value of tCpmMacFltrEntryLastChanged indicates the timestamp of the last change to this row in tCpmMacFilterTable.

The value of tCpmMacFltrEntryLogId specifies the log in which packets matching this entry should be entered. The value zero indicates that logging is disabled.

The value of tCpmMacFltrEntryDescription specifies the user-provided string describing this filter entry.

The value of tCpmMacFltrEntryAction specifies the action to take for packets that match this filter entry. The value default(4) specifies this entry to inherit the behavior defined as the default for the filter in tCpmFilterDefaultAction. The value queue(3) can only be specified if a valid queue id is entered in tCpmMacFltrEntryQueueId.

The value of tCpmMacFltrEntryQueueId specifies which queue to put the packet in when tCpmMacFltrEntryAction is queue (3). If the value of tCpmMacFltrEntryAction is different from queue (3) tCpmMacFltrEntryQueueId will be forced by the system to 0, and any change attempt will be silently discarded.

The value of tCpmMacFltrEntryFrameType specifies the type of mac frame for which we are defining this match criteria. The value 'none' means that this entry is not matching on any enthernet frame. The value 'e802dot1ag(4)' is depricated, and replaced by e802dot2LLC(1).

The value of the object tCpmMacFltrEntrySvcId specifies the service-id in which the packet is to be received for this entry to match. A value of 0 indicates: any service.

Filtering on dot1p bits is currently not offered on cpm-mac filters. All set actions on this object will therefore be ignored.

Filtering on dot1p bits is currently not offered on cpm-mac filters. All set actions on this object will therefore be ignored.

The value of the object tCpmMacFltrEntryDsap specifies the MAC DSAP to match for this MAC filter entry. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC.

The value of the object tCpmMacFltrEntryDsapMask specifies the MAC DSAP mask for this MAC filter entry. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC.

The value of the object tCpmMacFltrEntrySrcMAC specifies the source MAC to match for this policy MAC filter entry.

The value of the object tCpmMacFltrEntrySrcMACMask specifies the source MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tCpmMacFltrEntrySrcMAC. A zero bit means ignore this bit, do not match. A one bit means match this bit with tCpmMacFltrEntrySrcMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria.

The value of the object tCpmMacFltrEntryDstMAC specifies the Destination MAC mask value for this policy MAC filter entry.

The value of the object tCpmMacFltrEntryDstMACMask specifies the destination MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tCpmMacFltrEntryDstMAC. A zero bit means ignore this bit, do not match. a one bit means match this bit with tCpmMacFltrEntryDstMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria.

The value of the object tCpmMacFltrEntryEtherType specifies the Ethertype for this MAC filter entry. Use -1 to disable matching by this criteria. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to Ethernet_II.

The value of the object tCpmMacFltrEntrySsap specifies the the MAC SSAP to match for this MAC filter entry. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC.

The value of the object tCpmMacFltrEntrySsapMask specifies the MAC SSAP mask for this MAC filter entry. use 0 to disable matching by this criteria. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC.

The value of the object tCpmMacFltrEntryCfmOpCodeOper specifies which type of opcode checking is to be performed. If different fron none, more info is provided in the objects tCpmMacFltrEntryCfmOpCodeValue1 and tCpmMacFltrEntryCfmOpCodeValue2. This object has significance only if the object tCpmMacFltrEntryFrameType refers to either ieee802.1ag or Y1731.

The value of the object tCpmMacFltrEntryCfmOpCodeValue1 specifies a cfm opcode. The value of this object is used as per the description for tCpmMacFltrEntryCfmOpCodeOper.

The value of the object tCpmMacFltrEntryCfmOpCodeValue2 specifies a cfm opcode. The value of this object is used as per the description for tCpmMacFltrEntryCfmOpCodeOper.

The value of tCpmMacFltrEntryLogCreated indicates whether the filter log for this filter entry has been instantiated.

The tCpmMacFilterStatsTable has a stats entry of the CPM Mac filter configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'.

Each row entry represents the statistics related to the tCpmMacFilterEntry indexed by the same tCpmMacFltrEntryId. Entries are created when tCpmMacFilterEntry rows are created.

The value of tCpmMacFilterStatsDroppedPkts indicates the number of packets dropped due to the tCpmMacFilterEntry with the same index.

The value of tCpmMacFilterStatsForwardedPkts indicates the number of packets forwarded due to the tCpmMacFilterEntry with the same index.

The value of tmnxCpmProtAllowShamLinkPackets specifies whether OSPF sham-link traffic will be allowed over VPRN transport tunnels. When the value of this object is set to 'true (1)', OSPF sham-link traffic will be allowed even if OSPF is not configured. When the value of this object is set to 'false (2)', OSPF sham-link traffic is dropped if it is received on an interface where the protocol is not configured. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolVdoSvcTable has an entry for each client address of a RTCP control traffic in VPLS service where the per-source rate limit was violated.

Each row entry represents the information related to a client address of a RTCP control traffic in VPLS service where the per-source rate limit was violated. Rows are created or removed automatically by the system.

The value of tmnxCpmProtViolVdoSvcCltAddrType indicates the type of address represented by tmnxCpmProtViolVdoSvcCltAddr.

The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP address of a RTCP control traffic in VPLS service where the per-source rate limit was violated.

The value of tmnxCpmProtViolVdoSvcPeriods indicates the number of times the per-source rate limit violation was detected for this client. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtViolVdoSvcTimeStarted indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtViolVdoSvcTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmProtViolVdoSvcVrtrIfIndex specifies the secondary index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video interface where the per-source rate limit was violated. The value of primary index TIMETRA-VRTR-MIB::vRtrIfTable will be equal to the virtual router identifier of vpls-management which is 4094.

The tmnxCpmProtViolVdoVrtrTable has an entry for each client address of a RTCP control traffic in router context where the per-source rate limit was violated.

Each row entry represents the information related to a client address of a RTCP control traffic in router context where the per-source rate limit was violated. Rows are created or removed automatically by the system.

The value of tmnxCpmProtViolVdoVrtrCltAdrType indicates the type of address represented by tmnxCpmProtViolVdoVrtrCltAddr.

The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP address of a RTCP control traffic in router context where the per-source rate limit was violated.

The value of tmnxCpmProtViolVdoVrtrPeriods indicates the number of times the per-source rate limit violation was detected for this client. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtViolVdoVrtrTimeStart indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtViolVdoVrtrTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmProtViolVdoVrtrSvcId indicates the row index in the TIMETRA-SERV-MIB::svcBaseInfoTable corresponding to the service where the per-source rate limit was violated.

The value of tmnxCpmProtViolVdoVrtrIfIndex specifies the secondary index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video interface where the per-source rate limit was violated. The value of vRtrID specifies the primary index in the TIMETRA-VRTR-MIB::vRtrIfTable.

The value of tmnxCpmProtEthCfmPolTableLastChg indicates the value of the sysUpTime object when the last change was made to tmnxCpmProtEthCfmPolTable. A value of 0 indicates that no changes were made to tmnxCpmProtEthCfmPolTable since the system was last initialized.

tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an Access Control List) used to rate limit the flow of Ethernet Connectivity Fault Management packets. The table can be used to minimize the impact of an Eth-CFM Denial of Service attack. The table extends tmnxCpmProtPolTable, by allowing several triples to be defined for a CPM protection policy. For example, tmnxCpmProtEthCfmPolTable could contain the following information (where the column labels for the table's index objects are in upper case): POLICY ID ENTRY NUM Level Opcode Rate Limit --------- --------- ----- ------ ---------- 250 10 {4} {10} 100 packets/sec 250 20 {4,6} {1,3} 200 packets/sec 250 30 {0-7} {0-255} 300 packets/sec {0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}. Suppose the example configuration above is in place, and an Eth-CFM PDU arrives on a SAP which has Policy ID 250 configured against it. If the PDU contains level=4 and opcode=1, the 200 packets/sec rate limit is applied. Within a Policy ID, the first row (i.e. the row with the lowest entry number) matching the PDU applies. Therefore, the third row in the example applies a 300 packets/sec limit to any PDU which does not match the first or second row. At most four Policy IDs can have rows in this table. At most 10 rows are supported per Policy ID. If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values (e.g. 10, 20, 30) when initially creating the rows for a particular tmnxCpmProtPolicyId, it will be possible to add rows in the gaps later, without reconfiguration. A prerequisite for creating a row in this table: a row with the same tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable. Deleting a row in tmnxCpmProtPolTable deletes all the rows in this table with matching tmnxCpmProtPolicyId values.

Each row specifies a set of Ethernet CFM packets to be rate limited, and the associated rate limit. Table rows are created and destroyed using tmnxCpmProtEthCfmPolRowStatus.

The value of tmnxCpmProtEthCfmPolEntryNum specifies a user-selected entry number. This index exists to allow multiple tmnxCpmProtEthCfmPolTable rows for one tmnxCpmProtPolicyId.

The value of tmnxCpmProtEthCfmPolRowStatus specifies the row status of this tmnxCpmProtEthCfmPolEntry.

The value of tmnxCpmProtEthCfmPolLastChanged indicates the value of the sysUpTime object when the last change was made to this row. A value of 0 indicates that no changes were made to this row since the system was last initialized.

The value of tmnxCpmProtEthCfmPolLevelSet specifies a set of MEG (Maintenance Entity Group) Level values. At least one Level must be specified (i.e. the empty set is not supported). The rate limit specified by tmnxCpmProtEthCfmPolRateLimit applies to an Eth-CFM PDU if: a) tmnxCpmProtPolicyId is configured against the PDU stream containing the PDU, and b) the PDU's MEL (MEG Level) value is an element of tmnxCpmProtEthCfmPolLevelSet, and c) the PDU's Opcode value is an element of tmnxCpmProtEthCfmPolOpCodeSet. Bits: 'level0': 0, 'level1': 1, 'level2': 2, 'level3': 3, 'level4': 4, 'level5': 5, 'level6': 6, 'level7': 7.

The value of tmnxCpmProtEthCfmPolOpCodeSet specifies a set of Eth-CFM PDU Opcode values to be matched against the Opcode field of an Eth-CFM PDU which is subject to rate limiting. At least one Opcode must be specified (i.e. the empty set is not supported). This object works in conjunction with tmnxCpmProtEthCfmPolLevelSet, as described in the tmnxCpmProtEthCfmPolLevelSet DESCRIPTION. Bits: 'opCode1': 1, 'opCode0': 0, 'opCode3': 3, 'opCode2': 2, 'opCode5': 5, 'opCode4': 4, 'opCode7': 7, 'opCode6': 6, 'opCode9': 9, 'opCode8': 8, 'opCode221': 221, 'opCode220': 220, 'opCode241': 241, 'opCode179': 179, 'opCode178': 178, 'opCode177': 177, 'opCode176': 176, 'opCode175': 175, 'opCode174': 174, 'opCode173': 173, 'opCode172': 172, 'opCode171': 171, 'opCode170': 170, 'opCode229': 229, 'opCode68': 68, 'opCode69': 69, 'opCode60': 60, 'opCode61': 61, 'opCode62': 62, 'opCode63': 63, 'opCode64': 64, 'opCode65': 65, 'opCode66': 66, 'opCode67': 67, 'opCode188': 188, 'opCode228': 228, 'opCode160': 160, 'opCode161': 161, 'opCode162': 162, 'opCode163': 163, 'opCode164': 164, 'opCode165': 165, 'opCode166': 166, 'opCode167': 167, 'opCode168': 168, 'opCode169': 169, 'opCode195': 195, 'opCode189': 189, 'opCode249': 249, 'opCode79': 79, 'opCode78': 78, 'opCode73': 73, 'opCode72': 72, 'opCode71': 71, 'opCode70': 70, 'opCode77': 77, 'opCode76': 76, 'opCode75': 75, 'opCode74': 74, 'opCode248': 248, 'opCode209': 209, 'opCode208': 208, 'opCode205': 205, 'opCode204': 204, 'opCode207': 207, 'opCode206': 206, 'opCode201': 201, 'opCode200': 200, 'opCode203': 203, 'opCode202': 202, 'opCode115': 115, 'opCode114': 114, 'opCode117': 117, 'opCode116': 116, 'opCode111': 111, 'opCode110': 110, 'opCode113': 113, 'opCode112': 112, 'opCode119': 119, 'opCode118': 118, 'opCode252': 252, 'opCode48': 48, 'opCode49': 49, 'opCode46': 46, 'opCode47': 47, 'opCode44': 44, 'opCode45': 45, 'opCode42': 42, 'opCode43': 43, 'opCode40': 40, 'opCode41': 41, 'opCode194': 194, 'opCode218': 218, 'opCode219': 219, 'opCode216': 216, 'opCode217': 217, 'opCode214': 214, 'opCode215': 215, 'opCode212': 212, 'opCode213': 213, 'opCode210': 210, 'opCode211': 211, 'opCode106': 106, 'opCode107': 107, 'opCode104': 104, 'opCode105': 105, 'opCode102': 102, 'opCode103': 103, 'opCode100': 100, 'opCode101': 101, 'opCode108': 108, 'opCode109': 109, 'opCode230': 230, 'opCode253': 253, 'opCode148': 148, 'opCode51': 51, 'opCode50': 50, 'opCode53': 53, 'opCode52': 52, 'opCode55': 55, 'opCode54': 54, 'opCode57': 57, 'opCode56': 56, 'opCode59': 59, 'opCode58': 58, 'opCode197': 197, 'opCode196': 196, 'opCode191': 191, 'opCode190': 190, 'opCode193': 193, 'opCode192': 192, 'opCode223': 223, 'opCode222': 222, 'opCode139': 139, 'opCode138': 138, 'opCode227': 227, 'opCode226': 226, 'opCode225': 225, 'opCode224': 224, 'opCode133': 133, 'opCode132': 132, 'opCode131': 131, 'opCode130': 130, 'opCode137': 137, 'opCode136': 136, 'opCode135': 135, 'opCode134': 134, 'opCode250': 250, 'opCode231': 231, 'opCode146': 146, 'opCode244': 244, 'opCode147': 147, 'opCode24': 24, 'opCode25': 25, 'opCode26': 26, 'opCode27': 27, 'opCode20': 20, 'opCode21': 21, 'opCode22': 22, 'opCode23': 23, 'opCode186': 186, 'opCode187': 187, 'opCode184': 184, 'opCode185': 185, 'opCode28': 28, 'opCode29': 29, 'opCode180': 180, 'opCode181': 181, 'opCode234': 234, 'opCode235': 235, 'opCode236': 236, 'opCode237': 237, 'opCode128': 128, 'opCode129': 129, 'opCode232': 232, 'opCode233': 233, 'opCode124': 124, 'opCode125': 125, 'opCode126': 126, 'opCode127': 127, 'opCode120': 120, 'opCode121': 121, 'opCode122': 122, 'opCode123': 123, 'opCode251': 251, 'opCode159': 159, 'opCode255': 255, 'opCode158': 158, 'opCode182': 182, 'opCode243': 243, 'opCode183': 183, 'opCode37': 37, 'opCode36': 36, 'opCode35': 35, 'opCode34': 34, 'opCode33': 33, 'opCode32': 32, 'opCode31': 31, 'opCode30': 30, 'opCode245': 245, 'opCode39': 39, 'opCode38': 38, 'opCode240': 240, 'opCode247': 247, 'opCode246': 246, 'opCode82': 82, 'opCode83': 83, 'opCode80': 80, 'opCode81': 81, 'opCode86': 86, 'opCode87': 87, 'opCode84': 84, 'opCode85': 85, 'opCode151': 151, 'opCode150': 150, 'opCode88': 88, 'opCode89': 89, 'opCode155': 155, 'opCode153': 153, 'opCode157': 157, 'opCode156': 156, 'opCode152': 152, 'opCode154': 154, 'opCode254': 254, 'opCode199': 199, 'opCode198': 198, 'opCode238': 238, 'opCode242': 242, 'opCode149': 149, 'opCode239': 239, 'opCode95': 95, 'opCode94': 94, 'opCode97': 97, 'opCode96': 96, 'opCode91': 91, 'opCode90': 90, 'opCode93': 93, 'opCode92': 92, 'opCode142': 142, 'opCode143': 143, 'opCode140': 140, 'opCode141': 141, 'opCode99': 99, 'opCode98': 98, 'opCode144': 144, 'opCode145': 145, 'opCode19': 19, 'opCode18': 18, 'opCode15': 15, 'opCode14': 14, 'opCode17': 17, 'opCode16': 16, 'opCode11': 11, 'opCode10': 10, 'opCode13': 13, 'opCode12': 12.

The value of tmnxCpmProtEthCfmPolRateLimit specifies the rate limit to be enforced for the Eth-CFM packet stream specified by tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolLevelSet, and tmnxCpmProtEthCfmPolOpCodeSet.

The value of tmnxCpmProtViolSdpBindTblLastChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolSdpBindTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero.

tmnxCpmProtViolSdpBindTable has a row for each SDP binding, where the overall packet arrival rate limit was violated.

Each row contains the statistics for an SDP binding where the overall packet arrival rate limit was violated. Rows are created or removed automatically by the system.

The value of tmnxCpmProtViolSdpBindPeriods indicates the number of times a rate limit violation was detected at this SDP binding. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtViolSdpBindTimeStartd indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtViolSdpBindTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmProtExcdSdpBindTblLastChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtExcdSdpBindTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero.

tmnxCpmProtExcdSdpBindTable has a row for each SDP binding and source MAC address pair that has exceeded its per-source rate limit. The equivalent table for SAPs is tmnxCpmProtExcdTable.

Each row contains the statistics for a PDU stream that has exceeded its per-source rate limit. Rows are created or removed automatically by the system.

The value of tmnxCpmProtExcdSdpBindMac specifies the MAC address of the source.

The value of tmnxCpmProtExcdSdpBindPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtExcdSdpBindTimeStartd indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtExcdSdpBindTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmProtExcdSdpBindEcmTblLChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtExcdSdpBindEcmTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero.

tmnxCpmProtExcdSdpBindEcmTable has a row for each Ethernet Connectivity Fault Management (Eth-CFM) PDU stream, served by an SDP binding, that has exceeded its Eth-CFM rate limit.

Each row contains the statistics for an Eth-CFM PDU stream that has exceeded its Eth-CFM rate limit. Rows are created or removed automatically by the system.

The value of tmnxCpmProtExcdSdpBindEcmMac specifies a source MAC address. The Eth-CFM PDU stream matching the MAC address (and matching the other index values of this table) has exceeded its Eth-CFM rate limit. The manager must provide the all-zero MAC address to get a row for a stream which is Eth-CFM rate limited using the 'ethCfmMonitorAggregate(1)' option of the sdpBindCpmProtEthCfmMonitorFlags object.

The value of tmnxCpmProtExcdSdpBindEcmLevel specifies an Eth-CFM domain level. The Eth-CFM PDU stream matching the domain level (and matching the other index values of this table) has exceeded its Eth-CFM rate limit.

The value of tmnxCpmProtExcdSdpBindEcmOpCode specifies an Eth-CFM opcode (e.g. Continuity Check Message == 1). The Eth-CFM PDU stream matching the opcode (and matching the other index values of this table) has exceeded its Eth-CFM rate limit.

The value of tmnxCpmProtExcdSdpBindEcmPeriods indicates the number of times a rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtExcdSdpBindEcmStarted indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtExcdSdpBindEcmTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmProtExcdSapEcmTblLChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtExcdSapEcmTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero.

tmnxCpmProtExcdSapEcmTable has a row for each Ethernet Connectivity Fault Management (Eth-CFM) PDU stream, served by a SAP, that has exceeded its Eth-CFM rate limit.

Each row contains the statistics for an Eth-CFM PDU stream that has exceeded its Eth-CFM rate limit. Rows are created or removed automatically by the system.

The value of tmnxCpmProtExcdSapEcmMac specifies a source MAC address. The Eth-CFM PDU stream matching the MAC address (and matching the other index values of this table) has exceeded its Eth-CFM rate limit. The manager must provide the all-zero MAC address to get a row for a stream which is Eth-CFM rate limited using the 'ethCfmMonitorAggregate(1)' option of the sapCpmProtEthCfmMonitorFlags object.

The value of tmnxCpmProtExcdSapEcmLevel specifies an Eth-CFM domain level. The Eth-CFM PDU stream matching the domain level (and matching the other index values of this table) has exceeded its Eth-CFM rate limit.

The value of tmnxCpmProtExcdSapEcmOpCode specifies an Eth-CFM opcode (e.g. Continuity Check Message == 1). The Eth-CFM PDU stream matching the opcode (and matching the other index values of this table) has exceeded its Eth-CFM rate limit.

The value of tmnxCpmProtExcdSapEcmPeriods indicates the number of times a rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtExcdSapEcmStarted indicates the sysUpTime at the time of the creation of this entry.

The value of tmnxCpmProtExcdSapEcmTime indicates the sysUpTime at the time of the last update of this entry.

The value of tmnxCpmVprnNwExceptions specifies whether the MPLS exception messages are allowed to be received on all VPRN instances. When the value of tmnxCpmVprnNwExceptions is set to 'true', the MPLS exception messages are allowed to be received on all VPRN instances in the system from all network interfaces. When the value of tmnxCpmVprnNwExceptions is set to 'false', the MPLS exception messages are not allowed to be received on all VPRN instances in the system from all network interfaces.

The value of tmnxCpmNumVprnNwExceptions specifies the number of MPLS exception messages allowed to be received in the time frame specified by tmnxCpmVprnNwExceptionsTime.

The value of tmnxCpmVprnNwExceptionsTime specifies the time frame in seconds that is used to limit the number of MPLS exception messages issued per time frame.

The value of tmnxCpmProtExcdSapIpTableLastChg indicates the sysUpTime at the time of the last add, change, or delete of a row in the tmnxCpmProtExcdSapIpTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero.

tmnxCpmProtExcdSapIpTable has a row for each triple that has exceeded the per-source rate limit configured for the pair. IP-layer per-source rate limiting is enabled for a pair by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'true'.

Each row contains statistics for an IP packet stream that has exceeded its per-source rate limit. A row is created by the system the first time a triple exceeds its per-source rate limit. The row is updated by the system on subsequent violations. Rows are deleted when a clear operation is requested on the underlying statistics.

The value of tmnxCpmProtExcdSapIpAddrType indicates the address type of tmnxCpmProtExcdSapIpAddr. 'ipv4(1)' is the only supported value.

The value of tmnxCpmProtExcdSapIpAddr indicates the IP address of a source which has exceeded its per-source rate limit.

The value of tmnxCpmProtExcdSapIpPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod.

The value of tmnxCpmProtExcdSapIpStarted indicates the sysUpTime at the time of the creation of this row.

The value of tmnxCpmProtExcdSapIpTime indicates the sysUpTime at the time of the last update of this row.

tmnxPassHashReadVersion specifies the password hash version accepted by the system while executing commands. The value 'all' overrides this check and hence allows all supported versions to be accepted. Enumeration: 'all': 0, 'version1': 1, 'version2': 2.

tmnxPassHashWriteVersion specifies the hash version to be used while saving the configuration files. Enumeration: 'version1': 1, 'version2': 2.

tmnxSSHServerPreserveKey specifies the persistence of the SSH server host key. A value of 'true' specifies that the host key will be saved by the server and restored following a system reboot. The SSH client also saves the host key and restores it following a system reboot. A value of 'false' specifies that the host key will be held in memory by both the SSH server and the SSH client and is not restored following a system reboot.

tmnxSSHServerVersion specifies the SSH protocol version that will be by supported by the SSH server. A value of tmnxSSHServerVersion 'version1' specifies that the SSH server will only accept connections from clients that support SSH protocol version 1. A value of 'both' specifies that the SSH server will accept connections from clients supporting either SSH protocol version 1, or SSH protocol version 2 or both. Enumeration: 'both': 3, 'version1': 1, 'version2': 2.

The tmnxSourceIPEntry has an entry for the source IP to be used by the specified protocol.

tmnxSourceIPEntry is an entry (conceptual row) in the tmnxSourceIPTable. Each entry represents the source IP address to be used by the specified application for a particular Virtual Router instance. Entries in this table can be created and deleted via SNMP SET operations to tmnxSourceIPRowStatus.

The value of tmnxSourceIPProtoApp specifies the application which should use the source-IP address specified by the value of tmnxSourceIPAddress. tmnxSourceIPAddressType must be 'ipv6 (2)' when setting the value of this object to 'telnet6 (14)', 'ftp6 (15)', 'radius6 (16)', 'tacplus6 (17)', 'snmpTrap6 (18)', 'syslog6 (19)', 'icmpPing6 (20)', 'traceRoute6 (21)' or 'dns6 (22)'. Enumeration: 'radius6': 16, 'syslog': 7, 'radius': 4, 'ptp': 23, 'ftp': 2, 'icmpPing': 8, 'traceRoute': 9, 'mcreporter': 24, 'snmpTrap': 6, 'syslog6': 19, 'dns': 10, 'traceRoute6': 21, 'sntp': 11, 'ntp': 12, 'telnet': 1, 'snmpTrap6': 18, 'ssh': 3, 'tacplus6': 17, 'telnet6': 14, 'dns6': 22, 'tacplus': 5, 'ftp6': 15, 'cflowd': 13, 'icmpPing6': 20.

The value of tmnxSourceIPRowStatus is used to create or destroy entries in this table. A row entry for a particular vRtrID with tmnxSourceIPProtoApp set to any value can be created only if the value of tmnxSourceIPAddress or tmnxSourceIPIfIndex is specified.

The value of tmnxSourceIPAddressType specifies the address type of tmnxSourceIPAddress address. The value of tmnxSourceIPAddressType can be either of InetAddressType - 'ipv4' or InetAddressType - 'ipv6'.

The value of tmnxSourceIPAddress specifies the source address that should be used in all unsolicited packets sent by the application specified by the value of tmnxSourceIPProtoApp. For the value specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or tmnxSourceIPIfIndex can be specified, but not both.

tmnxSourceIPIfIndex specifies the interface index whose IP address should be used in all unsolicited packets sent by the application specified by the value of tmnxSourceIPProtoApp. For the value specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or tmnxSourceIPIfIndex can be specified, but not both.

The value of tmnxSourceIPOperStatus indicates the state of tmnxSourceIPEntry. A value of 'up' indicates that the IP address specified by tmnxSourceIPAddress will be used for all unsolicited packets sent by the application specified by the value of tmnxSourceIPProtoApp. Enumeration: 'down': 2, 'up': 1.

tmnxUserTemplateTable contains configuration information for the template of a system user.

tmnxUserTemplateEntry is an entry (conceptual row) in the tmnxUserTemplateTable. Each entry represents the configuration for the template of a system user. Entries in this table cannot be created or deleted.

The value of tmnxTemplateName specifies the name of the template from which a system user can be derived. This name must be unique amongst the table entries.

The value of tmnxTemplateAccess specifies the type of access permitted to the user derived from this template. To allow this user access to the console or FTP, set the corresponding bit in tmnxTemplateAccess. Reset the bit to deny the access. Bits: 'ftp': 1, 'console': 0.

The value of tmnxTemplateHomeDirectory specifies the local home directory on FTP and console access of the user derived from this template.

When the value of tmnxTemplateRestrictedToHome is 'true', the user derived from this template is not allowed to navigate to directories above his home directory for file access. When the value of tmnxTemplateRestrictedToHome is 'false', the access is allowed to directories above the home directory.

The value of tmnxTemplateConsoleLoginExecFile specifies the file that should be executed whenever the user derived from this template has successfully logged in to a console session.

The value of tmnxTemplateProfile specifies the user profile entry from the tmnxUserProfileTable that will be applied to the user derived from this template. For users authenticated by TACACS+, the profile specified by tmnxTemplateProfile will only apply if TACACS+ command authorization is disabled as specified by tmnxTacPlusAuthorization being set to 'false'.

The tmnxKeyChainEntry has an entry for a particular configured keychain used by the protocol session.

tmnxKeyChainEntry is an entry (conceptual row) in the tmnxKeyChainTable. Each entry represents the keychain configuration which will be applied to a protocol session. Entries in this table can be created and deleted via SNMP SET operations to tmnxKeyChainRowStatus.

The value of tmnxKeyChainName specifies a unique keychain name which identifies this particular keychain entry.

The value of tmnxKeyChainRowStatus is used to create or destroy entries in this table.

The value of tmnxKeyChainDescription specifies the description of the key chain identified by the keychain name tmnxKeyChainName.

The value of tmnxKeyChainSendTcpOptionNum specifies the TCP option value to use in the TCP header of packets being sent by the router to another device. The value of tmnxKeyChainSendTcpOptionNum is valid only when tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the TCP protocol stream.

The value of tmnxKeyChainReceiveTcpOptionNum specifies the TCP option value to check for in the TCP header of packets being received by the router. The value of tmnxKeyChainReceiveTcpOptionNum is valid only when tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the TCP protocol stream.

The value of tmnxKeyChainAdminState specifies the desired administrative state of the keychain. If the value is 'outOfService' the keychain capabilities are disabled but the keychain configuration parameters are retained.

The value of tmnxKeyChainOperState indicates the operational state of the keychain. A value of 'inService' indicates that the key chain can be used to sign and/or authenticate protocol streams.

The tmnxKeyChainKeyEntry has an entry for a particular configured key that will be used in a particular keychain defined by tmnxKeyChainEntry in tmnxKeyChainTable.

tmnxKeyChainKeyEntry is an entry (conceptual row) in the tmnxKeyChainKeyTable. Each entry represents the key configuration which will be applied to a keychain. Entries in this table can be created and deleted via SNMP SET operations to tmnxKeyChainKeyRowStatus.

The value of tmnxKeyChainKeyDirection is used to specify the protocol-stream direction to encrypt. A value of 'send' specifies that this key entry will be used to sign protocol packets that are being sent by the router to another device. A value of 'receive' specifies this key entry will be used to authenticate protocol packets that are being received by the router. A value of 'send-receive' specifies that this key will be used to sign protocol packet that are being sent by the router to another device, as well as to authenticate protocol packets that are being received by the router.

The value of tmnxKeyChainKeyID specifies a key id which is used along with tmnxKeyChainName and tmnxKeyChainKeyDirection to uniquely identify this particular key entry. A value of 255 identifies this as a 'null-key' entry which enables the transition from an unauthenticated session to an enhanced authentication session.

The value of tmnxKeyChainKeyRowStatus is used to create or destroy entries in this table. tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm must be set in the same SNMP request PDU as tmnxKeyChainKeyRowStatus during row creation else the set request will fail with an inconsistentValue error.

The value of tmnxKeyChainAuthenticationKey specifies the key that will be used by the encryption algorithm specified by tmnxKeyChainKeyAlgorithm. tmnxKeyChainAuthenticationKey is used to sign and authenticate a protocol packet. The value of tmnxKeyChainAuthenticationKey can be any combination of letters or numbers. Note that the string may contain embedded nulls. tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which indicates the encryption algorithm to be used, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error. When read, tmnxKeyChainAuthenticationKey always returns an Octet string of length zero.

The value of tmnxKeyChainKeyAlgorithm specifies the algorithm that will be used to sign and/or authenticate the protocol stream. tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which indicates the encryption algorithm to be used, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error.

The value of tmnxKeyChainKeyBeginTime specifies the calendar date and time after which the key specified by tmnxKeyChainAuthenticationKey will be used to sign and/or authenticate the protocol stream. If no date and time is set, tmnxKeyChainKeyBeginTime is represented by a DateAndTime string with all NULLs and the key is not valid by default.

The value of tmnxKeyChainKeyEndTime specifies the calendar date and time after which the key specified by tmnxKeyChainAuthenticationKey is no longer eligible to sign and/or authenticate the protocol stream. tmnxKeyChainKeyEndTime is not applicable when tmnxKeyChainKeyDirection is set to 'send' or 'send-receive'. If no date and time is set, tmnxKeyChainKeyEndTime is represented by a DateAndTime string with all NULLs and the key is valid indefinitely.

The value of tmnxKeyChainKeyTolerance specifies the number of seconds that a eligible receive key should overlap with the active send key. tmnxKeyChainKeyTolerance is valid only when tmnxKeyChainKeyDirection is set to 'send-receive' or 'receive'.

The value of tmnxKeyChainKeyAdminState specifies the desired administrative state of the particular key in the keychain. When the value is 'outOfService' the keychain capabilities are disabled but the particular key's configuration parameters are retained.

tmnxKeyChainAuthFailReason is used by tmnxKeyChainAuthFailure to notify the reason for the keychain authentication failure. Enumeration: 'mismatchRecvOption': 4, 'invalidOptionLen': 3, 'digestMismatch': 6, 'other': 1, 'noEnhAuthOptionRecvd': 2, 'mismatchAlgId': 7, 'invalidKeyId': 5.

The value of the object tmnxKeyChainAuthAddrType indicates the address type (ipv4 or ipv6) of the source address in the authentication packet.

The value of the object tmnxKeyChainAuthAddr indicates the source address in the authentication packet.

tmnxMD5AuthFailReason is used by tmnxMD5AuthFailure to notify the reason for the MD5 authentication failure. Enumeration: 'digestMismatch': 1.

The value of the object tmnxMD5AuthAddrType indicates the address type (ipv4 or ipv6) of the source address in the authentication packet.

The value of the object tmnxMD5AuthAddr indicates the source address in the authentication packet.

The value of the object tmnxMD5AuthKey indicates the MD5 key used for authentication.

The value of the object tmnxCpmProtPolId indicates the policy index of the cpm protection policy.

The value of the object tmnxSecNotifFailureReason indicates the reason for the generation of the notification.

The value of the object tmnxSecNotifFile indicates the file associated with the notification.

The value of the object tmnxSecNotifTunnelName indicates the name of tunnel associated with the notification.

The value of the object tmnxSecNotifCert indicates the certificate name associated with the notification.

The value of tmnxCpmProtViolMacAddress indicates the MAC address of the source. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The value of tmnxCpmProtViolMacPeriods indicates the number of times the per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxPkiMaxCertChainDepth specifies maximum depth of certificate chain verification.

This value of the object tmnxPkiCAProfileTableLastChanged indicates the timestamp of the last change to the tmnxPkiCAProfileTable. A value of zero indicates that no changes were made to this table since the system was last initialized.

The tmnxPkiCAProfileTable is the Certificate-Authority profile table. Entries are created and deleted by the user.

Information about a single Certificate-Authority profile.

The tmnxPkiCAProfile specifies the name of the Certificate-Authority profile.

The tmnxPkiCAProfileRowStatus specifies Row-Status for the Certificate-Authority profile.

The value of tmnxPkiCAProfileLastChanged is the timestamp of last change to this row in tmnxPkiCAProfileTable.

The tmnxPkiCAProfileDescr specifies the description of the Certificate-Authority profile.

The tmnxPkiCAProfileCRLFile specifies the location and name of the Certificate Revoke List (CRL) file.

The tmnxPkiCAProfileCertFile specifies the location and name of the Certificate file.

The tmnxPkiCAProfileAdminState specifies the adminstrative state of this Certificate-Authority profile.

The value of tmnxPkiCAProfileOperState indicates the current operational status of this Certificate-Authority profile.

The value of tmnxPkiCAProfileOperFlags indicates the reason that this Certificate-Authority profile is not in service. I.e., tmnxPkiCAProfileOperState has the value 'outOfService': adminDown - tmnxPkiCAProfileAdminState is 'outOfService' invalidCrl - CRL file is invalid or could not be found. invalidCert - Cert file is invalid could not be found. Bits: 'adminDown': 0, 'invalidCrl': 1, 'invalidCert': 2.

The tmnxCertMgrAuthFailed indicates the number of authentication failures using the certificates.

The tmnxCertMgrAuthPassed indicates the number of authentication checks passed using the certificates.

The tmnxCertMgrTotalAuth indicates the number of authentication attempts using the certificates.

The value of tmnxUserActionUserName specifies the user name on which the action applies.

When tmnxUserActionUnlock is set to 'doAction', the user specified in tmnxUserActionUserName can make again tmnxPasswordAttemptsCount unsuccessful login attempts before he is locked out for tmnxPasswordAttemptsLockoutPeriod minutes, and his exponential backoff period is reset to 1 second if slcLoginExponentialBackOff is set to 'true'. The value of tmnxUserActionUserName must be set to a non-empty string in the same SNMP SET PDU when setting tmnxUserActionUnlock to 'doAction'.

The tmnxSSHServerPreserveKeyFail notification is generated when the saving of SSH server host key on the persistent drive fails by the CPM module. tmnxCpmFlashId identifies the failed compact flash. tmnxCpmFlashOperStatus indicates the status of the compact flash reported in tmnxCpmFlashId.

The tmnxKeyChainAuthFailure notification is generated when the incoming packet is dropped due to key chain authentication failure. Failure could be due to the following reasons or more: - Send packet had not auth keychain but recv side had keychain enabled. - Keychain key id's did not match. - Keychain key digest mismatch - Received packet with invalid enhanced authentication option length. - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'.

The tmnxCpmProtViolPort notification is generated when a link-specific packet arrival rate limit violation is detected for a port. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolPortAgg notification is generated when a per-port overall packet rate limit violation is detected for a port. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolIf notification is generated when a overall packet arrival rate violation is detected for an interface, and this notification is enabled. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolSap notification is generated when a overall packet arrival rate violation is detected for a SAP, and this notification is enabled. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolMac notification is generated when a per-source rate limit violation was detected for a source, and this notification is enabled. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'.

The tmnxCpmProtViolVdoSvcClient notification is generated when a per-source rate limit violation was detected for a client address of a RTCP control traffic in VPLS service.

The tmnxCpmProtViolVdoVrtrClient notification is generated when a per-source rate limit violation was detected for a client address of a RTCP control traffic in router context.

The tmnxMD5AuthFailure notification is generated when the incoming packet is dropped due to MD5 authentication failure.

The tmnxCpmProtDefPolModified notification is generated when the user modifies a default access or default network policy.

[CAUSE] The tmnxCpmProtViolSdpBind notification is generated when the packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's configured overall-rate. [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured overall-rate for the SDP.

[CAUSE] The tmnxCpmProtExcdSdpBind notification is generated when a source (identified by a MAC address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate. [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

[CAUSE] The tmnxCpmProtExcdSapEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local SAP at a rate which exceeds the configured Eth-CFM rate limit for the stream. [EFFECT] One or more Eth-CFM packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

[CAUSE] The tmnxCpmProtExcdSdpBindEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at a rate which exceeds the configured Eth-CFM rate limit for the stream. [EFFECT] One or more Eth-CFM packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

[CAUSE] The tmnxPkiFileReadFailed notification is generated when an attempt to read the file fails. Reason of the failure is indicated by the tmnxSecNotifFailureReason object. [EFFECT] Operational status of tunnels configured to use this certificate will be set to 'down'. [RECOVERY] Make sure the path specified in tmnxSecNotifFile is correct and the file exists.

[CAUSE] The tmnxPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails. [EFFECT] Authentication of the tunnel configured with the certificate will start to fail. [RECOVERY] Make sure the certificate specified in tmnxSecNotifCert exists and is a valid certificate.

[CAUSE] The tmnxCAProfileStateChange notification is generated when Certificate Authority profile changes state to 'down' due to tmnxSecNotifFailureReason. [EFFECT] Certificate Authority profile will remain in this state until a corrective action is taken. [RECOVERY] Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken.

[CAUSE] The tmnxCpmProtExcdSapIp notification is generated when a source (identified by an IP address) sends a packet stream to a local SAP at a rate which exceeds the SAP's configured per-source-rate. [EFFECT] One or more packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, OR increase the locally configured per-source-rate for the SAP, OR disable per-IP-source rate limiting on the SAP by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'.