1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
-- This file was included in Ciena MIB release MIBS-CIENA-CES-08-07-00-024
--
-- CIENA-CES-SECURITY-MIB.my
--
CIENA-CES-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
NOTIFICATION-TYPE, OBJECT-TYPE, MODULE-IDENTITY
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC
OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
cienaGlobalSeverity, cienaGlobalMacAddress
FROM CIENA-GLOBAL-MIB
cienaCesNotifications, cienaCesConfig
FROM CIENA-SMI;
cienaCesSecurityMIB MODULE-IDENTITY
LAST-UPDATED "201709270000Z"
ORGANIZATION "Ciena Corp."
CONTACT-INFO
" Mib Meister
7035 Ridge Road
Hanover, Maryland 21076
USA
Phone: +1 800 921 1144
Email: support@ciena.com"
DESCRIPTION
"This module defines the security configuration objects and also the objects required for
any security related notifications."
REVISION "201709270000Z"
DESCRIPTION
"Initial creation."
::= { cienaCesConfig 44 }
--
-- Node definitions
--
cienaCesSecurityMIBObjects OBJECT IDENTIFIER ::= { cienaCesSecurityMIB 1 }
cienaCesSecurityCertExpiry OBJECT IDENTIFIER ::= { cienaCesSecurityMIBObjects 1 }
cienaCesSecurityCertCrl OBJECT IDENTIFIER ::= { cienaCesSecurityMIBObjects 2 }
cienaCesSecurityMIBNotificationPrefix OBJECT IDENTIFIER ::= { cienaCesNotifications 43 }
cienaCesSecurityMIBNotifications OBJECT IDENTIFIER ::= { cienaCesSecurityMIBNotificationPrefix 0 }
-- Conformance information
cienaCesSecurityMIBConformance OBJECT IDENTIFIER ::= { cienaCesSecurityMIB 2 }
cienaCesSecurityMIBCompliances OBJECT IDENTIFIER ::= { cienaCesSecurityMIBConformance 1 }
cienaCesSecurityMIBGroups OBJECT IDENTIFIER ::= { cienaCesSecurityMIBConformance 2 }
--
-- Global stuff
--
cienaCesSecurityCertType OBJECT-TYPE
SYNTAX INTEGER {
ca(1),
devCert(2),
sshClient(3),
sshServer(4)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the type of the certificate."
::= { cienaCesSecurityCertExpiry 1 }
cienaCesSecurityCertName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the name of the certificate."
::= { cienaCesSecurityCertExpiry 2 }
cienaCesSecurityCertValidTo OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the validTo date of the certificate."
::= { cienaCesSecurityCertExpiry 3 }
cienaCesSecurityCaCrlType OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the type of object, CA or CRL."
::= { cienaCesSecurityCertCrl 1 }
cienaCesSecurityCertCrlOperation OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the type of operation on the cert or CRL."
::= { cienaCesSecurityCertCrl 2 }
cienaCesSecurityCaCrlInvalidCaReason OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the reason the CA is invalid."
::= { cienaCesSecurityCertCrl 3 }
cienaCesSecurityCertKeyOperation OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object indicates the type of operation on the cert key."
::= { cienaCesSecurityCertCrl 4 }
cienaCesSecurityCertExpiryWarningNotification NOTIFICATION-TYPE
OBJECTS {
cienaGlobalSeverity,
cienaGlobalMacAddress,
cienaCesSecurityCertType,
cienaCesSecurityCertName,
cienaCesSecurityCertValidTo
}
STATUS current
DESCRIPTION
"A cienaCesSecurityCertExpiryWarningNotification is sent if
the current time is greater than or equal to (the expiry time
minus the initial warning interval), but less than the expiry
time. They are sent at configured intervals.
To enable the device to send this trap:
cienaCesSecurityCertExpiryWarningTrapState needs to be set to enabled."
::= { cienaCesSecurityMIBNotifications 1 }
cienaCesSecurityCertExpiryExpiredNotification NOTIFICATION-TYPE
OBJECTS {
cienaGlobalSeverity,
cienaGlobalMacAddress,
cienaCesSecurityCertType,
cienaCesSecurityCertName,
cienaCesSecurityCertValidTo
}
STATUS current
DESCRIPTION
"A cienaCesSecurityCertExpiryExpiredNotification is sent if
the current time is greater than or equal to the expiry time.
They are sent at configured intervals.
To enable the device to send this trap:
cienaCesSecurityCertExpiryExpiredTrapState needs to be set to enabled."
::= { cienaCesSecurityMIBNotifications 2 }
cienaCesSecurityCaCrlInstallNotification NOTIFICATION-TYPE
OBJECTS {
cienaGlobalSeverity,
cienaGlobalMacAddress,
cienaCesSecurityCaCrlType,
cienaCesSecurityCertName,
cienaCesSecurityCertCrlOperation
}
STATUS current
DESCRIPTION
"A cienaCesSecurityCaCrlInstallNotification is sent if
a CA certificate has been successfully installed.
To enable the device to send this trap:
cienaCesSecurityCaCrlInstallTrapState needs to be set to enabled."
::= { cienaCesSecurityMIBNotifications 3 }
cienaCesSecurityCaCrlInvalidCaNotification NOTIFICATION-TYPE
OBJECTS {
cienaGlobalSeverity,
cienaGlobalMacAddress,
cienaCesSecurityCaCrlInvalidCaReason
}
STATUS current
DESCRIPTION
"A cienaCesSecurityCaCrlInvalidCaNotification is sent if
during an attempted installation, the CA certificate
is found to be invalid.
To enable the device to send this trap:
cienaCesSecurityCaCrlInvalidCaTrapState needs to be set to enabled."
::= { cienaCesSecurityMIBNotifications 4 }
cienaCesSecurityDevCertInstallNotification NOTIFICATION-TYPE
OBJECTS {
cienaGlobalSeverity,
cienaGlobalMacAddress,
cienaCesSecurityCertName,
cienaCesSecurityCertCrlOperation
}
STATUS current
DESCRIPTION
"A cienaCesSecurityDevCertInstallNotification is sent if
a device certificate has been successfully installed or uninstalled.
To enable the device to send this trap:
cienaCesSecurityDevCertInstallTrapState needs to be set to enabled."
::= { cienaCesSecurityMIBNotifications 5 }
cienaCesSecurityDevCertKeyCreateNotification NOTIFICATION-TYPE
OBJECTS {
cienaGlobalSeverity,
cienaGlobalMacAddress,
cienaCesSecurityCertName,
cienaCesSecurityCertKeyOperation
}
STATUS current
DESCRIPTION
"A cienaCesSecurityDevCertKeyCreateNotification is sent if
a device certificate key has been successfully created.
To enable the device to send this trap:
cienaCesSecurityDevCertKeyCreateTrapState needs to be set to enabled."
::= { cienaCesSecurityMIBNotifications 6 }
cienaCesSecurityCertExpiryGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cienaCesSecurityCertExpiryWarningNotification,
cienaCesSecurityCertExpiryExpiredNotification
}
STATUS current
DESCRIPTION
"A collection of objects providing information
about security certificate expiry notifications."
::= { cienaCesSecurityMIBGroups 1 }
cienaCesSecurityCertCrlGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cienaCesSecurityCaCrlInstallNotification,
cienaCesSecurityCaCrlInvalidCaNotification,
cienaCesSecurityDevCertInstallNotification,
cienaCesSecurityDevCertKeyCreateNotification
}
STATUS current
DESCRIPTION
"A collection of objects providing information
about certificate and certificate revocation
list notifications."
::= { cienaCesSecurityMIBGroups 2 }
END
|
