1 PKTC-IETF-MTA-MIB DEFINITIONS ::= BEGIN
11 FROM SNMPv2-SMI -- [RFC2578]
15 FROM SNMPv2-TC -- [RFC2579]
19 FROM SNMPv2-CONF -- [RFC2580]
22 FROM INET-ADDRESS-MIB -- [RFC4001]
24 FROM SNMPv2-MIB -- [RFC3418]
26 FROM SNMP-FRAMEWORK-MIB -- [RFC3411]
27 docsDevSoftwareGroupV2
28 FROM DOCS-CABLE-DEVICE-MIB -- [RFC4639]
29 DocsX509ASN1DEREncodedCertificate,
30 docsBpi2CodeDownloadGroup
31 FROM DOCS-IETF-BPI2-MIB -- [RFC4131]
33 FROM SYSAPPL-MIB -- [RFC2287]
35 FROM IF-MIB; -- [RFC2863]
37 pktcIetfMtaMib MODULE-IDENTITY
38 LAST-UPDATED "200609180000Z" -- September 18, 2006
39 ORGANIZATION "IETF IP over Cable Data Network Working Group"
43 200-13711 International Place,
49 Phone: +1 604 233 8500
50 Email: enechamkin@broadcom.com
53 Cable Television Laboratories, Inc.
55 Louisville, CO 80027-9750
57 Phone: +1 303 661 9100
58 Email: jf.mule@cablelabs.com
60 IETF IPCDN Working Group
61 General Discussion: ipcdn@ietf.org
62 Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn
63 Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn
64 Co-Chair: Jean-Francois Mule, jf.mule@cablelabs.com
65 Co-Chair: Richard Woundy, Richard_Woundy@cable.comcast.com"
68 "This MIB module defines the basic management object
69 for the Multimedia Terminal Adapter devices compliant
70 with PacketCable and IPCablecom requirements.
72 Copyright (C) The IETF Trust (2006). This version of
73 this MIB module is part of RFC 4682; see the RFC itself for
76 REVISION "200609180000Z" -- September 18, 2006
79 "Initial version, published as RFC 4682."
83 -- Textual Conventions
85 PktcMtaDevProvEncryptAlg ::= TEXTUAL-CONVENTION
88 " This textual convention defines various types of the
89 encryption algorithms used for the encryption of the MTA
90 configuration file. The description of the encryption
91 algorithm for each enumerated value is as follows:
93 'none(0)' no encryption is used,
94 'des64CbcMode(1)' DES 64-bit key in CBC mode,
98 't3Des192CbcMode(2)' 3DES 192-bit key in CBC mode,
99 'aes128CbcMode(3)' AES 128-bit key in CBC mode,
100 'aes256CbcMode(4)' AES 256-bit key in CBC mode."
109 --=================================================================
110 -- The MTA MIB module only supports a single Provisioning Server.
111 --=================================================================
113 pktcMtaNotification OBJECT IDENTIFIER ::= { pktcIetfMtaMib 0 }
114 pktcMtaMibObjects OBJECT IDENTIFIER ::= { pktcIetfMtaMib 1 }
115 pktcMtaDevBase OBJECT IDENTIFIER ::= { pktcMtaMibObjects 1 }
116 pktcMtaDevServer OBJECT IDENTIFIER ::= { pktcMtaMibObjects 2 }
117 pktcMtaDevSecurity OBJECT IDENTIFIER ::= { pktcMtaMibObjects 3 }
118 pktcMtaDevErrors OBJECT IDENTIFIER ::= { pktcMtaMibObjects 4 }
119 pktcMtaConformance OBJECT IDENTIFIER ::= { pktcIetfMtaMib 2 }
122 -- The following pktcMtaDevBase group describes the base MTA objects
125 pktcMtaDevResetNow OBJECT-TYPE
127 MAX-ACCESS read-write
130 " This object controls the MTA software reset.
131 Reading this object always returns 'false'. Setting this
132 object to 'true' causes the device to reset immediately
133 and the following actions to occur:
134 1. All connections (if present) are flushed locally.
135 2. All current actions such as ringing immediately
137 3. Requests for signaling notifications, such as
138 notification based on digit map recognition, are
140 4. All endpoints are disabled.
141 5. The provisioning flow is started at step MTA-1.
142 If a value is written into an instance of
143 pktcMtaDevResetNow, the agent MUST NOT retain the supplied
144 value across MTA re-initializations or reboots."
149 " PacketCable MTA Device Provisioning Specification."
150 ::= { pktcMtaDevBase 1 }
152 pktcMtaDevSerialNumber OBJECT-TYPE
153 SYNTAX SnmpAdminString
157 " This object specifies the manufacturer's serial
158 number of this MTA. The value of this object MUST be
159 identical to the value specified in DHCP option 43,
160 sub-option 4. The list of sub-options for DHCP option
161 43 are defined in the PacketCable MTA Device
162 Provisioning Specification."
164 " PacketCable MTA Device Provisioning Specification."
165 ::= { pktcMtaDevBase 2 }
167 pktcMtaDevSwCurrentVers OBJECT-TYPE
168 SYNTAX SnmpAdminString
172 " This object identifies the software version currently
173 operating in the MTA.
174 The MTA MUST return a string descriptive of the current
175 software load. This object should use the syntax
176 defined by the individual vendor to identify the software
177 version. The data presented in this object MUST be
178 identical to the software version information contained
179 in the 'sysDescr' MIB object of the MTA. The value of
180 this object MUST be identical to the value specified in
181 DHCP option 43, sub-option 6. The list of sub-options for
182 DHCP option 43 are defined in the PacketCable MTA Device
183 Provisioning Specification."
185 " PacketCable MTA Device Provisioning Specification."
187 ::= { pktcMtaDevBase 3 }
189 pktcMtaDevFQDN OBJECT-TYPE
190 SYNTAX SnmpAdminString
194 " This object contains the Fully Qualified Domain Name for
195 this MTA. The MTA FQDN is used to uniquely identify the
196 device to the PacketCable back office elements."
200 ::= { pktcMtaDevBase 4 }
202 pktcMtaDevEndPntCount OBJECT-TYPE
203 SYNTAX Unsigned32 (1..255)
207 " This object contains the number of physical endpoints for
209 ::= { pktcMtaDevBase 5 }
211 pktcMtaDevEnabled OBJECT-TYPE
213 MAX-ACCESS read-write
216 " This object contains the MTA Admin Status of this device.
217 If this object is set to 'true', the MTA is
218 administratively enabled, and the MTA MUST be able to
219 interact with the PacketCable entities, such as CMS,
220 Provisioning Server, KDC, and other MTAs and MGs on all
221 PacketCable interfaces.
222 If this object is set to 'false', the MTA is
223 administratively disabled, and the MTA MUST perform the
224 following actions for all endpoints:
225 - Shut down all media sessions, if present.
226 - Shut down Network Control Signaling (NCS)
227 signaling by following the Restart in
228 Progress procedures in the PacketCable NCS
230 The MTA must execute all actions required to
231 enable or disable the telephony services for all
232 endpoints immediately upon receipt of an SNMP SET
235 Additionally, the MTA MUST maintain the SNMP Interface
236 for management and also the SNMP Key management interface.
237 Also, the MTA MUST NOT continue Kerberized key management
238 with CMSes until this object is set to 'true'.
239 Note: MTAs MUST renew the CMS Kerberos tickets according
240 to the PacketCable Security or IPCablecom Specification.
241 If a value is written into an instance of
242 pktcMtaDevEnabled, the agent MUST NOT retain the supplied
243 value across MTA re-initializations or reboots."
245 " PacketCable MTA Device Provisioning Specification;
246 PacketCable Security Specification;
247 PacketCable Network-Based Call Signaling Protocol
252 ::= { pktcMtaDevBase 6 }
254 pktcMtaDevTypeIdentifier OBJECT-TYPE
255 SYNTAX SnmpAdminString
259 " This object provides the MTA device type identifier. The
260 value of this object must be a copy of the DHCP option 60
261 value exchanged between the MTA and the DHCP server. The
262 DHCP option 60 value contains an ASCII-encoded string
263 identifying capabilities of the MTA as defined in the
264 PacketCable MTA Device Provisioning Specification."
266 " RFC 2132, DHCP Options and BOOTP Vendor Extensions;
267 PacketCable MTA Device Provisioning Specification."
268 ::= { pktcMtaDevBase 7 }
270 pktcMtaDevProvisioningState OBJECT-TYPE
274 failConfigFileError (3),
275 passWithWarnings (4),
276 passWithIncompleteParsing (5),
277 failureInternalError (6),
278 failureOtherReason (7)
283 " This object indicates the completion state of the MTA
284 device provisioning process.
287 If the configuration file could be parsed successfully
288 and the MTA is able to reflect the same in its
289 MIB, the MTA MUST return the value 'pass'.
292 If the MTA is in the process of being provisioned,
293 the MTA MUST return the value 'inProgress'.
296 If the configuration file was in error due to incorrect
297 values in the mandatory parameters, the MTA MUST reject
298 the configuration file, and the MTA MUST return the value
302 'failConfigFileError'.
305 If the configuration file had proper values for all the
306 mandatory parameters but has errors in any of the optional
307 parameters (this includes any vendor-specific Object
308 Identifiers (OIDs) that are incorrect or not known
309 to the MTA), the MTA MUST return the value
312 passWithIncompleteParsing:
313 If the configuration file is valid but the MTA cannot
314 reflect the same in its configuration (for example, too
315 many entries caused memory exhaustion), it must accept
316 the CMS configuration entries related, and the MTA MUST
317 return the value 'passWithIncompleteParsing'.
319 failureInternalError:
320 If the configuration file cannot be parsed due to an
321 Internal error, the MTA MUST return the value
322 'failureInternalError'.
325 If the MTA cannot accept the configuration file for any
326 other reason than the ones stated above, the MTA MUST
327 return the value 'failureOtherReason'.
329 When a final SNMP INFORM is sent as part of Step 25 of the
330 MTA Provisioning process, this parameter is also included
331 in the final INFORM message."
333 " PacketCable MTA Device Provisioning Specification."
334 ::= { pktcMtaDevBase 8 }
336 pktcMtaDevHttpAccess OBJECT-TYPE
341 " This object indicates whether the HTTP protocol is
342 supported for the MTA configuration file transfer."
343 ::= { pktcMtaDevBase 9 }
345 pktcMtaDevProvisioningTimer OBJECT-TYPE
346 SYNTAX Unsigned32 (0..30)
348 MAX-ACCESS read-write
354 " This object defines the time interval for the provisioning
355 flow to complete. The MTA MUST finish all provisioning
356 operations starting from the moment when an MTA receives
357 its DHCP ACK and ending at the moment when the MTA
358 downloads its configuration file (e.g., MTA5 to MTA23)
359 within the period of time set by this object.
360 Failure to comply with this condition constitutes
361 a provisioning flow failure. If the object is set to 0,
362 the MTA MUST ignore the provisioning timer condition.
363 If a value is written into an instance of
364 pktcMtaDevProvisioningTimer, the agent MUST NOT retain the
365 supplied value across MTA re-initializations or reboots."
367 " PacketCable MTA Device Provisioning Specification."
369 ::= {pktcMtaDevBase 10}
371 pktcMtaDevProvisioningCounter OBJECT-TYPE
376 "This object counts the number of times the
377 provisioning cycle has looped through step MTA-1."
378 ::= {pktcMtaDevBase 11}
380 pktcMtaDevErrorOidsTable OBJECT-TYPE
381 SYNTAX SEQUENCE OF PktcMtaDevErrorOidsEntry
382 MAX-ACCESS not-accessible
385 " This table contains the list of configuration errors or
386 warnings the MTA encountered when parsing the
387 configuration file it received from the Provisioning
389 For each error, an entry is created in this table,
390 containing the configuration parameters the MTA rejected
391 and the associated reason (e.g., wrong or unknown OID,
392 inappropriate object values). If the MTA
393 did not report a provisioning state of 'pass(1)' in
394 the pktcMtaDevProvisioningState object, this table MUST be
395 populated for each error or warning instance. Even if
396 different parameters share the same error type (e.g., all
397 realm name configuration parameters are invalid), all
398 observed errors or warnings must be reported as
399 different instances. Errors are placed into the table in
400 no particular order. The table MUST be cleared each time
406 " PacketCable MTA Device Provisioning Specification."
407 ::= {pktcMtaDevBase 12 }
409 pktcMtaDevErrorOidsEntry OBJECT-TYPE
410 SYNTAX PktcMtaDevErrorOidsEntry
411 MAX-ACCESS not-accessible
414 " This entry contains the necessary information the MTA MUST
415 attempt to provide in case of configuration file errors or
417 INDEX { pktcMtaDevErrorOidIndex }
418 ::= {pktcMtaDevErrorOidsTable 1}
420 PktcMtaDevErrorOidsEntry ::= SEQUENCE {
421 pktcMtaDevErrorOidIndex Unsigned32,
422 pktcMtaDevErrorOid SnmpAdminString,
423 pktcMtaDevErrorValue SnmpAdminString,
424 pktcMtaDevErrorReason SnmpAdminString
427 pktcMtaDevErrorOidIndex OBJECT-TYPE
428 SYNTAX Unsigned32 (1..1024)
429 MAX-ACCESS not-accessible
432 " This object is the index of the MTA configuration error
433 table. It is an integer value that starts at value '1'
434 and is incremented for each encountered configuration
435 file error or warning.
437 The maximum number of errors or warnings that can be
438 recorded in the pktcMtaDevErrorOidsTable is set to 1024 as
439 a configuration file is usually validated by operators
440 before deployment. Given the possible number of
441 configuration parameter assignments in the MTA
442 configuration file, 1024 is perceived as a sufficient
443 limit even with future extensions.
445 If the number of the errors in the configuration file
446 exceeds 1024, all errors beyond the 1024th one MUST
447 be ignored and not be reflected in the
448 pktcMtaDevErrorOidsTable."
450 ::= {pktcMtaDevErrorOidsEntry 1}
455 pktcMtaDevErrorOid OBJECT-TYPE
456 SYNTAX SnmpAdminString
460 " This object contains a human readable representation
461 (character string) of the OID corresponding to the
462 configuration file parameter that caused the particular
464 For example, if the value of the pktcMtaDevEnabled object
465 in the configuration file caused an error, then this
466 object instance will contain the human-readable string of
467 '1.3.6.1.2.1.140.1.1.6.0'.
468 If the MTA generated an error because it was not able
469 to recognize a particular OID, then this object
470 instance would contain an empty value (zero-length
472 For example, if the value of an OID in the configuration
473 file was interpreted by the MTA as being 1.2.3.4.5, and if
474 the MTA was not able to recognize this OID as a valid one,
475 this object instance will contain a zero-length string.
477 If the number of errors in the configuration file exceeds
478 1024, then for all subsequent errors, the
479 pktcMtaDevErrorOid of the table's 1024th entry MUST
480 contain a human-readable representation of the
481 pktcMtaDevErrorsTooManyErrors object; i.e., the string
482 '1.3.6.1.2.1.140.1.1.4.1.0'.
483 Note that the syntax of this object is SnmpAdminString
484 instead of OBJECT IDENTIFIER because the object value may
485 not be a valid OID due to human or configuration tool
488 ::= {pktcMtaDevErrorOidsEntry 2}
490 pktcMtaDevErrorValue OBJECT-TYPE
491 SYNTAX SnmpAdminString
495 " This object contains the value of the OID corresponding to
496 the configuration file parameter that caused the error.
497 If the MTA cannot recognize the OID of the
498 configuration parameter causing the error, then this
499 object instance contains the OID itself as interpreted
500 by the MTA in human-readable representation.
501 If the MTA can recognize the OID but generate an error due
502 to a wrong value of the parameter, then the object
506 instance contains the erroneous value of the parameter as
507 read from the configuration file.
508 In both cases, the value of this object must be
509 represented in human-readable form as a character string.
510 For example, if the value of the pktcMtaDevEnabled object
511 in the configuration file was 3 (invalid value), then the
512 pktcMtaDevErrorValue object instance will contain the
513 human-readable (string) representation of value '3'.
514 Similarly, if the OID in the configuration file has been
515 interpreted by the MTA as being 1.2.3.4.5 and the MTA
516 cannot recognize this OID as a valid one, then this
517 pktcMtaDevErrorValue object instance will contain human
518 readable (string) representation of value '1.2.3.4.5'.
520 If the number of errors in the configuration file exceeds
521 1024, then for all subsequent errors, the
522 pktcMtaDevErrorValue of the table's 1024th entry MUST
523 contain a human-readable representation of the
524 pktcMtaDevErrorsTooManyErrors object; i.e., the string
525 '1.3.6.1.2.1.140.1.1.4.1.0'."
527 ::= {pktcMtaDevErrorOidsEntry 3}
529 pktcMtaDevErrorReason OBJECT-TYPE
530 SYNTAX SnmpAdminString
534 " This object indicates the reason for the error or warning,
535 as per the MTA's interpretation, in human-readable form.
537 'VALUE NOT IN RANGE', 'VALUE DOES NOT MATCH TYPE',
538 'UNSUPPORTED VALUE', 'LAST 4 BITS MUST BE SET TO ZERO',
539 'OUT OF MEMORY - CANNOT STORE'.
540 This object may also contain vendor specific errors for
541 private vendor OIDs and any proprietary error codes or
542 messages that can help diagnose configuration errors.
544 If the number of errors in the configuration file exceeds
545 1024, then for all subsequent errors, the
546 pktcMtaDevErrorReason of the table's 1024th entry MUST
547 contain a human-readable string indicating the reason
548 for an error; for example,
549 'Too many errors in the configuration file'."
550 ::= {pktcMtaDevErrorOidsEntry 4}
553 -- The following group describes server access and parameters used
557 -- for the initial MTA provisioning and bootstrapping phases.
560 pktcMtaDevDhcpServerAddressType OBJECT-TYPE
561 SYNTAX InetAddressType
565 " This object contains the Internet address type for the
566 PacketCable DHCP servers specified in MTA MIB."
568 ::= { pktcMtaDevServer 1}
570 pktcMtaDevServerDhcp1 OBJECT-TYPE
575 " This object contains the Internet Address of the primary
576 DHCP server the MTA uses during provisioning.
577 The type of this address is determined by the value of
578 the pktcMtaDevDhcpServerAddressType object.
579 When the latter has the value 'ipv4(1)', this object
580 contains the IP address of the primary DHCP
581 server. It is provided by the CM to the MTA via the DHCP
582 option code 122, sub-option 1, as defined in RFC 3495.
584 The behavior of this object when the value of
585 pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)'
586 is not presently specified, but it may be specified
587 in future versions of this MIB module.
588 If this object is of value
589 0.0.0.0, the MTA MUST stop all provisioning
590 attempts, as well as all other activities.
591 If this object is of value 255.255.255.255, it means
592 that there was no preference given for the primary
593 DHCP server, and, the MTA must follow the logic of
594 RFC2131, and the value of DHCP option 122,
595 sub-option 2, must be ignored."
597 " PacketCable MTA Device Provisioning Specification;
598 RFC 2131, Dynamic Host Configuration Protocol;
599 RFC 3495, DHCP Option for CableLabs Client Configuration."
600 ::= { pktcMtaDevServer 2 }
602 pktcMtaDevServerDhcp2 OBJECT-TYPE
610 " This object contains the Internet Address of the secondary
611 DHCP server the MTA uses during provisioning.
612 The type of this address is determined by the value of
613 the pktcMtaDevDhcpServerAddressType object.
614 When the latter has the value 'ipv4(1)', this object
615 contains the IP address of the secondary DHCP
616 server. It is provided by the CM to the MTA via the DHCP
617 option code 122, sub-option 2, as defined in RFC 3495.
619 The behavior of this object when the value of
620 pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)'
621 is not presently specified, but it may be specified
622 in future versions of this MIB module.
623 If there was no secondary DHCP server provided in DHCP
624 Option 122, sub-option 2, this object must return the value
627 " PacketCable MTA Device Provisioning Specification;
628 RFC 3495, DHCP Option for CableLabs Client Configuration."
629 ::= { pktcMtaDevServer 3 }
631 pktcMtaDevDnsServerAddressType OBJECT-TYPE
632 SYNTAX InetAddressType
636 " This object contains the Internet address type for the
637 PacketCable DNS servers specified in MTA MIB."
639 ::= { pktcMtaDevServer 4}
641 pktcMtaDevServerDns1 OBJECT-TYPE
643 MAX-ACCESS read-write
646 " This object contains the IP Address of the primary
647 DNS server to be used by the MTA. The type of this address
648 is determined by the value of the
649 pktcMtaDevDnsServerAddressType object.
650 When the latter has the value 'ipv4(1)', this object
651 contains the IP address of the primary DNS server.
652 As defined in RFC 2132, PacketCable-compliant MTAs receive
653 the IP addresses of the DNS Servers in DHCP option 6.
654 The behavior of this object when the value of
655 pktcMtaDevDnsServerAddressType is other than 'ipv4(1)'
659 is not presently specified, but it may be specified
660 in future versions of this MIB module.
661 If a value is written into an instance of
662 pktcMtaDevServerDns1, the agent MUST NOT retain the
663 supplied value across MTA re-initializations or reboots."
665 " PacketCable MTA Device Provisioning Specification;
666 RFC 2132, DHCP Options and BOOTP Vendor Extensions."
667 ::= { pktcMtaDevServer 5 }
669 pktcMtaDevServerDns2 OBJECT-TYPE
671 MAX-ACCESS read-write
674 " This object contains the IP Address of the secondary
675 DNS server to be used by the MTA. The type of this address
676 is determined by the value of the
677 pktcMtaDevDnsServerAddressType object.
678 When the latter has the value 'ipv4(1)', this object
679 contains the IP address of the secondary DNS
680 server. As defined in RFC 2132, PacketCable-compliant MTAs
681 receive the IP addresses of the DNS Servers in DHCP
683 The behavior of this object when the value of
684 pktcMtaDevDnsServerAddressType is other than 'ipv4(1)'
685 is not presently specified, but it may be specified
686 in future versions of this MIB module.
687 If a value is written into an instance of
688 pktcMtaDevServerDns2, the agent MUST NOT retain the
689 supplied value across MTA re-initializations or reboots."
691 " PacketCable MTA Device Provisioning Specification;
692 RFC 2132, DHCP Options and BOOTP Vendor Extensions."
693 ::= { pktcMtaDevServer 6 }
695 pktcMtaDevTimeServerAddressType OBJECT-TYPE
696 SYNTAX InetAddressType
700 " This object contains the Internet address type for the
701 PacketCable Time servers specified in MTA MIB."
703 ::= { pktcMtaDevServer 7}
705 pktcMtaDevTimeServer OBJECT-TYPE
710 MAX-ACCESS read-write
713 " This object contains the Internet Address of the Time
714 Server used by an S-MTA for Time Synchronization. The type
715 of this address is determined by the value of the
716 pktcMtaDevTimeServerAddressType object.
717 When the latter has the value 'ipv4(1)', this object
718 contains the IP address of the Time Server used for Time
720 In the case of an S-MTA, this object must be
721 populated with a value other than 0.0.0.0 as obtained
722 from DHCP option 4. The protocol by which the time of day
723 MUST be retrieved is defined in RFC 868.
724 In the case of an E-MTA, this object must contain a
725 value of 0.0.0.0 if the address type is 'ipv4(1)' since
726 an E-MTA does not use the Time Protocol for time
727 synchronization (an E-MTA uses the time retrieved by the
729 The behavior of this object when the value of
730 pktcMtaDevTimeServerAddressType is other than 'ipv4(1)'
731 is not presently specified, but it may be specified in
732 future versions of this MIB module.
733 If a value is written into an instance of
734 pktcMtaDevTimeServer, the agent MUST NOT retain the
735 supplied value across MTA re-initializations or reboots."
737 " RFC 868, Time Protocol;
738 RFC 2131, Dynamic Host Configuration Protocol;
739 RFC 2132, DHCP Options and BOOTP Vendor Extensions."
740 ::= { pktcMtaDevServer 8}
742 pktcMtaDevConfigFile OBJECT-TYPE
743 SYNTAX SnmpAdminString
744 MAX-ACCESS read-write
747 " This object specifies the MTA device configuration file
748 information, including the access method, the server name,
749 and the configuration file name. The value of this object
750 is the Uniform Resource Locator (URL) of the configuration
751 file for TFTP or HTTP download.
752 If this object value is a TFTP URL, it must be formatted
753 as defined in RFC 3617.
754 If this object value is an HTTP URL, it must be formatted
755 as defined in RFC 2616.
756 If the MTA SNMP Enrollment mechanism is used, then the MTA
757 must download the file provided by the Provisioning Server
761 during provisioning via an SNMP SET on this object.
762 If the MTA SNMP Enrollment mechanism is not used, this
763 object MUST contain the URL value corresponding to the
764 'siaddr' and 'file' fields received in the DHCP ACK to
765 locate the configuration file: the 'siaddr' and 'file'
766 fields represent the host and file of the TFTP URL,
767 respectively. In this case, the MTA MUST return an
768 'inconsistentValue' error in response to SNMP SET
770 The MTA MUST return a zero-length string if the server
771 address (host part of the URL) is unknown.
772 If a value is written into an instance of
773 pktcMtaDevConfigFile, the agent MUST NOT retain the
774 supplied value across MTA re-initializations or reboots."
776 " PacketCable MTA Device Provisioning Specification;
777 RFC 3617, URI Scheme for TFTP; RFC 2616, HTTP 1.1"
778 ::= { pktcMtaDevServer 9 }
780 pktcMtaDevSnmpEntity OBJECT-TYPE
781 SYNTAX SnmpAdminString
785 " This object contains the FQDN of the SNMP entity of the
786 Provisioning Server. When the MTA SNMP Enrollment
787 Mechanism is used, this object represents the server that
788 the MTA communicates with, that it receives the
789 configuration file URL from, and that it sends the
790 enrollment notification to. The SNMP entity is also the
791 destination entity for all the provisioning
792 notifications. It may be used for post-provisioning
793 SNMP operations. During the provisioning phase, this
794 SNMP entity FQDN is supplied to the MTA via DHCP option
795 122, sub-option 3, as defined in RFC 3495. The MTA must
796 resolve the FQDN value before its very first network
797 interaction with the SNMP entity during the provisioning
801 " PacketCable MTA Device Provisioning Specification;
802 RFC 3495, DHCP Option for CableLabs Client Configuration."
803 ::= { pktcMtaDevServer 10 }
805 pktcMtaDevProvConfigHash OBJECT-TYPE
806 SYNTAX OCTET STRING (SIZE(20))
807 MAX-ACCESS read-write
813 " This object contains the hash value of the contents of the
815 The authentication algorithm is Secure Hashing Algorithm
816 1 (SHA-1), and the length is 160 bits. The hash
817 calculation MUST follow the requirements defined in the
818 PacketCable Security Specification. When the MTA SNMP
819 Enrollment mechanism is used, this hash value is
820 calculated and sent to the MTA prior to sending the
821 config file. This object value is then provided by the
822 Provisioning server via an SNMP SET operation.
823 When the MTA SNMP Enrollment mechanism is not in use, the
824 hash value is provided in the configuration file itself,
825 and it is also calculated by the MTA. This object value
826 MUST represent the hash value calculated by the MTA.
827 When the MTA SNMP Enrollment mechanism is not in use, the
828 MTA must reject all SNMP SET operations on this object and
829 return an 'inconsistentValue' error.
830 If a value is written into an instance of
831 pktcMtaDevProvConfigHash, the agent MUST NOT retain the
832 supplied value across MTA re-initializations or reboots."
834 " PacketCable MTA Device Provisioning Specification;
835 PacketCable Security Specification."
836 ::= { pktcMtaDevServer 11 }
838 pktcMtaDevProvConfigKey OBJECT-TYPE
839 SYNTAX OCTET STRING (SIZE(32))
840 MAX-ACCESS read-write
843 " This object contains the key used to encrypt/decrypt
844 the configuration file when secure SNMPv3 provisioning
846 The value of this object is provided along with the
847 configuration file information (pktcMtaDevConfigFile)
848 and hash (pktcMtaDevProvConfigHash) by the Provisioning
849 Server via SNMP SET once the configuration file has been
850 created, as defined by the PacketCable Security
853 The privacy algorithm is defined by the
854 pktcMtaDevProvConfigEncryptAlg MIB object. The
855 MTA requirements related to the privacy algorithm are
856 defined in the PacketCable Security Specification.
858 If this object is set at any other provisioning step than
859 that allowed by the PacketCable MTA Device
863 Provisioning Specification, the MTA SHOULD return
864 an 'inconsistentValue' error.
865 This object must not be used in non secure provisioning
866 mode. In non-secure provisioning modes, the MTA SHOULD
867 return an 'inconsistentValue' in response to SNMP SET
868 operations, and the MTA SHOULD return a zero-length
869 string in response to SNMP GET operations.
870 If a value is written into an instance of
871 pktcMtaDevProvConfigKey, the agent MUST NOT retain the
872 supplied value across MTA re-initializations or reboots."
874 " PacketCable MTA Device Provisioning Specification;
875 PacketCable Security Specification."
876 ::= { pktcMtaDevServer 12 }
878 pktcMtaDevProvConfigEncryptAlg OBJECT-TYPE
879 SYNTAX PktcMtaDevProvEncryptAlg
880 MAX-ACCESS read-write
883 " This object defines the encryption algorithm used for
884 privacy protection of the MTA Configuration File content."
885 DEFVAL { des64CbcMode }
886 ::= { pktcMtaDevServer 13 }
888 pktcMtaDevProvSolicitedKeyTimeout OBJECT-TYPE
889 SYNTAX Unsigned32 (0..180)
891 MAX-ACCESS read-write
894 " This object defines a Kerberos Key Management timer on the
895 MTA. It is the time period during which the MTA saves the
896 nonce and Server Kerberos Principal Identifier to match an
897 AP Request and its associated AP Reply response from the
899 After the timeout has been exceeded, the client discards
900 this (nonce, Server Kerberos Principal Identifier) pair,
901 after which it will no longer accept a matching AP Reply.
902 This timer only applies when the Provisioning Server
903 initiated key management for SNMPv3 (with a
905 If this object is set to a zero value, the MTA MUST return
906 an 'inconsistentValue' in response to SNMP SET operations.
907 This object should not be used in non-secure provisioning
908 modes. In non-secure provisioning modes, the MTA MUST
909 return an 'inconsistentValue' in response to SNMP SET
910 operations, and the MTA MUST return a zero value in
914 response to SNMP GET operations.
915 If a value is written into an instance of
916 pktcMtaDevProvSolicitedKeyTimeout, the agent MUST NOT
917 retain the supplied value across MTA re-initializations
920 ::= { pktcMtaDevServer 14 }
922 --=================================================================
924 -- Unsolicited key updates are retransmitted according to an
925 -- exponential back-off mechanism using two timers and a maximum
926 -- retry counter for AS replies.
927 -- The initial retransmission timer value is the nominal timer
928 -- value (pktcMtaDevProvUnsolicitedKeyNomTimeout). The
929 -- retransmissions occur with an exponentially increasing interval
930 -- that caps at the maximum timeout value
931 -- (pktcMtaDevProvUnsolicitedKeyMaxTimeout).
932 -- Retransmissions stop when the maximum retry counter is reached
933 -- (pktcMtaDevProvUnsolicitedKeyMaxRetries).
934 -- For example, with values of 3 seconds for the nominal
935 -- timer, 100 seconds for the maximum timeout, and 8 retries max,
936 -- and with an exponential value of 2, this results in
937 -- retransmission intervals will be 3 s, 6 s, 12 s, 24 s, 48 s,
938 -- 96 s, 100 s, and 100 s;
939 -- retransmissions then stop because the maximum number of
940 -- retries (8) has been reached.
942 --=================================================================
944 -- Timeouts for unsolicited key management updates are only
945 -- pertinent before the first SNMPv3 message is sent between the
946 -- MTA and the Provisioning Server and before the configuration
949 --=================================================================
951 pktcMtaDevProvUnsolicitedKeyMaxTimeout OBJECT-TYPE
952 SYNTAX Unsigned32 (0..600)
957 " This object defines the timeout value that applies to
958 an MTA-initiated AP-REQ/REP key management exchange with
959 the Provisioning Server in SNMPv3 provisioning.
960 It is the maximum timeout value, and it may not be exceeded
961 in the exponential back-off algorithm. If the DHCP option
965 code 122, sub-option 5, is provided to the MTA, it
966 overwrites this value.
967 In non-secure provisioning modes, the MTA MUST
968 return a zero value in response to SNMP GET
971 " PacketCable Security Specification."
973 ::= { pktcMtaDevServer 15 }
975 pktcMtaDevProvUnsolicitedKeyNomTimeout OBJECT-TYPE
976 SYNTAX Unsigned32 (0..600)
981 " This object defines the starting value of the timeout
982 for the AP-REQ/REP Backoff and Retry mechanism
983 with exponential timeout in SNMPv3 provisioning.
984 If the DHCP option code 122, sub-option 5, is provided
985 the MTA, it overwrites this value.
986 In non-secure provisioning modes, the MTA MUST
987 return a zero value in response to SNMP GET
990 " PacketCable Security Specification."
992 ::= { pktcMtaDevServer 16}
994 pktcMtaDevProvUnsolicitedKeyMaxRetries OBJECT-TYPE
995 SYNTAX Unsigned32 (0..32)
999 " This object contains a retry counter that applies to
1000 an MTA-initiated AP-REQ/REP key management exchange with
1001 the Provisioning Server in secure SNMPv3 provisioning.
1002 It is the maximum number of retries before the MTA stops
1003 attempting to establish a Security Association with
1004 Provisioning Server.
1005 If the DHCP option code 122, sub-option 5, is provided to
1006 the MTA, it overwrites this value.
1007 If this object is set to a zero value, the MTA MUST return
1008 an 'inconsistentValue' in response to SNMP SET operations.
1009 In non-secure provisioning modes, the MTA MUST
1010 return a zero value in response to SNMP GET
1016 " PacketCable Security Specification."
1018 ::= { pktcMtaDevServer 17 }
1020 pktcMtaDevProvKerbRealmName OBJECT-TYPE
1021 SYNTAX SnmpAdminString (SIZE(1..255))
1022 MAX-ACCESS read-only
1025 " This object contains the name of the associated
1026 provisioning Kerberos realm acquired during the MTA4
1027 provisioning step (DHCP Ack) for SNMPv3 provisioning.
1028 The uppercase ASCII representation of the associated
1029 Kerberos realm name MUST be used by both the Manager (SNMP
1030 entity) and the MTA.
1031 The Kerberos realm name for the Provisioning Server is
1032 supplied to the MTA via DHCP option code 122, sub-option 6,
1033 as defined in RFC 3495. In secure SNMP provisioning mode,
1034 the value of the Kerberos realm name for the Provisioning
1035 Server supplied in the MTA configuration file must match
1036 the value supplied in the DHCP option code 122,
1037 sub-option 6. Otherwise, the value of this object must
1038 contain the value supplied in DHCP Option 122,
1041 " PacketCable MTA Device Provisioning Specification;
1042 RFC 3495, DHCP Option for CableLabs Client Configuration."
1043 ::= { pktcMtaDevServer 18 }
1045 pktcMtaDevProvState OBJECT-TYPE
1048 waitingForSnmpSetInfo (2),
1049 waitingForTftpAddrResponse (3),
1050 waitingForConfigFile (4)
1052 MAX-ACCESS read-only
1055 " This object defines the MTA provisioning state.
1058 'operational(1)', the device has completed the loading
1059 and processing of the initialization parameters.
1061 'waitingForSnmpSetInfo(2)', the device is waiting on
1062 its configuration file download access information.
1063 Note that this state is only reported when the MTA
1067 SNMP enrollment mechanism is used.
1069 'waitingForTftpAddrResponse(3)', the device has sent a
1070 DNS request to resolve the server providing the
1071 configuration file, and it is awaiting for a response.
1072 Note that this state is only reported when the MTA
1073 SNMP enrollment mechanism is used.
1075 'waitingForConfigFile(4)', the device has sent a
1076 request via TFTP or HTTP for the download of its
1077 configuration file, and it is awaiting for a response or
1078 the file download is in progress."
1080 " PacketCable MTA Device Provisioning Specification,
1081 PacketCable Security Specification."
1082 ::= { pktcMtaDevServer 19 }
1085 -- The following object group describes the security objects.
1088 pktcMtaDevManufacturerCertificate OBJECT-TYPE
1089 SYNTAX DocsX509ASN1DEREncodedCertificate
1090 MAX-ACCESS read-only
1093 " This object contains the MTA Manufacturer Certificate.
1094 The object value must be the ASN.1 DER encoding of the MTA
1095 manufacturer's X.509 public key certificate. The MTA
1096 Manufacturer Certificate is issued to each MTA
1097 manufacturer and is installed into each MTA at the time of
1098 manufacture or with a secure code download. The specific
1099 requirements related to this certificate are defined in
1100 the PacketCable or IPCablecom Security specifications."
1102 " PacketCable Security Specification."
1104 ::= {pktcMtaDevSecurity 1}
1106 pktcMtaDevCertificate OBJECT-TYPE
1107 SYNTAX DocsX509ASN1DEREncodedCertificate
1108 MAX-ACCESS read-only
1111 " This object contains the MTA Device Certificate.
1112 The object value must be the ASN.1 DER encoding of the
1113 MTA's X.509 public-key certificate issued by the
1114 manufacturer and installed into the MTA at the time of
1118 manufacture or with a secure code download.
1119 This certificate contains the MTA MAC address. The
1120 specific requirements related to this certificate are
1121 defined in the PacketCable or IPCablecom Security
1124 " PacketCable Security Specification."
1125 ::= { pktcMtaDevSecurity 2 }
1127 pktcMtaDevCorrelationId OBJECT-TYPE
1129 MAX-ACCESS read-only
1132 " This object contains a correlation ID, an arbitrary value
1133 generated by the MTA that will be exchanged as part of the
1134 device capability data to the Provisioning Application.
1135 This random value is used as an identifier to correlate
1136 related events in the MTA provisioning sequence.
1137 This value is intended for use only during the MTA
1138 initialization and configuration file download."
1140 " PacketCable MTA Device Provisioning Specification."
1141 ::= { pktcMtaDevSecurity 3 }
1143 pktcMtaDevTelephonyRootCertificate OBJECT-TYPE
1144 SYNTAX DocsX509ASN1DEREncodedCertificate
1145 MAX-ACCESS read-only
1148 " This object contains the telephony Service Provider Root
1149 certificate. The object value is the ASN.1 DER encoding of
1150 the IP Telephony Service Provider Root X.509 public key
1151 certificate. This certification is stored in the MTA
1152 non-volatile memory and can be updated with a secure code
1153 download. This certificate is used to validate the initial
1154 AS Reply received by the MTA from the Key Distribution
1155 Center (KDC) during the MTA initialization. The specific
1156 requirements related to this certificate are defined in
1157 the PacketCable or IPCablecom Security specifications."
1159 " PacketCable Security Specification."
1160 ::= { pktcMtaDevSecurity 4 }
1162 --=================================================================
1164 -- Informative Procedures for Setting up Security Associations
1169 -- A Security Association may be set up either via configuration or
1170 -- via NCS signaling.
1172 -- I. Security association setup via configuration.
1174 -- The realm must be configured first. Associated with the realm
1175 -- is a KDC. The realm table (pktcMtaDevRealmTable) indicates
1176 -- information about the realm (e.g., name, organization name) and
1177 -- parameters associated with KDC communications (e.g., grace
1178 -- periods, AS Request/AS Reply adaptive back-off parameters).
1180 -- Once the realm is established, one or more CMS(es) may be
1181 -- defined in the realm. Associated with each CMS
1182 -- entry in the pktcMtaDevCmsTable is an explicit reference
1183 -- to a Realm via the realm name (pktcMtaDevCmsKerbRealmName),
1184 -- the FQDN of the CMS, and parameters associated with IPSec
1185 -- key management with the CMS (e.g., clock skew, AP Request/
1186 -- AP Reply adaptive back-off parameters).
1188 -- II. Security association setup via NCS signaling.
1190 -- The procedure of establishing the Security Associations
1191 -- for NCS signaling is described in the PacketCable Security
1193 -- It involves the analysis of the pktcNcsEndPntConfigTable row
1194 -- for the corresponding endpoint number and the correlation of
1195 -- the CMS FQDN from this row with the CMS Table and
1196 -- consequently, with the Realm Table. Both of these tables
1197 -- are defined below. The pktcNcsEndPntConfigTable is defined in
1198 -- the IP over Cable Data Network (IPCDN)
1199 -- NCS Signaling MIB [NCSSIGMIB].
1201 -- III. When the MTA receives wake-up or re-key messages from a
1202 -- CMS, it performs key management based on the corresponding
1203 -- entry in the CMS table. If the matching CMS entry does not
1204 -- exist, it must ignore the wake-up or re-key messages.
1206 --=================================================================
1207 --=================================================================
1209 -- pktcMtaDevRealmTable
1211 -- The pktcMtaDevRealmTable shows the KDC realms. The table is
1212 -- indexed with pktcMtaDevRealmIndex. The Realm Table contains the
1213 -- pktcMtaDevRealmName in conjunction with any server that needs
1214 -- a Security Association with the MTA. Uppercase must be used
1215 -- to compare the pktcMtaDevRealmName content.
1220 --=================================================================
1222 pktcMtaDevRealmAvailSlot OBJECT-TYPE
1223 SYNTAX Unsigned32 (0..64)
1224 MAX-ACCESS read-only
1227 " This object contains the index number of the first
1228 available entry in the realm table (pktcMtaDevRealmTable).
1229 If all the entries in the realm table have been assigned,
1230 this object contains the value of zero.
1231 A management station should create new entries in the
1232 realm table, using the following procedure:
1234 First, issue a management protocol retrieval operation
1235 to determine the value of the first available index in the
1236 realm table (pktcMtaDevRealmAvailSlot).
1238 Second, issue a management protocol SET operation
1239 to create an instance of the pktcMtaDevRealmStatus
1240 object by setting its value to 'createAndWait(5)'.
1242 Third, if the SET operation succeeded, continue
1243 modifying the object instances corresponding to the newly
1244 created conceptual row, without fear of collision with
1245 other management stations. When all necessary conceptual
1246 columns of the row are properly populated (via SET
1247 operations or default values), the management station may
1248 SET the pktcMtaDevRealmStatus object to 'active(1)'."
1249 ::= { pktcMtaDevSecurity 5 }
1251 pktcMtaDevRealmTable OBJECT-TYPE
1252 SYNTAX SEQUENCE OF PktcMtaDevRealmEntry
1253 MAX-ACCESS not-accessible
1256 " This object contains the realm table.
1257 The CMS table (pktcMtaDevCmsTable) and the realm table
1258 (pktcMtaDevRealmTable) are used for managing the MTA-CMS
1259 Security Associations. The realm table defines the
1260 Kerberos realms for the Application Servers (CMSes and the
1261 Provisioning Server)."
1262 ::= { pktcMtaDevSecurity 6 }
1264 pktcMtaDevRealmEntry OBJECT-TYPE
1265 SYNTAX PktcMtaDevRealmEntry
1266 MAX-ACCESS not-accessible
1272 " This table entry object lists the MTA security parameters
1273 for a single Kerberos realm. The conceptual rows MUST NOT
1274 persist across MTA reboots."
1275 INDEX { pktcMtaDevRealmIndex }
1276 ::= { pktcMtaDevRealmTable 1 }
1278 PktcMtaDevRealmEntry ::= SEQUENCE {
1279 pktcMtaDevRealmIndex Unsigned32,
1280 pktcMtaDevRealmName SnmpAdminString,
1281 pktcMtaDevRealmPkinitGracePeriod Unsigned32,
1282 pktcMtaDevRealmTgsGracePeriod Unsigned32,
1283 pktcMtaDevRealmOrgName LongUtf8String,
1284 pktcMtaDevRealmUnsolicitedKeyMaxTimeout Unsigned32,
1285 pktcMtaDevRealmUnsolicitedKeyNomTimeout Unsigned32,
1286 pktcMtaDevRealmUnsolicitedKeyMaxRetries Unsigned32,
1287 pktcMtaDevRealmStatus RowStatus
1290 pktcMtaDevRealmIndex OBJECT-TYPE
1291 SYNTAX Unsigned32 (1..64)
1292 MAX-ACCESS not-accessible
1295 " This object defines the realm table index."
1296 ::= { pktcMtaDevRealmEntry 1}
1298 pktcMtaDevRealmName OBJECT-TYPE
1299 SYNTAX SnmpAdminString (SIZE(1..255))
1300 MAX-ACCESS read-create
1303 " This object identifies the Kerberos realm name in all
1304 capitals. The MTA MUST prohibit the instantiation of any
1305 two rows with identical Kerberos realm names. The MTA MUST
1306 also verify that any search operation involving Kerberos
1307 realm names is done using the uppercase ASCII
1308 representation of the characters."
1309 ::= { pktcMtaDevRealmEntry 2 }
1311 pktcMtaDevRealmPkinitGracePeriod OBJECT-TYPE
1312 SYNTAX Unsigned32 (15..600)
1314 MAX-ACCESS read-create
1317 " This object contains the PKINIT Grace Period. For the
1318 purpose of key management with Application Servers (CMSes
1322 or the Provisioning Server), the MTA must utilize the
1323 PKINIT exchange to obtain Application Server tickets. The
1324 MTA may utilize the PKINIT exchange to obtain Ticket
1325 Granting Tickets (TGTs), which are then used to obtain
1326 Application Server tickets in a TGS exchange.
1327 The PKINIT exchange occurs according to the current Ticket
1328 Expiration Time (TicketEXP) and on the PKINIT Grace Period
1329 (PKINITGP). The MTA MUST initiate the PKINIT exchange at
1330 the time: TicketEXP - PKINITGP."
1332 " PacketCable Security Specification."
1334 ::= { pktcMtaDevRealmEntry 3 }
1336 pktcMtaDevRealmTgsGracePeriod OBJECT-TYPE
1337 SYNTAX Unsigned32 (1..600)
1339 MAX-ACCESS read-create
1342 " This object contains the Ticket Granting Server Grace
1343 Period (TGSGP). The Ticket Granting Server (TGS)
1344 Request/Reply exchange may be performed by the MTA
1345 on demand whenever an Application Server ticket is
1346 needed to establish security parameters. If the MTA
1347 possesses a ticket that corresponds to the Provisioning
1348 Server or a CMS that currently exists in the CMS table,
1349 the MTA MUST initiate the TGS Request/Reply exchange
1350 at the time: TicketEXP - TGSGP."
1352 " PacketCable Security Specification."
1354 ::= { pktcMtaDevRealmEntry 4 }
1356 pktcMtaDevRealmOrgName OBJECT-TYPE
1357 SYNTAX LongUtf8String
1358 MAX-ACCESS read-create
1361 " This object contains the X.500 organization name attribute
1362 as defined in the subject name of the service provider
1365 " PacketCable Security Specification;
1366 RFCs 3280 and 4630, Internet X.509 Public Key
1367 Infrastructure Certificate and Certificate Revocation List
1369 ::= { pktcMtaDevRealmEntry 5 }
1374 pktcMtaDevRealmUnsolicitedKeyMaxTimeout OBJECT-TYPE
1375 SYNTAX Unsigned32 (1..600)
1377 MAX-ACCESS read-create
1380 " This object specifies the maximum time the MTA will
1381 attempt to perform the exponential back-off algorithm.
1382 This timer only applies when the MTA initiated key
1383 management. If the DHCP option code 122, sub-option 4, is
1384 provided to the MTA, it overwrites this value.
1386 Unsolicited key updates are retransmitted according to an
1387 exponential back-off mechanism using two timers and a
1388 maximum retry counter for AS replies.
1389 The initial retransmission timer value is the nominal
1390 timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The
1391 retransmissions occur with an exponentially increasing
1392 interval that caps at the maximum timeout value
1393 (pktcMtaDevRealmUnsolicitedKeyMaxTimeout).
1394 Retransmissions stop when the maximum retry counter is
1395 reached (pktcMatDevRealmUnsolicitedMaxRetries).
1397 For example, with values of 3 seconds for the nominal
1398 timer, 20 seconds for the maximum timeout, and 5 retries
1399 max, retransmission intervals will be 3 s, 6 s,
1400 12 s, 20 s, and 20 s, and retransmissions then stop because
1401 the maximum number of retries has been reached."
1403 " PacketCable Security Specification."
1405 ::= { pktcMtaDevRealmEntry 6 }
1407 pktcMtaDevRealmUnsolicitedKeyNomTimeout OBJECT-TYPE
1408 SYNTAX Unsigned32 (100..600000)
1409 UNITS "milliseconds"
1410 MAX-ACCESS read-create
1413 " This object specifies the initial timeout value
1414 for the AS-REQ/AS-REP exponential back-off and retry
1415 mechanism. If the DHCP option code 122, sub-option 4, is
1416 provided to the MTA, it overwrites this value.
1417 This value should account for the average roundtrip
1418 time between the MTA and the KDC, as well as the
1419 processing delay on the KDC.
1424 Unsolicited key updates are retransmitted according to an
1425 exponential back-off mechanism using two timers and a
1426 maximum retry counter for AS replies.
1427 The initial retransmission timer value is the nominal
1428 timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The
1429 retransmissions occur with an exponentially increasing
1430 interval that caps at the maximum timeout value
1431 (pktcMtaDevRealmUnsolicitedKeyMaxTimeout).
1432 Retransmissions stop when the maximum retry counter is
1433 reached (pktcMatDevRealmUnsolicitedMaxRetries).
1435 For example, with values of 3 seconds for the nominal
1436 timer, 20 seconds for the maximum timeout, and 5 retries
1437 max, in retransmission intervals will be 3 s, 6 s,
1438 12 s, 20 s, and 20 s; retransmissions then stop because
1439 the maximum number of retries has been reached."
1441 " PacketCable Security Specification."
1443 ::= { pktcMtaDevRealmEntry 7 }
1445 pktcMtaDevRealmUnsolicitedKeyMaxRetries OBJECT-TYPE
1446 SYNTAX Unsigned32 (0..1024)
1447 MAX-ACCESS read-create
1450 " This object specifies the maximum number of retries the
1451 MTA attempts to obtain a ticket from the KDC.
1453 Unsolicited key updates are retransmitted according to an
1454 exponential back-off mechanism using two timers and a
1455 maximum retry counter for AS replies.
1456 The initial retransmission timer value is the nominal
1457 timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The
1458 retransmissions occur with an exponentially increasing
1459 interval that caps at the maximum timeout value
1460 (pktcMtaDevRealmUnsolicitedKeyMaxTimeout).
1461 Retransmissions stop when the maximum retry counter is
1462 reached (pktcMatDevRealmUnsolicitedMaxRetries).
1464 For example, with values of 3 seconds for the nominal
1465 timer, 20 seconds for the maximum timeout, and 5 retries
1466 max, retransmission intervals will be 3 s, 6 s,
1467 12 s, 20 s, and 20 s; retransmissions then stop because
1468 the maximum number of retries has been reached."
1470 " PacketCable Security Specification."
1475 ::= { pktcMtaDevRealmEntry 8 }
1477 pktcMtaDevRealmStatus OBJECT-TYPE
1479 MAX-ACCESS read-create
1482 " This object defines the row status of this realm in the
1483 realm table (pktcMtaDevRealmTable).
1485 An entry in this table is not qualified for activation
1486 until the object instances of all corresponding columns
1487 have been initialized, either by default values, or via
1488 explicit SET operations. Until all object instances in
1489 this row are initialized, the status value for this realm
1490 must be 'notReady(3)'.
1491 In particular, two columnar objects must be explicitly
1492 SET: the realm name (pktcMtaDevRealmName) and the
1493 organization name (pktcMtaDevRealmOrgName). Once these 2
1494 objects have been set and the row status is SET to
1495 'active(1)', the MTA MUST NOT allow any modification of
1496 these 2 object values.
1497 The value of this object has no effect on whether other
1498 columnar objects in this row can be modified."
1499 ::= { pktcMtaDevRealmEntry 9 }
1501 --=================================================================
1503 -- The CMS table, pktcMtaDevCmsTable
1505 -- The CMS table and the realm table (pktcMtaDevRealmTable) are used
1506 -- for managing the MTA signaling security. The CMS table defines
1507 -- the CMSes the MTA is allowed to communicate with and contains
1508 -- the parameters describing the SA establishment between the MTA
1510 -- The CMS table is indexed by pktcMtaDevCmsIndex. The table
1511 -- contains the CMS FQDN (pktcMtaDevCmsFQDN) and the associated
1512 -- Kerberos realm name (pktcMtaDevCmsKerbRealmName) so that the MTA
1513 -- can find the corresponding Kerberos realm name in the
1514 -- pktcMtaDevRealmTable.
1516 --=================================================================
1518 pktcMtaDevCmsAvailSlot OBJECT-TYPE
1519 SYNTAX Unsigned32 (0..128)
1520 MAX-ACCESS read-only
1526 " This object contains the index number of the first
1527 available entry in the CMS table (pktcMtaDevCmsTable).
1528 If all the entries in the CMS table have been assigned,
1529 this object contains the value of zero.
1530 A management station should create new entries in the
1531 CMS table, using the following procedure:
1533 First, issue a management protocol retrieval operation
1534 to determine the value of the first available index in the
1535 CMS table (pktcMtaDevCmsAvailSlot).
1537 Second, issue a management protocol SET operation
1538 to create an instance of the pktcMtaDevCmsStatus
1539 object by setting its value to 'createAndWait(5)'.
1541 Third, if the SET operation succeeded, continue
1542 modifying the object instances corresponding to the newly
1543 created conceptual row, without fear of collision with
1544 other management stations. When all necessary conceptual
1545 columns of the row are properly populated (via SET
1546 operations or default values), the management station may
1547 SET the pktcMtaDevCmsStatus object to 'active(1)'."
1548 ::= { pktcMtaDevSecurity 7 }
1550 pktcMtaDevCmsTable OBJECT-TYPE
1551 SYNTAX SEQUENCE OF PktcMtaDevCmsEntry
1552 MAX-ACCESS not-accessible
1555 " This object defines the CMS table.
1556 The CMS table (pktcMtaDevCmsTable) and the realm table
1557 (pktcMtaDevRealmTable) are used for managing security
1558 between the MTA and CMSes. Each CMS table entry defines
1559 a CMS the managed MTA is allowed to communicate with
1560 and contains security parameters for key management with
1562 ::= { pktcMtaDevSecurity 8 }
1564 pktcMtaDevCmsEntry OBJECT-TYPE
1565 SYNTAX PktcMtaDevCmsEntry
1566 MAX-ACCESS not-accessible
1569 " This table entry object lists the MTA key management
1570 parameters used when establishing Security Associations
1571 with a CMS. The conceptual rows MUST NOT persist across
1573 INDEX { pktcMtaDevCmsIndex }
1577 ::= { pktcMtaDevCmsTable 1 }
1579 PktcMtaDevCmsEntry ::= SEQUENCE {
1580 pktcMtaDevCmsIndex Unsigned32,
1581 pktcMtaDevCmsFqdn SnmpAdminString,
1582 pktcMtaDevCmsKerbRealmName SnmpAdminString,
1583 pktcMtaDevCmsMaxClockSkew Unsigned32,
1584 pktcMtaDevCmsSolicitedKeyTimeout Unsigned32,
1585 pktcMtaDevCmsUnsolicitedKeyMaxTimeout Unsigned32,
1586 pktcMtaDevCmsUnsolicitedKeyNomTimeout Unsigned32,
1587 pktcMtaDevCmsUnsolicitedKeyMaxRetries Unsigned32,
1588 pktcMtaDevCmsIpsecCtrl TruthValue,
1589 pktcMtaDevCmsStatus RowStatus
1592 pktcMtaDevCmsIndex OBJECT-TYPE
1593 SYNTAX Unsigned32 (1..128)
1594 MAX-ACCESS not-accessible
1597 " This object defines the CMS table index."
1598 ::= { pktcMtaDevCmsEntry 1 }
1600 pktcMtaDevCmsFqdn OBJECT-TYPE
1601 SYNTAX SnmpAdminString (SIZE(1..255))
1602 MAX-ACCESS read-create
1605 " This object specifies the CMS FQDN. The MTA must
1606 prohibit the instantiation of any two rows with identical
1607 FQDNs. The MTA must also verify that any search and/or
1608 comparison operation involving a CMS FQDN is case
1609 insensitive. The MTA must resolve the CMS FQDN as required
1610 by the corresponding PacketCable Specifications."
1612 " PacketCable MTA Device Provisioning Specification;
1613 PacketCable Security Specification;
1614 PacketCable Network-Based Call Signaling Protocol
1616 ::= { pktcMtaDevCmsEntry 2 }
1618 pktcMtaDevCmsKerbRealmName OBJECT-TYPE
1619 SYNTAX SnmpAdminString (SIZE(1..255))
1620 MAX-ACCESS read-create
1623 " This object identifies the Kerberos realm name in uppercase
1624 characters associated with the CMS defined in this
1628 conceptual row. The object value is a reference
1629 point to the corresponding Kerberos realm name in the
1630 realm table (pktcMtaDevRealmTable)."
1631 ::= { pktcMtaDevCmsEntry 3 }
1633 pktcMtaDevCmsMaxClockSkew OBJECT-TYPE
1634 SYNTAX Unsigned32 (1..1800)
1636 MAX-ACCESS read-create
1639 " This object specifies the maximum allowable clock skew
1640 between the MTA and the CMS defined in this row."
1642 ::= { pktcMtaDevCmsEntry 4 }
1644 pktcMtaDevCmsSolicitedKeyTimeout OBJECT-TYPE
1645 SYNTAX Unsigned32 (100..30000)
1646 UNITS "milliseconds"
1647 MAX-ACCESS read-create
1650 " This object defines a Kerberos Key Management timer on the
1651 MTA. It is the time period during which the MTA saves the
1652 nonce and Server Kerberos Principal Identifier to match an
1653 AP Request and its associated AP Reply response from the
1654 CMS. This timer only applies when the CMS initiated key
1655 management (with a Wake Up message or a Rekey message)."
1657 " PacketCable Security Specification."
1659 ::= { pktcMtaDevCmsEntry 5 }
1661 --=================================================================
1663 -- Unsolicited key updates are retransmitted according to an
1664 -- exponential back-off mechanism using two timers and a maximum
1665 -- retry counter for AS replies.
1666 -- The initial retransmission timer value is the nominal timer
1667 -- value (pktcMtaDevCmsUnsolicitedKeyNomTimeout). The
1668 -- retransmissions occur with an exponentially increasing interval
1669 -- that caps at the maximum timeout value
1670 -- (pktcMtaDevCmsUnsolicitedKeyMaxTimeout).
1671 -- Retransmissions stop when the maximum retry counter is reached
1672 -- (pktcMatDevCmsUnsolicitedMaxRetries).
1673 -- For example, with values of 3 seconds for the nominal
1674 -- timer, 20 seconds for the maximum timeout, and 5 retries max,
1675 -- retransmission intervals will be 3 s, 6 s, 12 s,
1679 -- 20 s, and 20 s; retransmissions then stop due to the
1680 -- maximum number of retries reached.
1682 --=================================================================
1684 pktcMtaDevCmsUnsolicitedKeyMaxTimeout OBJECT-TYPE
1685 SYNTAX Unsigned32 (1..600)
1687 MAX-ACCESS read-create
1690 " This object defines the timeout value that only applies
1691 to an MTA-initiated key management exchange. It is the
1692 maximum timeout, and it may not be exceeded in the
1693 exponential back-off algorithm."
1695 " PacketCable Security Specification."
1697 ::= { pktcMtaDevCmsEntry 6 }
1699 pktcMtaDevCmsUnsolicitedKeyNomTimeout OBJECT-TYPE
1700 SYNTAX Unsigned32 (100..30000)
1701 UNITS "milliseconds"
1702 MAX-ACCESS read-create
1705 " This object defines the starting value of the timeout
1706 for an MTA-initiated key management. It should account for
1707 the average roundtrip time between the MTA and the CMS and
1708 the processing time on the CMS."
1710 " PacketCable Security Specification."
1712 ::= { pktcMtaDevCmsEntry 7 }
1714 pktcMtaDevCmsUnsolicitedKeyMaxRetries OBJECT-TYPE
1715 SYNTAX Unsigned32 (0..1024)
1716 MAX-ACCESS read-create
1719 " This object contains the maximum number of retries before
1720 the MTA stops attempting to establish a Security
1721 Association with the CMS."
1723 " PacketCable Security Specification."
1725 ::= { pktcMtaDevCmsEntry 8 }
1730 pktcMtaDevCmsIpsecCtrl OBJECT-TYPE
1732 MAX-ACCESS read-only
1735 " This object specifies the MTA IPSec control flag.
1736 If the object value is 'true', the MTA must use Kerberos
1737 Key Management and IPsec to communicate with this CMS. If
1738 it is 'false', IPSec Signaling Security and Kerberos key
1739 management are disabled for this specific CMS."
1741 ::= { pktcMtaDevCmsEntry 9 }
1743 pktcMtaDevCmsStatus OBJECT-TYPE
1745 MAX-ACCESS read-create
1748 " This object defines the row status associated with this
1749 particular CMS in the CMS table (pktcMtaDevCmsTable).
1751 An entry in this table is not qualified for activation
1752 until the object instances of all corresponding columns
1753 have been initialized, either by default values or via
1754 explicit SET operations. Until all object instances in
1755 this row are initialized, the status value for this realm
1756 must be 'notReady(3)'.
1757 In particular, two columnar objects must be SET: the
1758 CMS FQDN (pktcMtaDevCmsFqdn) and the Kerberos realm name
1759 (pktcMtaDevCmsKerbRealmName). Once these 2 objects have
1760 been set and the row status is SET to 'active(1)', the MTA
1761 MUST NOT allow any modification of these 2 object values.
1763 The value of this object has no effect on
1764 whether other columnar objects in this row can be
1766 ::= { pktcMtaDevCmsEntry 10 }
1768 pktcMtaDevResetKrbTickets OBJECT-TYPE
1770 invalidateProvOnReboot (0),
1771 invalidateAllCmsOnReboot (1)
1773 MAX-ACCESS read-write
1776 " This object defines a Kerberos Ticket Control Mask that
1777 instructs the MTA to invalidate the specific Application
1781 Server Kerberos ticket(s) that are stored locally in the
1782 MTA NVRAM (non-volatile or persistent memory).
1783 If the MTA does not store Kerberos tickets in NVRAM, it
1784 MUST ignore setting of this object and MUST report a BITS
1785 value of zero when the object is read.
1786 If the MTA supports Kerberos tickets storage in NVRAM, the
1787 object value is encoded as follows:
1788 - Setting the invalidateProvOnReboot bit (bit 0) to 1
1789 means that the MTA MUST invalidate the Kerberos
1790 Application Ticket(s) for the Provisioning Application
1791 at the next MTA reboot if secure SNMP provisioning mode
1792 is used. In non-secure provisioning modes, the MTA MUST
1793 return an 'inconsistentValue' in response to SNMP SET
1794 operations with a bit 0 set to 1.
1795 - Setting the invalidateAllCmsOnReboot bit (bit 1) to 1
1796 means that the MTA MUST invalidate the Kerberos
1797 Application Ticket(s) for all CMSes currently assigned
1798 to the MTA endpoints.
1799 If a value is written into an instance of
1800 pktcMtaDevResetKrbTickets, the agent MUST retain the
1801 supplied value across an MTA re-initialization or
1804 "PacketCable Security Specification."
1806 ::= { pktcMtaDevSecurity 9 }
1809 -- The following group, pktcMtaDevErrors, defines an OID
1810 -- corresponding to error conditions encountered during the MTA
1814 pktcMtaDevErrorsTooManyErrors OBJECT-IDENTITY
1817 "This object defines the OID corresponding to the error
1818 condition when too many errors are encountered in the
1819 MTA configuration file during provisioning."
1820 ::= { pktcMtaDevErrors 1 }
1822 pktcMtaDevProvisioningEnrollment NOTIFICATION-TYPE
1825 pktcMtaDevSwCurrentVers,
1826 pktcMtaDevTypeIdentifier,
1828 pktcMtaDevCorrelationId
1835 " This INFORM notification is issued by the MTA to initiate
1836 the PacketCable provisioning process when the MTA SNMP
1837 enrollment mechanism is used.
1838 It contains the system description, the current software
1839 version, the MTA device type identifier, the MTA MAC
1840 address (obtained in the MTA ifTable in the ifPhysAddress
1841 object that corresponds to the ifIndex 1), and a
1843 ::= { pktcMtaNotification 1 }
1845 pktcMtaDevProvisioningStatus NOTIFICATION-TYPE
1848 pktcMtaDevCorrelationId,
1849 pktcMtaDevProvisioningState
1853 " This INFORM notification may be issued by the MTA to
1854 confirm the completion of the PacketCable provisioning
1855 process, and to report its provisioning completion
1857 It contains the MTA MAC address (obtained in the MTA
1858 ifTable in the ifPhysAddress object that corresponds
1859 to the ifIndex 1), a correlation ID and the MTA
1860 provisioning state as defined in
1861 pktcMtaDevProvisioningState."
1862 ::= { pktcMtaNotification 2 }
1865 -- Compliance Statements
1868 pktcMtaCompliances OBJECT IDENTIFIER ::= { pktcMtaConformance 1 }
1869 pktcMtaGroups OBJECT IDENTIFIER ::= { pktcMtaConformance 2 }
1871 pktcMtaBasicCompliance MODULE-COMPLIANCE
1874 " The compliance statement for MTA devices that implement
1875 PacketCable or IPCablecom requirements.
1877 This compliance statement applies to MTA implementations
1878 that support PacketCable 1.0 or IPCablecom requirements,
1879 which are not IPv6-capable at the time of this
1885 MODULE -- Unconditionally mandatory groups for MTAs
1889 pktcMtaNotificationGroup
1892 OBJECT pktcMtaDevDhcpServerAddressType
1893 SYNTAX InetAddressType { ipv4(1) }
1895 " Support for address types other than 'ipv4(1)'
1896 is not presently specified and therefore is not
1897 required. It may be defined in future versions of
1900 OBJECT pktcMtaDevDnsServerAddressType
1901 SYNTAX InetAddressType { ipv4(1) }
1903 " Support for address types other than 'ipv4(1)'
1904 is not presently specified and therefore is not
1905 required. It may be defined in future versions of
1908 OBJECT pktcMtaDevTimeServerAddressType
1909 SYNTAX InetAddressType { ipv4(1) }
1911 " Support for address types other than 'ipv4(1)'
1912 is not presently specified and therefore is not
1913 required. It may be defined in future versions of
1916 OBJECT pktcMtaDevServerDhcp1
1917 SYNTAX InetAddress (SIZE(4))
1919 "An implementation is only required to support IPv4
1920 addresses. Other address types support may be defined in
1921 future versions of this MIB module."
1923 OBJECT pktcMtaDevServerDhcp2
1924 SYNTAX InetAddress (SIZE(4))
1926 "An implementation is only required to support IPv4
1927 addresses. Other address types support may be defined in
1928 future versions of this MIB module."
1930 OBJECT pktcMtaDevServerDns1
1934 SYNTAX InetAddress (SIZE(4))
1936 "An implementation is only required to support IPv4
1937 addresses. Other address types support may be defined in
1938 future versions of this MIB module."
1940 OBJECT pktcMtaDevServerDns2
1941 SYNTAX InetAddress (SIZE(4))
1943 "An implementation is only required to support IPv4
1944 addresses. Other address types support may be defined in
1945 future versions of this MIB module."
1947 OBJECT pktcMtaDevTimeServer
1948 SYNTAX InetAddress (SIZE(4))
1950 "An implementation is only required to support IPv4
1951 addresses. Other address types support may be defined in
1952 future versions of this MIB module."
1954 OBJECT pktcMtaDevProvConfigEncryptAlg
1955 SYNTAX PktcMtaDevProvEncryptAlg
1957 "An implementation is only required to support
1958 values of none(0) and des64Cbcmode(1).
1959 An IV of zero is used to encrypt in des64Cbcmode, and
1960 the length of pktcMtaDevProvConfigKey is 64 bits, as
1961 defined in the PacketCable Security specification.
1962 Other encryption types may be defined in future
1963 versions of this MIB module."
1965 OBJECT pktcMtaDevRealmOrgName
1966 SYNTAX LongUtf8String (SIZE (1..384))
1968 "The Organization Name field in X.509 certificates
1969 can contain up to 64 UTF-8 encoded characters,
1970 as defined in RFCs 3280 and 4630. Therefore, compliant
1971 devices are only required to support Organization
1972 Name values of up to 64 UTF-8 encoded characters.
1973 Given that RFCs 3280 and 4630 define the UTF-8 encoding,
1974 compliant devices must support a maximum size of 384
1975 octets for pktcMtaDevRealmOrgName. The calculation of
1976 384 octets comes from the RFC 3629 UTF-8 encoding
1977 definition whereby the UTF-8 encoded characters
1978 are encoded as sequences of 1 to 6 octets,
1979 assuming that code points as high as 0x7ffffffff
1980 might be used. Subsequent versions of Unicode and ISO
1981 10646 have limited the upper bound to 0x10ffff.
1985 Consequently, the current version of UTF-8, defined in
1986 RFC 3629, does not require more than four octets to
1987 encode a valid code point."
1989 ::= { pktcMtaCompliances 1 }
1991 pktcMtaGroup OBJECT-GROUP
1994 pktcMtaDevSerialNumber,
1995 pktcMtaDevSwCurrentVers,
1997 pktcMtaDevEndPntCount,
1999 pktcMtaDevProvisioningCounter,
2001 pktcMtaDevErrorValue,
2002 pktcMtaDevErrorReason,
2003 pktcMtaDevTypeIdentifier,
2004 pktcMtaDevProvisioningState,
2005 pktcMtaDevHttpAccess,
2006 pktcMtaDevCertificate,
2007 pktcMtaDevCorrelationId,
2008 pktcMtaDevManufacturerCertificate,
2009 pktcMtaDevDhcpServerAddressType,
2010 pktcMtaDevDnsServerAddressType,
2011 pktcMtaDevTimeServerAddressType,
2012 pktcMtaDevProvConfigEncryptAlg,
2013 pktcMtaDevServerDhcp1,
2014 pktcMtaDevServerDhcp2,
2015 pktcMtaDevServerDns1,
2016 pktcMtaDevServerDns2,
2017 pktcMtaDevTimeServer,
2018 pktcMtaDevConfigFile,
2019 pktcMtaDevSnmpEntity,
2020 pktcMtaDevRealmPkinitGracePeriod,
2021 pktcMtaDevRealmTgsGracePeriod,
2022 pktcMtaDevRealmAvailSlot,
2023 pktcMtaDevRealmName,
2024 pktcMtaDevRealmOrgName,
2025 pktcMtaDevRealmUnsolicitedKeyMaxTimeout,
2026 pktcMtaDevRealmUnsolicitedKeyNomTimeout,
2027 pktcMtaDevRealmUnsolicitedKeyMaxRetries,
2028 pktcMtaDevRealmStatus,
2029 pktcMtaDevCmsAvailSlot,
2031 pktcMtaDevCmsKerbRealmName,
2032 pktcMtaDevCmsUnsolicitedKeyMaxTimeout,
2036 pktcMtaDevCmsUnsolicitedKeyNomTimeout,
2037 pktcMtaDevCmsUnsolicitedKeyMaxRetries,
2038 pktcMtaDevCmsSolicitedKeyTimeout,
2039 pktcMtaDevCmsMaxClockSkew,
2040 pktcMtaDevCmsIpsecCtrl,
2041 pktcMtaDevCmsStatus,
2042 pktcMtaDevResetKrbTickets,
2043 pktcMtaDevProvUnsolicitedKeyMaxTimeout,
2044 pktcMtaDevProvUnsolicitedKeyNomTimeout,
2045 pktcMtaDevProvUnsolicitedKeyMaxRetries,
2046 pktcMtaDevProvKerbRealmName,
2047 pktcMtaDevProvSolicitedKeyTimeout,
2048 pktcMtaDevProvConfigHash,
2049 pktcMtaDevProvConfigKey,
2050 pktcMtaDevProvState,
2051 pktcMtaDevProvisioningTimer,
2052 pktcMtaDevTelephonyRootCertificate
2056 " A collection of objects for managing PacketCable or
2057 IPCablecom MTA implementations."
2058 ::= { pktcMtaGroups 1 }
2060 pktcMtaNotificationGroup NOTIFICATION-GROUP
2062 pktcMtaDevProvisioningStatus,
2063 pktcMtaDevProvisioningEnrollment
2067 " A collection of notifications dealing with the change of
2068 MTA provisioning status."
2069 ::= { pktcMtaGroups 2 }
2071 pktcMtaBasicSmtaCompliance MODULE-COMPLIANCE
2074 " The compliance statement for S-MTA devices
2075 that implement PacketCable or IPCablecom requirements.
2077 This compliance statement applies to S-MTA implementations
2078 that support PacketCable or IPCablecom requirements,
2079 which are not IPv6-capable at the time of this
2082 MODULE -- Unconditionally Mandatory Groups for S-MTA devices
2088 pktcMtaNotificationGroup
2091 OBJECT pktcMtaDevDhcpServerAddressType
2092 SYNTAX InetAddressType { ipv4(1) }
2094 " Support for address types other than 'ipv4(1)'
2095 is not presently specified and therefore is not
2096 required. It may be defined in future versions of
2099 OBJECT pktcMtaDevDnsServerAddressType
2100 SYNTAX InetAddressType { ipv4(1) }
2102 " Support for address types other than 'ipv4(1)'
2103 is not presently specified and therefore is not
2104 required. It may be defined in future versions of
2107 OBJECT pktcMtaDevTimeServerAddressType
2108 SYNTAX InetAddressType { ipv4(1) }
2110 " Support for address types other than 'ipv4(1)'
2111 is not presently specified and therefore is not
2112 required. It may be defined in future versions of
2115 OBJECT pktcMtaDevServerDhcp1
2116 SYNTAX InetAddress (SIZE(4))
2118 "An implementation is only required to support IPv4
2119 addresses. Other address types support may be defined in
2120 future versions of this MIB module."
2122 OBJECT pktcMtaDevServerDhcp2
2123 SYNTAX InetAddress (SIZE(4))
2125 "An implementation is only required to support IPv4
2126 addresses. Other address types support may be defined in
2127 future versions of this MIB module."
2129 OBJECT pktcMtaDevServerDns1
2130 SYNTAX InetAddress (SIZE(4))
2132 "An implementation is only required to support IPv4
2133 addresses. Other address types support may be defined in
2134 future versions of this MIB module."
2139 OBJECT pktcMtaDevServerDns2
2140 SYNTAX InetAddress (SIZE(4))
2142 "An implementation is only required to support IPv4
2143 addresses. Other address types support may be defined in
2144 future versions of this MIB module."
2146 OBJECT pktcMtaDevTimeServer
2147 SYNTAX InetAddress (SIZE(4))
2149 "An implementation is only required to support IPv4
2150 addresses. Other address types support may be defined in
2151 future versions of this MIB module."
2153 OBJECT pktcMtaDevProvConfigEncryptAlg
2154 SYNTAX PktcMtaDevProvEncryptAlg
2156 "An implementation is only required to support
2157 values of none(0) and des64Cbcmode(1).
2158 An IV of zero is used to encrypt in des64Cbcmode, and
2159 the length of pktcMtaDevProvConfigKey is 64 bits, as
2160 defined in the PacketCable Security specification.
2161 Other encryption types may be defined in future
2162 versions of this MIB module."
2164 OBJECT pktcMtaDevRealmOrgName
2165 SYNTAX LongUtf8String (SIZE (1..384))
2167 "The Organization Name field in X.509 certificates
2168 can contain up to 64 UTF-8 encoded characters, as
2169 defined in RFCs 3280 and 4630. Therefore, compliant
2170 devices are only required to support Organization
2171 Name values of up to 64 UTF-8 encoded characters.
2172 Given that RFCs 3280 and 4630 define the UTF-8 encoding,
2173 compliant devices must support a maximum size of 384
2174 octets for pktcMtaDevRealmOrgName. The calculation of
2175 384 octets comes from the RFC 3629 UTF-8 encoding
2176 definition whereby the UTF-8 encoded characters
2177 are encoded as sequences of 1 to 6 octets,
2178 assuming that code points as high as 0x7ffffffff
2179 might be used. Subsequent versions of Unicode and ISO
2180 10646 have limited the upper bound to 0x10ffff.
2181 Consequently, the current version of UTF-8, defined in
2182 RFC 3629 does not require more than four octets to
2183 encode a valid code point."
2184 MODULE DOCS-CABLE-DEVICE-MIB
2189 docsDevSoftwareGroupV2
2192 MODULE DOCS-IETF-BPI2-MIB
2194 docsBpi2CodeDownloadGroup
2197 ::= { pktcMtaCompliances 2 }