CISCO-TRUSTSEC-SXP-MIB: View SNMP OID List / Download MIB

This MIB module is for the configuration and status query of SGT Exchange Protocol over TCP (SXPoTCP) feature of the device on the Cisco's Trusted Security (TrustSec) system. Security Group Tag (SGT) identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud. SXPoTCP protocol extends the original SGT Exchange Protocol (SXP) protocol to enable a much wider array of deployment scenarios. This MIB uses the term SXP to refer to SXPoTCP. TrustSec secures a network fabric by authenticating and authorizing each device connecting to the network, allowing for the encryption, authentication and replay protection of data traffic on a hop by hop basis. SXP allows the deployment of RBACL, a key component of the TrustSec architecture, in the absence of TrustSec capable hardware.

A ctsxSxpConnSourceAddrErrNotif is generated if the system is not able to establish SXP connection using ctsxSxpConnOperSourceAddr.

A ctsxSxpMsgParseErrNotif is generated if the system is not able to parse a received SXP message.

A ctsxSxpConnConfigErrNotif is generated if the system detects a configuration error for an SXP connection.

A ctsxSxpBindingErrNotif is generated if the address in the SGT mapping is not found in routing and forwarding table of the system.

A ctsxSxpConnUpNotif is generated if the ctsxSxpConnStatus for an SXP connection transitioned into 'on' state.

A ctsxSxpConnDownNotif is generated if ctsxSxpConnStatus for an SXP connection left the 'on' state and transitioned into some other state.

A ctsxSxpExpansionFailNotif is generated if the number of expanded SGT maps reaches the configured limit and the received SGT mapping can not be expanded.

A ctsxSxpOperNodeIdChangeNotif is generated if the value of ctsxSxpOperNodeId changes.

A ctsxSxpBindingConflictNotif is generated if the device receives conflicting SGT mapping information.

This object specifies if the SXP (Security Group Tag Exchange Protocol) functionality is enabled on the device.

This object specifies the type of encryption used to configure ctsxSxpConfigDefaultPassword string. When read, this object will always return 'other'. Value of this object must be set in the same PDU as ctsxSxpConfigDefaultPassword. Value of this object must be specified as 'clearText', 'typeSix' or 'typeSeven' to configure a non zero length password in ctsxSxpConfigDefaultPassword. Value for this object must be 'none' if ctsxSxpConfigDefaultPassword is a zero length string.

This object specifies the default password for SXP connections. The type of encryption used to configure this password is determined by ctsxSxpConfigDefaultPasswordType. When read, this object will always return a zero length string. The value of this object must be set in the same PDU as ctsxSxpConfigDefaultPasswordType. A non zero length password must be specified for this object if the value of ctsxSxpConfigDefaultPasswordType is other than 'none' or 'other'. Value for this object must be a zero length string if the value of ctsxSxpConfigDefaultPasswordType is 'none'. The purpose of this object is to only allow configuration of the default password. The ctsxSxpViewDefaultPassword object is used to display the default password.

This object indicates the type of encryption in use for ctsxSxpViewDefaultPassword.

This object indicates the default password for SXP connections. The type of encryption used to display this password is determined by the object ctsxSxpViewDefaultPasswordType. The purpose of this object is to only display the password. The ctsxSxpConfigDefaultPassword object is used to configure the password.

The type of Internet address of the default source address for SXP connections.

The Internet address to be used as default source address for SXP connections. The type of this address is determined by the ctsxSxpDefaultSourceAddrType object. This address will be used as source address for SXP connections that do not have specific source-IP address configured via ctsxSxpConnSourceAddr object.

This object specifies the amount of time after which the device will make the retry attempt for the SXP connections that are not setup successfully. A value of zero for this object indicates that the device will never try to establish connections that were not setup successfully.

This object specifies the amount of time after which system will initiate removal of SGT mappings for a reconciled connection. A value of zero for this object indicates that SGT mappings for a reconciled connection will never be deleted.

This object specifies if the system will generate system logging messages for SXP binding changes. A value of 'false' will prevent system from generating logging messages for SXP binding changes.

This object specifies the maximum number of SGT mapping entries that can be expanded on the system. Value of zero for this object indicates that SGT mapping expansion functionality is disabled.

This object indicates the number of SGT mapping entries currently expanded on the system.

This object specifies the administrative SXP node ID for this system. Setting this object to a non-zero value will clear the values in ctsxSxpNodeIdInterface and ctsxSxpNodeIdIpAddrType. This object can be set only if ctsxSxpEnable is 'false'.

This object specifies the interface to be used to select SXP node ID. Setting this object to a non-zero value will clear the values in ctsxSxpAdminNodeId and ctsxSxpNodeIdIpAddrType. This object can be set only if ctsxSxpEnable is 'false'.

This object specifies the type of Internet address to be used to select the SXP node ID.

This object specifies the Internet address to be used to select the SXP node ID. The type of this address is determined by ctsxSxpOperNodeIdIpAddrType object. Setting this object to a non-zero length value will clear the values in ctsxSxpAdminNodeId and ctsxSxpNodeIdInterface. This object can be set only if ctsxSxpEnable is 'false'.

This object indicates the operational SXP node ID of the system.

This object specifies the global minimum hold-time for SXP connections in 'speaker' mode.

This object specifies the global minimum hold-time for SXP connections in 'listener' mode. Value of this object must be lesser than ctsxSxpListenerMaxHoldTime.

This object specifies the global maximum hold-time for SXP connections in 'listener' mode. Value of this object must be greater than ctsxSxpListenerMinHoldTime.

The highest version of SXP protocol that this device supports. 'unknown' - The SXP protocol version capability for the device is unknown. 'one' - The device supports SXP protocol up to version 1. 'two' - The device supports SXP protocol up to version 2. 'three' - The device supports SXP protocol up to version 3. 'four' - The device supports SXP protocol up to version 4. Enumeration: 'four': 5, 'unknown': 1, 'three': 4, 'two': 3, 'one': 2.

A list of SXP peers configured on this device.

An entry containing management information of a particular SXP peers.

The name of the Virtual Routing and Forwarding (VRF) table associated with this SXP connection. A zero length string implies that connection will be setup in the default virtual routing and forwarding domain.

The type of Internet address of the peer SXP device.

The Internet address of the SXP peer device. The type of this address is determined by the value of ctsxSxpConnPeerAddrType object.

The type of source Internet address that is configured for this SXP connection.

The source Internet address configured for this SXP connection. The type of this address is determined by the value of ctsxSxpConnSourceAddrType object. When specified, value of this object takes precedence over the ctsxSxpDefaultSourceAddr object.

The type of source Internet address that is in in use for this SXP connection.

The source Internet address that is in use for this SXP connection. The type of this address is determined by the value of ctsxSxpConnSourceAddrType object.

This object specifies the type of password to be used for this SXP connection. 'none' - No password required for the SXP connection. 'default' - The default password which is specified by the object ctsxSxpViewDefaultPassword, will be used for the SXP connection. 'connectionSpecific' - The password specified by the ctsxSxpConnViewPassword object will be used for the connection. Enumeration: 'default': 2, 'none': 1, 'connectionSpecific': 3.

This object specifies the type of encryption used to configure ctsxSxpConnConfigPassword string. When read, this object will always return 'other'. Value for this object may be specified as 'clearText', 'typeSix' or 'typeSeven' if the value of the object ctsxSxpConnPasswordUsed is 'connectionSpecific'. Value for this object may not be specified if the value of ctsxSxpConnPasswordUsed is other than 'connectionSpecific'.

This object is used to specify the password for this connection. The type of encryption used to configure this password is determined by ctsxSxpConnConfigPasswordType. When read, this object will always return a zero length string. A non zero length password must be specified for this object if the value of ctsxSxpConnConfigPasswordType is other than 'none' or 'other'. A value for this object may not be specified if the value of ctsxSxpConnPasswordUsed is other than 'connectionSpecific'. The purpose of this object is to only allow configuration of the password. The ctsxSxpConnViewPassword object is used to display the password.

This object indicates the type of encryption in use for ctsxSxpConnViewPassword.

This object indicates the password associated with this connection. The type of encryption used to display this password is determined by the object ctsxSxpConnViewPasswordType. The purpose of this object is to only display the password. The ctsxSxpConnConfigPassword object is used to configure the password.

This object specifies if ctsxSxpConnMode is applicable for local or the peer device. A value of 'local' indicates that ctsxSxpConnMode applies to the local device in this SXP connection. A value of 'peer' indicates that ctsxSxpConnMode applies to the peer device in this SXP connection. Enumeration: 'peer': 2, 'local': 1.

This object specifies the device mode of this SXP connection. A value of 'speaker' indicates that device will acts as the speaker in this SXP connection. A value of 'listener' indicates that device will acts as the listener in this SXP connection. Enumeration: 'listener': 2, 'speaker': 1.

This object indicates the instance number associated with this SXP connection. The instance number is used to identify stale SGT mappings which need to be removed from the system.

The amount of time elapsed since change in status of this SXP connection.

This object indicates the status of this SXP connection. 'other' - Any other state not covered by below enumerations. 'off' - The SXP connection has been disconnected. SGT mappings are no longer learnt through SXP connection in this state. SGT mappings already learnt through this connection will be deleted. 'on' - The SXP connection has been successfully established. SGT mappings are learnt through this SXP connection. 'pendingOn' - A request to establish SXP connection has been sent to the peer and is pending. 'deleteHoldDown' - The SXP connection is not operational and delete hold-down timer has been started. If the SXP connection does not recover before the expiration of the hold-down timer, the SGT mappings learnt on this connection will be deleted. If the SXP connection recovers before the expiration of the hold-down timer, the SGT mappings learnt on this connection will not be deleted. Enumeration: 'deleteHoldDown': 5, 'on': 3, 'other': 1, 'off': 2, 'pendingOn': 4.

The numerical identifier associated with ctsxSxpConnVrfName.

The storage type of this conceptual row.

The status of this conceptual row. Once a row becomes active, only the value in ctsxSxpConnModeLocation, ctsxSxpConnMode ctsxSxpConnSpeakerMinHoldTime, ctsxSxpConnListenerMinHoldTime, and ctsxSxpConnListenerMaxHoldTime within each a row can be modified.

The version of SXP protocol in use for this connection. 'unknown' - Version of SXP protocol for this connection is unknown. 'one' - Connection is using version 1 of the SXP protocol. 'two' - Connection is using version 2 of the SXP protocol. 'three' - Connection is using version 3 of the SXP protocol. 'four' - Connection is using version 4 of the SXP protocol. Enumeration: 'four': 5, 'unknown': 1, 'three': 4, 'two': 3, 'one': 2.

This object specifies the minimum hold-time for this SXP connection when the device is acting as 'speaker'. Setting the object to zero indicates that the global value ctsxSxpSpeakerMinHoldTime will be used for the connection. Setting the object to 65535 indicates that the hold-time functionality has been disabled for the connection. Value of this object must be 65535 if the corresponding instance value of ctsxSxpConnListenerMinHoldTime is 65535. Value of this object should be ignored and can not be set if the corresponding instance values of ctsxSxpConnModeLocation is 'local' and ctsSxpConnMode is 'listener' or ctsxSxpConnModeLocation is 'peer' and ctsSxpConnMode is 'speaker'.

This object specifies the minimum hold-time for this SXP connection when the device is acting as 'listener'. Value of this object must be lesser than ctsxSxpConnListenerMaxHoldTime. Setting the object to zero indicates that the global value ctsxSxpListenerMinHoldTime will be used for the connection. Value of this object must be zero if the value of corresponding instance value of ctsxSxpConnListenerMaxHoldTime is zero. Setting the object to 65535 indicates that hold-time functionality has been disabled for the connection. Value of this object must be 65535 if the corresponding instance value of ctsxSxpConnListenerMaxHoldTime is 65535. Value of this object should be ignored and can not be set if the corresponding instance value of ctsxSxpConnModeLocation is 'local' and ctsSxpConnMode is 'speaker' or ctsxSxpConnModeLocation is 'peer' and ctsSxpConnMode is 'listener'.

This object specifies the maximum hold-time for this SXP connection when the device is acting as 'listener'. Value of this object must be greater than ctsxSxpConnListenerMinHoldTime. Setting the object to zero indicates that the global value ctsxSxpListenerMaxHoldTime will be used for the connection. Value of this object must be zero if the corresponding instance value of ctsxSxpConnListenerMinHoldTime is zero. Setting the object to 65535 indicates that hold-time functionality has been disabled for the connection. Value of this object must be 65535 if the corresponding instance value ctsxSxpConnListenerMinHoldTime is 65535. Value of this object should be ignored and can not be set if the corresponding instance value of ctsxSxpConnModeLocation is 'local' and ctsSxpConnMode is 'speaker' or ctsxSxpConnModeLocation is 'peer' and ctsSxpConnMode is 'listener'.

This object indicates the hold-time in use for this SXP connection. A value of 0 indicates that hold-time functionality has been disabled for this connection.

This object indicates the capability of SXP connection. Bits: 'subnet': 2, 'ipv4': 0, 'ipv6': 1.

A list of SGT mappings learnt by this device. If the value of ctsxSxpConnVersion is 'three' or above, this table populates entries for all mapping addresses without prefix. Addresses with prefix are not populated in this table. ctsxSxpSgtMapTable should be used in such case.

An entry containing management information about SGT mapping learnt by this device. An entry will be created for each SGT mappings the device learns via SXP. An entry will be deleted if SXP connection from where the SGT mappings was learnt is disconnected.

The VRF number identifying the VRF where this SGT mapping was learnt.

The type of IP address in this SGT mapping.

The IP address in this SGT mapping. The type of this address is determined by the value of ctsxIpSgtMappingAddrType object.

The type of IP address of the SXP peer device from where this SGT mapping was learnt.

The IP address of the peer SXP device from where this SGT mapping was learnt. The type of this address is determined by the value of ctsxIpSgtMappingPeerAddrType object.

The Security Group Tag (SGT) in this SGT mapping. ctsxIpSgtMappingAddr represents the IP address associated with this SGT.

This object indicates the instance number of the SXP connection from where this SGT mapping was learnt. The instance number is used to determine if an SGT mapping entry is stale and needs to be removed from the system.

The name of the VRF identified by ctsxIpSgtMappingVrfId.

This object indicates the status of this SGT mapping. 'other' - Any other state no covered by below enumerations. 'active' - The SGT mapping is currently active. Enumeration: 'active': 2, 'other': 1.

A list of SGT mappings learnt by this device.

An entry containing management information about SGT mapping learnt by this device. An entry will be created for each of the SGT mappings the device learns via SXP. An entry will be deleted if SXP connection from where the SGT mappings was learnt is disconnected.

The VRF number identifying the VRF where this SGT mapping was learnt.

The type of address in this SGT mapping.

The address in this SGT mapping. The type of this address is determined by the value of ctsxSxpSgtMapAddrType object.

This object indicates the length of the prefix associated with ctsxSxpSgtMapAddr. This object is always interpreted with the value of ctsxSxpSgtMapAddrType object.

The type of address of the SXP peer device from where this SGT mapping was learnt.

The address of the peer SXP device from where this SGT mapping was learnt. The type of this address is determined by the value of ctsxSxpSgtMapPeerAddrType object.

The Security Group Tag (SGT) in this SGT mapping. ctsxSxpSgtMapAddr represents the address associated with this SGT.

This object indicates the instance number of the SXP connection from where this SGT binding was learnt. The instance number is used to determine if an SGT mapping entry is stale and needs to be removed from the system.

The name of the VRF identified by ctsxEnahncedSgtMapVrfId.

The Peer Sequence associated with this SGT mapping entry. It is a sequence of node IDs though which SGT mapping has traversed. Each node ID is 4 octets long. The octets 1 to 4 represent the first node ID in the sequence, octets 5 to 8 represent the second node ID in the sequence and so on.

This object indicates the status of this SGT mapping. 'other' - Any other state no covered by below enumerations. 'active' - The SGT mapping is currently active. Enumeration: 'active': 2, 'other': 1.

This object specifies whether the system generates the ctsxSxpConnSourceAddrErrNotif. A value of 'false' will prevent ctsxSxpConnSourceAddrErrNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpMsgParseErrNotif. A value of 'false' will prevent ctsxSxpMsgParseErrNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpConnConfigErrNotif. A value of 'false' will prevent ctsxSxpConnConfigErrNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpBindingErrNotif. A value of 'false' will prevent ctsxSxpBindingErrNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpConnUpNotif. A value of 'false' will prevent ctsxSxpConnUpNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpConnDownNotif. A value of 'false' will prevent ctsxSxpConnDownNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpExpansionFailNotif. A value of 'false' will prevent ctsxSxpExpansionFailNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpOperNodeIdChangeNotif. A value of 'false' will prevent ctsxSxpOperNodeIdChangeNotif notifications from being generated by this system.

This object specifies whether the system generates the ctsxSxpBindingConflictNotif. A value of 'false' will prevent ctsxSxpBindingConflictNotif notifications from being generated by this system.

This object indicates the VRF name for which host SGT bindings cannot be expanded.

This object indicates the type of subnet address for which host SGT binding cannot be expanded.

This object indicates the subnet address for which host SGT binding cannot be expanded. The type of this address is determined by the value of ctsxSgtMapExpansionAddrType object.

This object indicates the length of the prefix associated with ctsxSgtMapExpansionAddr. This object is always interpreted with the value of ctsxSgtMapExpansionAddrType object.

This object indicates error message associated with notifications.

This object indicates the VRF name of the SXP connection on which conflicting SGT mapping was received.

This object indicates the type of Internet address in the conflicting SGT mapping.

This object indicates the Internet address in the conflicting SGT mapping. The type of this address is determined by the value of ctsxSgtMapConflictingAddrType object.

The existing value of Security Group Tag (SGT) in SGT mapping for which conflict has occurred.

The new value of Security Group Tag (SGT) in SGT mapping that conflicts with the existing SGT.

The SXP node ID that was in use by this SXP node and now replaced by a new SXP node ID represented by ctsxSxpOperNodeId.

The compliance statement for the CISCO-TRUSTSEC-SXP-MIB.

The compliance statement for the CISCO-TRUSTSEC-SXP-MIB.

The compliance statement for the CISCO-TRUSTSEC-SXP-MIB.

A collection of objects providing management functionality of global SXP configuration.

A collection of objects providing management functionality of SXP connections.

A collection of objects providing management functionality of SGT mapping for SXP.

A collection of object(s) providing version information for SXP.

A collection of object(s) providing logging control for SXP binding.

A collection of object(s) providing variable binding information for SXP notifications.

A collection of object(s) providing detailed error messages for SXP notifications.

A collection of object(s) providing SXP node ID information for the system.

A collection of objects providing management functionality of SGT mapping and expansion for SXP.

A collection of objects providing notification control for SXP.

A collection of notifications for SXP.

A collection of objects providing global hold-time information for SXP connections.

A collection of objects providing hold-time information for each SXP connection.

A collection of object(s) providing capability information for each SXP connection.

A collection of object(s) providing SXP version capability information.

A collection of object(s) providing Peer Sequence information.