PPP-SEC-MIB DEFINITIONS ::= BEGIN IMPORTS Counter FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 ppp FROM PPP-LCP-MIB; pppSecurity OBJECT IDENTIFIER ::= { ppp 2 } pppSecurityProtocols OBJECT IDENTIFIER ::= { pppSecurity 1 } -- The following uniquely identify the various protocols -- used by PPP security. These OBJECT IDENTIFIERS are -- used in the pppSecurityConfigProtocol and -- pppSecuritySecretsProtocol objects to identify to which -- protocols the table entries apply. pppSecurityPapProtocol OBJECT IDENTIFIER ::= { pppSecurityProtocols 1 } pppSecurityChapMD5Protocol OBJECT IDENTIFIER ::= { pppSecurityProtocols 2 } -- PPP Security Group -- Implementation of this group is optional. -- This table allows the network manager to configure -- which security protocols are to be used on which -- link and in what order of preference each is to be tried pppSecurityConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF PppSecurityConfigEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table containing the configuration and preference parameters for PPP Security." ::= { pppSecurity 2 } pppSecurityConfigEntry OBJECT-TYPE SYNTAX PppSecurityConfigEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Security configuration information for a particular PPP link." INDEX { pppSecurityConfigLink, pppSecurityConfigPreference } ::= { pppSecurityConfigTable 1 } PppSecurityConfigEntry ::= SEQUENCE { pppSecurityConfigLink INTEGER, pppSecurityConfigPreference INTEGER, pppSecurityConfigProtocol OBJECT IDENTIFIER, pppSecurityConfigStatus INTEGER } pppSecurityConfigLink OBJECT-TYPE SYNTAX INTEGER(0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "The value of ifIndex that identifies the entry in the interface table that is associated with the local PPP entity's link for which this particular security algorithm shall be attempted. A value of 0 indicates the default algorithm - i.e., this entry applies to all links for which explicit entries in the table do not exist." ::= { pppSecurityConfigEntry 1 } pppSecurityConfigPreference OBJECT-TYPE SYNTAX INTEGER(0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "The relative preference of the security protocol identified by pppSecurityConfigProtocol. Security protocols with lower values of pppSecurityConfigPreference are tried before protocols with higher values of pppSecurityConfigPreference." ::= { pppSecurityConfigEntry 2 } pppSecurityConfigProtocol OBJECT-TYPE SYNTAX OBJECT IDENTIFIER ACCESS read-write STATUS mandatory DESCRIPTION "Identifies the security protocol to be attempted on the link identified by pppSecurityConfigLink at the preference level identified by pppSecurityConfigPreference. " ::= { pppSecurityConfigEntry 3 } pppSecurityConfigStatus OBJECT-TYPE SYNTAX INTEGER { invalid(1), valid(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Setting this object to the value invalid(1) has the effect of invalidating the corresponding entry in the pppSecurityConfigTable. It is an implementation-specific matter as to whether the agent removes an invalidated entry from the table. Accordingly, management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use. Proper interpretation of such entries requires examination of the relevant pppSecurityConfigStatus object." DEFVAL { valid } ::= { pppSecurityConfigEntry 4 } -- This table contains all of the ID/Secret pair information. pppSecuritySecretsTable OBJECT-TYPE SYNTAX SEQUENCE OF PppSecuritySecretsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table containing the identities and secrets used by the PPP authentication protocols. As this table contains secret information, it is expected that access to this table be limited to those SNMP Party-Pairs for which a privacy protocol is in use for all SNMP messages that the parties exchange. This table contains both the ID and secret pair(s) that the local PPP entity will advertise to the remote entity and the pair(s) that the local entity will expect from the remote entity. This table allows for multiple id/secret password pairs to be specified for a particular link by using the pppSecuritySecretsIdIndex object." ::= { pppSecurity 3 } pppSecuritySecretsEntry OBJECT-TYPE SYNTAX PppSecuritySecretsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Secret information." INDEX { pppSecuritySecretsLink, pppSecuritySecretsIdIndex } ::= { pppSecuritySecretsTable 1 } PppSecuritySecretsEntry ::= SEQUENCE { pppSecuritySecretsLink INTEGER, pppSecuritySecretsIdIndex INTEGER, pppSecuritySecretsDirection INTEGER, pppSecuritySecretsProtocol OBJECT IDENTIFIER, pppSecuritySecretsIdentity OCTET STRING, pppSecuritySecretsSecret OCTET STRING, pppSecuritySecretsStatus INTEGER } pppSecuritySecretsLink OBJECT-TYPE SYNTAX INTEGER(0..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "The link to which this ID/Secret pair applies. By convention, if the value of this object is 0 then the ID/Secret pair applies to all links." ::= { pppSecuritySecretsEntry 1 } pppSecuritySecretsIdIndex OBJECT-TYPE SYNTAX INTEGER(0..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each ID/Secret pair that has been defined for use on this link. This allows multiple ID/Secret pairs to be defined for each link. How the local entity selects which pair to use is a local implementation decision." ::= { pppSecuritySecretsEntry 2 } pppSecuritySecretsDirection OBJECT-TYPE SYNTAX INTEGER { local-to-remote(1), remote-to-local(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the direction in which a particular ID/Secret pair is valid. If this object is local-to-remote then the local PPP entity will use the ID/Secret pair when attempting to authenticate the local PPP entity to the remote PPP entity. If this object is remote-to-local then the local PPP entity will expect the ID/Secret pair to be used by the remote PPP entity when the remote PPP entity attempts to authenticate itself to the local PPP entity." ::= { pppSecuritySecretsEntry 3 } pppSecuritySecretsProtocol OBJECT-TYPE SYNTAX OBJECT IDENTIFIER ACCESS read-write STATUS mandatory DESCRIPTION "The security protocol (e.g. CHAP or PAP) to which this ID/Secret pair applies." ::= { pppSecuritySecretsEntry 4 } pppSecuritySecretsIdentity OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "The Identity of the ID/Secret pair. The actual format, semantics, and use of pppSecuritySecretsIdentity depends on the actual security protocol used. For example, if pppSecuritySecretsProtocol is pppSecurityPapProtocol then this object will contain a PAP Peer-ID. If pppSecuritySecretsProtocol is pppSecurityChapMD5Protocol then this object would contain the CHAP NAME parameter." ::= { pppSecuritySecretsEntry 5 } pppSecuritySecretsSecret OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "The secret of the ID/Secret pair. The actual format, semantics, and use of pppSecuritySecretsSecret depends on the actual security protocol used. For example, if pppSecuritySecretsProtocol is pppSecurityPapProtocol then this object will contain a PAP Password. If pppSecuritySecretsProtocol is pppSecurityChapMD5Protocol then this object would contain the CHAP MD5 Secret." ::= { pppSecuritySecretsEntry 6 } pppSecuritySecretsStatus OBJECT-TYPE SYNTAX INTEGER { invalid(1), valid(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Setting this object to the value invalid(1) has the effect of invalidating the corresponding entry in the pppSecuritySecretsTable. It is an implementation-specific matter as to whether the agent removes an invalidated entry from the table. Accordingly, management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use. Proper interpretation of such entries requires examination of the relevant pppSecuritySecretsStatus object." DEFVAL { valid } ::= { pppSecuritySecretsEntry 7 } END