--
-- security-management-mib.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 6.0  Build 88
-- Monday, March 13, 2006 at 18:53:18
--

--  security-management-mib.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Monday, February 27, 2006 at 19:18:22
-- 
--  SECURITY-MANAGEMENT-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, November 23, 2005 at 13:35:05
-- 
--  SECURITY-MANAGEMENT-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, April 20, 2005 at 16:07:15
-- 
--  SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, January 12, 2005 at 14:00:10
-- 
--  SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Tuesday, January 11, 2005 at 18:41:44
-- 
--  SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, September 15, 2004 at 13:47:14
-- 
--  SECURITYMANAGEMENTMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Sunday, June 27, 2004 at 18:06:47
-- 
-- ==========================================================
-- 
--  MIB      : SECURITYMANAGEMENTMIB                  Avaya 
-- 
--  Version  : 1.1.0
-- 
-- ==========================================================
-- 
--  Copyright 1999  2010 Avaya  Ltd.
--  All Rights Reserved.
-- 
--  Reproduction of this document is authorized on condition
--  that the foregoing copyright notice is included.
-- 
--  This Avaya SNMP Management Information Base 
--  Specification embodies Avaya confidential and
--  proprietary intellectual property.  Lucent Technologies retains all
--  title and ownership in the Specification, including any revisions
-- 
--  It is Avaya intent to encourage the widespread use of this
--  Specification in connection with the management of Avaya
--  products.
-- 
--  Avaya grants vendors, endusers, and other interested parties
--  a nonexclusive license to use this Specification in connection
--  with the management of Avaya products.
-- 
--  This Specification is supplied "as is," and Avaya makes
--  no warranty, either express or implied, as to the use,
--  operation, condition, or performance of the Specification.
--     
--==========================================================
--     
--  Version 1.1.0
--  24 Oct 2010
--  Adding traps which support IPv6. 
--  a. avUnAuthAccessEvent.
--  b. avAccountLockoutEvent.	
--  c. avIPv6AddressDuplicationEvent.
--  Shlomi biton
--       
--==========================================================
--
--  Version 1.0.12
--  15 Jun 2009
--  Adding arpInspection(23) enumeration to secMngProtoId.				 
--  Shlomi biton
--       
--==========================================================
--
--  Version 1.0.11
--  07 Feb 2008
--  Changing the secMngNumOfDays2Expire to 
--  Udi Ezra ; Shlomi biton
--==========================================================
--
--  Version 1.0.10
--  07 Feb 2008
--  Adding the trap avPasswordToExpireAlert 
--  Pesah Spector
-- ==========================================================
--
--  Version 1.0.9
--  11 Jan 2007
--  Adding avSecLocalDateAndTime - for setting date and time.
--
-- ==========================================================
--
--  Version 1.0.8
--  02 Nov 2006
--  Adding DNS Relay to dnsRelay(22) to secMngProtoId.
--
-- ==========================================================
-- 
--  Version 1.0.7
--  2 MAr 2005
--  Added support for MSS notification generated as result of DoS attacks 
--  or unauthenticated attempts - see definition in CID 104904. All 
--  new MIB objects - notification and varbinds are located under 
--  avMssNotifications MIB subtree.
-- 
-- ==========================================================
-- 
--  Version 1.0.6
--  11 Jan 2005
--  Added support for SYN cookies operational state monitoring, 
--  and configueration state monitoring/change.
--  The following items were added:
--  o secTcpSynCookies
--  o secTcpSynCkiOpState
--  o secTcpSynCkiCfgState
-- 
--  Changed by Nimrod Dezent
-- ==========================================================
-- 
--  Version 1.0.5
--  04 Oct 2004
--  Definition of DNS resolver enumerations. 
--  Adding dnsResolver(18) to secMngProtoId.
-- 
--  Changed by Shlomi Biton
-- ==========================================================
-- 
--  Version 1.0.4
--  04 July 2004
--  Add new mib object fipsEnhancedSecurityFlg under fip140 subtree 
-- 
--  Changed by Pesah Spector
-- ==========================================================
--  Version 1.0.3
--  04 July 2004
--  Updating the enumeration scpConfigFile to be scpConfigFiles in secMngProtoId.
-- 
--  1. Change by Shlomi Biton
-- ==========================================================
-- 
--  Version 1.0.2
--  28 June 2004
--  Definition of DHCP and TFTP enumerations. 
--  Adding tftp(16) and dhcp(17) to secMngProtoId.
-- 
--  1. Add by Shlomi Biton
-- ==========================================================
-- 
--  Version 1.0.1
--  27 June 2004
--  Definition of RFA based license support
-- 
--  1. Add by Pesah Spector
-- ==========================================================
-- 
--  Version 1.0.0
--  Definition of network services protocols  first relase
-- ==========================================================
-- 
-- 
-- 

	SECURITY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
 
		IMPORTS
			lsg			
				FROM AVAYAGEN-MIB			
			cmgTrapLocation, cmgTrapOnBoard, cmgTrapSubsystem, cmgTrapOnIccMissing, cmgTrapModule			
				FROM G700-MG-MIB			
			ifIndex, ifType, ifPhysAddress, ifName			
				FROM IF-MIB			
			genOpLastFailureDisplay, genAppFileId, genAppFileName, genAppFileVersionNumber			
				FROM LOAD-MIB			
			DisplayString			
				FROM RFC1213-MIB			
			OBJECT-GROUP, NOTIFICATION-GROUP			
				FROM SNMPv2-CONF			
			IpAddress, Unsigned32, Counter64, OBJECT-TYPE, MODULE-IDENTITY, 
			OBJECT-IDENTITY, NOTIFICATION-TYPE			
				FROM SNMPv2-SMI			
			InetAddress, InetAddressType
    			FROM INET-ADDRESS-MIB     
    		avEntPhySeverity
    			FROM AVAYA-ENTITY-MIB
			PhysAddress, DateAndTime, TEXTUAL-CONVENTION			
				FROM SNMPv2-TC;
	
	
		-- 1.3.6.1.4.1.6889.2.1.14.1
		secMngModule MODULE-IDENTITY 
			LAST-UPDATED "201003231045Z"		-- Mar 22, 2010 at 10:46 GMT
			ORGANIZATION 
				"Avaya"
			CONTACT-INFO 
				"Contact-info."
			DESCRIPTION 
				"Defines MIB objects related to device secured management."
			REVISION "200603131849Z"		-- March 13, 2006 at 18:49 GMT
			DESCRIPTION 
				"Support for ASG Authentication
				File and Authentication 
				Notifications"
			REVISION "200511231321Z"		-- November 23, 2005 at 13:21 GMT
			DESCRIPTION 
				"Version 1.0.9
				add support for new portocol enum value
				telnetServices in object secMngProtoId, added as part of G450 project
				development - ref CID 110907
				
				Pesah
				"
			REVISION "200501111654Z"		-- January 11, 2005 at 16:54 GMT
			DESCRIPTION 
				" Version 1.0.6
				Added support for SYN cookies operational state monitoring, 
				and configueration state monitoring/change.
				The following items were added:
				o secTcpSynCookies
				o secTcpSynCkiOpState
				o secTcpSynCkiCfgState
				
				Changed by Nimrod Dezent"
			REVISION "200503021602Z"		-- March 02, 2005 at 16:02 GMT
			DESCRIPTION 
				"
				Version 1.0.7
				2 MAr 2005
				Added support for MSS notification generated as result of DoS attacks 
				or unauthenticated attempts - see definition in CID 104904. All 
				new MIB objects - notification and varbinds are located under 
				avMssNotifications MIB subtree
				"
			REVISION "200504201606Z"		-- April 20, 2005 at 16:06 GMT
			DESCRIPTION 
				"
				1.0.8 Changed default value of MSS rate 
				limiting from 60 seconds to 
				300 seconds"
			REVISION "200602271916Z"		-- February 27, 2006 at 19:16 GMT
			DESCRIPTION 
				"Adding new 
				notifictations supporting Secret 
				Management
				for backup and restore 
				(startup-config) file
				"
			REVISION "201003231045Z"		-- Mar 21, 2010 at 16:57 GMT
			DESCRIPTION 
				" Adding traps which support IPv6. 
					a. avUnAuthAccessEvent.
					b. avAccountLockoutEvent.	
					c. avIPv6AddressDuplicationEvent. 
				    d. avNSReceivedDuplicateAddressEvent.
					e. avNAReceivedDuplicateAddressEvent.
				"
			::= { avayaSecurity 1 }
	
--
-- Textual conventions
--
	
--  January 11, 2005 at 17:00 GMT
-- February 27, 2006 at 19:16 GMT
-- April 20, 2005 at 16:06 GMT
-- March 02, 2005 at 16:02 GMT
-- January 11, 2005 at 16:54 GMT
-- November 23, 2005 at 13:21 GMT
-- 
-- Textual conventions
-- 
--  January 11, 2005 at 17:00 GMT
-- November 23, 2005 at 13:21 GMT
-- January 11, 2005 at 16:54 GMT
-- March 02, 2005 at 16:02 GMT
-- April 20, 2005 at 16:06 GMT
-- 
-- Textual conventions
-- 
--  January 11, 2005 at 17:00 GMT
-- April 20, 2005 at 16:06 GMT
-- March 02, 2005 at 16:02 GMT
-- January 11, 2005 at 16:54 GMT
-- 
-- Textual conventions
-- 
--  January 11, 2005 at 17:00 GMT
-- January 11, 2005 at 16:54 GMT
-- 
-- Textual conventions
-- 
--  January 11, 2005 at 17:00 GMT
-- January 11, 2005 at 16:54 GMT
-- 
-- Textual conventions
-- 
--  January 01, 2003 at 18:26 GMT
-- 
-- Textual conventions
-- 
		OnOffType ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"Description."
			SYNTAX INTEGER
				{
				on(1),
				off(2)
				}

--         January 01, 2003 at 18:26 GMT
-- January 01, 2003 at 18:26 GMT
-- 
-- Textual conventions
-- 
		ServiceStateType ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"Description."
			SYNTAX INTEGER
				{
				on(1),
				off(2),
				notSupported(3)
				}

	
--
-- Node definitions
--
	
--  Node definitions
-- 
-- Node definitions
-- 
-- Node definitions
-- 
-- Node definitions
-- 
-- Node definitions
-- 
-- Node definitions
-- 
-- Node definitions
-- 
-- 1.3.6.1.4.1.6889.2.1.14
-- 1.3.6.1.4.1.6889.2.1.14
		-- 1.3.6.1.4.1.6889.2.1.14
		avayaSecurity OBJECT IDENTIFIER ::= { lsg 14 }

		
--         Node definitions
-- 
-- 1.3.6.1.4.1.6889.2.1.2.1
-- 1.3.6.1.4.1.6889.2.1.14.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.1
		secMode OBJECT-TYPE
			SYNTAX OnOffType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"When the security mode flag = on -  it indicates that device operates 
				in secured mode, =off -  in non-secured mode. Otherwize when the value retuned 
				=Not relevant - secured mode is not supported in this device."
			::= { secMngModule 1 }

		
--      1.3.6.1.4.1.6889.2.1.14.1.2
		-- 1.3.6.1.4.1.6889.2.1.14.1.2
		secTcpSynCookies OBJECT IDENTIFIER ::= { secMngModule 2 }

		
--      1.3.6.1.4.1.6889.2.1.14.1.2.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.2.1
		secTcpSynCkiOpState OBJECT-TYPE
			SYNTAX OnOffType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Monitors the operational state of the TCP SYN cookies 
				defense mechanism.
				
				The operational state of the SYN cookies can change 
				only after a reset, if the configuration state was 
				changed and the running configuration was saved to 
				the startup configuration before the reset.
				
				Use secTcpSynCkiCfgState to monitor and change the
				SYN cookies configuration state.
				
				When the SYN cookies feature is turned on, it helps 
				protect the local host from SYN attacks (a type of 
				DoS attack)."
			::= { secTcpSynCookies 1 }

		
--      1.3.6.1.4.1.6889.2.1.14.1.2.2
		-- 1.3.6.1.4.1.6889.2.1.14.1.2.2
		secTcpSynCkiCfgState OBJECT-TYPE
			SYNTAX OnOffType
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Controls and monitors the configuration state of the 
				TCP SYN cookies defense mechanism.
				
				The operational state of the SYN cookies can change 
				only after reset, if the configuration state was 
				changed and the running configuration was saved to 
				the startup configuration before the reset.
				
				Use secTcpSynCkiOpState to monitor the SYN cookies
				operational state.
				
				When the SYN cookies feature is turned on, it helps 
				protect the local host from SYN attacks (a type of 
				DoS attack).
				"
			::= { secTcpSynCookies 2 }

		
--         1.3.6.1.4.1.6889.2.1.2.3
-- 1.3.6.1.4.1.6889.2.1.14.1.3
-- 1.3.6.1.4.1.6889.2.1.14.1.3
		-- 1.3.6.1.4.1.6889.2.1.14.1.3
		secMngProtoTable OBJECT-TYPE
			SYNTAX SEQUENCE OF SecMngProtoEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"List of security management protocols supported in the device. 
				"
			::= { secMngModule 3 }

		
--         1.3.6.1.4.1.6889.2.1.2.3.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.3.1
		secMngProtoEntry OBJECT-TYPE
			SYNTAX SecMngProtoEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Description."
			INDEX { secMngProtoId }
			::= { secMngProtoTable 1 }

		
		SecMngProtoEntry ::=
			SEQUENCE { 
				secMngProtoId
					INTEGER,
				secMngProtoStatus
					ServiceStateType
			 }

--         1.3.6.1.4.1.6889.2.1.2.3.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.1
		secMngProtoId OBJECT-TYPE
			SYNTAX INTEGER
				{
				scpConfigFiles(1),
				scpImageFiles(2),
				ssh(3),
				telnet(4),
				snmpv3(5),
				http(6),
				https(7),
				telnetClient(8),
				icmpRedirection(9),
				icmp(10),
				recoveryPassword(11),
				sshClient(12),
				snmpv1(13),
				icmpEcho(14),
				ftpClient(15),
				tftp(16),
				dhcp(17),
				dnsResolver(18),
				scpClient(19),
				tftpClient(20),
				telnetServices(21),
				dnsRelay(22),
				arpInspection(23) 
				}
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Index to the secMngProtoTable. The index can take one of the following values that 
				correspond to supported management protocols
				
				        scpConfigFiles(1),
				        scpImageFiles(2),
				        ssh(3),
				        telnet(4),
				        snmpv3(5),
				        http(6),
				        https(7),
				        telnetClient(8),
				        icmpRedirection(9),  -  icmp redirection service state
				        icmp(10),            -  icmp services status
				        recoveryPassword(11), -  recovery password state 
				        sshClient(12),
				        snmpv1(13),
				        icmpEcho(14) - icmp service has been launched in EchoOnly mode
				        tftp(16),
						dhcp(17),
						dnsResolver(18,
				                scpClient(19),
				                tftpClient(20),
				                servicesTelnet(21),  - reports telnet status on Services interface in G450
				                
				Missing entry indicates that 
				corresponding protocol is not supported. "
			::= { secMngProtoEntry 1 }

		
--         The index of the supported protocols. For not supported protocol 
-- the entry will not be 
-- 1.3.6.1.4.1.6889.2.1.2.3.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.2
		-- 1.3.6.1.4.1.6889.2.1.14.1.3.1.2
		secMngProtoStatus OBJECT-TYPE
			SYNTAX ServiceStateType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Portocol status. When the status is  =on -  it indicates that 
				correpsonding protocol is up and running,  =off -  protocol is down. 
				Otherwize when the value retuned =Not relevant - the protocol is not supported."
			::= { secMngProtoEntry 2 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.4
-- 1.3.6.1.4.1.6889.2.1.14.1.4
		-- 1.3.6.1.4.1.6889.2.1.14.1.4
		secMngConformance OBJECT IDENTIFIER ::= { secMngModule 4 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.4.1
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.4.1
		secMngGroups OBJECT IDENTIFIER ::= { secMngConformance 1 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.4.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.4.1.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.4.1.1
		secMngBasicGroup OBJECT-GROUP
			OBJECTS { secMode, secMngProtoId, secMngProtoStatus, secTcpSynCkiOpState, secTcpSynCkiCfgState, 
				fipsEnhancedSecurityFlg }
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngGroups 1 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.4.2
-- 1.3.6.1.4.1.6889.2.1.14.1.4.2
		-- 1.3.6.1.4.1.6889.2.1.14.1.4.2
		secMngCompliance OBJECT IDENTIFIER ::= { secMngConformance 2 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5
-- 1.3.6.1.4.1.6889.2.1.14.1.5
		-- 1.3.6.1.4.1.6889.2.1.14.1.5
		lsgLicManagement OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Group of MIBs objects used for configuration/presentation of the
				License information generated by Avaya Remote Feature 
				Activation (RFA) system.
				"
			::= { secMngModule 5 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1
		lsgLicMngTable OBJECT-TYPE
			SYNTAX SEQUENCE OF LsgLicMngEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"RFA based License management table. All elements are 
				displaying the feature activation status. License activation 
				controlled by the license file. The table is indexed by the 
				license feature keyword assuming that the same keyword describing a 
				feature cannot appear more than once per a license file.
				
				"
			::= { lsgLicManagement 1 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1
		lsgLicMngEntry OBJECT-TYPE
			SYNTAX LsgLicMngEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Entry in lsgLicMngTable. "
			INDEX { lsgLicMngFeatureKeyword }
			::= { lsgLicMngTable 1 }

		
		LsgLicMngEntry ::=
			SEQUENCE { 
				lsgLicMngFeatureKeyword
					OCTET STRING,
				lsgLicMngFeatureType
					INTEGER,
				lsgLicMngAdminStatus
					OnOffType,
				lsgLicMngOperStatus
					OnOffType,
				lsgLicMngCountedValue
					Unsigned32,
				lsgLicMngLastError
					INTEGER
			 }

--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1
		lsgLicMngFeatureKeyword OBJECT-TYPE
			SYNTAX OCTET STRING
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"This table entry contains a features keyword. The feature
				keywords are text-based for example FEAT_VPN string. This 
				field is used as a table index"
			::= { lsgLicMngEntry 1 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2
		lsgLicMngFeatureType OBJECT-TYPE
			SYNTAX INTEGER
				{
				onOffFeature(1),
				quantifiableFeature(2)
				}
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"License activation mechanism support two feature types 
				*  Boolean on-off feature
				*  Features that describe quantities for example number 
				   of concurrent VPN peers
				"
			::= { lsgLicMngEntry 2 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3
		lsgLicMngAdminStatus OBJECT-TYPE
			SYNTAX OnOffType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"An administration status shows the feature activation status -
				when set to On the feature is activated by the RFA licensing system.
				"
			::= { lsgLicMngEntry 3 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4
		lsgLicMngOperStatus OBJECT-TYPE
			SYNTAX OnOffType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The operation status shows the actual status of the 
				corresponding feature - feature can be not operational 
				enabled if for example device must be reset for feature to
				be activated or feature is not supported by a device."
			::= { lsgLicMngEntry 4 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5
		lsgLicMngCountedValue OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"For counted features, this entry shows the associated quantity"
			::= { lsgLicMngEntry 5 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6
-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6
		lsgLicMngLastError OBJECT-TYPE
			SYNTAX INTEGER { licNoError(2) }
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Shows feature error state"
			::= { lsgLicMngEntry 6 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.20
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.20
		lsgLicMngConformance OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { lsgLicManagement 20 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.20.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1
		lsgLicMngGroups OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { lsgLicMngConformance 1 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1
-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1
		lsgLicMngBasicGroup OBJECT-GROUP
			OBJECTS { lsgLicMngFeatureKeyword, lsgLicMngFeatureType, lsgLicMngAdminStatus, lsgLicMngOperStatus, lsgLicMngCountedValue, 
				lsgLicMngLastError }
			STATUS current
			DESCRIPTION 
				"Description."
			::= { lsgLicMngGroups 1 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.6
-- 1.3.6.1.4.1.6889.2.1.14.1.6
		-- 1.3.6.1.4.1.6889.2.1.14.1.6
		fips140 OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngModule 6 }

		
--       1.3.6.1.4.1.6889.2.1.14.1.6.1
-- 1.3.6.1.4.1.6889.2.1.14.1.6.1
		-- 1.3.6.1.4.1.6889.2.1.14.1.6.1
		fipsEnhancedSecurityFlg OBJECT-TYPE
			SYNTAX OnOffType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"enhanceSecurity flag reports operation of a product in enhance security mode. 
				When running under enhanced security a product performs certain secure-related 
				activities safely, closely matching FIPS-140-2 standard. However the 
				flag doesn't necessary indicate that all device operations comply to 
				FIPS approved mode as some of security activities might be controlled 
				via different mechanisms for example manual configuration.  
				Security policy/Crypto Office guidance documents shall be used as 
				reference as for if this flag can be used as an evidence for operation 
				in FIPS approved mode. The flag is read only and set via product CLI.
				"
			::= { fips140 1 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7
		avMssNotifications OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Subtree hosting MSS notification traps"
			::= { secMngModule 7 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.0
		avMssNotificationPrefix OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { avMssNotifications 0 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.0.1
		avMSSDenialOfService NOTIFICATION-TYPE
			OBJECTS { avMSSVarbindsDoSType, avMSSVarbindsSrcAddr, avMSSVarbindsDstAddr, avMSSVarbindsDstPort, avMSSVarbindsCount, 
				avMSSVarbindsIpProtocol, ifIndex, ifName, avMSSVarbindsSrcMACAddr }
			STATUS current
			DESCRIPTION 
				"The MSS notification sent on DoS attack"
			::= { avMssNotificationPrefix 1 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.2
		avMSSNotificationRate OBJECT-TYPE
			SYNTAX INTEGER (10..28800)
			UNITS "Second"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Defines the rate of MSS notification report. 
				MSS reports will be generated as per 
				rate if the event group counter 
				passes the threshold correspondingly. 
				The rate units are given in seconds with 
				  minimum  - 10 seconds
				  maximum  - 8 hours (60 * 60 * 8)
				
				"
			DEFVAL { 300 }
			::= { avMssNotifications 2 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4
		avMSSVarbinds OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Subtree of access-for-notify arguments to
				MSS notification varbinds list."
			::= { avMssNotifications 4 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.1
		avMSSVarbindsDoSType OBJECT-TYPE
			SYNTAX INTEGER
				{
				avMSSDoSMalformedARPs(1),
				avMSSDoSLandAttack(2),
				avMSSDoSICMPReflectAttack(3),
				avMSSDoSUknownPort(4),
				avMSSDoSUrgTCPOption(5),
				avMSSDoSMalformedIP(6),
				avMSSDoSSynFlood(7),
				avMSSDoSSmurfAttack(8),
				avMSSDoSFraggleAttack(9),
				avMSSDoSMalFragmentIP(10),
				avMSSSpoofedIP(11),
				avMSSUnknownL4Protocol(12),
				avMSSunAuthenticatedAccess(13),
				avMSSUserDefinedDoSAttack100(100),
				avMSSUserDefinedDoSAttack101(101),
				avMSSUserDefinedDoSAttack102(102),
				avMSSUserDefinedDoSAttack103(103),
				avMSSUserDefinedDoSAttack104(104),
				avMSSUserDefinedDoSAttack105(105)
				}
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Enumeration of DoS attacks"
			::= { avMSSVarbinds 1 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.2
		avMSSVarbindsDescription OBJECT-TYPE
			SYNTAX DisplayString
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Textual description of the DoS event "
			::= { avMSSVarbinds 2 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.3
		avMSSVarbindsSrcAddr OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Source IP address in IP header. Set to 0.0.0.0 if address is unknown"
			::= { avMSSVarbinds 3 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.4
		avMSSVarbindsDstAddr OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Destination IP address in IP header. Set to 0.0.0.0 if address is unknown"
			::= { avMSSVarbinds 4 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.5
		avMSSVarbindsDstPort OBJECT-TYPE
			SYNTAX INTEGER (0..65535)
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Destination port number in IP header. 0 if port is not applicable or
				unknown"
			DEFVAL { 0 }
			::= { avMSSVarbinds 5 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.6
		avMSSVarbindsIpProtocol OBJECT-TYPE
			SYNTAX INTEGER (0..255)
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"The protocol field in IP header
				"
			::= { avMSSVarbinds 6 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.7
		avMSSVarbindsCount OBJECT-TYPE
			SYNTAX Counter64
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Counted number of events that occur in a given period 
				for a corresponding class of security violations (DoS, 
				not authorized access, etc)."
			::= { avMSSVarbinds 7 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.7.4.8
		avMSSVarbindsSrcMACAddr OBJECT-TYPE
			SYNTAX PhysAddress
			MAX-ACCESS accessible-for-notify
			STATUS current
			DESCRIPTION
				"Source Physical address (MAC) of a packet identified 
				as a packet carrying DoS payload. Set to 00:00:00:00:00:00 when phyicial address 
				is not supported or unknown to the system"
			DEFVAL { "00:00:00:00:00:00" }
			::= { avMSSVarbinds 8 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.8
		avMSSgroup OBJECT-GROUP
			OBJECTS { avMSSNotificationRate, avMSSVarbindsSrcAddr, avMSSVarbindsDstAddr, avMSSVarbindsDstPort, avMSSVarbindsDescription, 
				avMSSVarbindsIpProtocol, avMSSVarbindsDoSType, avMSSVarbindsCount, avMSSVarbindsSrcMACAddr }
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngModule 8 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.9
		mssNotificationGroup NOTIFICATION-GROUP
			NOTIFICATIONS { avMSSDenialOfService }
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngModule 9 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.10
		secMngNotifications OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngModule 10 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.10.0
		secMngNotificationsPrefix OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngNotifications 0 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.10.0.1
		avConfigurationEncKeyMismatchFault NOTIFICATION-TYPE
			OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, genAppFileId, genAppFileName, 
				genAppFileVersionNumber, genOpLastFailureDisplay }
			STATUS current
			DESCRIPTION 
				"Encryption keys mismatch error. Configuration download 
				operation is aborted"
			::= { secMngNotificationsPrefix 1 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.10.0.2
		avConfigurationMasterKeyChange NOTIFICATION-TYPE
			OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation }
			STATUS current
			DESCRIPTION 
				"Configuration Master key was changed 
				"
			::= { secMngNotificationsPrefix 2 }


		-- 1.3.6.1.4.1.6889.2.1.14.1.10.0.3
		avPasswordToExpireAlert NOTIFICATION-TYPE
			OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, secMngNumOfDays2Expire }
			STATUS current
			DESCRIPTION 
				"User password is about to expire in n days 
				"
			::= { secMngNotificationsPrefix 3 }    
			
	    
		avUnAuthAccessEvent NOTIFICATION-TYPE
            OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, 
            avUnauthUserName, avUnauthInetAddressType, avUnauthInetAddress, 
            avUnauthProtocol, avASGAuthFileAFID, avEntPhySeverity }
            STATUS current
            DESCRIPTION 
                "Notification on unauthorized login attempts. 
                o For CLI and SNMP login failures:
                  Both SNMP SSH and WEB management interfaces shall identify 
                  situation and alert. 
                  The reported information should include wrong user name,  
                  host name and IP address of remote host. Passwords is not 
                  reported because of the possibility to reveal password.
                o For pre-shared-key (PSK) authentication failure in IKE:
                  *	lntUnauthUserName - 
                    - In IKE AM: the ID sent by the remote peer in the ID
                      payload.
                    - In IKE MM: the ID associated with the remote peer IP 
                      in the running configuration.
                  * avUnauthInetAddressType and avUnauthInetAddress - represents
                  the source IP of the packet sent by the remote peer.
                  * avUnauthProtocol - lntIKEAccess(500)
                  "
            ::= { secMngNotificationsPrefix 200 }

        avAccountLockoutEvent NOTIFICATION-TYPE
            OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, 
            avUnauthUserName, avUnauthInetAddressType, avUnauthInetAddress, 
            avUnauthProtocol, avASGAuthFileAFID, avEntPhySeverity }
            STATUS current
            DESCRIPTION 
                "After configurable number of failed attempts to authenticate a user, device 
                penalized by locking them out for a pre-specified amount of time."
            ::= { secMngNotificationsPrefix 201 }   
            
        avIPv6AddressDuplicationEvent NOTIFICATION-TYPE
            OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, 
            avDuplicatedInetAddressType, avDuplicatedInetAddress, avDuplicatedMACAddress, 
            ifIndex, ifName, avASGAuthFileAFID, avEntPhySeverity }
            STATUS current
            DESCRIPTION 
                "The trap is generated whenever there is a detection of IPv6 address 
                (link-local or global IPv6 address) duplication as part of DAD."
            ::= { secMngNotificationsPrefix 202 }      

	                -- 1.3.6.1.4.1.6889.2.1.14.1.10.1
                secMngVarbinds OBJECT-IDENTITY
                        STATUS current
                        DESCRIPTION
                                "Notify only varbinds used for
                                notifications in secMngNotifications group"
                        ::= { secMngNotifications 1 }

                -- 1.3.6.1.4.1.6889.2.1.14.1.10.1.1
                secMngNumOfDays2Expire OBJECT-TYPE
                        SYNTAX Unsigned32
                        UNITS "Days"
                        MAX-ACCESS accessible-for-notify
                        STATUS current
                        DESCRIPTION
                                "Description."
                        ::= { secMngVarbinds 1 }

        		avUnauthUserName OBJECT-TYPE
            			SYNTAX OCTET STRING (SIZE (0..32))
            			MAX-ACCESS accessible-for-notify
            			STATUS current
            			DESCRIPTION
                				"The name of the user who's attempt to access device was identified as unauthorized.
                				"
            			::= { secMngVarbinds 3 }
        
        		avUnauthProtocol OBJECT-TYPE
            		SYNTAX INTEGER
                		{
                		avSSHAccess(22),
                		avTELNETAccess(23),
                		avHTTPAccess(80),
                		avSNMPAccess(161),
                		avHTTPSAccess(443),
                		avIKEAccess(500),
                		avRASAccess(6889),
                		avConsoleAccess(6890),
                		avPPPAccess(6891)
                		}
            		MAX-ACCESS accessible-for-notify
            		STATUS current
            		DESCRIPTION
                		"The management protocol employed for the unauthorized access - 
                
                		avSSHAccess(22) --   SSH protocol
                		avTELNETAccess(23),  --Telnet protocol
                		avHTTPAccess(80),    --  HTTP protocol
                		avSNMPAccess(161),   --  SNMP protocol
                		avHTTPSAccess(443),  --  HTTPS protocol over TLS sockets   
                		avIKEAccess(500),    --  IKE protocol - PSK authentication failure
                		avRASAccess(6889),   --  RAS access over dial-up connection
                		avConsoleAccess(6890), -- Access from the Console port
                		avPPPAccess(6891)      -- Access to PPP over modem
                		"
            		::= { secMngVarbinds 5 }
            		

        		avUnauthInetAddressType OBJECT-TYPE
            			SYNTAX InetAddressType
            			MAX-ACCESS accessible-for-notify
            			STATUS current
            			DESCRIPTION
                				"The Inet Address Type of access violating station"
            			::= { secMngVarbinds 9 }
                
				avUnauthInetAddress OBJECT-TYPE
            			SYNTAX InetAddress
            			MAX-ACCESS accessible-for-notify
            			STATUS current
            			DESCRIPTION
                				"The Inet Address of access violating station"
            			::= { secMngVarbinds 10 }

        		avDuplicatedInetAddressType OBJECT-TYPE
            			SYNTAX InetAddressType
            			MAX-ACCESS accessible-for-notify
            			STATUS current
            			DESCRIPTION
                				"The duplicated Inet Address Type."
            			::= { secMngVarbinds 11 }
                
				avDuplicatedInetAddress OBJECT-TYPE
            			SYNTAX InetAddress
            			MAX-ACCESS accessible-for-notify
            			STATUS current
            			DESCRIPTION
                				"The duplicated Inet Address."
            			::= { secMngVarbinds 12 }

                
                avDuplicatedMACAddress OBJECT-TYPE
            			SYNTAX PhysAddress
            			MAX-ACCESS accessible-for-notify
            			STATUS current
            			DESCRIPTION
                				"The MAC address of the station that claims to be 
                				configured with the duplicated IPv6 address."    
                		::= { secMngVarbinds 13 }
            		
          		 -- 1.3.6.1.4.1.6889.2.1.14.1.10.2
                avMngNotificationCompliance OBJECT-GROUP
                        OBJECTS { secMngNumOfDays2Expire }
                        STATUS current
                        DESCRIPTION
                                "Description."
                        ::= { secMngNotifications 2 }      
                        

		-- 1.3.6.1.4.1.6889.2.1.14.1.11
		secMngNotificationGroup NOTIFICATION-GROUP
			NOTIFICATIONS { avConfigurationEncKeyMismatchFault, avConfigurationMasterKeyChange }
			STATUS current
			DESCRIPTION 
				"Description."
			::= { secMngModule 11 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12
		avASGAuthenticationFiles OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Info on authentication file(s) installed in a product"
			::= { secMngModule 12 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3
		avASGAuthFileHeader OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"The information on Authentication File stored
				in ASG AF file header "
			::= { avASGAuthenticationFiles 3 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.1
		avASGAuthFileAFID OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..10))
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The productID value ascociated with the 
				Authentication File (format 7xxxxxxxxx) "
			::= { avASGAuthFileHeader 1 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.2
		avASGAuthFileGenDate OBJECT-TYPE
			SYNTAX DisplayString
			UNITS "YYYY/MM/DD"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Date of Authentication file generation  
				(format YYYY/MM/DD)"
			::= { avASGAuthFileHeader 2 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.3
		avASGAuthFileGenTime OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..8))
			UNITS "HH:MM:SS"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"A 8-character string in US short locale 
				time (format= HH:MM:SS)"
			::= { avASGAuthFileHeader 3 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.4
		avASGAuthFileRelease OBJECT-TYPE
			SYNTAX DisplayString
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Major software release the AF file was generated for  "
			::= { avASGAuthFileHeader 4 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5
		avASGNotifications OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { avASGAuthFileHeader 5 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0
		avASGNotificationsPrefix OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Description."
			::= { avASGNotifications 0 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0.1
		avASGAFDownloadSuccess NOTIFICATION-TYPE
			OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, genAppFileId, genAppFileName, 
				genAppFileVersionNumber, avASGAuthFileAFID }
			STATUS current
			DESCRIPTION 
				"AF download successfully accomplished"
			::= { avASGNotificationsPrefix 1 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0.2
		avASGAFDownloadFailure NOTIFICATION-TYPE
			OBJECTS { cmgTrapSubsystem, cmgTrapOnBoard, cmgTrapLocation, genAppFileId, genAppFileName, 
				genAppFileVersionNumber, genOpLastFailureDisplay, avASGAuthFileAFID }
			STATUS current
			DESCRIPTION 
				"AF download Failed "
			::= { avASGNotificationsPrefix 2 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.1000
		avASGAuthFileGroup OBJECT-GROUP
			OBJECTS { avASGAuthFileAFID, avASGAuthFileGenDate, avASGAuthFileGenTime, avASGAuthFileRelease }
			STATUS current
			DESCRIPTION 
				"Description."
			::= { avASGAuthenticationFiles 1000 }

		
		-- 1.3.6.1.4.1.6889.2.1.14.1.12.1001
		avASGAuthFileNotificationGroup NOTIFICATION-GROUP
			NOTIFICATIONS { avASGAFDownloadFailure, avASGAFDownloadSuccess }
			STATUS current
			DESCRIPTION 
				"ASG authentictation File  Notification Group"
			::= { avASGAuthenticationFiles 1001 }

		-- 1.3.6.1.4.1.6889.2.1.13		
	  	avSecLocalDateAndTime OBJECT-TYPE
			SYNTAX DateAndTime
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Setting the Local current RTC date and time, when not registered with CM"
			::= { secMngModule 13 }

	END

--
-- security-management-mib.my
--
