-- *****************************************************************
-- CISCO-TRUSTSEC-INTERFACE-MIB.my
--   
-- February 2010, Liwei Lue
--   
-- Copyright (c) 2010-2012, 2014 by Cisco Systems Inc.
-- All rights reserved.
-- *****************************************************************

CISCO-TRUSTSEC-INTERFACE-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    NOTIFICATION-TYPE,
    Counter32,
    Integer32,
    Unsigned32
        FROM SNMPv2-SMI
    MODULE-COMPLIANCE,
    OBJECT-GROUP,
    NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    StorageType,
    RowStatus,
    TruthValue,
    DateAndTime,
    TEXTUAL-CONVENTION
        FROM SNMPv2-TC
    ifIndex,
    ifName
        FROM IF-MIB
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    CtsSecurityGroupTag
        FROM CISCO-TRUSTSEC-TC-MIB
    ciscoMgmt
        FROM CISCO-SMI;


ciscoTrustSecIfMIB MODULE-IDENTITY
    LAST-UPDATED    "201401280000Z"
    ORGANIZATION    "Cisco Systems, Inc."
    CONTACT-INFO
            "Cisco Systems
            Customer Service

            Postal: 170 W Tasman Drive
            San Jose, CA  95134
            USA

            Tel: +1 800 553-NETS

            E-mail: cs-lan-switch-snmp@cisco.com"
    DESCRIPTION
        "This MIB module defines management objects for
        configuration and monitoring of the interfaces in Cisco
        Trusted Security environment.

        Glossary: 

        ACS      - Cisco Secure Access Control Server

        IFC      - TrustSec Interface Controller

        MACSec   - Media Access Control (MAC) Security

        PMK      - Pairwise Master Key

        SAP      - Security Association Protocol

        SGT      - Security Group Tag. A tag identifying its source,
                   assigned to a packet on ingress to a TrustSec cloud,
                   and used to determine security and other policy
                   to be applied to it along its path through the
                   cloud.

        TrustSec - Cisco Trusted Security"
    REVISION        "201401280000Z"
    DESCRIPTION
        "Added following OBJECT-GROUP
        - ciscoTrustSecIfMIBCriticalAuthStatusGrp
        Added new compliance
        - ciscoTrustSecIfMIBCompliance3"
    REVISION        "201204060000Z"
    DESCRIPTION
        "Added following OBJECT-GROUP
        - ciscoTrustSecIfMIBNotifsCtrlGrp
        - ciscoTrustSecIfMIBNotifsOnlyInfoGrp
        - ciscoTrustSecIfMIBNotifsGrp
        Added new compliance
        - ciscoTrustSecIfMIBCompliance2
        Modified DEFVAL
        - ctsiIfManualSapModeList."
    REVISION        "201005280000Z"
    DESCRIPTION
        "Initial version of this MIB module."
    ::= { ciscoMgmt 740 }



CtsiCasheDataSource ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The source of cached authorization data.

        unknown     - cache source type not covered by
                      any of the follow enumerations.
        acs         - authorization data is loaded from ACS 
        dram        - authorization data is loaded from DRAM.
        nvram       - authorization data is loaded from NVRAM.
        dramOrNvram - authorization data is loaded from DRAM or NVRAM."
    SYNTAX          INTEGER  {
                        unknown(1),
                        acs(2),
                        dram(3),
                        nvram(4),
                        all(5)
                    }

CtsSapNegMode ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The SAP negotiation modes supported in TrustSec system.

        encapNoAuthenNoEncrypt - Encapsulation present, 
                                 no authentication, no encryption.
        gcmAuthenNoEncrypt     - GCM authentication, no encryption.
        gcmAuthenGcmEncrypt    - GCM authentication, GCM encryption.
        noEncap                - No encapsulation."
    SYNTAX          INTEGER  {
                        encapNoAuthenNoEncrypt(1),
                        gcmAuthenNoEncrypt(2),
                        gcmAuthenGcmEncrypt(3),
                        noEncap(4)
                    }

CtsSapNegModeList ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The list of SAP negotiation modes provided within
        TrustSec (Cisco Trusted Security) system.

        Each octet represents a SAP negotiation mode which
        is defined in CtsSapNegMode.

        The DESCRIPTION clause of CtsSapNegModeList objects
        must fully describe the relationship between modes."
    SYNTAX          OCTET STRING

CtsiInterfaceControllerState ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The state of the TrustSec Interface Controller state
        machine.

            unknown        - none of the following states.

            initializing   - the TrustSec interface controller state
                             machine enter the initialize state when
                             TrustSec is enabled on this interface.

            authenticating - the peer is being authenticated if the
                             dot1x mode is enabled.

            authorizing    - the peer is being authorized.

            sapNegotiating - the SA(Security Association) is being
                             negotiated with the peer.

            open           - the line is up from TrustSec perspective. 

            held           - a hold down timer is set. 

            disconnecting  - a failure has occurred, or the TrustSec
                             link is going down, or TrustSec is
                             being disabled.

            invalid        - unable to start the TrustSec state
                             machine.

            licenseError   - No MACSec software license."
    SYNTAX          INTEGER  {
                        unknown(1),
                        initialize(2),
                        authenticating(3),
                        authorizing(4),
                        sapNegotiating(5),
                        open(6),
                        held(7),
                        disconnecting(8),
                        invalid(9),
                        licenseError(10)
                    }
ciscoTrustSecIfMIBNotifs  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIB 0 }

ciscoTrustSecIfMIBObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIB 1 }

ciscoTrustSecIfMIBConform  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIB 2 }

ctsiIfConfigObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 1 }

ctsiIfDot1xObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 2 }

ctsiIfManualObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 3 }

ctsiIfL3ForwardObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 4 }

ctsiIfStatusObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 5 }

ctsiIfStatsObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 6 }

ctsiAuthorizationObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 7 }

ctsiIfcStatsObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 8 }

ctsiEventsStatsObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 9 }

ctsiIfModeStatsObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 10 }

ctsiIfNotifsControlObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 11 }

ctsiIfNotifsOnlyInfoObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBObjects 12 }

-- --------------------------------------------------------------
-- Objects to manage TrustSec interface configuration
-- --------------------------------------------------------------

ctsiIfConfigTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfConfigEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of the TrustSec capable interfaces."
    ::= { ctsiIfConfigObjects 1 }

ctsiIfConfigEntry OBJECT-TYPE
    SYNTAX          CtsiIfConfigEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains the configuration information for a
        particular TrustSec interface."
    INDEX           { ifIndex } 
    ::= { ctsiIfConfigTable 1 }

CtsiIfConfigEntry ::= SEQUENCE {
        ctsiIfModeCapability BITS,
        ctsiIfConfiguredMode INTEGER,
        ctsiIfCacheClear     TruthValue,
        ctsiIfRekey          TruthValue
}

ctsiIfModeCapability OBJECT-TYPE
    SYNTAX          BITS {
                        dot1x(0), -- TrustSec dot1x mode
                        manual(1), -- TrustSec manual mode
                        l3Forward(2) -- TrustSec L3 forwarding mode                        
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the supported TrustSec mode on
        this interface." 
    ::= { ctsiIfConfigEntry 1 }

ctsiIfConfiguredMode OBJECT-TYPE
    SYNTAX          INTEGER  {
                        unknown(1),
                        none(2),
                        dot1x(3),
                        manual(4),
                        l3Forward(5)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the TrustSec mode currently configured
        on the interface.  Each mode may have a corresponding
        entry in its corresponding configuration table.

        unknown       - The configured TrustSec mode is none of the
                        following.

        none          - TrustSec is not configured in any mode.

        dot1x         - TrustSec dot1x mode is configured for this
                        interface.
                        TrustSec system will use 802.1x for
                        authentication, RADIUS for authorization and
                        SAP negotiation for SA parameter.

        manual        - TrustSec manual mode is configured for this
                        interface.
                        The authentication was bypassed in manual mode.
                        User needs to manually to configure the policy
                        and the SAP negotiation parameter.

        l3Forward     - TrustSec L3 forwarding mode is configured
                        for this interface." 
    ::= { ctsiIfConfigEntry 2 }

ctsiIfCacheClear OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to clear the cache for the specific
        TrustSec interface by setting the value to 'true'.
        Setting the value to 'false' has no effect.

        When read, this object always returns 'false'." 
    ::= { ctsiIfConfigEntry 3 }

ctsiIfRekey OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to re-generate the SAP key for the
        specific TrustSec interface by setting the value to 'true'.
        Setting the value to 'false' has no effect.

        When read, this object always returns 'false'." 
    ::= { ctsiIfConfigEntry 4 }
 

-- -----------------------------------------------------------------
-- Objects to manage Dot1x functionality of TrustSec interface
-- -----------------------------------------------------------------

ctsiIfDot1xTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfDot1xEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of the interfaces which have TrustSec dot1x mode
        configuration information."
    ::= { ctsiIfDot1xObjects 1 }

ctsiIfDot1xEntry OBJECT-TYPE
    SYNTAX          CtsiIfDot1xEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing the TrustSec dot1x configuration
        for a particular interface.

        An entry can be created or deleted by using
        ctsiIfDot1xRowStatus.

        An entry can only be created if the value of corresponding
        instance of ctsiIfConfiguredMode is 'none' and the 'dot1x'
        BIT of corresponding instance ctsiIfModeCapability is set."
    INDEX           { ifIndex } 
    ::= { ctsiIfDot1xTable 1 }

CtsiIfDot1xEntry ::= SEQUENCE {
        ctsiIfDot1xSgtPropagateEnabled    TruthValue,
        ctsiIfDot1xReauthInterval         Integer32,
        ctsiIfDot1xSapModeList            CtsSapNegModeList,
        ctsiIfDot1xDownloadReauthInterval Integer32,
        ctsiIfDot1xOperReauthInterval     Integer32,
        ctsiIfDot1xReauthTimeLeft         Integer32,
        ctsiIfDot1xStorageType            StorageType,
        ctsiIfDot1xRowStatus              RowStatus
}

ctsiIfDot1xSgtPropagateEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies whether the SGT propagation is
        enabled on this interface."
    DEFVAL          { false } 
    ::= { ctsiIfDot1xEntry 1 }

ctsiIfDot1xReauthInterval OBJECT-TYPE
    SYNTAX          Integer32
    UNITS           "seconds"
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the re-authentication interval
        applied to this interface when it is not provided from
        the ACS."
    DEFVAL          { 86400 } 
    ::= { ctsiIfDot1xEntry 2 }

ctsiIfDot1xSapModeList OBJECT-TYPE
    SYNTAX          CtsSapNegModeList
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the advertised modes for the SAP
        negotiation on this interface.  Modes are executed in
        the order as specified in the mode list.

        Mode which is at the beginning of the method list will be
        executed first.  Method which is at the end of mode list
        will be executed last.

        This object is not allowed to be set to a zero length
        string."
    DEFVAL          { '04000000'H } 
    ::= { ctsiIfDot1xEntry 3 }

ctsiIfDot1xDownloadReauthInterval OBJECT-TYPE
    SYNTAX          Integer32 (-1..2147483647)
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the re-authentication interval which
        is downloaded from ACS.

        A value of zero indicates no re-authentication interval is
        downloaded from ACS.

        A value of -1 indicates that this object is not applicable
        on this interface." 
    ::= { ctsiIfDot1xEntry 4 }

ctsiIfDot1xOperReauthInterval OBJECT-TYPE
    SYNTAX          Integer32 (-1..2147483647)
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the operational re-authentication
        interval of the interface.

        A value of zero indicates that dot1x re-authentication is
        disabled on this interface.

        A value of -1 indicates that this object is not applicable
        on this interface." 
    ::= { ctsiIfDot1xEntry 5 }

ctsiIfDot1xReauthTimeLeft OBJECT-TYPE
    SYNTAX          Integer32 (-1..2147483647)
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the leftover time of the current
        authentication session.

        A value of zero indicates the re-authentication is in
        progress.

        A value of -1 indicates that this object is not applicable
        on this interface." 
    ::= { ctsiIfDot1xEntry 6 }

ctsiIfDot1xStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile } 
    ::= { ctsiIfDot1xEntry 7 }

ctsiIfDot1xRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The status of this conceptual row.

        All writable objects in this row may be modified at any time." 
    ::= { ctsiIfDot1xEntry 8 }
 

-- -------------------------------------------------------------
-- Objects to manage TrustSec Manual mode interface
-- -------------------------------------------------------------

ctsiIfManualTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfManualEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of the interfaces which have TrustSec manual mode
        configuration information."
    ::= { ctsiIfManualObjects 1 }

ctsiIfManualEntry OBJECT-TYPE
    SYNTAX          CtsiIfManualEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing the TrustSec manual configuration
        information for a particular interface.

        An entry can be created or deleted by using
        ctsiIfManualRowStatus.

        An entry can only be created if the value of corresponding
        instance of ctsiIfConfiguredMode is 'none' and the 'manual'
        BIT of corresponding instance ctsiIfModeCapability is set."
    INDEX           { ifIndex } 
    ::= { ctsiIfManualTable 1 }

CtsiIfManualEntry ::= SEQUENCE {
        ctsiIfManualDynamicPeerId       SnmpAdminString,
        ctsiIfManualStaticSgt           CtsSecurityGroupTag,
        ctsiIfManualStaticSgtTrusted    TruthValue,
        ctsiIfManualSgtPropagateEnabled TruthValue,
        ctsiIfManualSapPmk              OCTET STRING,
        ctsiIfManualSapModeList         CtsSapNegModeList,
        ctsiIfManualStorageType         StorageType,
        ctsiIfManualRowStatus           RowStatus
}

ctsiIfManualDynamicPeerId OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the peer's device identity which is
        used to obtain the desired policy for authorization request.

        Setting a none-zero value on this object is not allowed if
        the value of ctsiIfManualStaticSgt is not set to zero.

        A zero length string indicates that the policy acquisition
        from the ACS using the peer's identity is disabled on this
        interface."
    DEFVAL          { "" } 
    ::= { ctsiIfManualEntry 1 }

ctsiIfManualStaticSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the statically configured SGT for
        tagging the ingress traffic from the peer.

        Setting a none-zero value on this object is not allowed if
        the value of ctsiIfManualDynamicPeerId is not set to a zero
        length string.

        A value of zero indicates that no statically SGT tagging."
    DEFVAL          { 0 } 
    ::= { ctsiIfManualEntry 2 }

ctsiIfManualStaticSgtTrusted OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the peer's SGT assignment trust
        state.

        This object only can be set when ctsiIfManualStaticSgt
        is none-zero."
    DEFVAL          { false } 
    ::= { ctsiIfManualEntry 3 }

ctsiIfManualSgtPropagateEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies whether the SGT propagation is
        enabled on this interface."
    DEFVAL          { false } 
    ::= { ctsiIfManualEntry 4 }

ctsiIfManualSapPmk OBJECT-TYPE
    SYNTAX          OCTET STRING (SIZE  (0 | 32))
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the PMK used by SAP.

        A zero length string for this object indicates the SAP
        negotiation is disabled on this interface."
    DEFVAL          { "" } 
    ::= { ctsiIfManualEntry 5 }

ctsiIfManualSapModeList OBJECT-TYPE
    SYNTAX          CtsSapNegModeList
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specified the advertised modes for the SAP
        negotiation on this interface.  Modes are executed in
        the order as specified in the mode list.

        Mode which is at the beginning of the mode list will be
        executed first.  Mode which is at the end of mode list
        will be executed last.

        Value of this object will becomes zero length octet if
        SAP negotiation is disabled.

        This object is not allowed to be set to a zero length
        string."
    DEFVAL          { "" } 
    ::= { ctsiIfManualEntry 6 }

ctsiIfManualStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile } 
    ::= { ctsiIfManualEntry 7 }

ctsiIfManualRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The status of this conceptual row.

        All writable objects in this row may be modified at any time." 
    ::= { ctsiIfManualEntry 8 }
 

-- -------------------------------------------------------------
-- Objects to manage TrustSec L3 forwarding mode interface
-- -------------------------------------------------------------

ctsiIfL3ForwardTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfL3ForwardEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of the interfaces which have TrustSec L3 forwarding
        configuration information."
    ::= { ctsiIfL3ForwardObjects 1 }

ctsiIfL3ForwardEntry OBJECT-TYPE
    SYNTAX          CtsiIfL3ForwardEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing the TrustSec L3 forwarding configuration
        information for a particular interface.

        An entry can be created or deleted by using
        ctsiIfL3ForwardRowStatus.

        An entry can only be created if the value of corresponding
        instance of ctsiIfConfiguredMode is 'none' and the 'l3Forward'
        BIT of corresponding instance ctsiIfModeCapability is set."
    INDEX           { ifIndex } 
    ::= { ctsiIfL3ForwardTable 1 }

CtsiIfL3ForwardEntry ::= SEQUENCE {
        ctsiIfL3ForwardMode        INTEGER,
        ctsiIfL3ForwardStorageType StorageType,
        ctsiIfL3ForwardRowStatus   RowStatus
}

ctsiIfL3ForwardMode OBJECT-TYPE
    SYNTAX          INTEGER  {
                        l3Ipv4Forward(1),
                        l3Ipv6Forward(2),
                        l3IpForward(3)
                    }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the type of L3 forwarding for
        the interface.

        l3Ipv4Forward - TrustSec L3 IPv4 forwarding.

        l3Ipv6Forward - TrustSec L3 IPv6 forwarding. 

        l3IpForward   - TrustSec L3 IPv6 and IPv4 forwarding."
    DEFVAL          { l3Ipv4Forward } 
    ::= { ctsiIfL3ForwardEntry 1 }

ctsiIfL3ForwardStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile } 
    ::= { ctsiIfL3ForwardEntry 2 }

ctsiIfL3ForwardRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The status of this conceptual row.

        All writable objects in this row may be modified at any time." 
    ::= { ctsiIfL3ForwardEntry 3 }
 

-- -------------------------------------------------------------
-- Objects for the status of the TrustSec interface
-- -------------------------------------------------------------

ctsiIfStatusTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfStatusEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of TrustSec enabled interfaces."
    ::= { ctsiIfStatusObjects 1 }

ctsiIfStatusEntry OBJECT-TYPE
    SYNTAX          CtsiIfStatusEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains the information of the specific TrustSec
        interface.

        A entry is created by system when TrustSec is enabled for
        an interface.  An entry is deleted by system if TrustSec
        is disabled for an interface."
    INDEX           { ifIndex } 
    ::= { ctsiIfStatusTable 1 }

CtsiIfStatusEntry ::= SEQUENCE {
        ctsiIfControllerState      CtsiInterfaceControllerState,
        ctsiIfAuthenticationStatus INTEGER,
        ctsiIfPeerId               SnmpAdminString,
        ctsiIfPeerAdvCapability    BITS,
        ctsiIfAuthorizationStatus  INTEGER,
        ctsiIfPeerSgt              CtsSecurityGroupTag,
        ctsiIfPeerSgtTrusted       TruthValue,
        ctsiIfSapNegotiationStatus INTEGER,
        ctsiIfSapNegModeList       CtsSapNegModeList,
        ctsiIfCacheExpirationTime  DateAndTime,
        ctsiIfCacheDataSource      CtsiCasheDataSource,
        ctsiIfCriticalAuthStatus   INTEGER
}

ctsiIfControllerState OBJECT-TYPE
    SYNTAX          CtsiInterfaceControllerState
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the current IFC state of this
        interface." 
    ::= { ctsiIfStatusEntry 1 }

ctsiIfAuthenticationStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        unknown(1),
                        succeeded(2),
                        rejected(3),
                        logOff(4),
                        noRespond(5),
                        notApplicable(6),
                        incomplete(7),
                        failed(8)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the current TrustSec authentication
        status of this interface.

        unknown          - status not covered by any of
                           the follow enumerations.

        succeeded        - authentication is succeeded.

        rejected         - authentication is rejected.

        logOff           - peer logged off.

        noRespond        - peer no respond.

        notApplicable    - bypassing the authentication.

        incomplete       - authentication is not completed.

        failed           - authentication failed." 
    ::= { ctsiIfStatusEntry 2 }

ctsiIfPeerId OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the device identity or symbolic
        group name of the remote peer." 
    ::= { ctsiIfStatusEntry 3 }

ctsiIfPeerAdvCapability OBJECT-TYPE
    SYNTAX          BITS {
                        sap(0)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the advertised capabilities of the
        remote peer associated with this interface." 
    ::= { ctsiIfStatusEntry 4 }

ctsiIfAuthorizationStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        unknown(1),
                        inProgress(2),
                        succeeded(3),
                        failed(4),
                        fallBackPolicy(5),
                        incomplete(6),
                        peerSucceeded(7),
                        rbaclSucceeded(8),
                        policySucceeded(9)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the current TrustSec authorization
        status of the interface.

            unknown           - status not covered by any of
                                the follow enumerations.

            inProgress        - authorization in progress.

            succeeded         - authorization succeeded.

            failed            - authorization failed. 

            fallBackPolicy    - apply the fallback policy.

            incomplete        - authorization aborted.

            peerSucceeded     - apply the peer policy succeeded.

            rbaclSucceeded    - apply the RBACL policy succeeded.

            policySucceeded   - apply the all policy succeeded." 
    ::= { ctsiIfStatusEntry 5 }

ctsiIfPeerSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the SGT value of the remote peer." 
    ::= { ctsiIfStatusEntry 6 }

ctsiIfPeerSgtTrusted OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates whether the SGT of the remote peer
        is trusted." 
    ::= { ctsiIfStatusEntry 7 }

ctsiIfSapNegotiationStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        notApplicable(1),
                        unknown(2),
                        inProgress(3),
                        succeeded(4),
                        failed(5),
                        licenseError(6)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the SAP negotiation status on
        this interface.

            notApplicable  - SAP disabled on local or remote peer
                             is not SAP capable.

            unknown        - status not covered by any
                             of the follow enumerations.

            inProgress     - SAP negotiation in progress.

            succeeded      - SAP negotiation completed.

            failed         - SAP negotiation failed.

            licenseError   - No MACSec software license." 
    ::= { ctsiIfStatusEntry 8 }

ctsiIfSapNegModeList OBJECT-TYPE
    SYNTAX          CtsSapNegModeList
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the operational SAP negotiation
        mode list on this interface." 
    ::= { ctsiIfStatusEntry 9 }

ctsiIfCacheExpirationTime OBJECT-TYPE
    SYNTAX          DateAndTime
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the time when the current cached data
        applied on the interface will be expired. 

        A value of zero indicates that the cached data will never be
        expired." 
    ::= { ctsiIfStatusEntry 10 }

ctsiIfCacheDataSource OBJECT-TYPE
    SYNTAX          CtsiCasheDataSource
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the source of cached data applied to the
        interface." 
    ::= { ctsiIfStatusEntry 11 }

ctsiIfCriticalAuthStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        disable(1),
                        cache(2),
                        default(3)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the CTS Critical-Auth status
        of interface.

        disable - link is not in Critical-Auth mode.

        cache   - link is in Critical-Auth cached mode.

        default - link is in Critical-Auth default mode." 
    ::= { ctsiIfStatusEntry 12 }
 

-- -------------------------------------------------------------
-- Objects for the statistic of the TrustSec interface
-- -------------------------------------------------------------

ctsiIfStatsTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfStatsEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of Cisco Trusted Security capable interface."
    ::= { ctsiIfStatsObjects 1 }

ctsiIfStatsEntry OBJECT-TYPE
    SYNTAX          CtsiIfStatsEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains the statistics information of a
        particular TrustSec interface.

        An entry created by system for each interface is TrustSec
        enabled.  An entry deleted by system for each interface is
        TrustSec disabled."
    INDEX           { ifIndex } 
    ::= { ctsiIfStatsTable 1 }

CtsiIfStatsEntry ::= SEQUENCE {
        ctsiIfAuthenticationSuccess    Counter32,
        ctsiIfAuthenticationReject     Counter32,
        ctsiIfAuthenticationFailure    Counter32,
        ctsiIfAuthenticationNoResponse Counter32,
        ctsiIfAuthenticationLogoff     Counter32,
        ctsiIfAuthorizationSuccess     Counter32,
        ctsiIfAuthorizationPolicyFail  Counter32,
        ctsiIfAuthorizationFail        Counter32,
        ctsiIfSapSuccess               Counter32,
        ctsiIfSapFail                  Counter32
}

ctsiIfAuthenticationSuccess OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that peer has been successfully
        authenticated on this interface." 
    ::= { ctsiIfStatsEntry 1 }

ctsiIfAuthenticationReject OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that peer has been rejected
        in authentication on this interface." 
    ::= { ctsiIfStatsEntry 2 }

ctsiIfAuthenticationFailure OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that peer has been failed in
        authentication on this interface." 
    ::= { ctsiIfStatsEntry 3 }

ctsiIfAuthenticationNoResponse OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that no authentication respond
        received from the remote peer associated with this 
        interface." 
    ::= { ctsiIfStatsEntry 4 }

ctsiIfAuthenticationLogoff OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that received authentication log
        off from the peer associated with this interface." 
    ::= { ctsiIfStatsEntry 5 }

ctsiIfAuthorizationSuccess OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that the peer entity successfully
        passed the TrustSec authorization challenge on this
        interface." 
    ::= { ctsiIfStatsEntry 6 }

ctsiIfAuthorizationPolicyFail OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of time that fail to access policy or refresh
        the policy for TrustSec authorization on this interface." 
    ::= { ctsiIfStatsEntry 7 }

ctsiIfAuthorizationFail OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that peer has been failed in TrustSec
        authorization on this interface." 
    ::= { ctsiIfStatsEntry 8 }

ctsiIfSapSuccess OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that SAP negotiation is succeed on this
        interface." 
    ::= { ctsiIfStatsEntry 9 }

ctsiIfSapFail OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of times that SAP negotiation has failed on this
        interface." 
    ::= { ctsiIfStatsEntry 10 }
 

-- -------------------------------------------------------------
-- Objects for the status of the authorize remote peer
-- -------------------------------------------------------------

ctsiAuthorizationTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiAuthorizationEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of authorized remote peers on this device."
    ::= { ctsiAuthorizationObjects 1 }

ctsiAuthorizationEntry OBJECT-TYPE
    SYNTAX          CtsiAuthorizationEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing the management information for a
        particular authorized peer.

        An entry is created when the policy acquired from the ACS
        for a new peer.

        An entry is deleted when the authorization of the peer has
        expired or fails to refresh its policy."
    INDEX           { IMPLIED ctsiAuthorizationPeerId } 
    ::= { ctsiAuthorizationTable 1 }

CtsiAuthorizationEntry ::= SEQUENCE {
        ctsiAuthorizationPeerId          SnmpAdminString,
        ctsiAuthorizationPeerSgt         CtsSecurityGroupTag,
        ctsiAuthorizationState           INTEGER,
        ctsiAuthorizationLastRefresh     DateAndTime,
        ctsiAuthorizationTimeLeft        Integer32,
        ctsiAuthorizationTimeToRefresh   Integer32,
        ctsiAuthorizationCacheDataSource CtsiCasheDataSource,
        ctsiAuthorizationStatus          INTEGER
}

ctsiAuthorizationPeerId OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (1..64))
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This object indicates the device identity or symbolic group
        name of the remote peer." 
    ::= { ctsiAuthorizationEntry 1 }

ctsiAuthorizationPeerSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the SGT of the remote peer." 
    ::= { ctsiAuthorizationEntry 2 }

ctsiAuthorizationState OBJECT-TYPE
    SYNTAX          INTEGER  {
                        unknown(1),
                        start(2),
                        waitingRespond(3),
                        assessing(4),
                        complete(5),
                        failure(6)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the current state of the
        authorization entity.

        unknown            - none of the following states.

        start              - authorization entity created and
                             initialized.

        waitingRespond     - a policy request has been made by 
                             remote peer to the ACS and
                             waiting for the response.

        assessing          - the policy been received from ACS 
                             and is being assessed.

        complete           - policy has been received and assessed.

        failure            - failed to download the policy from the
                             ACS." 
    ::= { ctsiAuthorizationEntry 3 }

ctsiAuthorizationLastRefresh OBJECT-TYPE
    SYNTAX          DateAndTime
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The object indicates the date and time when the authorized
        peer was last refreshed." 
    ::= { ctsiAuthorizationEntry 4 }

ctsiAuthorizationTimeLeft OBJECT-TYPE
    SYNTAX          Integer32 (-1..2147483647)
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the leftover time for the current
        policy.

        A value of zero indicates that policy refresh is in progress.

        A value of -1 indicates that this object is not applicable
        on this authorization entry." 
    ::= { ctsiAuthorizationEntry 5 }

ctsiAuthorizationTimeToRefresh OBJECT-TYPE
    SYNTAX          Integer32 (-1..2147483647)
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the time left to start the policy
        refresh.

        A value of zero indicates that policy refresh is in progress.

        A value of -1 indicates that this object is not applicable
        on this authorization entry." 
    ::= { ctsiAuthorizationEntry 6 }

ctsiAuthorizationCacheDataSource OBJECT-TYPE
    SYNTAX          CtsiCasheDataSource
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the source of cached data." 
    ::= { ctsiAuthorizationEntry 7 }

ctsiAuthorizationStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        unknown(1),
                        inProgress(2),
                        succeeded(3),
                        failed(4),
                        fallbackPolicy(5),
                        incomplete(6)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the status of this authorization peer.
        unknown           - status not covered by any of
                            the follow enumerations.

        inProgress        - new authorization link created or add
                            a new policy request for an existing
                            link.

        succeeded         - policy received successful.

        failed            - policy download failed.

        fallbackPolicy    - download policy failed apply fallback
                            policy.

        incomplete        - policy received incomplete." 
    ::= { ctsiAuthorizationEntry 8 }
 

-- -------------------------------------------------------------
-- Objects for the statistic of interface controller state
-- -------------------------------------------------------------

ctsiIfcStatsTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtsiIfcStatsEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of IFC state statistic on this device."
    ::= { ctsiIfcStatsObjects 1 }

ctsiIfcStatsEntry OBJECT-TYPE
    SYNTAX          CtsiIfcStatsEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing the total number of interfaces which
        are currently belong to a particular IFC state."
    INDEX           { ctsiIfcState } 
    ::= { ctsiIfcStatsTable 1 }

CtsiIfcStatsEntry ::= SEQUENCE {
        ctsiIfcState        CtsiInterfaceControllerState,
        ctsiIfcStatsIfCount Unsigned32
}

ctsiIfcState OBJECT-TYPE
    SYNTAX          CtsiInterfaceControllerState
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This object indicates the IFC state." 
    ::= { ctsiIfcStatsEntry 1 }

ctsiIfcStatsIfCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of interfaces on the device which is
        currently in the IFC state." 
    ::= { ctsiIfcStatsEntry 2 }
 


-- -------------------------------------------------------------
-- Objects for the statistic of the TrustSec events
-- -------------------------------------------------------------

ctsiAuthenticationSuccess OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that remote peers authentication
        succeed on this device." 
    ::= { ctsiEventsStatsObjects 1 }

ctsiAuthenticationReject OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that remote peers authentication
        rejected on this device." 
    ::= { ctsiEventsStatsObjects 2 }

ctsiAuthenticationFailure OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that remote peers authentication
        failed on this device" 
    ::= { ctsiEventsStatsObjects 3 }

ctsiAuthenticationLogoff OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that remote peer log off on this
        device." 
    ::= { ctsiEventsStatsObjects 4 }

ctsiAuthenticationNoRespond OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that not received authentication
        respond from remote peer on this device." 
    ::= { ctsiEventsStatsObjects 5 }

ctsiAuthorizationSuccess OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that remote peer authorization
        succeed on this device." 
    ::= { ctsiEventsStatsObjects 6 }

ctsiAuthorizationFailure OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that remote peer TrustSec
        authorization failed on this device." 
    ::= { ctsiEventsStatsObjects 7 }

ctsiAuthorizationPolicyFailure OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of time that fail to access policy or refresh
        the policy for TrustSec authorization on this device." 
    ::= { ctsiEventsStatsObjects 8 }

ctsiSapNegotiationSuccess OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that TrustSec SAP negotiation
        succeed on this device." 
    ::= { ctsiEventsStatsObjects 9 }

ctsiSapNegotiationFailure OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of times that TrustSec SAP negotiation
        failure on this device." 
    ::= { ctsiEventsStatsObjects 10 }

ctsiInDot1xModeIfCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of interfaces on the device which is
        in TrustSec 802.1X mode." 
    ::= { ctsiIfModeStatsObjects 1 }

ctsiInManualModeIfCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of interfaces on the device which is
        in TrustSec Manual mode." 
    ::= { ctsiIfModeStatsObjects 2 }

ctsiInL3ForwardModeIfCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The total number of interfaces on the device which is
        in TrustSec Layer 3 forwarding mode." 
    ::= { ctsiIfModeStatsObjects 3 }

-- Notifications Control

ctsiAuthorizationFailNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the system generates the
        ctsiAuthorizationFailNotif.

        A value of 'false' will prevent
        ctsiAuthorizationFailNotif notifications from being
        generated by this system." 
    ::= { ctsiIfNotifsControlObjects 1 }

ctsiIfAddSupplicantFailNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the system generates the
        ctsiIfAddSupplicantFailNotif.

        A value of 'false' will prevent 
        ctsiIfAddSupplicantFailNotif notifications from being
        generated by this system." 
    ::= { ctsiIfNotifsControlObjects 2 }

ctsiIfAuthenticationFailNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the system generates the
        ctsiIfAuthenticationFailNotif.

        A value of 'false' will prevent
        ctsiIfAuthenticationFailNotif notifications from being
        generated by this system." 
    ::= { ctsiIfNotifsControlObjects 3 }

ctsiIfSapNegotiationFailNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the system generates the
        ctsiIfSapNegotiationFailNotif.

        A value of 'false' will prevent
        ctsiIfSapNegotiationFailNotif notifications from being
        generated by this system." 
    ::= { ctsiIfNotifsControlObjects 4 }

ctsiIfUnauthorizedNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the system generates the
        ctsiIfUnauthorizedNotif.

        A value of 'false' will prevent ctsiIfUnauthorizedNotif
        notifications from being generated by this system." 
    ::= { ctsiIfNotifsControlObjects 5 }

-- Notifications Only Info

ctsiIfNotifMessage OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      accessible-for-notify
    STATUS          current
    DESCRIPTION
        "This object indicates detail message associated
        with notifications." 
    ::= { ctsiIfNotifsOnlyInfoObjects 1 }

ctsiIfDot1xPaeRole OBJECT-TYPE
    SYNTAX          INTEGER  {
                        notApplicable(1),
                        authenticator(2),
                        supplicant(3)
                    }
    MAX-ACCESS      accessible-for-notify
    STATUS          current
    DESCRIPTION
        "This object indicates dot1x PAE role information.

        notApplicable: Dot1x PAE role is not applicable in 
                       this notification.

        authenticator: PAE Authenticator.

        supplicant   : PAE Supplicant." 
    ::= { ctsiIfNotifsOnlyInfoObjects 2 }

-- Notifications

ctsiAuthorizationFailNotif NOTIFICATION-TYPE
    OBJECTS         { ctsiAuthorizationPeerSgt }
    STATUS          current
    DESCRIPTION
        "A ctsiAuthorizationFailNotif is generated when the policy
        acquisition failed for the peer."
   ::= { ciscoTrustSecIfMIBNotifs 1 }

ctsiIfAddSupplicantFailNotif NOTIFICATION-TYPE
    OBJECTS         { ifName }
    STATUS          current
    DESCRIPTION
        "A ctsiIfAddSupplicantFailNotif is generated when the system
        fails to add dot1x supplicant for an interface."
   ::= { ciscoTrustSecIfMIBNotifs 2 }

ctsiIfAuthenticationFailNotif NOTIFICATION-TYPE
    OBJECTS         {
                        ifName,
                        ctsiIfPeerId,
                        ctsiIfDot1xPaeRole,
                        ctsiIfAuthenticationStatus
                    }
    STATUS          current
    DESCRIPTION
        "A ctsiIfAuthenticationFailNotif is generated when an
        authentication error for the peer is detected for an interface."
   ::= { ciscoTrustSecIfMIBNotifs 3 }

ctsiIfSapNegotiationFailNotif NOTIFICATION-TYPE
    OBJECTS         {
                        ifName,
                        ctsiIfNotifMessage
                    }
    STATUS          current
    DESCRIPTION
        "A ctsiIfSapNegotiationFailNotif is generated when a SAP
        negotiation error with the peer is detected for an interface."
   ::= { ciscoTrustSecIfMIBNotifs 4 }

ctsiIfUnauthorizedNotif NOTIFICATION-TYPE
    OBJECTS         { ifName }
    STATUS          current
    DESCRIPTION
        "A ctsiIfUnauthorizedNotif is generated when a interface
        becomes unauthorized on the Cisco TrustSec link."
   ::= { ciscoTrustSecIfMIBNotifs 5 }
-- Conformance

ciscoTrustSecIfMIBCompliances  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBConform 1 }

ciscoTrustSecIfMIBGroups  OBJECT IDENTIFIER
    ::= { ciscoTrustSecIfMIBConform 2 }


ciscoTrustSecIfMIBCompliance MODULE-COMPLIANCE
    STATUS          deprecated
    DESCRIPTION
        "The compliance statement for the CISCO-TRUSTSEC-MIB."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        ciscoTrustSecIfMIBIfConfigGroup,
                        ciscoTrustSecIfMIBDot1xGroup,
                        ciscoTrustSecIfMIBManualGroup,
                        ciscoTrustSecIfMIBL3ForwardGroup,
                        ciscoTrustSecIfMIBStatusGroup,
                        ciscoTrustSecIfMIBStatisticGroup,
                        ciscoTrustSecIfMIBAuthorizationGroup,
                        ciscoTrustSecIfMIBIfcStatisticGroup,
                        ciscoTrustSecIfMIBEventStatisticGroup,
                        ciscoTrustSecIfMIBIfModeStatisticGroup
                    }

    OBJECT          ctsiIfDot1xSgtPropagateEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xReauthInterval
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xSapModeList
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfManualDynamicPeerId
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStaticSgt
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStaticSgtTrusted
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSgtPropagateEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSapPmk
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSapModeList
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfL3ForwardStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfL3ForwardRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."
    ::= { ciscoTrustSecIfMIBCompliances 1 }

ciscoTrustSecIfMIBCompliance2 MODULE-COMPLIANCE
    STATUS          deprecated
    DESCRIPTION
        "The compliance statement for the CISCO-TRUSTSEC-MIB."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        ciscoTrustSecIfMIBIfConfigGroup,
                        ciscoTrustSecIfMIBDot1xGroup,
                        ciscoTrustSecIfMIBManualGroup,
                        ciscoTrustSecIfMIBL3ForwardGroup,
                        ciscoTrustSecIfMIBStatusGroup,
                        ciscoTrustSecIfMIBStatisticGroup,
                        ciscoTrustSecIfMIBAuthorizationGroup,
                        ciscoTrustSecIfMIBIfcStatisticGroup,
                        ciscoTrustSecIfMIBEventStatisticGroup,
                        ciscoTrustSecIfMIBIfModeStatisticGroup
                    }

    GROUP           ciscoTrustSecIfMIBNotifsCtrlGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec interface notifications."

    GROUP           ciscoTrustSecIfMIBNotifsOnlyInfoGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec interface notifications."

    GROUP           ciscoTrustSecIfMIBNotifsGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec interface notifications."

    OBJECT          ctsiIfDot1xSgtPropagateEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xReauthInterval
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xSapModeList
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfManualDynamicPeerId
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStaticSgt
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStaticSgtTrusted
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSgtPropagateEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSapPmk
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSapModeList
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfL3ForwardStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfL3ForwardRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfUnauthorizedNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiAuthorizationFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfAddSupplicantFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfAuthenticationFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfSapNegotiationFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."
    ::= { ciscoTrustSecIfMIBCompliances 2 }

ciscoTrustSecIfMIBCompliance3 MODULE-COMPLIANCE
    STATUS          current
    DESCRIPTION
        "The compliance statement for the CISCO-TRUSTSEC-MIB."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        ciscoTrustSecIfMIBIfConfigGroup,
                        ciscoTrustSecIfMIBDot1xGroup,
                        ciscoTrustSecIfMIBManualGroup,
                        ciscoTrustSecIfMIBL3ForwardGroup,
                        ciscoTrustSecIfMIBStatusGroup,
                        ciscoTrustSecIfMIBStatisticGroup,
                        ciscoTrustSecIfMIBAuthorizationGroup,
                        ciscoTrustSecIfMIBIfcStatisticGroup,
                        ciscoTrustSecIfMIBEventStatisticGroup,
                        ciscoTrustSecIfMIBIfModeStatisticGroup
                    }

    GROUP           ciscoTrustSecIfMIBNotifsCtrlGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec interface notifications."

    GROUP           ciscoTrustSecIfMIBNotifsOnlyInfoGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec interface notifications."

    GROUP           ciscoTrustSecIfMIBNotifsGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec interface notifications."

    GROUP           ciscoTrustSecIfMIBCriticalAuthStatusGrp
    DESCRIPTION
        "This group is mandatory for platforms which support
        TrustSec Critical-Auth."

    OBJECT          ctsiIfDot1xSgtPropagateEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xReauthInterval
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xSapModeList
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfDot1xRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfManualDynamicPeerId
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStaticSgt
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStaticSgtTrusted
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSgtPropagateEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSapPmk
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualSapModeList
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfManualRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfL3ForwardStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfL3ForwardRowStatus
    SYNTAX          INTEGER  {
                        active(1)
                    }
    WRITE-SYNTAX    INTEGER  {
                        createAndGo(4),
                        destroy(6)
                    }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required.
        Support for createAndWait and notInService
        is not required."

    OBJECT          ctsiIfUnauthorizedNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiAuthorizationFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfAddSupplicantFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfAuthenticationFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          ctsiIfSapNegotiationFailNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."
    ::= { ciscoTrustSecIfMIBCompliances 3 }

-- Units of Conformance

ciscoTrustSecIfMIBIfConfigGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiIfModeCapability,
                        ctsiIfConfiguredMode,
                        ctsiIfCacheClear,
                        ctsiIfRekey
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the interface
        configuration for Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 1 }

ciscoTrustSecIfMIBDot1xGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiIfDot1xSgtPropagateEnabled,
                        ctsiIfDot1xReauthInterval,
                        ctsiIfDot1xSapModeList,
                        ctsiIfDot1xDownloadReauthInterval,
                        ctsiIfDot1xOperReauthInterval,
                        ctsiIfDot1xReauthTimeLeft,
                        ctsiIfDot1xStorageType,
                        ctsiIfDot1xRowStatus
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the dot1x mode
        configuration for the Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 2 }

ciscoTrustSecIfMIBManualGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiIfManualDynamicPeerId,
                        ctsiIfManualStaticSgt,
                        ctsiIfManualStaticSgtTrusted,
                        ctsiIfManualSgtPropagateEnabled,
                        ctsiIfManualSapPmk,
                        ctsiIfManualSapModeList,
                        ctsiIfManualStorageType,
                        ctsiIfManualRowStatus
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the manual mode
        configuration for the Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 3 }

ciscoTrustSecIfMIBL3ForwardGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiIfL3ForwardMode,
                        ctsiIfL3ForwardStorageType,
                        ctsiIfL3ForwardRowStatus
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the L3 forwarding
        mode configuration for the Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 4 }

ciscoTrustSecIfMIBStatusGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiIfControllerState,
                        ctsiIfAuthenticationStatus,
                        ctsiIfPeerId,
                        ctsiIfPeerAdvCapability,
                        ctsiIfAuthorizationStatus,
                        ctsiIfPeerSgt,
                        ctsiIfPeerSgtTrusted,
                        ctsiIfCacheExpirationTime,
                        ctsiIfCacheDataSource,
                        ctsiIfSapNegotiationStatus,
                        ctsiIfSapNegModeList
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the status
        information for the Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 5 }

ciscoTrustSecIfMIBStatisticGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiIfAuthenticationSuccess,
                        ctsiIfAuthenticationReject,
                        ctsiIfAuthenticationFailure,
                        ctsiIfAuthenticationNoResponse,
                        ctsiIfAuthenticationLogoff,
                        ctsiIfAuthorizationSuccess,
                        ctsiIfAuthorizationPolicyFail,
                        ctsiIfAuthorizationFail,
                        ctsiIfSapSuccess,
                        ctsiIfSapFail
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the statistic
        information for the Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 6 }

ciscoTrustSecIfMIBAuthorizationGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiAuthorizationPeerSgt,
                        ctsiAuthorizationState,
                        ctsiAuthorizationLastRefresh,
                        ctsiAuthorizationTimeLeft,
                        ctsiAuthorizationTimeToRefresh,
                        ctsiAuthorizationCacheDataSource,
                        ctsiAuthorizationStatus
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the status
        information for the authorization link in the system."
    ::= { ciscoTrustSecIfMIBGroups 7 }

ciscoTrustSecIfMIBIfcStatisticGroup OBJECT-GROUP
    OBJECTS         { ctsiIfcStatsIfCount }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the global
        IFC state statistic information in the system."
    ::= { ciscoTrustSecIfMIBGroups 8 }

ciscoTrustSecIfMIBEventStatisticGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiAuthenticationSuccess,
                        ctsiAuthenticationReject,
                        ctsiAuthenticationFailure,
                        ctsiAuthenticationLogoff,
                        ctsiAuthenticationNoRespond,
                        ctsiAuthorizationSuccess,
                        ctsiAuthorizationFailure,
                        ctsiAuthorizationPolicyFailure,
                        ctsiSapNegotiationSuccess,
                        ctsiSapNegotiationFailure
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the global
        statistic information for the TrustSec events."
    ::= { ciscoTrustSecIfMIBGroups 9 }

ciscoTrustSecIfMIBIfModeStatisticGroup OBJECT-GROUP
    OBJECTS         {
                        ctsiInDot1xModeIfCount,
                        ctsiInManualModeIfCount,
                        ctsiInL3ForwardModeIfCount
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the global TrustSec
        mode statistic information."
    ::= { ciscoTrustSecIfMIBGroups 10 }

ciscoTrustSecIfMIBNotifsCtrlGrp OBJECT-GROUP
    OBJECTS         {
                        ctsiAuthorizationFailNotifEnable,
                        ctsiIfAddSupplicantFailNotifEnable,
                        ctsiIfAuthenticationFailNotifEnable,
                        ctsiIfSapNegotiationFailNotifEnable,
                        ctsiIfUnauthorizedNotifEnable
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides notification control
        for TrustSec interfaces."
    ::= { ciscoTrustSecIfMIBGroups 11 }

ciscoTrustSecIfMIBNotifsOnlyInfoGrp OBJECT-GROUP
    OBJECTS         {
                        ctsiIfNotifMessage,
                        ctsiIfDot1xPaeRole
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the notification
        information for TrustSec interfaces."
    ::= { ciscoTrustSecIfMIBGroups 12 }

ciscoTrustSecIfMIBNotifsGrp NOTIFICATION-GROUP
   NOTIFICATIONS    {
                        ctsiAuthorizationFailNotif,
                        ctsiIfAddSupplicantFailNotif,
                        ctsiIfAuthenticationFailNotif,
                        ctsiIfSapNegotiationFailNotif,
                        ctsiIfUnauthorizedNotif
                    }
    STATUS          current
    DESCRIPTION
        "A collection of notifications for TrustSec interfaces."
    ::= { ciscoTrustSecIfMIBGroups 13 }

ciscoTrustSecIfMIBCriticalAuthStatusGrp OBJECT-GROUP
    OBJECTS         { ctsiIfCriticalAuthStatus }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides the Critical-Auth
        status information for the Cisco Trusted Security capable
        interface in the system."
    ::= { ciscoTrustSecIfMIBGroups 14 }

END











