-- *****************************************************************
-- CISCO-TRUSTSEC-POLICY-MIB.my
--   
-- November 2009, Edward Pham 
--   
-- Copyright (c) 2009, 2011-2012 by cisco Systems Inc.
-- All rights reserved.
--   
-- *****************************************************************

CISCO-TRUSTSEC-POLICY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    NOTIFICATION-TYPE,
    Unsigned32,
    Counter64
        FROM SNMPv2-SMI

    MODULE-COMPLIANCE,
    OBJECT-GROUP,
    NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    
    TruthValue,
    DateAndTime,
    StorageType,
    RowStatus
        FROM SNMPv2-TC

    ifIndex
        FROM IF-MIB

    CtsSecurityGroupTag,
    CtsGenerationId,
    CtsAclName,
    CtsAclList,
    CtsAclListOrEmpty, 
    CtsAclNameOrEmpty,
    CtsSgaclMonitorMode
        FROM CISCO-TRUSTSEC-TC-MIB

    InetAddressType,
    InetAddress,
    InetAddressPrefixLength
        FROM INET-ADDRESS-MIB

    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB

    VlanIndex
        FROM Q-BRIDGE-MIB

    CiscoVrfName, 
    Cisco2KVlanList
        FROM CISCO-TC 

    ciscoMgmt
        FROM CISCO-SMI;

ciscoTrustSecPolicyMIB MODULE-IDENTITY
    LAST-UPDATED    "201212190000Z"
    ORGANIZATION    "Cisco Systems, Inc."
    CONTACT-INFO
            "Cisco Systems
            Customer Service

            Postal: 170 W Tasman Drive
            San Jose, CA  95134
            USA

            Tel: +1 800 553-NETS

            E-mail: cs-lan-switch-snmp@cisco.com"
    DESCRIPTION
        "This MIB module defines managed objects that facilitate the
        management of various policies within the Cisco Trusted Security
        (TrustSec) infrastructure. 

        The information available through this MIB includes:

        o Device and interface level configuration for enabling
          SGACL (Security Group Access Control List) enforcement
          on Layer2/3 traffic. 

        o Administrative and operational SGACL mapping to Security
          Group Tag (SGT). 

        o Various statistics counters for traffic subject to SGACL
          enforcement. 

        o TrustSec policies with respect to peer device. 

        o Interface level configuration for enabling the propagation
          of SGT along with the Layer 3 traffic in portions of network
          which does not have the capability to support TrustSec 
          feature. 
          
        o TrustSec policies with respect to SGT propagation with
          Layer 3 traffic. 
        
        The following terms are used throughout this MIB:

        VRF:   Virtual Routing and Forwarding.
   
        SGACL: Security Group Access Control List.

        ACE: Access Control Entries.

        SXP: SGT Propagation Protocol.

        SVI: Switch Virtual Interface.

        IPM: Identity Port Mapping.

        SGT (Security Group Tag) is a unique 16 bits value assigned
        to every security group and used by network devices to
        enforce SGACL.

        Peer is another device connected to the local device on the
        other side of a TrustSec link.

        Default Policy:  Policy applied to traffic when there is 
        no explicit policy between the SGT associated with the 
        originator of the traffic and the SGT associated with 
        the destination of the traffic." 

    REVISION        "201212190000Z"
    DESCRIPTION
        "Added following OBJECT-GROUP:
         - ctspNotifCtrlGroup
         - ctspNotifGroup
         - ctspNotifInfoGroup
         - ctspIfSgtMappingGroup
         - ctspVlanSgtMappingGroup
         - ctspSgtCachingGroup
         - ctspSgaclMonitorGroup 
         - ctspSgaclMonitorStatisticGroup
        Added new compliance
         - ciscoTrustSecPolicyMIBCompliances
        Modified ctspIpSgtSource to add l3if(6), vlan(7), caching(8)."
    REVISION        "200911060000Z"
    DESCRIPTION
        "Initial version of this MIB module."
    ::= { ciscoMgmt 713 }


ciscoTrustSecPolicyMIBNotifs  OBJECT IDENTIFIER
    ::= { ciscoTrustSecPolicyMIB 0 }

ciscoTrustSecPolicyMIBObjects  OBJECT IDENTIFIER
    ::= { ciscoTrustSecPolicyMIB 1 }

ciscoTrustSecPolicyMIBConformance  OBJECT IDENTIFIER
    ::= { ciscoTrustSecPolicyMIB 2 }



ctspSgacl
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 1 }
ctspPeerPolicy
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 2 }
ctspLayer3Transport
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 3 }
ctspIpSgtMappings
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 4 }
ctspSgtPolicy
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 5 }
ctspIfSgtMappings
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 6 }
ctspVlanSgtMappings
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 7 }
ctspSgtCaching
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 8 }
ctspNotifsControl
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 9 }
ctspNotifsOnlyInfo 
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 10 }


ctspSgaclGlobals
    OBJECT IDENTIFIER ::= { ctspSgacl 1 }
ctspSgaclMappings
    OBJECT IDENTIFIER ::= { ctspSgacl 2 }
ctspSgaclStatistics
    OBJECT IDENTIFIER ::= { ctspSgacl 3 }

--
--  ctspSgaclGlobals
--

ctspSgaclEnforcementEnable OBJECT-TYPE
    SYNTAX        INTEGER {
                      none(1),
                      l3Only(2)
                  } 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies whether SGACL enforcement for all 
         Layer 3 interfaces (excluding SVIs) is enabled at the 
         managed system. 

         'none' indicates that SGACL enforcement for all Layer 3
         interfaces (excluding SVIs) is disabled.
         
         'l3Only' indicates that SGACL enforcement is enabled on
         every TrustSec capable Layer3 interface (excluding SVIs)
         in the device." 
    ::= { ctspSgaclGlobals 1 } 

ctspSgaclIpv4DropNetflowMonitor OBJECT-TYPE
    SYNTAX        SnmpAdminString 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies an existing flexible netflow monitor
        name used to collect and export the IPv4 traffic dropped
        packets statistics due to SGACL enforcement. The zero-length
        string indicates that no such netflow monitor is configured
        in the device." 
    ::= { ctspSgaclGlobals 2 } 

ctspSgaclIpv6DropNetflowMonitor OBJECT-TYPE
    SYNTAX        SnmpAdminString 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies an existing flexible netflow monitor
        name used to collect and export the IPv6 traffic dropped
        packets statistics due to SGACL enforcement. The zero-length
        string indicates that no such netflow monitor is configured
        in the device." 
    ::= { ctspSgaclGlobals 3 } 


ctspVlanConfigTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspVlanConfigEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lists the SGACL enforcement for Layer 2 and 
         Layer 3 switched packet in a VLAN as well as VRF information
         for VLANs in the device." 
    ::= { ctspSgaclGlobals 4 }

ctspVlanConfigEntry OBJECT-TYPE
    SYNTAX        CtspVlanConfigEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the SGACL enforcement information 
         for Layer 2 and Layer 3 switched packets in a VLAN 
         identified by its VlanIndex value. Entry in this
         table is populated for VLANs which contains SGACL
         enforcement or VRF configuration."
    INDEX { ctspVlanConfigIndex }
    ::= { ctspVlanConfigTable 1 }

CtspVlanConfigEntry ::= SEQUENCE {
    ctspVlanConfigIndex            VlanIndex,
    ctspVlanConfigSgaclEnforcement TruthValue,
    ctspVlanSviActive              TruthValue,
    ctspVlanConfigVrfName          CiscoVrfName,
    ctspVlanConfigStorageType      StorageType,
    ctspVlanConfigRowStatus        RowStatus 
}

ctspVlanConfigIndex OBJECT-TYPE
    SYNTAX          VlanIndex 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the VLAN-ID of this VLAN." 
    ::= { ctspVlanConfigEntry 1 }

ctspVlanConfigSgaclEnforcement OBJECT-TYPE
    SYNTAX          TruthValue 
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the configured SGACL enforcement
        status for this VLAN i.e., 'true' = enabled and 
        'false' = disabled." 
    ::= { ctspVlanConfigEntry 2 }

ctspVlanSviActive OBJECT-TYPE
    SYNTAX          TruthValue 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates if there is an active SVI
        associated with this VLAN.
        
        'true' indicates that there is an active SVI associated
        with this VLAN. and SGACL is enforced for both Layer 2 and 
        Layer 3 switched packets within that VLAN. 

        'false' indicates that there is no active SVI associated
        with this VLAN, and SGACL is only enforced for Layer 2 
        switched packets within that VLAN." 
    ::= { ctspVlanConfigEntry 3 }

ctspVlanConfigVrfName OBJECT-TYPE
    SYNTAX          CiscoVrfName 
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies an existing VRF where this VLAN 
         belongs to. The zero length value indicates this VLAN
         belongs to the default VRF."
    ::= { ctspVlanConfigEntry 4 }

ctspVlanConfigStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The objects specifies the storage type for this conceptual
        row."
    DEFVAL          { volatile }
    ::= { ctspVlanConfigEntry 5 }

ctspVlanConfigRowStatus OBJECT-TYPE
    SYNTAX          RowStatus 
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The status of this conceptual row entry. This object
        is used to manage creation and deletion of rows in this
        table. When this object value is 'active', other
        writable objects in the same row cannot be modified."
    ::= { ctspVlanConfigEntry 6 }

--
--  ctspSgaclMappings
--

ctspConfigSgaclMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspConfigSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the SGACLs information which is
         applied to unicast IP traffic which carries a source SGT
         and travels to a destination SGT."
    ::= { ctspSgaclMappings 1 }

ctspConfigSgaclMappingEntry OBJECT-TYPE
    SYNTAX        CtspConfigSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the SGACL mapping to source and destination
        SGT for a certain traffic type as well as status of this
        instance. A row instance can be created or removed by setting
        the appropriate value of its RowStatus object."
    INDEX { ctspConfigSgaclMappingIpTrafficType,
            ctspConfigSgaclMappingDestSgt,
            ctspConfigSgaclMappingSourceSgt }
    ::= { ctspConfigSgaclMappingTable 1 }

CtspConfigSgaclMappingEntry ::= SEQUENCE {
    ctspConfigSgaclMappingIpTrafficType  INTEGER,
    ctspConfigSgaclMappingDestSgt        CtsSecurityGroupTag, 
    ctspConfigSgaclMappingSourceSgt      CtsSecurityGroupTag, 
    ctspConfigSgaclMappingSgaclName      CtsAclList, 
    ctspConfigSgaclMappingStorageType    StorageType, 
    ctspConfigSgaclMappingRowStatus      RowStatus,
    ctspConfigSgaclMonitor               CtsSgaclMonitorMode
}

ctspConfigSgaclMappingIpTrafficType OBJECT-TYPE
    SYNTAX          INTEGER { ipv4(1), ipv6(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the unicast IP traffic
         carrying the source SGT and travelling to destination
         SGT and subjected to SGACL enforcement." 
    ::= { ctspConfigSgaclMappingEntry 1 }

ctspConfigSgaclMappingDestSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the destination SGT value. Value of
         zero indicates that the destination SGT is unknown." 
    ::= { ctspConfigSgaclMappingEntry 2 }

ctspConfigSgaclMappingSourceSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the source SGT value. Value of zero
        indicates that the source SGT is unknown."
    ::= { ctspConfigSgaclMappingEntry 3 }

ctspConfigSgaclMappingSgaclName OBJECT-TYPE
    SYNTAX          CtsAclList
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object specifies the list of existing SGACLs which is 
         administratively configured to apply to unicast IP traffic
         carrying the source SGT to the destination SGT." 
    ::= { ctspConfigSgaclMappingEntry 4 }

ctspConfigSgaclMappingStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile }
    ::= { ctspConfigSgaclMappingEntry 5 }

ctspConfigSgaclMappingRowStatus OBJECT-TYPE
    SYNTAX          RowStatus 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object is used to manage the creation and deletion
         of rows in this table. ctspConfigSgaclName may be modified
         at any time." 
    ::= { ctspConfigSgaclMappingEntry 6 }

ctspConfigSgaclMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This object specifies whether SGACL monitor mode is turned on 
         for the configured SGACL enforced traffic."   
    DEFVAL          { off }
    ::= { ctspConfigSgaclMappingEntry 7 }

ctspDefConfigIpv4Sgacls OBJECT-TYPE
    SYNTAX        CtsAclListOrEmpty 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies the SGACLs of the unicast default 
        policy for IPv4 traffic. If there is no SGACL configured
        for unicast default policy for IPv4 traffic, the value of
        this object is the zero-length string." 
    ::= { ctspSgaclMappings 2 } 

ctspDefConfigIpv6Sgacls OBJECT-TYPE
    SYNTAX        CtsAclListOrEmpty 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies the SGACLs of the unicast default 
        policy for IPv6 traffic. If there is no SGACL configured
        for unicast default policy for IPv6 traffic, the value of
        this object is the zero-length string." 
    ::= { ctspSgaclMappings 3 } 

--
--  The ctspDownloadedSgaclMappingTable
--

ctspDownloadedSgaclMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspDownloadedSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the downloaded SGACLs information
         applied to unicast IP traffic which carries a source SGT 
         and travels to a destination SGT."
    ::= { ctspSgaclMappings 4 }

ctspDownloadedSgaclMappingEntry OBJECT-TYPE
    SYNTAX        CtspDownloadedSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the downloaded SGACLs mapping.
         A row instance is added for each pair of <source SGT,
         destination SGT> which contains SGACL that 
         is dynamically downloaded from ACS server." 
    INDEX { ctspDownloadedSgaclDestSgt, 
            ctspDownloadedSgaclSourceSgt,
            ctspDownloadedSgaclIndex }
    ::= { ctspDownloadedSgaclMappingTable 1 }

CtspDownloadedSgaclMappingEntry ::= SEQUENCE {
    ctspDownloadedSgaclDestSgt   CtsSecurityGroupTag, 
    ctspDownloadedSgaclSourceSgt CtsSecurityGroupTag, 
    ctspDownloadedSgaclIndex     Unsigned32,
    ctspDownloadedSgaclName      CtsAclName,
    ctspDownloadedSgaclGenId     CtsGenerationId,
    ctspDownloadedIpTrafficType  BITS,
    ctspDownloadedSgaclMonitor   CtsSgaclMonitorMode 
}

ctspDownloadedSgaclDestSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the destination SGT value. Value of
         zero indicates that the destination SGT is unknown." 
    ::= { ctspDownloadedSgaclMappingEntry 1 }

ctspDownloadedSgaclSourceSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the source SGT value. Value of
         zero indicates that the source SGT is unknown." 
    ::= { ctspDownloadedSgaclMappingEntry 2 }

ctspDownloadedSgaclIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (1..65535) 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object identifies the downloaded SGACL which is 
         applied to unicast IP traffic carrying the source SGT 
         to the destination SGT."
    ::= { ctspDownloadedSgaclMappingEntry 3 }

ctspDownloadedSgaclName OBJECT-TYPE
    SYNTAX          CtsAclName
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the name of downloaded SGACL
         which is applied to unicast IP traffic carrying the source
         SGT to the destination SGT."
    ::= { ctspDownloadedSgaclMappingEntry 4 }

ctspDownloadedSgaclGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification of 
         downloaded SGACL which is applied to unicast IP traffic 
         carrying the source SGT to the destination SGT."
    ::= { ctspDownloadedSgaclMappingEntry 5 }

ctspDownloadedIpTrafficType OBJECT-TYPE
    SYNTAX          BITS { ipv4(0), ipv6(1) } 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the unicast IP traffic
         carrying the source SGT and travelling to destination
         SGT and subjected to SGACL enforcement by this downloaded
         default policy."
    ::= { ctspDownloadedSgaclMappingEntry 6 }

ctspDownloadedSgaclMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates whether SGACL monitor mode is turned on 
         for the downloaded SGACL enforced traffic."   
    ::= { ctspDownloadedSgaclMappingEntry 7 }


--
--  The ctspDefDownloadedSgaclMappingTable
--

ctspDefDownloadedSgaclMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspDefDownloadedSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the downloaded SGACLs information
         of the default policy applied to unicast IP traffic." 
    ::= { ctspSgaclMappings 5 }

ctspDefDownloadedSgaclMappingEntry OBJECT-TYPE
    SYNTAX        CtspDefDownloadedSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the downloaded SGACLs mapping.
         A row instance contains the SGACL information of the default
         policy dynamically downloaded from ACS server for unicast
         IP traffic." 
    INDEX { ctspDefDownloadedSgaclIndex }
    ::= { ctspDefDownloadedSgaclMappingTable 1 }

CtspDefDownloadedSgaclMappingEntry ::= SEQUENCE {
    ctspDefDownloadedSgaclIndex     Unsigned32,
    ctspDefDownloadedSgaclName      CtsAclName,
    ctspDefDownloadedSgaclGenId     CtsGenerationId,
    ctspDefDownloadedIpTrafficType  BITS,
    ctspDefDownloadedSgaclMonitor   CtsSgaclMonitorMode 
}

ctspDefDownloadedSgaclIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (1..65535) 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object identifies the SGACL of downloaded default 
         policy applied to unicast IP traffic."
    ::= { ctspDefDownloadedSgaclMappingEntry 1 }

ctspDefDownloadedSgaclName OBJECT-TYPE
    SYNTAX          CtsAclName
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the name of the SGACL of downloaded
        default policy applied to unicast IP traffic."
    ::= { ctspDefDownloadedSgaclMappingEntry 2 }

ctspDefDownloadedSgaclGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification 
        of the SGACL of downloaded default policy applied to
        unicast IP traffic." 
    ::= { ctspDefDownloadedSgaclMappingEntry 3 }

ctspDefDownloadedIpTrafficType OBJECT-TYPE
    SYNTAX          BITS { ipv4(0), ipv6(1) } 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the IP traffic
         subjected to SGACL enforcement by this downloaded 
         default policy."
    ::= { ctspDefDownloadedSgaclMappingEntry 4 }

ctspDefDownloadedSgaclMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates whether SGACL monitor mode is turned on 
         for the default downloaded SGACL enforced traffic."   
    ::= { ctspDefDownloadedSgaclMappingEntry 5 }

--
--  The ctspOperSgaclMappingTable
--

ctspOperSgaclMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspOperSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the operational SGACLs information
         applied to unicast IP traffic which carries a source SGT
         and travels to a destination SGT."
    ::= { ctspSgaclMappings 6 }

ctspOperSgaclMappingEntry OBJECT-TYPE
    SYNTAX        CtspOperSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the operational SGACLs mapping.
         A row instance is added for each pair of <source SGT,
         destination SGT> which contains the SGACL that 
         either statically configured at the device or dynamically
         downloaded from ACS server." 
    INDEX { ctspOperIpTrafficType,
            ctspOperSgaclDestSgt,
            ctspOperSgaclSourceSgt, 
            ctspOperSgaclIndex }
    ::= { ctspOperSgaclMappingTable 1 }

CtspOperSgaclMappingEntry ::= SEQUENCE {
    ctspOperIpTrafficType         INTEGER,
    ctspOperSgaclDestSgt          CtsSecurityGroupTag, 
    ctspOperSgaclSourceSgt        CtsSecurityGroupTag, 
    ctspOperSgaclIndex            Unsigned32,
    ctspOperationalSgaclName      CtsAclName,
    ctspOperationalSgaclGenId     CtsGenerationId,
    ctspOperSgaclMappingSource    INTEGER,
    ctspOperSgaclConfigSource     INTEGER,
    ctspOperSgaclMonitor          CtsSgaclMonitorMode 
}

ctspOperIpTrafficType OBJECT-TYPE
    SYNTAX          INTEGER { ipv4(1), ipv6(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the unicast IP traffic
         carrying the source SGT and travelling to destination
         SGT and subjected to SGACL enforcement." 
    ::= { ctspOperSgaclMappingEntry 1 }

ctspOperSgaclDestSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the destination SGT value. Value of
         zero indicates that the destination SGT is unknown." 
    ::= { ctspOperSgaclMappingEntry 2 }

ctspOperSgaclSourceSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the source SGT value. Value of
         zero indicates that the source SGT is unknown." 
    ::= { ctspOperSgaclMappingEntry 3 }

ctspOperSgaclIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (1..65535) 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object identifies the SGACL operationally
         applied to unicast IP traffic carrying the source SGT 
         to the destination SGT."
    ::= { ctspOperSgaclMappingEntry 4 }

ctspOperationalSgaclName OBJECT-TYPE
    SYNTAX          CtsAclName
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the name of the SGACL operationally
         applied to unicast IP traffic carrying the source SGT to the 
         destination SGT."
    ::= { ctspOperSgaclMappingEntry 5 }

ctspOperationalSgaclGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification 
        of the SGACL operationally applied to unicast IP traffic 
        carrying the source SGT to the destination SGT."
    ::= { ctspOperSgaclMappingEntry 6 }

ctspOperSgaclMappingSource OBJECT-TYPE
    SYNTAX          INTEGER { configured(1), downloaded(2) } 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the source of SGACL mapping
        for the SGACL operationally applied to unicast IP traffic 
        carrying the source SGT to the destination SGT.

        'downloaded' indicates that the mapping is downloaded
        from ACS server.

        'configured' indicates that the mapping is locally
        configured in the device."
    ::= { ctspOperSgaclMappingEntry 7 }

ctspOperSgaclConfigSource OBJECT-TYPE
    SYNTAX          INTEGER { configured(1), downloaded(2) } 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the source of SGACL creation 
        for this SGACL.

        'configured' indicates that the SGACL is locally
        configured in the local device.

        'downloaded' indicates that the SGACL is created at
        ACS server and downloaded to the local device."
    ::= { ctspOperSgaclMappingEntry 8 }

ctspOperSgaclMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates whether SGACL monitor mode is turned on 
        for the SGACL enforced traffic."   
    ::= { ctspOperSgaclMappingEntry 9 }

--
--  The ctspDefOperSgaclMappingTable
--

ctspDefOperSgaclMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspDefOperSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the operational SGACLs information
         of the default policy applied to unicast IP traffic." 
    ::= { ctspSgaclMappings 7 }

ctspDefOperSgaclMappingEntry OBJECT-TYPE
    SYNTAX        CtspDefOperSgaclMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
         "A row instance contains the SGACL information of the default
         policy which is either statically configured at the device 
         or dynamically downloaded from ACS server for unicast
         IP traffic." 
    INDEX { ctspDefOperIpTrafficType,
            ctspDefOperSgaclIndex }
    ::= { ctspDefOperSgaclMappingTable 1 }

CtspDefOperSgaclMappingEntry ::= SEQUENCE {
    ctspDefOperIpTrafficType         INTEGER,
    ctspDefOperSgaclIndex            Unsigned32,
    ctspDefOperationalSgaclName      CtsAclName,
    ctspDefOperationalSgaclGenId     CtsGenerationId,
    ctspDefOperSgaclMappingSource    INTEGER,
    ctspDefOperSgaclConfigSource     INTEGER, 
    ctspDefOperSgaclMonitor          CtsSgaclMonitorMode
}

ctspDefOperIpTrafficType OBJECT-TYPE
    SYNTAX          INTEGER { ipv4(1), ipv6(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the unicast IP
         traffic subjected to default policy enforcement." 
    ::= { ctspDefOperSgaclMappingEntry 1 }

ctspDefOperSgaclIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (1..65535) 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object identifies the SGACL of default policy
         operationally applied to unicast IP traffic."
    ::= { ctspDefOperSgaclMappingEntry 2 }

ctspDefOperationalSgaclName OBJECT-TYPE
    SYNTAX          CtsAclName
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the name of the SGACL of default 
        policy operationally applied to unicast IP traffic."
    ::= { ctspDefOperSgaclMappingEntry 3 }

ctspDefOperationalSgaclGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification 
        of the SGACL of default policy operationally 
        applied to unicast IP traffic." 
    ::= { ctspDefOperSgaclMappingEntry 4 }

ctspDefOperSgaclMappingSource OBJECT-TYPE
    SYNTAX          INTEGER { configured(1), downloaded(2) } 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the source of SGACL mapping
        for the SGACL of default policy operationally 
        applied to unicast IP traffic.  

        'downloaded' indicates that the mapping is downloaded
        from ACS server.

        'configured' indicates that the mapping is locally
        configured in the device."
    ::= { ctspDefOperSgaclMappingEntry 5 }

ctspDefOperSgaclConfigSource OBJECT-TYPE
    SYNTAX          INTEGER { configured(1), downloaded(2) } 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the source of SGACL creation 
        for the SGACL of default policy operationally 
        applied to unicast IP traffic.

        'downloaded' indicates that the SGACL is created at
        ACS server and downloaded to the local device.

        'configured' indicates that the SGACL is locally
        configured in the local device."
    ::= { ctspDefOperSgaclMappingEntry 6 }

ctspDefOperSgaclMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates whether SGACL monitor mode is turned on 
        for the SGACL of default policy enforced traffic."   
    ::= { ctspDefOperSgaclMappingEntry 7 }

--
--  ctspSgaclStatistics
--

ctspDefConfigIpv4SgaclsMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies whether SGACL monitor mode is turned on 
         for the default configured SGACL enforced Ipv4 traffic."   
    ::= { ctspSgaclMappings 8 } 

ctspDefConfigIpv6SgaclsMonitor OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies whether SGACL monitor mode is turned on 
         for the default configured SGACL enforced Ipv6 traffic."   
    ::= { ctspSgaclMappings 9 } 

ctspSgaclMonitorEnable OBJECT-TYPE
    SYNTAX        CtsSgaclMonitorMode
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies whether SGACL monitor mode is turned on 
        for the entire system. It has precedence than the per SGACL 
        ctspConfigSgaclMonitor control.  It could act as safety 
        mechanism to turn off monitor in case the monitor feature
        impact system performance."
    ::= { ctspSgaclMappings 10 } 

--
--  ctspSgaclStatistics
--

ctspSgtStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspSgtStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table describes SGACL statistics counters per
         a pair of <source SGT, destination SGT> that is
         capable of providing this information." 
    ::= { ctspSgaclStatistics 1 }

ctspSgtStatsEntry OBJECT-TYPE
    SYNTAX        CtspSgtStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the SGACL statistics related to 
         IPv4 or IPv6 packets carrying the source SGT travelling
         to the destination SGT and subjected to SGACL enforcement."
    INDEX { ctspStatsIpTrafficType, 
            ctspStatsDestSgt, 
            ctspStatsSourceSgt 
          }
    ::= { ctspSgtStatsTable 1 }

CtspSgtStatsEntry ::= SEQUENCE {
    ctspStatsIpTrafficType    INTEGER, 
    ctspStatsDestSgt          CtsSecurityGroupTag,
    ctspStatsSourceSgt        CtsSecurityGroupTag, 
    ctspStatsIpSwDropPkts     Counter64,
    ctspStatsIpHwDropPkts     Counter64,
    ctspStatsIpSwPermitPkts   Counter64,
    ctspStatsIpHwPermitPkts   Counter64,
    ctspStatsIpSwMonitorPkts  Counter64,
    ctspStatsIpHwMonitorPkts  Counter64
}

ctspStatsIpTrafficType OBJECT-TYPE
    SYNTAX          INTEGER { ipv4(1), ipv6(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the unicast IP traffic
         carrying the source SGT and travelling to destination
         SGT and subjected to SGACL enforcement." 
    ::= { ctspSgtStatsEntry 1 }

ctspStatsDestSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the destination SGT value. Value of
         zero indicates that the destination SGT is unknown." 
    ::= { ctspSgtStatsEntry 2 }

ctspStatsSourceSgt OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the source SGT value. Value of
         zero indicates that the source SGT is unknown." 
    ::= { ctspSgtStatsEntry 3 }

ctspStatsIpSwDropPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of software-forwarded
         IP packets which are dropped by SGACL." 
    ::= { ctspSgtStatsEntry 4 }

ctspStatsIpHwDropPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of hardware-forwarded
         IP packets which are dropped by SGACL." 
    ::= { ctspSgtStatsEntry 5 }

ctspStatsIpSwPermitPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of software-forwarded
         IP packets which are permitted by SGACL." 
    ::= { ctspSgtStatsEntry 6 }

ctspStatsIpHwPermitPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of hardware-forwarded
         IP packets which are permitted by SGACL." 
    ::= { ctspSgtStatsEntry 7 }

ctspStatsIpSwMonitorPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of software-forwarded
         IP packets which are SGACL enforced & monitored." 
    ::= { ctspSgtStatsEntry 8 }

ctspStatsIpHwMonitorPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of hardware-forwarded
         IP packets which are SGACL enforced & monitored." 
    ::= { ctspSgtStatsEntry 9 }

ctspDefStatsTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspDefStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table describes statistics counters for unicast
         IP traffic subjected to default unicast policy." 
    ::= { ctspSgaclStatistics 2 }

ctspDefStatsEntry OBJECT-TYPE
    SYNTAX        CtspDefStatsEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the statistics counter for each IP
         traffic type." 
    INDEX { ctspDefIpTrafficType }
    ::= { ctspDefStatsTable 1 }

CtspDefStatsEntry ::= SEQUENCE {
    ctspDefIpTrafficType    INTEGER, 
    ctspDefIpSwDropPkts     Counter64,
    ctspDefIpHwDropPkts     Counter64,
    ctspDefIpSwPermitPkts   Counter64,
    ctspDefIpHwPermitPkts   Counter64,
    ctspDefIpSwMonitorPkts  Counter64,
    ctspDefIpHwMonitorPkts  Counter64
}

ctspDefIpTrafficType OBJECT-TYPE
    SYNTAX          INTEGER { ipv4(1), ipv6(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the IP traffic
         subjected to default unicast policy enforcement." 
    ::= { ctspDefStatsEntry 1 }

ctspDefIpSwDropPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of software-forwarded
         IP packets which are dropped by default unicast policy." 
    ::= { ctspDefStatsEntry 2 }

ctspDefIpHwDropPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of hardware-forwarded
         IP packets which are dropped by default unicast policy." 
    ::= { ctspDefStatsEntry 3 }

ctspDefIpSwPermitPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of software-forwarded
         IP packets which are permitted by default unicast policy." 
    ::= { ctspDefStatsEntry 4 }

ctspDefIpHwPermitPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of hardware-forwarded
         IP packets which are permitted by default unicast policy." 
    ::= { ctspDefStatsEntry 5 }

ctspDefIpSwMonitorPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of software-forwarded
         IP packets which are monitored by default unicast policy." 
    ::= { ctspDefStatsEntry 6 }

ctspDefIpHwMonitorPkts OBJECT-TYPE
    SYNTAX          Counter64 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of hardware-forwarded
         IP packets which are monitored by default unicast policy." 
    ::= { ctspDefStatsEntry 7 }

--
--  ctsPeerPolicy group
--

ctspAllPeerPolicyAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(1),
                        refresh(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to specify the action to be taken 
        with respect to all peer policies in the device.

        When read, this object always returns the value 'none'.
    
        'none'    - No operation.
        'refresh' - Refresh all peer policies in the device."
    ::= { ctspPeerPolicy 1 }

ctspPeerPolicyTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspPeerPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lists the peer policy information for each peer
         device." 
    ::= { ctspPeerPolicy 2 }

ctspPeerPolicyEntry OBJECT-TYPE
    SYNTAX        CtspPeerPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the managed objects for peer policies
         for each peer device based on its name."
    INDEX { IMPLIED ctspPeerName }
    ::= { ctspPeerPolicyTable 1 }

CtspPeerPolicyEntry ::= SEQUENCE {
    ctspPeerName                  SnmpAdminString,
    ctspPeerSgt                   CtsSecurityGroupTag,
    ctspPeerSgtGenId              CtsGenerationId,
    ctspPeerTrustState            INTEGER,
    ctspPeerPolicyLifeTime        Unsigned32,
    ctspPeerPolicyLastUpdate      DateAndTime,
    ctspPeerPolicyAction          INTEGER
}

ctspPeerName        OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE(1..128)) 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object uniquely identifies a peer device." 
    ::= { ctspPeerPolicyEntry 1 }

ctspPeerSgt         OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the SGT value of this peer device." 
    ::= { ctspPeerPolicyEntry 2 }

ctspPeerSgtGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification of 
         the SGT value assigned to this peer device." 
    ::= { ctspPeerPolicyEntry 3 }

ctspPeerTrustState  OBJECT-TYPE
    SYNTAX          INTEGER { trusted(1), noTrust(2) } 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the TrustSec trust state of this
         peer device.

         'trusted' indicates that this is a trusted peer device.
     
         'noTrust' indicates that this peer device is not trusted." 
    ::= { ctspPeerPolicyEntry 4 }

ctspPeerPolicyLifeTime OBJECT-TYPE
    SYNTAX          Unsigned32 
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the policy life time which
         provides the time interval during which the peer
         policy is valid."
    ::= { ctspPeerPolicyEntry 5 }

ctspPeerPolicyLastUpdate OBJECT-TYPE
    SYNTAX          DateAndTime 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the time when this peer policy
         is last updated." 
    ::= { ctspPeerPolicyEntry 6 }

ctspPeerPolicyAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(1),
                        refresh(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to specify the action to be taken 
        with this peer policy.

        When read, this object always returns the value 'none'.
    
        'none'    - No operation.
        'refresh' - Refresh this peer policy."
    ::= { ctspPeerPolicyEntry 7 }

--
--  ctspLayer3Transport
--

ctspLayer3PolicyTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspLayer3PolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table describes Layer 3 transport policy for 
        IP traffic regarding SGT propagation." 
    ::= { ctspLayer3Transport 1 }

ctspLayer3PolicyEntry OBJECT-TYPE
    SYNTAX        CtspLayer3PolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the Layer 3 transport policies per 
         IP traffic type per policy type." 
    INDEX { ctspLayer3PolicyIpTrafficType, ctspLayer3PolicyType }
    ::= { ctspLayer3PolicyTable 1 }

CtspLayer3PolicyEntry ::= SEQUENCE {
    ctspLayer3PolicyIpTrafficType INTEGER, 
    ctspLayer3PolicyType          INTEGER,
    ctspLayer3PolicyLocalConfig   CtsAclNameOrEmpty, 
    ctspLayer3PolicyDownloaded    CtsAclNameOrEmpty, 
    ctspLayer3PolicyOperational   CtsAclNameOrEmpty
}

ctspLayer3PolicyIpTrafficType OBJECT-TYPE
    SYNTAX          INTEGER { ipv4(1), ipv6(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the IP traffic
         affected by Layer-3 transport policy.

         'ipv4' indicates that the affected traffic is IPv4
         traffic.

         'ipv6' indicates that the affected traffic is IPv6
         traffic." 
    ::= { ctspLayer3PolicyEntry 1 }

ctspLayer3PolicyType OBJECT-TYPE
    SYNTAX          INTEGER { permit(1), exception(2) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of the Layer-3 
        transport policy affecting IP traffic regarding 
        SGT propagation.

        'permit' indicates that the transport policy is used 
        to classify Layer-3 traffic which is subject to
        SGT propagation.

        'exception' indicates that the transport policy is used 
        to classify Layer-3 traffic which is NOT subject to
        SGT propagation." 
    ::= { ctspLayer3PolicyEntry 2 }

ctspLayer3PolicyLocalConfig OBJECT-TYPE
    SYNTAX          CtsAclNameOrEmpty
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the name of an ACL that is  
         administratively configured to classify Layer3 
         traffic. Zero-length string indicates there is no 
         such configured policy." 
    ::= { ctspLayer3PolicyEntry 3 }

ctspLayer3PolicyDownloaded OBJECT-TYPE
    SYNTAX          CtsAclNameOrEmpty
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object specifies the name of an ACL that is  
         downloaded from policy server to classify Layer3 
         traffic. Zero-length string indicates there is no 
         such downloaded policy." 
    ::= { ctspLayer3PolicyEntry 4 }

ctspLayer3PolicyOperational OBJECT-TYPE
    SYNTAX          CtsAclNameOrEmpty
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object specifies the name of an operational ACL 
         currently used to classify Layer3 traffic. Zero-length
         string indicates there is no such policy in effect." 
    ::= { ctspLayer3PolicyEntry 5 }


ctspIfL3PolicyConfigTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CtspIfL3PolicyConfigEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This table lists the interfaces which support Layer3
        Transport policy."
    ::= { ctspLayer3Transport 2 }

ctspIfL3PolicyConfigEntry OBJECT-TYPE
    SYNTAX          CtspIfL3PolicyConfigEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Each row contains managed objects for Layer3 Transport 
         on interface capable of providing this information."
    INDEX           { ifIndex }
    ::= { ctspIfL3PolicyConfigTable 1 }

CtspIfL3PolicyConfigEntry ::= SEQUENCE {
        ctspIfL3Ipv4PolicyEnabled           TruthValue,
        ctspIfL3Ipv6PolicyEnabled           TruthValue
}

ctspIfL3Ipv4PolicyEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the Layer3 Transport
        policies will be applied on this interface for egress 
        IPv4 traffic.

        'true' indicates that Layer3 permit and exception policy
        will be applied at this interface for egress IPv4 traffic. 

        'false' indicates that Layer3 permit and exception policy
        will not be applied at this interface for egress IPv4
        traffic." 
    ::= { ctspIfL3PolicyConfigEntry 1 }

ctspIfL3Ipv6PolicyEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the Layer3 Transport
        policies will be applied on this interface for egress 
        IPv6 traffic.

        'true' indicates that Layer3 permit and exception policy
        will be applied at this interface for egress IPv6 traffic. 

        'false' indicates that Layer3 permit and exception policy
        will not be applied at this interface for egress IPv6
        traffic." 
    ::= { ctspIfL3PolicyConfigEntry 2 }

--
-- ctspIpSgtMappingTable
--

ctspIpSgtMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspIpSgtMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the IP-to-SGT mapping information
         in the device."  
    ::= { ctspIpSgtMappings 1 }

ctspIpSgtMappingEntry OBJECT-TYPE
    SYNTAX        CtspIpSgtMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the IP-to-SGT mapping and status of
         this instance. Entry in this table is either populated 
         automatically by the device or manually configured by
         a user. A manually configured row instance can be created
         or removed by setting the appropriate value of its 
         RowStatus object."
    INDEX { ctspIpSgtVrfName, 
            ctspIpSgtAddressType, 
            ctspIpSgtIpAddress, 
            ctspIpSgtAddressLength }
    ::= { ctspIpSgtMappingTable 1 }

CtspIpSgtMappingEntry ::= SEQUENCE {
    ctspIpSgtVrfName          CiscoVrfName, 
    ctspIpSgtAddressType      InetAddressType, 
    ctspIpSgtIpAddress        InetAddress, 
    ctspIpSgtAddressLength    InetAddressPrefixLength, 
    ctspIpSgtValue            CtsSecurityGroupTag,
    ctspIpSgtSource           INTEGER,
    ctspIpSgtStorageType      StorageType,
    ctspIpSgtRowStatus        RowStatus
}

ctspIpSgtVrfName OBJECT-TYPE
    SYNTAX          CiscoVrfName 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the VRF where IP-SGT mapping 
        belongs to. The zero length value indicates the default
        VRF." 
    ::= { ctspIpSgtMappingEntry 1 }

ctspIpSgtAddressType OBJECT-TYPE
    SYNTAX          InetAddressType 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of Internet address." 
    ::= { ctspIpSgtMappingEntry 2 }

ctspIpSgtIpAddress OBJECT-TYPE
    SYNTAX          InetAddress 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates an Internet address. The type
         of this address is determined by the value of
         ctspIpSgtAddressType object." 
    ::= { ctspIpSgtMappingEntry 3 }

ctspIpSgtAddressLength OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the length of an Internet address
         prefix." 
    ::= { ctspIpSgtMappingEntry 4 }

ctspIpSgtValue OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object specifies the SGT value assigned to 
         an Internet address." 
    ::= { ctspIpSgtMappingEntry 5 }

ctspIpSgtSource OBJECT-TYPE
    SYNTAX          INTEGER {
                        configured(1),
                        arp(2),
                        localAuthenticated(3),
                        sxp(4),
                        internal(5),
                        l3if(6),
                        vlan(7),
                        caching(8)
                    } 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object indicates the source of the mapping. 

        'configured' indicates that the mapping is manually 
        configured by user.

        'arp' indicates that the mapping is dynamically learnt
        from tagged ARP replies.

        'localAuthenticated' indicates that the mapping is 
        dynamically learnt from the device authentication of
        a host.

        'sxp' indicates that the mapping is dynamically learnt
        from SXP (SGT Propagation Protocol).

        'internal' indicates that the mapping is automatically 
        created by the device between the device IP addresses
        and the device own SGT. 

        'l3if' indicates that Interface-SGT mapping is configured
        by user.

        'vlan' indicates that Vlan-SGT mapping is configured by user.

        'cached' indicates that sgt mapping is cached.

        Only 'configured' value is accepted when setting this
        object."
    ::= { ctspIpSgtMappingEntry 6 }

ctspIpSgtStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile }
    ::= { ctspIpSgtMappingEntry 7 }

ctspIpSgtRowStatus OBJECT-TYPE
    SYNTAX          RowStatus 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object is used to manage the creation and deletion
         of rows in this table. If this object value is 'active',
         user cannot modify any writable object in this row.

         If value of ctspIpSgtSource object in an entry is not 
         'configured', user cannot change the value of this object." 
    ::= { ctspIpSgtMappingEntry 8 }


--
--  ctsSgtPolicy group
--

ctspAllSgtPolicyAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(1),
                        refresh(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to specify the action to be taken 
        with respect to all SGT policies in the device.

        When read, this object always returns the value 'none'.
    
        'none'    - No operation.
        'refresh' - Refresh all SGT policies in the device."
    ::= { ctspSgtPolicy 1 }

ctspDownloadedSgtPolicyTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspDownloadedSgtPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lists the SGT policy information downloaded 
         by the device." 
    ::= { ctspSgtPolicy 2 }

ctspDownloadedSgtPolicyEntry OBJECT-TYPE
    SYNTAX        CtspDownloadedSgtPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the managed objects for SGT policies
         downloaded by the device."
    INDEX { ctspDownloadedSgtPolicySgt }
    ::= { ctspDownloadedSgtPolicyTable 1 }

CtspDownloadedSgtPolicyEntry ::= SEQUENCE {
    ctspDownloadedSgtPolicySgt             CtsSecurityGroupTag, 
    ctspDownloadedSgtPolicySgtGenId        CtsGenerationId,
    ctspDownloadedSgtPolicyLifeTime        Unsigned32,
    ctspDownloadedSgtPolicyLastUpdate      DateAndTime,
    ctspDownloadedSgtPolicyAction          INTEGER
}

ctspDownloadedSgtPolicySgt    OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the SGT value for which
        the downloaded policy is applied to. Value of
        zero indicates that the SGT is unknown." 
    ::= { ctspDownloadedSgtPolicyEntry 1 }

ctspDownloadedSgtPolicySgtGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification of 
         the SGT value denoted by ctspDownloadedSgtPolicySgt object." 
    ::= { ctspDownloadedSgtPolicyEntry 2 }

ctspDownloadedSgtPolicyLifeTime OBJECT-TYPE
    SYNTAX          Unsigned32 
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the policy life time which
         provides the time interval during which this downloaded
         policy is valid."
    ::= { ctspDownloadedSgtPolicyEntry 3 }

ctspDownloadedSgtPolicyLastUpdate OBJECT-TYPE
    SYNTAX          DateAndTime 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the time when this downloaded 
         SGT policy is last updated." 
    ::= { ctspDownloadedSgtPolicyEntry 4 }

ctspDownloadedSgtPolicyAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(1),
                        refresh(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to specify the action to be taken 
        with this downloaded SGT policy.

        When read, this object always returns the value 'none'.
    
        'none'    - No operation.
        'refresh' - Refresh this SGT policy."
    ::= { ctspDownloadedSgtPolicyEntry 5 }

--
--  ctspDownloadedDefSgtPolicyTable
--

ctspDownloadedDefSgtPolicyTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspDownloadedDefSgtPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lists the default SGT policy information 
         downloaded by the device." 
    ::= { ctspSgtPolicy 3 }

ctspDownloadedDefSgtPolicyEntry OBJECT-TYPE
    SYNTAX        CtspDownloadedDefSgtPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the managed objects for default SGT 
         policies downloaded by the device."
    INDEX { ctspDownloadedDefSgtPolicyType }
    ::= { ctspDownloadedDefSgtPolicyTable 1 }

CtspDownloadedDefSgtPolicyEntry ::= SEQUENCE {
    ctspDownloadedDefSgtPolicyType            INTEGER, 
    ctspDownloadedDefSgtPolicySgtGenId        CtsGenerationId,
    ctspDownloadedDefSgtPolicyLifeTime        Unsigned32,
    ctspDownloadedDefSgtPolicyLastUpdate      DateAndTime,
    ctspDownloadedDefSgtPolicyAction          INTEGER
}

ctspDownloadedDefSgtPolicyType    OBJECT-TYPE
    SYNTAX          INTEGER { unicastDefault(1) } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the downloaded default SGT
        policy type.
        
        'unicastDefault' indicates the SGT policy applied to 
        traffic which carries the default unicast SGT." 
    ::= { ctspDownloadedDefSgtPolicyEntry 1 }

ctspDownloadedDefSgtPolicySgtGenId OBJECT-TYPE
    SYNTAX          CtsGenerationId
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the generation identification of
         the downloaded default SGT policy."
    ::= { ctspDownloadedDefSgtPolicyEntry 2 }

ctspDownloadedDefSgtPolicyLifeTime OBJECT-TYPE
    SYNTAX          Unsigned32 
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the policy life time which
         provides the time interval during which this
         download default policy is valid."
    ::= { ctspDownloadedDefSgtPolicyEntry 3 }

ctspDownloadedDefSgtPolicyLastUpdate OBJECT-TYPE
    SYNTAX          DateAndTime 
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the time when this downloaded
         SGT policy is last updated." 
    ::= { ctspDownloadedDefSgtPolicyEntry 4 }

ctspDownloadedDefSgtPolicyAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(1),
                        refresh(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object allows user to specify the action to be taken 
        with this default downloaded SGT policy.

        When read, this object always returns the value 'none'.
    
        'none'    - No operation.
        'refresh' - Refresh this default SGT policy."
    ::= { ctspDownloadedDefSgtPolicyEntry 5 }

--
-- ctspIfSgtMappingTable
--

ctspIfSgtMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspIfSgtMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the Interface-to-SGT mapping configuration 
         information in the device."  
    ::= { ctspIfSgtMappings 1 }

ctspIfSgtMappingEntry OBJECT-TYPE
    SYNTAX        CtspIfSgtMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the SGT mapping configuration of a particular
         interface.  

         A row instance can be created or removed by setting 
         ctspIfSgtRowStatus."
    INDEX { ifIndex }  
    ::= { ctspIfSgtMappingTable 1 }

CtspIfSgtMappingEntry ::= SEQUENCE {
    ctspIfSgtValue            CtsSecurityGroupTag,
    ctspIfSgName              SnmpAdminString,
    ctspIfSgtStorageType      StorageType,
    ctspIfSgtRowStatus        RowStatus
}

ctspIfSgtValue OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object specifies the SGT value assigned to the interface."
    ::= { ctspIfSgtMappingEntry 1 }

ctspIfSgName OBJECT-TYPE
    SYNTAX          SnmpAdminString 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object specifies the Security Group Name assigned to 
         the interface." 
    ::= { ctspIfSgtMappingEntry 2 }

ctspIfSgtStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile }
    ::= { ctspIfSgtMappingEntry 3 }

ctspIfSgtRowStatus OBJECT-TYPE
    SYNTAX          RowStatus 
    MAX-ACCESS      read-create 
    STATUS          current
    DESCRIPTION
        "This object is used to manage the creation and deletion
         of rows in this table." 
    ::= { ctspIfSgtMappingEntry 4 }

--
-- ctspIfSgtMappingInfoTable
--
ctspIfSgtMappingInfoTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspIfSgtMappingInfoEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the Interface-to-SGT mapping status 
         information in the device."  
    ::= { ctspIfSgtMappings 2 }

ctspIfSgtMappingInfoEntry OBJECT-TYPE
    SYNTAX        CtspIfSgtMappingInfoEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Containing the Interface-to-SGT mapping status of the
        specified interface."
    INDEX { ifIndex }  
    ::= { ctspIfSgtMappingInfoTable 1 }

CtspIfSgtMappingInfoEntry ::= SEQUENCE {
    ctspL3IPMStatus       INTEGER
}

ctspL3IPMStatus OBJECT-TYPE
    SYNTAX          INTEGER {
                        disabled(1),
                        active(2),
                        inactive(3)
                      }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the Layer 3 Identity Port Mapping(IPM) 
         operational mode.

        disabled    - The L3 IPM is not configured. 
        active      - The L3 IPM is configured for this interface, and
                      SGT is available.
        inactive    - The L3 IPM is configured for this interface, and
                      SGT is unavailable." 
    ::= { ctspIfSgtMappingInfoEntry 1 }

--
-- ctspVlanSgtMappingTable
--

ctspVlanSgtMappingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CtspVlanSgtMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table contains the Vlan-SGT mapping information
         in the device."  
    ::= { ctspVlanSgtMappings 1 }

ctspVlanSgtMappingEntry OBJECT-TYPE
    SYNTAX        CtspVlanSgtMappingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the SGT mapping configuration of a particular
         VLAN.  

         A row instance can be created or removed by setting 
         ctspVlanSgtRowStatus."
    INDEX { ctspVlanSgtMappingIndex }
    ::= { ctspVlanSgtMappingTable 1 }

CtspVlanSgtMappingEntry ::= SEQUENCE {
    ctspVlanSgtMappingIndex     VlanIndex,
    ctspVlanSgtMapValue         CtsSecurityGroupTag,
    ctspVlanSgtStorageType      StorageType,
    ctspVlanSgtRowStatus        RowStatus
}

ctspVlanSgtMappingIndex OBJECT-TYPE
    SYNTAX          VlanIndex
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This object specifies the VLAN-ID which is used as index."
    ::= { ctspVlanSgtMappingEntry 1 }

ctspVlanSgtMapValue OBJECT-TYPE
    SYNTAX          CtsSecurityGroupTag
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object specifies the SGT value assigned to the vlan."
    ::= { ctspVlanSgtMappingEntry 2 }

ctspVlanSgtStorageType OBJECT-TYPE
    SYNTAX          StorageType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The storage type for this conceptual row."
    DEFVAL          { volatile }
    ::= { ctspVlanSgtMappingEntry 3 }

ctspVlanSgtRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is used to manage the creation and deletion
         of rows in this table."
    ::= { ctspVlanSgtMappingEntry 4 }

--
--  ctsSgtCaching group
--

ctspSgtCachingMode OBJECT-TYPE
    SYNTAX        INTEGER {
                      none(1),
                      standAlone(2),
                      withEnforcement(3),
                      vlan(4) 
                  } 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies which SGT-caching mode is configured
         for  SGT caching capable interfaces at the managed system. 

         'none' indicates that sgt-caching for all Layer 3
         interfaces (excluding SVIs) is disabled.
         
         'standAlone' indicates that SGT-caching is enabled on
         every TrustSec capable Layer3 interface (excluding SVIs)
         in the device.
         
         'withEnforcement' indicates that SGT-caching is enabled on
         interfaces that have RBAC enforcement enabled.
         
         'vlan' indicates that SGT-caching is enabled on
         the VLANs specified by ctspSgtCachingVlansfFirst2K &
         ctspSgtCachingVlansSecond2K"
    ::= { ctspSgtCaching 1 } 

ctspSgtCachingVlansFirst2K OBJECT-TYPE
    SYNTAX          Cisco2KVlanList
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "A string of octets containing one bit per VLAN for VLANs 0 to
        2047.  

        If the bit corresponding to a VLAN is set to 1, it indicates 
        SGT-caching is enabled on the VLAN.

        If the bit corresponding to a VLAN is set to 0, it indicates
        SGT-caching is disabled on the VLAN."
    ::= { ctspSgtCaching 2 } 

ctspSgtCachingVlansSecond2K OBJECT-TYPE
    SYNTAX          Cisco2KVlanList
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "A string of octets containing one bit per VLAN for VLANs 2048
        to 4095.

        If the bit corresponding to a VLAN is set to 1, it indicates 
        SGT-caching is enabled on the VLAN.

        If the bit corresponding to a VLAN is set to 0, it indicates
        SGT-caching is disabled on the VLAN."
    ::= { ctspSgtCaching 3 } 


-- Notifications Control
ctspPeerPolicyUpdatedNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the system generates 
        ctspPeerPolicyUpdatedNotif. 

        A value of 'false' will prevent
        ctspPeerPolicyUpdatedNotif notifications 
        from being generated by this system." 

    ::= { ctspNotifsControl 1 }

ctspAuthorizationSgaclFailNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current 
    DESCRIPTION
        "This object specifies whether this system generates the 
        ctspAuthorizationSgaclFailNotif.
    
        A value of 'false' will prevent  
        ctspAuthorizationSgaclFailNotif notifications 
        from being generated by this system."
    ::= { ctspNotifsControl 2 }

-- Notifications Only Info

ctspOldPeerSgt OBJECT-TYPE
    SYNTAX         CtsSecurityGroupTag 
    MAX-ACCESS     accessible-for-notify
    STATUS         current
    DESCRIPTION
        "This object provides the old sgt value for  
        ctspPeerPolicyUpdatedNotif, i.e., the  
        sgt value before the policy is updated."
    ::= { ctspNotifsOnlyInfo 1 }


ctspAuthorizationSgaclFailReason OBJECT-TYPE
    SYNTAX      INTEGER {
                    downloadACE(1),
                    downloadSrc(2),
                    downloadDst(3),
                    installPolicy(4),
                    installPolicyStandby(5),
                    installForIP(6),
                    uninstall(7)
                }         
    MAX-ACCESS     accessible-for-notify
    STATUS         current
    DESCRIPTION
        "This object indicates the reason of failure during SGACL 
        acquisitions, installations and uninstallations, which is 
        associated with ctspAuthorizationSgaclFailNotif;
 
        'downloadACE' 
          - Failure during downloading ACE in SGACL acquisition. 
        'downloadSrc' 
          - Failure during downloading source list in SGACL acquisition.
        'downloadDst' 
          - Failure during downloading destination list in 
            SGACL acquisition.
        'installPolicy' 
          - Failure during SGACL policy installation
        'installPolicyStandby' 
          - Failure during SGACL policy installation on standby
        'installForIP' 
          - Failure during SGACL installation for specific IP type.
        'uninstall' -  Failure during SGACL uninstallation."
    ::= { ctspNotifsOnlyInfo 2 }

ctspAuthorizationSgaclFailInfo OBJECT-TYPE
    SYNTAX         SnmpAdminString
    MAX-ACCESS     accessible-for-notify
    STATUS         current
    DESCRIPTION
        "This object provides additional information about 
        authorization SGACL failure, which is associated with 
        ctspAuthorizationSgaclFailNotif."
    ::= { ctspNotifsOnlyInfo 3 }

-- Notifications

ctspPeerPolicyUpdatedNotif NOTIFICATION-TYPE
    OBJECTS         {
                        ctspOldPeerSgt,
                        ctspPeerSgt
                    }
    STATUS          current
    DESCRIPTION
        "A ctspPeerPolicyUpdatedNotif is generated when 
        the SGT value of a peer device has been updated."
   ::= { ciscoTrustSecPolicyMIBNotifs 1 }

ctspAuthorizationSgaclFailNotif NOTIFICATION-TYPE
    OBJECTS         {
                        ctspAuthorizationSgaclFailReason,
                        ctspAuthorizationSgaclFailInfo
                    }
    STATUS          current
    DESCRIPTION
        "A ctspAuthorizationSgaclFailNotif is generated 
        when the authorization of SGACL fails."
   ::= { ciscoTrustSecPolicyMIBNotifs 2 }

--
-- Conformance
--

ciscoTrustSecPolicyMIBCompliances
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBConformance 1 }

ciscoTrustSecPolicyMIBGroups
    OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBConformance 2 }

ciscoTrustSecPolicyMIBCompliance MODULE-COMPLIANCE
    STATUS  deprecated
    DESCRIPTION
        "The compliance statement for the CISCO-TRUSTSEC-POLICY-MIB"
    MODULE
    MANDATORY-GROUPS { 
         ctspGlobalSgaclEnforcementGroup,
         ctspOperSgaclMappingGroup,
         ctspDownloadedSgaclMappingGroup,
         ctspIpSwStatisticsGroup,
         ctspDefSwStatisticsGroup
    }

    GROUP ctspVlanConfigGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGACL enforcement for VLAN." 

    GROUP ctspConfigSgaclMappingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         statically configured SGACLs in the device." 

    GROUP ctspIpHwStatisticsGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         hardware statistics counters for unicast IP traffic 
         subjected to SGACL enforcement." 

    GROUP ctspDefHwStatisticsGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         hardware statistics counters for unicast IP traffic 
         subjected to default unicast policy enforcement." 

    GROUP ctspSgaclIpv4DropNetflowMonitorGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         netflow monitor for IPv4 traffic drop packet due to SGACL
         enforcement information in the device." 

    GROUP ctspSgaclIpv6DropNetflowMonitorGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         netflow monitor for IPv6 traffic drop packet due to SGACL
         enforcement information in the device." 

    GROUP ctspPeerPolicyGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         peer policies information in the device." 

    GROUP ctspPeerPolicyActionGroup
    DESCRIPTION
        "This group is mandatory only for platforms which support
         refresh of all peer policies information in the device."

    GROUP ctspLayer3TransportGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGT propagation along Layer 3 traffic to network that is
         not capable of TrustSec feature." 

    GROUP ctspIpSgtMappingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         IP-to-SGT mapping information."

    GROUP ctspIfL3PolicyConfigGroup
    DESCRIPTION
        "This group is mandatory only for platforms which support
         Layer3 Transport policy enforcement on capable interface." 

    GROUP ctspSgtPolicyGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGT policies information in the device." 

    OBJECT          ctspVlanConfigSgaclEnforcement
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT          ctspVlanConfigVrfName
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspVlanConfigStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspVlanConfigRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT      ctspConfigSgaclMappingStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspConfigSgaclMappingRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT       ctspSgaclEnforcementEnable  
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgaclIpv4DropNetflowMonitor   
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgaclIpv6DropNetflowMonitor 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspConfigSgaclMappingSgaclName 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDefConfigIpv4Sgacls 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDefConfigIpv6Sgacls 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspLayer3PolicyLocalConfig
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT      ctspIpSgtStorageType
    MIN-ACCESS  read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspIpSgtRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT       ctspIpSgtValue
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIpSgtSource
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIfL3Ipv4PolicyEnabled
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIfL3Ipv6PolicyEnabled 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspAllPeerPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspPeerPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspAllSgtPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDownloadedSgtPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDownloadedDefSgtPolicyAction
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."
    ::= { ciscoTrustSecPolicyMIBCompliances 1 }

ciscoTrustSecPolicyMIBComplianceRev2 MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for the CISCO-TRUSTSEC-POLICY-MIB"
    MODULE
    MANDATORY-GROUPS { 
         ctspGlobalSgaclEnforcementGroup,
         ctspOperSgaclMappingGroup,
         ctspDownloadedSgaclMappingGroup,
         ctspIpSwStatisticsGroup,
         ctspDefSwStatisticsGroup
    }

    GROUP ctspVlanConfigGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGACL enforcement for VLAN." 

    GROUP ctspConfigSgaclMappingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         statically configured SGACLs in the device." 

    GROUP ctspIpHwStatisticsGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         hardware statistics counters for unicast IP traffic 
         subjected to SGACL enforcement." 

    GROUP ctspDefHwStatisticsGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         hardware statistics counters for unicast IP traffic 
         subjected to default unicast policy enforcement." 

    GROUP ctspSgaclIpv4DropNetflowMonitorGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         netflow monitor for IPv4 traffic drop packet due to SGACL
         enforcement information in the device." 

    GROUP ctspSgaclIpv6DropNetflowMonitorGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         netflow monitor for IPv6 traffic drop packet due to SGACL
         enforcement information in the device." 

    GROUP ctspPeerPolicyGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         peer policies information in the device." 

    GROUP ctspPeerPolicyActionGroup
    DESCRIPTION
        "This group is mandatory only for platforms which support
         refresh of all peer policies information in the device."

    GROUP ctspLayer3TransportGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGT propagation along Layer 3 traffic to network that is
         not capable of TrustSec feature." 

    GROUP ctspIpSgtMappingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         IP-to-SGT mapping information."

    GROUP ctspIfL3PolicyConfigGroup
    DESCRIPTION
        "This group is mandatory only for platforms which support
         Layer3 Transport policy enforcement on capable interface." 

    GROUP ctspSgtPolicyGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGT policies information in the device." 

    GROUP ctspIfSgtMappingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         Interface-to-SGT mapping information."

    GROUP ctspVlanSgtMappingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         Vlan-to-SGT mapping information."

    GROUP ctspSgtCachingGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGT-Caching feature."

    GROUP ctspSgaclMonitorGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGACL monitor feature."

    GROUP ctspSgaclMonitorStatisticGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         SGACL monitor statistic."

    GROUP ctspNotifCtrlGroup
    DESCRIPTION
        "This group is mandatory only for platforms which support 
        cisco TrustSec policy notifications."

    GROUP ctspNotifGroup    
    DESCRIPTION
        "This group is mandatory only for platforms which support 
        cisco TrustSec policy notifications."

    GROUP  ctspNotifInfoGroup
    DESCRIPTION
        "This group is mandatory only for platforms which support 
        cisco TrustSec policy notifications."

   
    OBJECT          ctspVlanConfigSgaclEnforcement
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT          ctspVlanConfigVrfName
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspVlanConfigStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspVlanConfigRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT      ctspConfigSgaclMappingStorageType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspConfigSgaclMappingRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT       ctspSgaclEnforcementEnable  
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgaclIpv4DropNetflowMonitor   
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgaclIpv6DropNetflowMonitor 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspConfigSgaclMappingSgaclName 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDefConfigIpv4Sgacls 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDefConfigIpv6Sgacls 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspLayer3PolicyLocalConfig
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT      ctspIpSgtStorageType
    MIN-ACCESS  read-only
    DESCRIPTION
        "Support for read-create access is not required."

    OBJECT      ctspIpSgtRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT       ctspIpSgtValue
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIpSgtSource
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIfL3Ipv4PolicyEnabled
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIfL3Ipv6PolicyEnabled 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspAllPeerPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspPeerPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspAllSgtPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDownloadedSgtPolicyAction 
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDownloadedDefSgtPolicyAction
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDefConfigIpv4SgaclsMonitor   
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspDefConfigIpv6SgaclsMonitor   
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgaclMonitorEnable   
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIfSgtValue
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspIfSgName
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT      ctspIfSgtStorageType
    MIN-ACCESS  read-only
    DESCRIPTION
        "Read-create access is not required."

    OBJECT      ctspIfSgtRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Read-create access is not required."

    OBJECT       ctspVlanSgtMapValue
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT      ctspVlanSgtStorageType
    MIN-ACCESS  read-only
    DESCRIPTION
        "Read-create access is not required."

    OBJECT      ctspVlanSgtRowStatus 
    SYNTAX          INTEGER { active(1) }
    WRITE-SYNTAX    INTEGER { createAndGo(4), destroy(6) }
    MIN-ACCESS      read-only
    DESCRIPTION
        "Read-create access is not required."

    OBJECT       ctspConfigSgaclMonitor
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgtCachingMode  
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgtCachingVlansFirst2K
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspSgtCachingVlansSecond2K
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspPeerPolicyUpdatedNotifEnable
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT       ctspAuthorizationSgaclFailNotifEnable
    MIN-ACCESS   read-only
    DESCRIPTION
        "Write access is not required."


    ::= { ciscoTrustSecPolicyMIBCompliances 2 }

--
-- Units of Conformance
--

ctspGlobalSgaclEnforcementGroup OBJECT-GROUP
    OBJECTS {
       ctspSgaclEnforcementEnable
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides the SGACL enforcement
         information for all TrustSec capable Layer 3 interfaces
         (excluding SVIs) at the device level."
    ::= { ciscoTrustSecPolicyMIBGroups 1 }

ctspSgaclIpv4DropNetflowMonitorGroup OBJECT-GROUP
    OBJECTS {
        ctspSgaclIpv4DropNetflowMonitor
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides netflow monitor 
        information for IPv4 traffic drop packet due to SGACL
        enforcement in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 2 }

ctspSgaclIpv6DropNetflowMonitorGroup OBJECT-GROUP
    OBJECTS {
        ctspSgaclIpv6DropNetflowMonitor
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides netflow monitor 
        information for IPv6 traffic drop packet due to SGACL
        enforcement in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 3 }

ctspVlanConfigGroup OBJECT-GROUP
    OBJECTS {
       ctspVlanConfigSgaclEnforcement,
       ctspVlanSviActive,
       ctspVlanConfigVrfName,
       ctspVlanConfigStorageType,
       ctspVlanConfigRowStatus 
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides the SGACL enforcement
         and VRF information for each VLAN." 
    ::= { ciscoTrustSecPolicyMIBGroups 4 }

ctspConfigSgaclMappingGroup OBJECT-GROUP
    OBJECTS {
       ctspConfigSgaclMappingSgaclName,
       ctspConfigSgaclMappingStorageType,
       ctspConfigSgaclMappingRowStatus,
       ctspDefConfigIpv4Sgacls,
       ctspDefConfigIpv6Sgacls
    } 
    STATUS current
    DESCRIPTION
        "A collection of objects which provides the administratively
         configured SGACL mapping information in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 5 }

ctspDownloadedSgaclMappingGroup OBJECT-GROUP
    OBJECTS {
        ctspDownloadedSgaclName,
        ctspDownloadedSgaclGenId,
        ctspDownloadedIpTrafficType,
        ctspDefDownloadedSgaclName,
        ctspDefDownloadedSgaclGenId,
        ctspDefDownloadedIpTrafficType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides the downloaded 
         SGACL mapping information in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 6 }

ctspOperSgaclMappingGroup OBJECT-GROUP
    OBJECTS {
        ctspOperationalSgaclName,
        ctspOperationalSgaclGenId,
        ctspOperSgaclMappingSource,
        ctspOperSgaclConfigSource,
        ctspDefOperationalSgaclName,
        ctspDefOperationalSgaclGenId,
        ctspDefOperSgaclMappingSource,
        ctspDefOperSgaclConfigSource
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides the operational
         SGACL mapping information in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 7 }

ctspIpSwStatisticsGroup OBJECT-GROUP
    OBJECTS {
        ctspStatsIpSwDropPkts,
        ctspStatsIpSwPermitPkts
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides software
        statistics counters for unicast IP traffic subjected
        to SGACL enforcement." 
    ::= { ciscoTrustSecPolicyMIBGroups 8 }

ctspIpHwStatisticsGroup OBJECT-GROUP
    OBJECTS {
        ctspStatsIpHwDropPkts,
        ctspStatsIpHwPermitPkts
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides hardware
        statistics counters for unicast IP traffic subjected
        to SGACL enforcement." 
    ::= { ciscoTrustSecPolicyMIBGroups 9 }

ctspDefSwStatisticsGroup OBJECT-GROUP
    OBJECTS {
        ctspDefIpSwDropPkts,
        ctspDefIpSwPermitPkts
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides software
        statistics counters for unicast IP traffic subjected
        to unicast default policy enforcement." 
    ::= { ciscoTrustSecPolicyMIBGroups 10 }

ctspDefHwStatisticsGroup OBJECT-GROUP
    OBJECTS {
        ctspDefIpHwDropPkts,
        ctspDefIpHwPermitPkts 
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides hardware
        statistics counters for unicast IP traffic subjected to
        unicast default policy enforcement." 
    ::= { ciscoTrustSecPolicyMIBGroups 11 }

ctspPeerPolicyActionGroup OBJECT-GROUP
    OBJECTS {
        ctspAllPeerPolicyAction
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides refreshing 
         of all peer policies in the device."
    ::= { ciscoTrustSecPolicyMIBGroups 12 }

ctspPeerPolicyGroup OBJECT-GROUP
    OBJECTS {
        ctspPeerSgt,
        ctspPeerSgtGenId,
        ctspPeerTrustState,
        ctspPeerPolicyLifeTime,
        ctspPeerPolicyLastUpdate,
        ctspPeerPolicyAction
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides peer policy
        information in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 13 }

ctspLayer3TransportGroup OBJECT-GROUP
    OBJECTS {
        ctspLayer3PolicyLocalConfig,
        ctspLayer3PolicyDownloaded,
        ctspLayer3PolicyOperational
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides managed
        information regarding the SGT propagation along with
        Layer 3 traffic in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 14 }

ctspIfL3PolicyConfigGroup OBJECT-GROUP
    OBJECTS {
        ctspIfL3Ipv4PolicyEnabled,
        ctspIfL3Ipv6PolicyEnabled
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides managed
        information for Layer3 Tranport policy enforcement on
        capable interface in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 15 }

ctspIpSgtMappingGroup OBJECT-GROUP
    OBJECTS {
        ctspIpSgtValue,
        ctspIpSgtSource,
        ctspIpSgtStorageType,
        ctspIpSgtRowStatus
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides managed
        information regarding IP-to-Sgt mapping in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 16 }

ctspSgtPolicyGroup OBJECT-GROUP
    OBJECTS {
        ctspAllSgtPolicyAction,
        ctspDownloadedSgtPolicySgtGenId,
        ctspDownloadedSgtPolicyLifeTime,
        ctspDownloadedSgtPolicyLastUpdate,
        ctspDownloadedSgtPolicyAction,
        ctspDownloadedDefSgtPolicySgtGenId,
        ctspDownloadedDefSgtPolicyLifeTime,
        ctspDownloadedDefSgtPolicyLastUpdate,
        ctspDownloadedDefSgtPolicyAction
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides SGT policy
        information in the device." 
    ::= { ciscoTrustSecPolicyMIBGroups 17 }

ctspIfSgtMappingGroup OBJECT-GROUP
    OBJECTS {
        ctspIfSgtValue,
        ctspIfSgName,
        ctspL3IPMStatus,
        ctspIfSgtStorageType,
        ctspIfSgtRowStatus
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides managed
        information regarding Interface-to-Sgt mapping in
        the device."
    ::= { ciscoTrustSecPolicyMIBGroups 18 }

ctspVlanSgtMappingGroup OBJECT-GROUP
    OBJECTS {
        ctspVlanSgtMapValue,
        ctspVlanSgtStorageType,
        ctspVlanSgtRowStatus
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides sgt mapping
        information for the IP traffic  in the specified Vlan."
    ::= { ciscoTrustSecPolicyMIBGroups 19 }

ctspSgtCachingGroup OBJECT-GROUP
    OBJECTS {
        ctspSgtCachingMode,
        ctspSgtCachingVlansFirst2K,
        ctspSgtCachingVlansSecond2K
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides sgt Caching
        information."
    ::= { ciscoTrustSecPolicyMIBGroups 20 }

ctspSgaclMonitorGroup OBJECT-GROUP
    OBJECTS {
        ctspSgaclMonitorEnable,
        ctspConfigSgaclMonitor,
        ctspDefConfigIpv4SgaclsMonitor,
        ctspDefConfigIpv6SgaclsMonitor,
        ctspDownloadedSgaclMonitor,
        ctspDefDownloadedSgaclMonitor,
        ctspOperSgaclMonitor,
        ctspDefOperSgaclMonitor
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides SGACL monitor
        information."
    ::= { ciscoTrustSecPolicyMIBGroups 21 }

ctspSgaclMonitorStatisticGroup OBJECT-GROUP
    OBJECTS {
        ctspStatsIpSwMonitorPkts,
        ctspStatsIpHwMonitorPkts,
        ctspDefIpSwMonitorPkts,
        ctspDefIpHwMonitorPkts
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides monitor statistics
        counters for unicast IP traffic subjected to SGACL
        enforcement." 
    ::= { ciscoTrustSecPolicyMIBGroups 22 }

ctspNotifCtrlGroup OBJECT-GROUP
    OBJECTS {
        ctspPeerPolicyUpdatedNotifEnable,
        ctspAuthorizationSgaclFailNotifEnable
    }
    STATUS current
    DESCRIPTION
    "A collection of objects providing notification control
    for TrustSec policy notifications."

    ::= { ciscoTrustSecPolicyMIBGroups 23 }


ctspNotifGroup NOTIFICATION-GROUP
     NOTIFICATIONS {
        ctspPeerPolicyUpdatedNotif,
        ctspAuthorizationSgaclFailNotif
    }
    STATUS current
    DESCRIPTION
    "A collection of notifications for TrustSec policy."
    ::= { ciscoTrustSecPolicyMIBGroups 24 }

        
ctspNotifInfoGroup  OBJECT-GROUP
    OBJECTS {
        ctspOldPeerSgt,
        ctspAuthorizationSgaclFailReason,
        ctspAuthorizationSgaclFailInfo
    }
    STATUS current
    DESCRIPTION
    "A collection of objects providing the variable binding for 
    TrustSec policy notifications."    
    ::= { ciscoTrustSecPolicyMIBGroups 25 }
END











