TIMETRA-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    CounterBasedGauge64
                                                         FROM HCNUM-TC
    Dot1agCfmMDLevel
                                                         FROM IEEE8021-CFM-MIB
    InterfaceIndexOrZero
                                                         FROM IF-MIB
    InetAddress, InetAddressIPv6,
    InetAddressPrefixLength, InetAddressType
                                                         FROM INET-ADDRESS-MIB
    MODULE-COMPLIANCE, NOTIFICATION-GROUP,
    OBJECT-GROUP
                                                         FROM SNMPv2-CONF
    Counter32, Counter64, Gauge32,
    Integer32, IpAddress, MODULE-IDENTITY,
    NOTIFICATION-TYPE, OBJECT-TYPE,
    Unsigned32
                                                         FROM SNMPv2-SMI
    DateAndTime, DisplayString, MacAddress,
    RowStatus, TEXTUAL-CONVENTION,
    TimeStamp, TruthValue
                                                         FROM SNMPv2-TC
    tmnxCpmFlashHwIndex,
    tmnxCpmFlashOperStatus
                                                         FROM TIMETRA-CHASSIS-MIB
    TEntryId, TFilterLogId,
    TFltrPortSelector, TItemMatch
                                                         FROM TIMETRA-FILTER-MIB
    timetraSRMIBModules, tmnxSRConfs,
    tmnxSRNotifyPrefix, tmnxSRObjs
                                                         FROM TIMETRA-GLOBAL-MIB
    tmnxPortPortID
                                                         FROM TIMETRA-PORT-MIB
    sapEncapValue, sapPortId
                                                         FROM TIMETRA-SAP-MIB
    sdpBindId
                                                         FROM TIMETRA-SDP-MIB
    svcId
                                                         FROM TIMETRA-SERV-MIB
    Dot1PPriority, Dot1PPriorityMask,
    Dot1PPriorityNonZeroMask, IPv6FlowLabel,
    InterfaceIndex, IpAddressPrefixLength,
    ServiceAccessPoint, TCIRRate,
    TCpmFilterBurstSize, TCpmProtPolicyID,
    TDSCPNameOrEmpty, TIcmpCodeOrNone,
    TIcmpTypeOrNone, TIpOption, TIpProtocol,
    TItemDescription, TLDisplayString,
    TLNamedItemOrEmpty, TNamedItem,
    TNamedItemOrEmpty, TOperator, TPIRRate,
    TPIRRateOrZero, TRegularExpression,
    TTcpUdpPort, TXLNamedItemOrEmpty,
    TmnxActionType, TmnxAdminState,
    TmnxAdminStateUpDown, TmnxCliEngine,
    TmnxDisplayStringURL,
    TmnxDistCpuProtAction,
    TmnxDistCpuProtActionDuration,
    TmnxDistCpuProtBurstSize,
    TmnxDistCpuProtEnforceType,
    TmnxDistCpuProtLogEventType,
    TmnxDistCpuProtPacketRateLimit,
    TmnxDistCpuProtProtocolId,
    TmnxDistCpuProtRate,
    TmnxDistCpuProtRateType,
    TmnxLongDisplayString, TmnxOperState,
    TmnxPortID, TmnxScriptAuthType,
    TmnxSecRadiusServAlgorithm, TmnxServId,
    TmnxVRtrIDOrZero
                                                         FROM TIMETRA-TC-MIB
    vRtrID, vRtrIfIndex
                                                         FROM TIMETRA-VRTR-MIB
    ;

timetraSecurityMIBModule         MODULE-IDENTITY
    LAST-UPDATED "201701010000Z"
    ORGANIZATION "Nokia"
    CONTACT-INFO
        "Nokia SROS Support
         Web: http://www.nokia.com"
    DESCRIPTION
        "This document is the SNMP MIB module to manage and provision Security
         features on Nokia SROS systems.

         Copyright 2003-2018 Nokia. All rights reserved. Reproduction of this
         document is authorized on the condition that the foregoing copyright
         notice is included.

         This SNMP MIB module (Specification) embodies Nokia's
         proprietary intellectual property.  Nokia retains
         all title and ownership in the Specification, including any
         revisions.

         Nokia grants all interested parties a non-exclusive license to use and
         distribute an unmodified copy of this Specification in connection with
         management of Nokia products, and without fee, provided this copyright
         notice and license appear on all copies.

         This Specification is supplied 'as is', and Nokia makes no warranty,
         either express or implied, as to the use, operation, condition, or
         performance of the Specification."

    REVISION    "201701010000Z"
    DESCRIPTION
        "Rev 15.0                1 Jan 2017 00:00
         15.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "201602010000Z"
    DESCRIPTION
        "Rev 14.0                1 Feb 2016 00:00
         14.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "201502010000Z"
    DESCRIPTION
        "Rev 13.0                1 Feb 2015 00:00
         13.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "201401010000Z"
    DESCRIPTION
        "Rev 12.0                1 Jan 2014 00:00
         12.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "201208010000Z"
    DESCRIPTION
        "Rev 11.0                1 Aug 2012 00:00
         11.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "201111010000Z"
    DESCRIPTION
        "Rev 10.0               1 Nov 2011 00:00
         10.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "201102010000Z"
    DESCRIPTION
        "Rev 9.0                1 Feb 2011 00:00
         9.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200902280000Z"
    DESCRIPTION
        "Rev 7.0                28 Feb 2009 00:00
         7.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200807010000Z"
    DESCRIPTION
        "Rev 6.1                01 Jul 2008 00:00
         6.1 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200801010000Z"
    DESCRIPTION
        "Rev 6.0                01 Jan 2008 00:00
         6.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200701010000Z"
    DESCRIPTION
        "Rev 5.0                01 Jan 2007 00:00
         5.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200602280000Z"
    DESCRIPTION
        "Rev 4.0                28 Feb 2006 00:00
         4.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200508310000Z"
    DESCRIPTION
        "Rev 3.0                31 Aug 2005 00:00
         3.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200501240000Z"
    DESCRIPTION
        "Rev 2.1                24 Jan 2005 00:00
         2.1 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200401150000Z"
    DESCRIPTION
        "Rev 2.0                15 Jan 2004 00:00
         2.0 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200308150000Z"
    DESCRIPTION
        "Rev 1.2                15 Aug 2003 00:00
         1.2 release of the TIMETRA-SECURITY-MIB."

    REVISION    "200301270000Z"
    DESCRIPTION
        "Rev 0.1                27 Jan 2003 00:00
         Initial version of the TIMETRA-SECURITY-MIB."

    ::= { timetraSRMIBModules 22 }

TProfileAction                   ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Action to take be taken as a result of matching
         one of profile's match entries.
            deny      (1) - matching commands are denied access.
            allow     (2) - matching commands are allowed access. if the
            none      (3) - no action is taken giving way to other
                            profile matching to happen.
            read-only (4) - matching commands are allowed read access only"
    SYNTAX      INTEGER {
        deny      (1),
        allow     (2),
        none      (3),
        read-only (4)
    }

TProfileGrpcRpcAuth              ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TProfileGrpcRpcAuth data type is an enumerated integer
         that describes the values used to specify user access to an RPC.
            permit (1) - user is permitted to access the RPC.
            deny   (2) - user is denied access to the RPC and a reply message
                         with 'Unauthenticated' gRPC status is issued."
    SYNTAX      INTEGER {
        permit (1),
        deny   (2)
    }

TProfileMatchAction              ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Action to take be taken as a result of matching
         one of profile's match entries.
            deny      (1) - matching commands are denied access.
            allow     (2) - matching commands are allowed access. if the
            none      (3) - no action is taken giving way to other
                            profile matching to happen.
            read-only (4) - matching commands are allowed read access only"
    SYNTAX      INTEGER {
        deny      (1),
        allow     (2),
        none      (3),
        read-only (4)
    }

TmnxMafAction                    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Action to take be taken as a result of matching the configured
         criteria in a Management Access Filter.
            none   (0) - no action specified, follow default behavior.
            permit (1) - packets matching the configured criteria are
                         permitted.
            deny   (2) - packets matching the configured criteria are
                         denied and an ICMP host unreachable message
                         is issued.
            denyHostUnreachable (3) - packets matching the configured criteria
                                      are denied and no ICMP host unreachable
                                      message is issued."
    SYNTAX      INTEGER {
        none                (0),
        permit              (1),
        deny                (2),
        denyHostUnreachable (3)
    }

TCpmFilterQueueId                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TCpmFilterQueueId is an integer value that identifies a CPM queue. The
         value '0' is used if there is no queue defined"
    SYNTAX      Unsigned32 (0 | 33..2000)

TCpmFilterActionOrDefault        ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TCpmFilterActionOrDefault data type is an enumerated integer
         that describes the values used to specify the action to take on the
         traffic when the filter entry matches.
         drop    (1)  packets matching the filter entry are dropped
         forward (2)  packets matching the filter entry are forwarded
         queue   (3)  packets matching the filter are sent to queue
                      tCpmFilterQueueId
         default (4)  the disposition of packets matching the filter is
                      determined by the default action of the filter"
    SYNTAX      INTEGER {
        drop    (1),
        forward (2),
        queue   (3),
        default (4)
    }

TmnxKeyChainKeyDirection         ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainKeyDirection data type is an enumerated integer that
         indicates the tcp-stream direction to apply the keychain on."
    SYNTAX      INTEGER {
        send         (1),
        receive      (2),
        send-receive (3)
    }

TmnxKeyChainKeyAlgorithm         ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainKeyAlgorithm data type is an enumerated integer that
         indicates the encryption algorithm to be used by the key defined in
         the keychain."
    SYNTAX      INTEGER {
        nullKeyAlgo    (0),
        aes128Cmac96   (1),
        hmacSha196     (2),
        password       (3),
        message-digest (4),
        hmacMd5        (5),
        hmacSha1       (6),
        hmacSha256     (7),
        aes128Gcm16    (8)
    }

TmnxKeyChainKeyOption            ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainKeyOption data type is an enumerated integer that
         indicates the option to be used by the key defined in the keychain."
    SYNTAX      INTEGER {
        none          (0),
        basic         (1),
        isis-enhanced (2)
    }

TmnxKeyChainTcpOptionNum         ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainTcpOptionNum data type is an enumerated integer that
         indicates the TCP option number to be used in the TCP header."
    SYNTAX      INTEGER {
        value253 (1),
        value254 (2),
        all      (3),
        tcp-ao   (4)
    }

TmnxMafType                      ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TmnxMafType data type is an enumerated integer that describes the
         type of packets a filter applies to."
    SYNTAX      INTEGER {
        ipv4 (1),
        ipv6 (2),
        mac  (3)
    }

TmnxCpmPacketRateLimit           ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate limit expressed in packets per second.

         The value -1 means unlimited rate."
    SYNTAX      Integer32 (-1 | 1..65535)

TmnxCpmPacketPolRateLimit        ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate limit expressed in packets per second for CPU protection
         policy parameters.

         The value -1 means unlimited rate."
    SYNTAX      Integer32 (-1 | 1..65534)

TmnxCpmPktPolRateLimitInclZero   ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate limit expressed in packets per second for CPU protection
         policy parameters.

         The value zero means a limit of zero packets per second.

         The value -1 means unlimited rate."
    SYNTAX      Integer32 (-1..65534)

TmnxCpmPacketRate                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate expressed in packets per second."
    SYNTAX      Gauge32 (0..4294967295)

TmnxCpmProtEthCfmOpCode          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The Opcode field within an Ethernet Connectivity Fault Management PDU
         has this range."
    REFERENCE
        "ITU-T Y.1731 Specification, 02/2008"
    SYNTAX      Unsigned32 (0..255)

TmnxMafMacFltrFrameType          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The type of the frame for which this mac filter match criteria is
         defined."
    SYNTAX      INTEGER {
        e802dot3     (0),
        e802dot2LLC  (1),
        e802dot2SNAP (2),
        ethernetII   (3),
        e802dot1ag   (4)
    }

TmnxCpmMacFltrFrameType          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The type of the frame for which this mac filter match criteria is
         defined."
    SYNTAX      INTEGER {
        none        (-1),
        e802dot2LLC (1),
        ethernetII  (3),
        e802dot1ag  (4)
    }

TCpmFilterPortOperator           ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "This textual convention specifies the manner in which the CPM filter
         port objects have to be interpreted.
         - If the operator takes the value mask(0) then the filter uses the port
           and port-mask values as match criterion; port-high can take any value
           but is ignored by the filter
         - If the operator takes the value range(1) then the filter uses the
           port range specified by port (lower bound) and port-high (upper
           bound) as match criterion; port-mask can take any value but is
           ignored by the filter."
    SYNTAX      INTEGER {
        mask  (0),
        range (1)
    }

TSSHCipherNumber                 ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "This textual convention specifies the ciphers that are used by SSH
         protocol version 1 and SSH protocol version 2."
    SYNTAX      INTEGER {
        none        (0),
        des         (2),
        threeDes    (3),
        blowfish    (6),
        threeDesCbc (32),
        blowfishCbc (33),
        cast128Cbc  (34),
        arcfour     (35),
        aes128Cbc   (36),
        aes192Cbc   (37),
        aes256Cbc   (38),
        rijndaelCbc (39),
        aes128Ctr   (40),
        aes192Ctr   (41),
        aes256Ctr   (42)
    }

TmnxSessionLimit                 ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxSessionLimit is an integer value that specifies the limit for
         number of concurrent user access sessions (SSH, Telnet, Total).

         The value -1 means there is no limit for number of sessions of a given
         type."
    SYNTAX      Integer32 (-1 | 0..50)

TmnxPasswordAuthenOrder          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxPasswordAuthenOrder is an integer value that specifies the user
         authentication method."
    SYNTAX      INTEGER {
        none    (0),
        local   (1),
        radius  (2),
        tacplus (3),
        ldap    (4)
    }

TmnxPkiCNType                    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TmnxPkiCNType data type is an enumerated integer that indicates
         the type of Common Name in Common Name list.

         Common Name is present in a certificate in field 'Common Name' (CN) or
         in the extension 'Subject Alternative Name' (SAN). Common Name can be
         present in Common Name list as a plain text or as regular expression."
    SYNTAX      INTEGER {
        ip-address  (1),
        domain-name (2)
    }

TSSHMacNumber                    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TSSHMacNumber data type specifies the MAC (message authentication
         code) algorithms that are used by the SSH protocol version 2."
    SYNTAX      INTEGER {
        hmacSha512              (1),
        hmacSha256              (2),
        hmacSha1                (3),
        hmacSha196              (4),
        hmacMd5                 (5),
        hmacRipemd160           (6),
        hmacRipemd160OpensshCom (7),
        hmacMd596               (8)
    }

TmnxPassHashReadType             ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxPassHashReadType specifies the hash algorithm accepted by the
         system while executing commands."
    SYNTAX      INTEGER {
        all-hash (0),
        hash     (1),
        hash2    (2),
        custom   (3)
    }

TmnxPassHashWriteType            ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxPassHashWriteType specifies the hash version to be used while
         saving the configuration files."
    SYNTAX      INTEGER {
        cleartext (0),
        hash      (1),
        hash2     (2),
        custom    (3)
    }

TSSHKexNumber                    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TSSHKexNumber data type specifies the KEX (key exchange)
         algorithms that are used by the SSH protocol version 2."
    SYNTAX      INTEGER {
        diffieHellmanGroup1Sha1        (1),
        diffieHellmanGroup14Sha1       (2),
        diffieHellmanGroupExchangeSha1 (3),
        diffieHellmanGroup14Sha256     (4),
        diffieHellmanGroup16Sha512     (5)
    }

tmnxSecurityObjects              OBJECT IDENTIFIER ::= { tmnxSRObjs 22 }

tmnxUserProfileTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the user profiles for access to the commands in the
         command line interface."
    ::= { tmnxSecurityObjects 1 }

tmnxUserProfileEntry             OBJECT-TYPE
    SYNTAX      TmnxUserProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single user profile."
    INDEX       { tmnxUserProfile }
    ::= { tmnxUserProfileTable 1 }

TmnxUserProfileEntry             ::= SEQUENCE
{
    tmnxUserProfile                  TNamedItem,
    tmnxUserProfileRowStatus         RowStatus,
    tmnxUserProfileDefaultAction     TProfileAction,
    tmnxUserProfileLi                TruthValue,
    tmnxUserProfileNCKillSession     TruthValue,
    tmnxUserProfileSshLimit          TmnxSessionLimit,
    tmnxUserProfileTelnetLimit       TmnxSessionLimit,
    tmnxUserProfileTotalLimit        TmnxSessionLimit,
    tmnxUserProfileCliSessionGroup   TNamedItemOrEmpty,
    tmnxUserProfileNCLock            TruthValue,
    tmnxUserProfileGrpcAuthGet       TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthSet       TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthSubscribe TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthGnmiCap   TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthRAModify  TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthRAGetVer  TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthCMRotate  TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthCMInstall TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthCMGetCert TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthCMRevoke  TProfileGrpcRpcAuth,
    tmnxUserProfileGrpcAuthCMCanGen  TProfileGrpcRpcAuth
}

tmnxUserProfile                  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The name of the profile is the index to the table."
    ::= { tmnxUserProfileEntry 1 }

tmnxUserProfileRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Row Status for the user profile. The deletion of this row has an
         action of removing the dependent rows in the tmnxUserProfileTable. "
    ::= { tmnxUserProfileEntry 2 }

tmnxUserProfileDefaultAction     OBJECT-TYPE
    SYNTAX      TProfileAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The action to be given to the user profile in case if none of the
         entries match the command."
    DEFVAL      { deny }
    ::= { tmnxUserProfileEntry 3 }

tmnxUserProfileLi                OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileLi specifies whether or this profile
         can be assigned to a user to support Lawful Intercept (LI)
         operations.  This object can only be modified from the SNMPv3 'li'
         context."
    DEFVAL      { false }
    ::= { tmnxUserProfileEntry 4 }

tmnxUserProfileNCKillSession     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileNCKillSession specifies whether or this
         profile can be assigned to a user to support NETCONF Kill Session
         operations."
    DEFVAL      { false }
    ::= { tmnxUserProfileEntry 5 }

tmnxUserProfileSshLimit          OBJECT-TYPE
    SYNTAX      TmnxSessionLimit
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxUserProfileSshLimit specifies the maximum
         limit of concurrent SSH sessions for given User Profile."
    DEFVAL      { -1 }
    ::= { tmnxUserProfileEntry 6 }

tmnxUserProfileTelnetLimit       OBJECT-TYPE
    SYNTAX      TmnxSessionLimit
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxUserProfileTelnetLimit specifies the
         maximum limit of concurrent TELNET sessions for given User Profile."
    DEFVAL      { -1 }
    ::= { tmnxUserProfileEntry 7 }

tmnxUserProfileTotalLimit        OBJECT-TYPE
    SYNTAX      TmnxSessionLimit
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxUserProfileTotalLimit specifies the
         combined maximum limit of concurrent TELNET and SSH sessions for given
         User Profile."
    DEFVAL      { -1 }
    ::= { tmnxUserProfileEntry 8 }

tmnxUserProfileCliSessionGroup   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileCliSessionGroup specifies a cli session
         group that the profile belongs to. This cli session group must be a
         valid row entry in tmnxCliSessionGroupEntry."
    DEFVAL      { ''H }
    ::= { tmnxUserProfileEntry 9 }

tmnxUserProfileNCLock            OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileNCLock specifies whether or this profile
         can be assigned to a user to support NETCONF Lock/Unlock operations."
    DEFVAL      { false }
    ::= { tmnxUserProfileEntry 10 }

tmnxUserProfileGrpcAuthGet       OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthGet specifies whether a user to
         whom this profile is assigned is allowed to execute the gRPC gNMI Get
         RPC."
    DEFVAL      { permit }
    ::= { tmnxUserProfileEntry 11 }

tmnxUserProfileGrpcAuthSet       OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthSet specifies whether a user to
         whom this profile is assigned is allowed to execute the gRPC gNMI Set
         RPC."
    DEFVAL      { permit }
    ::= { tmnxUserProfileEntry 12 }

tmnxUserProfileGrpcAuthSubscribe OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthSubscribe specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNMI
         Subscribe RPC."
    DEFVAL      { permit }
    ::= { tmnxUserProfileEntry 13 }

tmnxUserProfileGrpcAuthGnmiCap   OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthGnmiCap specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNMI
         Capabilities RPC."
    DEFVAL      { permit }
    ::= { tmnxUserProfileEntry 14 }

tmnxUserProfileGrpcAuthRAModify  OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthRAModify specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC RibApi
         Modify RPC."
    DEFVAL      { permit }
    ::= { tmnxUserProfileEntry 15 }

tmnxUserProfileGrpcAuthRAGetVer  OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthRAGetVer specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC RibApi
         'GetVersion' RPC."
    DEFVAL      { permit }
    ::= { tmnxUserProfileEntry 16 }

tmnxUserProfileGrpcAuthCMRotate  OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthCMRotate specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNOI
         CertificateManagement Rotate RPC."
    DEFVAL      { deny }
    ::= { tmnxUserProfileEntry 17 }

tmnxUserProfileGrpcAuthCMInstall OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthCMInstall specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNOI
         CertificateManagement Install RPC."
    DEFVAL      { deny }
    ::= { tmnxUserProfileEntry 18 }

tmnxUserProfileGrpcAuthCMGetCert OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthCMGetCert specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNOI
         CertificateManagement 'GetCertificates' RPC."
    DEFVAL      { deny }
    ::= { tmnxUserProfileEntry 19 }

tmnxUserProfileGrpcAuthCMRevoke  OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthCMRevoke specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNOI
         CertificateManagement 'RevokeCertificates' RPC."
    DEFVAL      { deny }
    ::= { tmnxUserProfileEntry 20 }

tmnxUserProfileGrpcAuthCMCanGen  OBJECT-TYPE
    SYNTAX      TProfileGrpcRpcAuth
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileGrpcAuthCMCanGen specifies whether a user
         to whom this profile is assigned is allowed to execute the gRPC gNOI
         CertificateManagement 'CanGenerateCSR' RPC."
    DEFVAL      { deny }
    ::= { tmnxUserProfileEntry 21 }

tmnxUserProfileMatchTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserProfileMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table which stores multiple entries per user profile to define
         specific action to be taken in case if the command matches the entry."
    ::= { tmnxSecurityObjects 2 }

tmnxUserProfileMatchEntry        OBJECT-TYPE
    SYNTAX      TmnxUserProfileMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single user profile."
    INDEX       {
        tmnxUserProfile,
        tmnxUserProfileMatchId
    }
    ::= { tmnxUserProfileMatchTable 1 }

TmnxUserProfileMatchEntry        ::= SEQUENCE
{
    tmnxUserProfileMatchId           Unsigned32,
    tmnxUserProfileMatchRowStatus    RowStatus,
    tmnxUserProfileMatchDescription  TItemDescription,
    tmnxUserProfileMatchAction       TProfileMatchAction,
    tmnxUserProfileMatchString       DisplayString
}

tmnxUserProfileMatchId           OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Secondary index for the table"
    ::= { tmnxUserProfileMatchEntry 1 }

tmnxUserProfileMatchRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Row Status for the user profile match."
    ::= { tmnxUserProfileMatchEntry 2 }

tmnxUserProfileMatchDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "User-provided description for the match entry."
    DEFVAL      { ''H }
    ::= { tmnxUserProfileMatchEntry 3 }

tmnxUserProfileMatchAction       OBJECT-TYPE
    SYNTAX      TProfileMatchAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Action to be used in case if a command matches this entry."
    ::= { tmnxUserProfileMatchEntry 4 }

tmnxUserProfileMatchString       OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Match string to be used for this entry."
    ::= { tmnxUserProfileMatchEntry 5 }

tmnxUserTable                    OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserTable contains configuration information for the system users."
    ::= { tmnxSecurityObjects 3 }

tmnxUserEntry                    OBJECT-TYPE
    SYNTAX      TmnxUserEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserEntry is an entry (conceptual row) in the tmnxUserEntry. Each
         entry represents the configuration for a system user. Entries in this
         table can be created and deleted via SNMP SET operations to
         tmnxUserRowStatus."
    INDEX       { IMPLIED tmnxUserName }
    ::= { tmnxUserTable 1 }

TmnxUserEntry                    ::= SEQUENCE
{
    tmnxUserName                     TNamedItem,
    tmnxUserRowStatus                RowStatus,
    tmnxUserPassword                 DisplayString,
    tmnxUserPasswordEncrypted        TruthValue,
    tmnxUserAccess                   BITS,
    tmnxUserHomeDirectory            DisplayString,
    tmnxUserRestrictedToHome         TruthValue,
    tmnxUserConsoleLoginExecFile     DisplayString,
    tmnxUserConsoleCannotChangePswd  TruthValue,
    tmnxUserConsoleNewPswdAtLogin    TruthValue,
    tmnxUserConsoleMemberProfile1    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile2    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile3    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile4    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile5    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile6    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile7    TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile8    TNamedItemOrEmpty,
    tmnxUserAttemptedLogins          Counter32,
    tmnxUserSuccessfulLogins         Counter32,
    tmnxUserPasswordChanged          TimeStamp,
    tmnxUserCliEngine1               TmnxCliEngine,
    tmnxUserCliEngine2               TmnxCliEngine,
    tmnxUserPasswordChangedTime      DateAndTime,
    tmnxUserPasswordExpirationTime   DateAndTime
}

tmnxUserName                     OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserName specifies the name for a system user. This
         name must be unique amongst the table entries."
    ::= { tmnxUserEntry 1 }

tmnxUserRowStatus                OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxUserRowStatus controls the creation and deletion of rows in the
         table.

         To create a row in the tmnxUserTable, set tmnxUserRowStatus to
         createAndGo(4). All objects will take on default values and the agent
         will change tmnxUserRowStatus to active(1).

         To delete a row in the tmnxUserTable, set tmnxUserRowStatus to
         delete(6)."
    ::= { tmnxUserEntry 2 }

tmnxUserPassword                 OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..60))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPassword specifies the password used to
         authenticate the user for console and FTP access.

         The password can be provided both as a plain text string, or as a
         bcrypt encrypted hash.

         The value of tmnxUserPassword cannot be more than 56 characters if it
         is a plain text string.

         Any GET request on this object returns an empty string."
    DEFVAL      { "" }
    ::= { tmnxUserEntry 3 }

tmnxUserPasswordEncrypted        OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "This object has been obsoleted in release 12.0."
    DEFVAL      { true }
    ::= { tmnxUserEntry 4 }

tmnxUserAccess                   OBJECT-TYPE
    SYNTAX      BITS {
        console (0),
        ftp     (1),
        snmp    (2),
        li      (3),
        netconf (4),
        grpc    (5)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserAccess specifies the type of access the the user
         is permitted. To allow the user access to the console, FTP or SNMP,
         set the corresponding bit in tmnxUserAccess. Reset the bit to deny the
         access.

         'li' access allows this user to access CLI commands in the
         Lawful Intercept (LI) context.  The 'li' bit can only be modified
         from the SNMPv3 'li' context. The 'netconf' bit allows this user to
         make netconf request.
         The 'grpc' bit allows this user to connect to the box via gRPC
         session."
    DEFVAL      { {} }
    ::= { tmnxUserEntry 5 }

tmnxUserHomeDirectory            OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..200))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserHomeDirectory specifies the local home directory
         for the user for console and FTP access."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 6 }

tmnxUserRestrictedToHome         OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserRestrictedToHome is 'true', the user is not
         allowed to navigate to directories above his home directory for file
         access.

         When the value of tmnxUserRestrictedToHome is 'false', the user is
         allowed access to directories above his home directory."
    DEFVAL      { false }
    ::= { tmnxUserEntry 7 }

tmnxUserConsoleLoginExecFile     OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..200))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleLoginExecFile specifies the file that
         should be executed whenever the user successfully logs in to a console
         session."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 8 }

tmnxUserConsoleCannotChangePswd  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserConsoleCannotChangePswd is 'true', the user
         does not have the privilege to change the password for console and FTP
         login.

         When the value of tmnxUserConsoleCannotChangePswd is 'false', the user
         has the privilege to change the password for console and FTP login."
    DEFVAL      { false }
    ::= { tmnxUserEntry 9 }

tmnxUserConsoleNewPswdAtLogin    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserConsoleNewPswdAtLogin is 'true', the will be
         forced to change his password at the next console or telnet or SSH
         login.

         When the value of tmnxUserConsoleNewPswdAtLogin is 'false', the will
         not be forced to change his password at the next console or telnet or
         SSH login."
    DEFVAL      { false }
    ::= { tmnxUserEntry 10 }

tmnxUserConsoleMemberProfile1    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile1 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 11 }

tmnxUserConsoleMemberProfile2    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile2 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 12 }

tmnxUserConsoleMemberProfile3    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile3 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 13 }

tmnxUserConsoleMemberProfile4    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile4 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 14 }

tmnxUserConsoleMemberProfile5    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile5 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 15 }

tmnxUserConsoleMemberProfile6    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile6 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 16 }

tmnxUserConsoleMemberProfile7    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile7 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 17 }

tmnxUserConsoleMemberProfile8    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile8 specifies a user profile
         that the user has access to. This profile must be a valid row entry in
         tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value of the
         nth user profile can be set only if all previous user profiles (1
         through (n-1)) are non-empty strings. The order of the user profiles
         is important. The first user profile has highest precedence, followed
         by the second and so on."
    DEFVAL      { ''H }
    ::= { tmnxUserEntry 18 }

tmnxUserAttemptedLogins          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserAttemptedLogins indicates the number of times the
         user has attempted to login irrespective of whether the login
         succeeded or failed."
    ::= { tmnxUserEntry 19 }

tmnxUserSuccessfulLogins         OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserSuccessfulLogins indicates the number of times
         the user has successfully logged in."
    ::= { tmnxUserEntry 20 }

tmnxUserPasswordChanged          OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxUserPasswordChanged indicates the value of sysUpTime
         when the login password was last changed."
    ::= { tmnxUserEntry 21 }

tmnxUserCliEngine1               OBJECT-TYPE
    SYNTAX      TmnxCliEngine
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserCliEngine1 specifies the CLI engine that is
         active when a user logs in.

         Value systemDerived specifies that the CLI engine inherits the value
         of tmnxSysMgmtCliEngine1 from tmnxSysMgmtProtocolTable.

         Both tmnxUserCliEngine1 and tmnxUserCliEngine2 must be present in the
         same set request."
    DEFVAL      { systemDerived }
    ::= { tmnxUserEntry 23 }

tmnxUserCliEngine2               OBJECT-TYPE
    SYNTAX      TmnxCliEngine
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserCliEngine2 specifies the secondary CLI engine
         that is accessible to a logged-in user.

         Value systemDerived specifies that the user does not have access to
         secondary engine (i.e.: can only access engine specified by
         tmnxUserCliEngine1).

         Values other than systemDerived are used only if tmnxUserCliEngine1
         also has value other than systemDerived and must differ from that
         value.

         Both tmnxUserCliEngine1 and tmnxUserCliEngine2 must be present in the
         same set request."
    DEFVAL      { systemDerived }
    ::= { tmnxUserEntry 24 }

tmnxUserPasswordChangedTime      OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPasswordChangedTime specifies the calendar date
         and time when the login password was last changed."
    ::= { tmnxUserEntry 25 }

tmnxUserPasswordExpirationTime   OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPasswordExpirationTime specifies the calendar
         date and time when login password will be expire.

         If password aging is disabled, '0-1-1,0:0:0.0,+0:0' is returned."
    ::= { tmnxUserEntry 26 }

tmnxMafObjs                      OBJECT IDENTIFIER ::= { tmnxSecurityObjects 4 }

tmnxMafTable                     OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxMafEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "This table has been replaced with tmnxGenMafTable. The new table
         allows to define both IPv4 and IPv6 MAFs.

         The tmnxMafTable has an entry for each Management Access Filter
         (MAF) configured on the system.  Management Access Filters are
         used to restrict management of this Nokia SROS device by
         other nodes outside either specific (sub)networks or through
         designated ports.  By default no Management Access Filters are
         defined and this table will be empty."
    ::= { tmnxMafObjs 1 }

tmnxMafEntry                     OBJECT-TYPE
    SYNTAX      TmnxMafEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "Each row entry contains information about a Management Access Filter
         (MAF)."
    INDEX       { tmnxMafName }
    ::= { tmnxMafTable 1 }

TmnxMafEntry                     ::= SEQUENCE
{
    tmnxMafName                      TNamedItem,
    tmnxMafRowStatus                 RowStatus,
    tmnxMafDefaultAction             TmnxMafAction,
    tmnxMafAdminState                TmnxAdminState
}

tmnxMafName                      OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafName specifies the Management Access Filter (MAF)
         represented by this row in the tmnxMafTable."
    ::= { tmnxMafEntry 1 }

tmnxMafRowStatus                 OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The tmnxMafRowStatus object is used to create and delete rows in
         the tmnxMafTable.  The values supported during a set operation are
         createAndGo(4), createAndWait(5) and destroy(6)."
    ::= { tmnxMafEntry 2 }

tmnxMafDefaultAction             OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafDefaultAction specifies the default action
         for management access in the absence of a specific management
         access filter entry match.  The default action is applied
         to a packet that does not satisfy any match criteria in any of
         the management access filter match entries.  Before a MAF can be
         active, a default action must have been specified."
    DEFVAL      { none }
    ::= { tmnxMafEntry 3 }

tmnxMafAdminState                OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafAdminState specifies the administrative state
         for this management access filter.  A value of 'outOfService'
         disables this filter which results in permitting all traffic."
    DEFVAL      { inService }
    ::= { tmnxMafEntry 4 }

tmnxMafMatchTable                OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "This tables has been replaced with the table tmnxIPMafMatchTable which
         allows for both IPv4 and IPv6 MAF entries.

         The tmnxMafMatchTable contains filter match criteria associated with
         Management Access Filters (MAFs) configured on the system."
    ::= { tmnxMafObjs 2 }

tmnxMafMatchEntry                OBJECT-TYPE
    SYNTAX      TmnxMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "Each row entry contains information about a management access filter
         entry associated with a specific Management Access Filter (MAF).
         The filter criteria are applied in order according to the value of
         tmnxMafMatchIndex.  The match algorithm is exited upon the first
         match found and then the action specified is executed.  For this
         reason, entries must be sequenced from most to least explicit.
         An entry where tmnxMafMatchAction has a value of 'none' is not
         active."
    INDEX       {
        tmnxMafName,
        tmnxMafMatchIndex
    }
    ::= { tmnxMafMatchTable 1 }

TmnxMafMatchEntry                ::= SEQUENCE
{
    tmnxMafMatchIndex                Unsigned32,
    tmnxMafMatchRowStatus            RowStatus,
    tmnxMafMatchLastChanged          TimeStamp,
    tmnxMafMatchAction               TmnxMafAction,
    tmnxMafMatchDescription          TItemDescription,
    tmnxMafMatchSrcIpAddr            IpAddress,
    tmnxMafMatchSrcIpMask            IpAddressPrefixLength,
    tmnxMafMatchSrcPortType          INTEGER,
    tmnxMafMatchSrcPortId            TmnxPortID,
    tmnxMafMatchDestPort             TTcpUdpPort,
    tmnxMafMatchDestPortMask         Unsigned32,
    tmnxMafMatchProtocol             TIpProtocol,
    tmnxMafMatchCount                Counter64,
    tmnxMafMatchRouter               TNamedItemOrEmpty,
    tmnxMafMatchLog                  TruthValue
}

tmnxMafMatchIndex                OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchIndex specifies the Management Access Filter
         Entry (MAFE) represented by this row in the tmnxMafMatchTable.  It
         is associated to a specific Management Access Filter by the value
         of tmnxMafName index."
    ::= { tmnxMafMatchEntry 1 }

tmnxMafMatchRowStatus            OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The tmnxMafMatchRowStatus object is used to create and delete rows in
         the tmnxMafMatchTable.  The values supported during a set operation
         are createAndGo(4), createAndWait(5) and destroy(6)."
    ::= { tmnxMafMatchEntry 2 }

tmnxMafMatchLastChanged          OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchLastChanged is the timestamp of last change
         to this row in tmnxMafMatchTable."
    ::= { tmnxMafMatchEntry 3 }

tmnxMafMatchAction               OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchAction specifies the action to be taken
         when a packet matches the selection criteria configured in this
         management access filter entry.  Before a filter entry can be active,
         tmnxMafMatchAction must be assigned some value other than 'none'."
    DEFVAL      { none }
    ::= { tmnxMafMatchEntry 4 }

tmnxMafMatchDescription          OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchDescription is a user provided description
         string for this Management Access Filter Entry.  It can consist of
         any printable, seven-bit ASCII characters up to 80 characters in
         length."
    DEFVAL      { ''H }
    ::= { tmnxMafMatchEntry 5 }

tmnxMafMatchSrcIpAddr            OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchSrcIpAddr specifies IP address used with the
         value of tmnxMafMatchSrcIpMask to indicate a source IP address range
         to be used as the match criteria for this Management Access Filter
         Entry."
    DEFVAL      { '00000000'H }
    ::= { tmnxMafMatchEntry 6 }

tmnxMafMatchSrcIpMask            OBJECT-TYPE
    SYNTAX      IpAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchSrcIpMask specifies the number of bits to
         match of the source Ip Address."
    DEFVAL      { 0 }
    ::= { tmnxMafMatchEntry 7 }

tmnxMafMatchSrcPortType          OBJECT-TYPE
    SYNTAX      INTEGER {
        any  (1),
        cpm  (2),
        port (3),
        lag  (4)
    }
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchSrcPortType is used to restrict ingress
         management packets to either the configured management Ethernet
         port or any other logical port (LAG, port, or channel) on the
         device.  By default, management traffic is accepted on any interface."
    DEFVAL      { any }
    ::= { tmnxMafMatchEntry 8 }

tmnxMafMatchSrcPortId            OBJECT-TYPE
    SYNTAX      TmnxPortID
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "When tmnxMafMatchSrcPortType has a value of 'port' or 'lag' the
         value of tmnxMafMatchSrcPortId specifies the port used to restrict
         ingress management packets.  A value of zero indicated that this
         object is not initialized."
    DEFVAL      { 0 }
    ::= { tmnxMafMatchEntry 9 }

tmnxMafMatchDestPort             OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchDestPort specifies a TCP or UDP port
         number to be used as a match criteria in this Management Access
         Filter Entry.  A value of zero indicates that this object is
         not initialized."
    DEFVAL      { 0 }
    ::= { tmnxMafMatchEntry 10 }

tmnxMafMatchDestPortMask         OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..65535)
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchDestPortMask specifies a mask to be used
         when the value of tmnxMafMatchDestPort is not equal to zero.
         The mask allows a range of TCP or UDP port values to be
         specified for the match criteria in this Management Access Filter
         Entry.  A value of 65535, 0xFFFF, is used to indicate that
         this object is not initialized."
    DEFVAL      { 'FFFF'H }
    ::= { tmnxMafMatchEntry 11 }

tmnxMafMatchProtocol             OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchProtocol specifies an IP protocol type
         to be used in the match criteria for this Management Access Filter
         Entry.  Some well known protocol numbers are TCP (6), and UDP (7).
         The value of -1 is used to indicate that this object is not
         initialized."
    DEFVAL      { -1 }
    ::= { tmnxMafMatchEntry 12 }

tmnxMafMatchCount                OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchCount indicates the number of times a
         management packet has matched this filter entry."
    ::= { tmnxMafMatchEntry 13 }

tmnxMafMatchRouter               OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchRouter specifies a router (VPRN) name or
         a service-id, expressed as an ASCII numeric string, to be used in
         the match criteria for the Management Access Filter Entry.  The
         empty string value ''H is used to indicate that this object is not
         initialized."
    DEFVAL      { ''H }
    ::= { tmnxMafMatchEntry 14 }

tmnxMafMatchLog                  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "When the value of tmnxMafMatchLog is 'true', entry match logging is
         enabled."
    DEFVAL      { false }
    ::= { tmnxMafMatchEntry 15 }

tmnxGenMafTableLastChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxGenMafTableLastChanged indicates the
         timestamp of the last change to the tmnxGenMafTable. A value of 0
         indicates that no changes were made to this table since the system was
         last initialized."
    ::= { tmnxMafObjs 3 }

tmnxGenMafTable                  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxGenMafEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table replaces the tmnxMafTable. It allows to define both IPv4
         and IPv6 MAFs.

         The tmnxGenMafTable has an entry for each Management Access Filter
         (MAF) configured on the system (IPv4 and IPv6).

         Management Access Filters are used to restrict management of this
         Nokia SROS device by other nodes outside either specific (sub)networks
         or through designated ports.

         By default a single IPv4 and a single IPv6 Management Access Filter is
         created by the system. No additional filters can be defined by the
         operator.

         When a filter is deleted, the system will recreate it with all default
         settings."
    ::= { tmnxMafObjs 4 }

tmnxGenMafEntry                  OBJECT-TYPE
    SYNTAX      TmnxGenMafEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry contains information about a IPv4 or IPv6 Management
         Access Filter (MAF)."
    INDEX       {
        tmnxGenMafType,
        tmnxGenMafName
    }
    ::= { tmnxGenMafTable 1 }

TmnxGenMafEntry                  ::= SEQUENCE
{
    tmnxGenMafType                   TmnxMafType,
    tmnxGenMafName                   TNamedItem,
    tmnxGenMafLastModified           TimeStamp,
    tmnxGenMafRowStatus              RowStatus,
    tmnxGenMafAdminState             TmnxAdminState,
    tmnxGenMafDefaultAction          TmnxMafAction
}

tmnxGenMafType                   OBJECT-TYPE
    SYNTAX      TmnxMafType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafType specifies the type of packets, destined
         for CPM, this management access filter applies to."
    ::= { tmnxGenMafEntry 1 }

tmnxGenMafName                   OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafName specifies the Management Access Filter
         (MAF) represented by this row in the tmnxGenMafTable."
    ::= { tmnxGenMafEntry 2 }

tmnxGenMafLastModified           OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxGenMafLastModified object indicates the timestamp of the last
         change to this row. A value of zero indicates that this row was not
         modified since the system was last initialized."
    ::= { tmnxGenMafEntry 3 }

tmnxGenMafRowStatus              OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxGenMafRowStatus object is used to create and delete rows in
         the tmnxGenMafTable.  The values supported during a set operation are
         - active(1)
         - createAndGo(4),
         - createAndWait(5) which is treated in the same way as createAndGo(4)
         - destroy(6)."
    ::= { tmnxGenMafEntry 4 }

tmnxGenMafAdminState             OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafAdminState specifies the administrative state
         for this management access filter.  A value of 'outOfService'
         disables this filter which results in permitting all traffic."
    DEFVAL      { inService }
    ::= { tmnxGenMafEntry 5 }

tmnxGenMafDefaultAction          OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafDefaultAction specifies the default action
         for management access in the absence of a specific management
         access filter entry match.  The default action is applied
         to a packet that does not satisfy any match criteria in any of
         the management access filter match entries. Before a MAF can be
         active, a default action must have been specified.
         The value denyHostUnreachable is not allowed for Mac Maf filters."
    DEFVAL      { none }
    ::= { tmnxGenMafEntry 6 }

tmnxMafIPMatchTableLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxMafIPMatchTableLastChanged indicates the
         timestamp of the last change to the tmnxIPMafMatchTable. A value of 0
         indicates that no changes were made to this table since the system was
         last initialized."
    ::= { tmnxMafObjs 5 }

tmnxIPMafMatchTable              OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table replaces the tmnxMafMatchTable. It allows to define both
         IPv4 and IPv6 MAF IP entries.

         The tmnxIPMafMatchTable contains ipvx filter match criteria associated
         with Management Access Filters (MAFs) configured on the system."
    ::= { tmnxMafObjs 6 }

tmnxIPMafMatchEntry              OBJECT-TYPE
    SYNTAX      TmnxIPMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry contains information about a management access filter
         entry associated with a specific Management Access Filter (MAF).

         The filter criteria are applied in order according to the value of
         tmnxIPMafMatchIndex.

         The match algorithm is exited upon the first
         match found and then the action specified is executed.  For this
         reason, entries must be sequenced from most to least explicit.

         An entry where tmnxIPMafMatchAction has a value of 'none' is not
         active.

         Rows can only be created for tmnxGenMafType's:
         - ipv4 (1), and.
         - ipv6 (2).
         For mac Maf filters a dedicated table is provided
         (tmnxMacMafMatchTable). "
    INDEX       {
        tmnxGenMafType,
        tmnxGenMafName,
        tmnxIPMafMatchIndex
    }
    ::= { tmnxIPMafMatchTable 1 }

TmnxIPMafMatchEntry              ::= SEQUENCE
{
    tmnxIPMafMatchIndex              Unsigned32,
    tmnxIPMafMatchRowStatus          RowStatus,
    tmnxIPMafMatchLastChanged        TimeStamp,
    tmnxIPMafMatchAction             TmnxMafAction,
    tmnxIPMafMatchDescription        TItemDescription,
    tmnxIPMafMatchSrcIpAddrType      InetAddressType,
    tmnxIPMafMatchSrcIpAddr          InetAddress,
    tmnxIPMafMatchSrcIpMask          InetAddressPrefixLength,
    tmnxIPMafMatchSrcPortType        INTEGER,
    tmnxIPMafMatchSrcPortId          TmnxPortID,
    tmnxIPMafMatchDestPort           TTcpUdpPort,
    tmnxIPMafMatchDestPortMask       Unsigned32,
    tmnxIPMafMatchProtNxtHdr         TIpProtocol,
    tmnxIPMafMatchCount              Counter64,
    tmnxIPMafMatchRouter             TNamedItemOrEmpty,
    tmnxIPMafMatchFlowLabel          IPv6FlowLabel,
    tmnxIPMafMatchLog                TruthValue
}

tmnxIPMafMatchIndex              OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchIndex specifies the Management Access
         Filter Entry (MAFE) represented by this row in the
         tmnxIPMafMatchTable.

         It is associated to a specific Management Access Filter by the value
         of tmnxGenMafName index."
    ::= { tmnxIPMafMatchEntry 1 }

tmnxIPMafMatchRowStatus          OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPMafMatchRowStatus object is used to create and delete rows
         in the tmnxIPMafMatchTable.  Following values are supported:
         - active(1)
         - createAndGo(4),
         - createAndWait(5) which is treated in the same way as createAndGo(4)
         - destroy(6)."
    ::= { tmnxIPMafMatchEntry 2 }

tmnxIPMafMatchLastChanged        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchLastChanged is the timestamp of last change
         to this row in tmnxIPMafMatchTable."
    ::= { tmnxIPMafMatchEntry 3 }

tmnxIPMafMatchAction             OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchAction specifies the action to be taken
         when a packet matches the selection criteria configured in this
         management access filter entry.  Before a filter entry can be active,
         tmnxIPMafMatchAction must be assigned some value other than 'none'.
         The value denyHostUnreachable is not allowed."
    DEFVAL      { none }
    ::= { tmnxIPMafMatchEntry 4 }

tmnxIPMafMatchDescription        OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchDescription is a user provided description
         string for this Management Access Filter Entry.  It can consist of
         any printable, seven-bit ASCII characters up to 80 characters in
         length."
    DEFVAL      { ''H }
    ::= { tmnxIPMafMatchEntry 5 }

tmnxIPMafMatchSrcIpAddrType      OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcIpAddrType specifies the type of IP
         address stored in the object tmnxIPMafMatchSrcIpAddr.

         If the value of tmnxGenMafType indicates 'ipv4' the only allowed
         values for this object are 'unknown' or 'ipv4'.

         If the value of tmnxGenMafType indicates 'ipv6' the only allowed
         values for this object are 'unknown' or 'ipv6'."
    DEFVAL      { unknown }
    ::= { tmnxIPMafMatchEntry 6 }

tmnxIPMafMatchSrcIpAddr          OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcIpAddr specifies IP address used with
         the value of tmnxIPMafMatchSrcIpMask to indicate a source IP address
         range to be used as the match criteria for this Management Access
         Filter Entry."
    DEFVAL      { ''H }
    ::= { tmnxIPMafMatchEntry 7 }

tmnxIPMafMatchSrcIpMask          OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcIpMask specifies the number of bits to
         match of the source Ip Address."
    DEFVAL      { 0 }
    ::= { tmnxIPMafMatchEntry 8 }

tmnxIPMafMatchSrcPortType        OBJECT-TYPE
    SYNTAX      INTEGER {
        any  (1),
        cpm  (2),
        port (3),
        lag  (4)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcPortType is used, in conjunction with
         the value of tmnxIPMafMatchSrcPortId, to specify the type of port that
         applies to the management access filter entry. By default, management
         traffic is accepted on all interfaces.

         If the value of tmnxIPMafMatchSrcPortType is equal to any(1), the
         default, then no filtering is done on ingress management packets.

         If the value of tmnxIPMafMatchSrcPortType is equal to cpm(2) then the
         filter applies to packets received on any CPM/CCM Ethernet port.

         If the value of tmnxIPMafMatchSrcPortType is equal to port(3) or
         lag(4) then the filter applies to the packets received on the port or
         lag specified by the value of tmnxIPMafMatchSrcPortId.

         The value of tmnxIPMafMatchSrcPortId can be set to other value then
         503316480 (INVALID_PORT) only if the value of
         tmnxIPMafMatchSrcPortType is port (3) or lag (4).

         In summary, the valid configurations are:
             src-port-type src-port-id  Meaning
             any(1)        INVALID_PORT No filtering
             cpm(2)        INVALID_PORT Match packets received on any CPM/CCM
                                        Ethernet port
             port(3)       port-id      Match packets received on specified port
             lag(4)        lag-id       Match packets received on specified lag
         If tmnxIPMafMatchSrcPortType is any(1) or is set to any(1) then any
         change to tmnxIPMafMatchSrcPortId is ignored and its value is forced
         to 503316480 (INVALID_PORT) by the system.

         When tmnxIPMafMatchSrcPortType is set to cpm(2), cpm1(5), cpm3(6),
         cpm4(7) then the value of tmnxIPMafMatchSrcPortId, if specified, is
         ignored and forced to 503316480 (INVALID_PORT) by the system.

         When the value of tmnxIPMafMatchSrcPortType is set to port(3) or
         lag(4) then tmnxIPMafMatchSrcPortId must specify a valid port-id or
         lag-id, otherwise the request is rejected by the system. Note that the
         port-type is always subordinate to the port-id, i.e. if the value of
         tmnxIPMafMatchSrcPortType is set to port(3) and at the same time the
         value of tmnxIPMafMatchSrcPortId is set to a lag-id the the system
         will accept the lag-id and silently set the value of
         tmnxIPMafMatchSrcPortType lag(4) (or vice versa)."
    DEFVAL      { any }
    ::= { tmnxIPMafMatchEntry 9 }

tmnxIPMafMatchSrcPortId          OBJECT-TYPE
    SYNTAX      TmnxPortID
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcPortId is used, in conjunction with the
         value of tmnxIPMafMatchSrcPortType, to specify the port that applies
         to the management access filter entry. By default, management traffic
         is accepted on all interfaces.

         Please refer to the description of tmnxIPMafMatchSrcPortType for more
         details."
    DEFVAL      { 503316480 }
    ::= { tmnxIPMafMatchEntry 10 }

tmnxIPMafMatchDestPort           OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchDestPort specifies a destination TCP or UDP
         port number to be used as a match criteria in this Management Access
         Filter Entry.

         A value of '0' indicates that no match is performed on the destination
         port number. In this case the value of the object
         tmnxIPMafMatchDestPortMask will be reset to its default value."
    DEFVAL      { 0 }
    ::= { tmnxIPMafMatchEntry 11 }

tmnxIPMafMatchDestPortMask       OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchDestPortMask specifies a mask to be used
         when the value of tmnxIPMafMatchDestPort is not equal to '0'.

         The mask allows a range of TCP or UDP port values to be specified for
         the match criteria in this Management Access Filter Entry.

         If set to '0' the match on the destination port number is removed, and
         both objects tmnxIPMafMatchDestPort and tmnxIPMafMatchDestPortMask are
         reset to their default values."
    DEFVAL      { 'FFFF'H }
    ::= { tmnxIPMafMatchEntry 12 }

tmnxIPMafMatchProtNxtHdr         OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchProtNxtHdr specifies for IPv4 MAF the IP
         protocol field, and for IPv6 the next header type to be used in the
         match criteria for this Management Access Filter Entry.

         Some well known protocol numbers are TCP (6), and UDP (7). The value
         of -1 is used to indicate that this object is not initialized. The
         value of -2 is used to indicate udp/tcp protocol matching "
    DEFVAL      { -1 }
    ::= { tmnxIPMafMatchEntry 13 }

tmnxIPMafMatchCount              OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchCount indicates the number of times a
         management packet has matched this filter entry."
    ::= { tmnxIPMafMatchEntry 14 }

tmnxIPMafMatchRouter             OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchRouter specifies a router (VPRN) name or
         a service-id, expressed as an ASCII numeric string, to be used in
         the match criteria for the Management Access Filter Entry.  The
         empty string value ''H is used to indicate that this object is not
         initialized."
    DEFVAL      { ''H }
    ::= { tmnxIPMafMatchEntry 15 }

tmnxIPMafMatchFlowLabel          OBJECT-TYPE
    SYNTAX      IPv6FlowLabel
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchFlowLabel specifies the flow label to be
         matched. When the value is '-1', no flow label matching occurs. This
         object is only meaningful in case of an IPv6 MAF entry. The value is
         ignored in IPv4 MAF entries."
    DEFVAL      { -1 }
    ::= { tmnxIPMafMatchEntry 16 }

tmnxIPMafMatchLog                OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxIPMafMatchLog is 'true', entry match logging is
         enabled."
    DEFVAL      { false }
    ::= { tmnxIPMafMatchEntry 17 }

tmnxMafMacMatchTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxMafMacMatchTableLastChanged indicates the
         timestamp of the last change to the tmnxMacMafMatchTable. A value of 0
         indicates that no changes were made to this table since the system was
         last initialized."
    ::= { tmnxMafObjs 7 }

tmnxMacMafMatchTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxMacMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table allows to define Mac Maf filter entries.

         The tmnxMacMafMatchTable contains Mac filter match criteria associated
         with Management Access Filters (MAFs) configured on the system."
    ::= { tmnxMafObjs 8 }

tmnxMacMafMatchEntry             OBJECT-TYPE
    SYNTAX      TmnxMacMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry contains information about a management access filter
         entry associated with a specific Mac Management Access Filter (MAF).

         The filter criteria are applied in order according to the value of
         tmnxMacMafMatchIndex.

         The match algorithm is exited upon the first
         match found and then the action specified is executed.  For this
         reason, entries must be sequenced from most to least explicit.

         An entry where tmnxMacMafMatchAction has a value of 'none' is not
         active."
    INDEX       {
        tmnxGenMafName,
        tmnxMacMafMatchIndex
    }
    ::= { tmnxMacMafMatchTable 1 }

TmnxMacMafMatchEntry             ::= SEQUENCE
{
    tmnxMacMafMatchIndex             Unsigned32,
    tmnxMacMafMatchRowStatus         RowStatus,
    tmnxMacMafMatchLastChanged       TimeStamp,
    tmnxMacMafMatchAction            TmnxMafAction,
    tmnxMacMafMatchDescription       TItemDescription,
    tmnxMacMafMatchLog               TruthValue,
    tmnxMacMafMatchFrameType         TmnxMafMacFltrFrameType,
    tmnxMacMafMatchSvcId             TmnxServId,
    tmnxMacMafMatchDot1pValue        Dot1PPriority,
    tmnxMacMafMatchDot1pMask         Dot1PPriorityNonZeroMask,
    tmnxMacMafMatchDsap              ServiceAccessPoint,
    tmnxMacMafMatchDsapMask          ServiceAccessPoint,
    tmnxMacMafMatchSrcMAC            MacAddress,
    tmnxMacMafMatchSrcMACMask        MacAddress,
    tmnxMacMafMatchDstMAC            MacAddress,
    tmnxMacMafMatchDstMACMask        MacAddress,
    tmnxMacMafMatchEtherType         Integer32,
    tmnxMacMafMatchSnapOui           INTEGER,
    tmnxMacMafMatchSnapPid           Integer32,
    tmnxMacMafMatchSsap              ServiceAccessPoint,
    tmnxMacMafMatchSsapMask          ServiceAccessPoint,
    tmnxMacMafMatchCfmOpCodeOper     TOperator,
    tmnxMacMafMatchCfmOpCodeValue1   Unsigned32,
    tmnxMacMafMatchCfmOpCodeValue2   Unsigned32,
    tmnxMacMafMatchCount             Counter64
}

tmnxMacMafMatchIndex             OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchIndex specifies the Management Access
         Filter Entry (MAFE) represented by this row in the
         tmnxMacMafMatchTable.

         It is associated to a specific Management Access Filter by the value
         of tmnxGenMafType and tmnxGenMafName."
    ::= { tmnxMacMafMatchEntry 1 }

tmnxMacMafMatchRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxMacMafMatchRowStatus object is used to create and delete rows
         in the tmnxMacMafMatchTable.  The values supported are
         - active(1)
         - createAndGo(4),
         - createAndWait(5) which is treated in the same way as createAndGo(4)
         - destroy(6)."
    ::= { tmnxMacMafMatchEntry 2 }

tmnxMacMafMatchLastChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchLastChanged indicates the timestamp of the
         last change to this row in tmnxMacMafMatchTable."
    ::= { tmnxMacMafMatchEntry 3 }

tmnxMacMafMatchAction            OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchAction specifies the action to be taken
         when a packet matches the selection criteria configured in this
         management access filter entry.  Before a filter entry can be active,
         tmnxMacMafMatchAction must be assigned some value other than 'none'.
         The value denyHostUnreachable is not allowed for this object."
    DEFVAL      { none }
    ::= { tmnxMacMafMatchEntry 4 }

tmnxMacMafMatchDescription       OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchDescription specifies a user provided
         description string for this Management Access Filter Entry. It can
         consist of any printable, seven-bit ASCII characters up to 80
         characters in length."
    DEFVAL      { ''H }
    ::= { tmnxMacMafMatchEntry 5 }

tmnxMacMafMatchLog               OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchLog specifies whether or not
         logging is active for this filter entry."
    DEFVAL      { false }
    ::= { tmnxMacMafMatchEntry 6 }

tmnxMacMafMatchFrameType         OBJECT-TYPE
    SYNTAX      TmnxMafMacFltrFrameType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchFrameType specifies the type of mac frame
         for which we are defining this match criteria."
    DEFVAL      { e802dot3 }
    ::= { tmnxMacMafMatchEntry 7 }

tmnxMacMafMatchSvcId             OBJECT-TYPE
    SYNTAX      TmnxServId (0 | 1..2147483647)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSvcId specifies the service-id
         in which the packet is to be received for this entry to match. A value
         of 0 indicates: any service."
    DEFVAL      { 0 }
    ::= { tmnxMacMafMatchEntry 8 }

tmnxMacMafMatchDot1pValue        OBJECT-TYPE
    SYNTAX      Dot1PPriority
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDot1pValue specifies the IEEE
         802.1p priority value for this MAC filter entry. Use -1 to disable
         matching this filter criteria."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 9 }

tmnxMacMafMatchDot1pMask         OBJECT-TYPE
    SYNTAX      Dot1PPriorityNonZeroMask
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDot1pMask specifies the IEEE
         802.1p priority mask value for this policy MAC filter entry."
    DEFVAL      { 7 }
    ::= { tmnxMacMafMatchEntry 10 }

tmnxMacMafMatchDsap              OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDsap specifies the MAC DSAP to
         match for this MAC filter entry. This object has no significance if
         the object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 11 }

tmnxMacMafMatchDsapMask          OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDsapMask specifies the MAC DSAP
         mask for this MAC filter entry. This object has no significance if the
         object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 12 }

tmnxMacMafMatchSrcMAC            OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSrcMAC specifies the source MAC
         to match for this policy MAC filter entry."
    DEFVAL      { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 13 }

tmnxMacMafMatchSrcMACMask        OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSrcMACMask specifies the source
         MAC mask value for this policy MAC filter entry. The mask is ANDed
         with the MAC to match tmnxMacMafMatchSrcMAC. A zero bit means ignore
         this bit, do not match. A one bit means match this bit with
         tmnxMacMafMatchSrcMAC. Use the value 00-00-00-00-00-00 to disable this
         filter criteria."
    DEFVAL      { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 14 }

tmnxMacMafMatchDstMAC            OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDstMAC specifies the
         Destination MAC mask value for this policy MAC filter entry."
    DEFVAL      { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 15 }

tmnxMacMafMatchDstMACMask        OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDstMACMask specifies
         the destination MAC mask value for this policy MAC filter entry.
         The mask is ANDed with the MAC to match tmnxMacMafMatchDstMAC.
         A zero bit means ignore this bit, do not match.  a one bit means
         match this bit with tmnxMacMafMatchDstMAC.
         Use the value 00-00-00-00-00-00 to disable this filter criteria."
    DEFVAL      { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 16 }

tmnxMacMafMatchEtherType         OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 1536..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchEtherType specifies the
         Ethertype for this MAC filter entry. Use -1 to disable matching by
         this criteria. This object has no significance if the object
         tmnxMacMafMatchFrameType is not set to Ethernet_II."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 17 }

tmnxMacMafMatchSnapOui           OBJECT-TYPE
    SYNTAX      INTEGER {
        off     (1),
        zero    (2),
        nonZero (3)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSnapOui specifies the MAC SNAP
         OUI to match. The values zero(2) and nonZero(3) specify what to match.
         Matching can be disabled by the use of the value off(1). This object
         has no significance if the object tmnxMacMafMatchFrameType is not set
         to 802dot2SNAP."
    DEFVAL      { off }
    ::= { tmnxMacMafMatchEntry 18 }

tmnxMacMafMatchSnapPid           OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSnapPid specifies the
         MAC SNAP PID to match for this MAC filter entry.  use -1 to
         disable matching by this criteria. This object has no significance if
         object tmnxMacMafMatchFrameType is not set to 802dot2SNAP."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 19 }

tmnxMacMafMatchSsap              OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSsap specifies the the MAC SSAP
         to match for this MAC filter entry. This object has no significance if
         the object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 20 }

tmnxMacMafMatchSsapMask          OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSsapMask specifies the MAC SSAP
         mask for this MAC filter entry. use 0 to disable matching by this
         criteria. This object has no significance if the object
         tmnxMacMafMatchFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tmnxMacMafMatchEntry 21 }

tmnxMacMafMatchCfmOpCodeOper     OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchCfmOpCodeOper specifies which
         type of opcode checking is to be performed. If different from none,
         more info is provided in the objects tmnxMacMafMatchCfmOpCodeValue1
         and tmnxMacMafMatchCfmOpCodeValue2. This object has significance only
         if the object tmnxMacMafMatchFrameType refers to either ieee802.1ag or
         Y1731."
    DEFVAL      { none }
    ::= { tmnxMacMafMatchEntry 22 }

tmnxMacMafMatchCfmOpCodeValue1   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchCfmOpCodeValue1 specifies a cfm
         opcode. The value of this object is used as per the description for
         tmnxMacMafMatchCfmOpCodeOper."
    DEFVAL      { 0 }
    ::= { tmnxMacMafMatchEntry 23 }

tmnxMacMafMatchCfmOpCodeValue2   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchCfmOpCodeValue2 specifies a cfm
         opcode. The value of this object is used as per the description for
         tmnxMacMafMatchCfmOpCodeOper."
    DEFVAL      { 0 }
    ::= { tmnxMacMafMatchEntry 24 }

tmnxMacMafMatchCount             OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchCount indicates the number of times a
         management packet has matched this filter entry."
    ::= { tmnxMacMafMatchEntry 25 }

tmnxPasswordInfo                 OBJECT IDENTIFIER ::= { tmnxSecurityObjects 5 }

tmnxPasswordAging                OBJECT-TYPE
    SYNTAX      Unsigned32 (1..500 | 65535)
    UNITS       "Days"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of days a user password is valid before the user must change
         his password. If the value of tmnxPasswordAging is set to '65535',
         password aging is disabled."
    DEFVAL      { 65535 }
    ::= { tmnxPasswordInfo 1 }

tmnxPasswordMinLength            OBJECT-TYPE
    SYNTAX      Unsigned32 (6..50)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The minimum number of characters required in the password.

         In addition to the number of characters in the new password, credit
         (of +1 in length) will be given for each different kind of character
         (uppercase, lowercase, digit or special), thus giving the user the
         choice between long simple and shorter but more complex passwords.

         The maximum credit that is given for each different type of character
         is configured using the tmnxPasswordCreditsLowerCase,
         tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and
         tmnxPasswordCreditsNumeric MIB fields.

         Setting these 4 fields to 0 will effectively disable passwords
         credits."
    DEFVAL      { 6 }
    ::= { tmnxPasswordInfo 2 }

tmnxPasswordComplexity           OBJECT-TYPE
    SYNTAX      BITS {
        alpha-numeric     (0),
        mixed-case        (1),
        special-character (2)
    }
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "tmnxPasswordComplexity was made obsolete in 12.0 revision of Nokia
         SROS series system. Password complexity is now configured using the
         other fields in tmnxPasswordInfo."
    DEFVAL      { {} }
    ::= { tmnxPasswordInfo 3 }

tmnxPasswordAttemptsCount        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..64)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The maximum number of unsuccessful login attempts allowed for a user.
         The value of tmnxPasswordAttemptsCount is used with the value of
         tmnxPasswordAttemptsTime to find out if the user is to be locked out
         for tmnxPasswordAttemptsLockoutPeriod."
    DEFVAL      { 3 }
    ::= { tmnxPasswordInfo 4 }

tmnxPasswordAttemptsTime         OBJECT-TYPE
    SYNTAX      Unsigned32 (0..60)
    UNITS       "Minutes"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This is used in conjunction with tmnxPasswordAttemptsCount to find out
         if the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod."
    DEFVAL      { 5 }
    ::= { tmnxPasswordInfo 5 }

tmnxPasswordAttemptsLockoutPeriod OBJECT-TYPE
    SYNTAX      Unsigned32 (0..1440)
    UNITS       "Minutes"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The number of minutes the user is locked out if the threshold of
         unsuccessful login attempts has exceeded."
    DEFVAL      { 10 }
    ::= { tmnxPasswordInfo 6 }

tmnxPasswordAuthenOrder1         OBJECT-TYPE
    SYNTAX      TmnxPasswordAuthenOrder
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The most preferred method to authenticate and authorize a user. If
         this method fails, the next method in the sequence identified by
         tmnxPasswordAuthenOrder2 is used."
    DEFVAL      { radius }
    ::= { tmnxPasswordInfo 7 }

tmnxPasswordAuthenOrder2         OBJECT-TYPE
    SYNTAX      TmnxPasswordAuthenOrder
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The second method to authenticate and authorize a user."
    DEFVAL      { tacplus }
    ::= { tmnxPasswordInfo 8 }

tmnxPasswordAuthenOrder3         OBJECT-TYPE
    SYNTAX      TmnxPasswordAuthenOrder
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The third preferred method to authenticate and authorize a user."
    DEFVAL      { ldap }
    ::= { tmnxPasswordInfo 9 }

tmnxPasswordAuthenExitOnReject   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If the value of tmnxPasswordAuthenExitOnReject is set to 'true' and if
         one of the AAA methods configured in tmnxPasswordAuthenOrder1,
         tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3,
         tmnxPasswordAuthenOrder4 sends a reject, then the next method in the
         order will not be tried. If the value of this object is set to 'false'
         and if one AAA method sends a reject, the next AAA method will be
         attempted. If in this process, all the AAA methods are exhausted, it
         will be considered as a reject."
    DEFVAL      { false }
    ::= { tmnxPasswordInfo 10 }

tmnxAdminPassword                OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..129))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxAdminPassword is used to configure the password which enables a
         user to become a system administrator.

         tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates
         whether or not the password string is encrypted, must be set together
         in the same SNMP request PDU or else the set request will fail with an
         inconsistentValue error.

         The value of tmnxAdminPassword cannot be more than 56 characters when
         the value of tmnxAdminPasswordEncrypted is 'false'.

         A get request on this object always returns an empty string."
    DEFVAL      { ''H }
    ::= { tmnxPasswordInfo 11 }

tmnxAdminPasswordEncrypted       OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxAdminPasswordEncrypted is 'true', the password
         specified by tmnxAdminPassword is in the encrypted form.

         When the value of tmnxAdminPasswordEncrypted is 'false', the password
         specified by tmnxAdminPassword is in plain text.

         tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates
         whether or not the password string is encrypted, must be set together
         in the same SNMP request PDU or else the set request will fail with an
         inconsistentValue error."
    DEFVAL      { true }
    ::= { tmnxPasswordInfo 12 }

tmnxPasswordHealthCheck          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxPasswordHealthCheck is 'true', the Radius
         servers configured in tmnxRadiusServerTable and the 'TacPlus' servers
         configured in tmnxTacPlusServerTable will be periodically monitored.
         Each server will be contacted every 30 seconds. If in this process a
         server is found to be unreachable, or a previously unreachable server
         starts responding, based on the type of the server, a
         TIMETRA-SYSTEM-MIB:radiusServerOperStatusChange or a
         TIMETRA-SYSTEM-MIB:tacplusServerOperStatusChange trap will be sent.

         When the value of tmnxPasswordHealthCheck is 'false', periodic
         monitoring of the Radius and Tacplus servers is disabled."
    DEFVAL      { true }
    ::= { tmnxPasswordInfo 13 }

tmnxPasswordHealthCheckInterval  OBJECT-TYPE
    SYNTAX      Unsigned32 (6..1500)
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordHealthCheckInterval specifies the polling
         interval for Radius servers configured in tmnxRadiusServerTable and
         the 'TacPlus' servers configured in tmnxTacPlusServerTable."
    DEFVAL      { 30 }
    ::= { tmnxPasswordInfo 14 }

tmnxDynSvcPassword               OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..60))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxDynSvcPassword is used to configure the password which enables
         manual modification of dynamic services.

         The password can be provided both as a plain text string, or as a
         bcrypt encrypted hash.

         The value of tmnxDynSvcPassword cannot be more than 56 characters if
         it is a plain text string.

         A get request on this object always returns an empty string."
    DEFVAL      { ''H }
    ::= { tmnxPasswordInfo 15 }

tmnxTacPlusEnableAdminPrivLvl    OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0..15)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusEnableAdminPrivLvl specifies the privilege
         level used when sending a TACACS+ ENABLE request.

         When the value of tmnxTacPlusAuthorization is 'true(1)' and the value
         of tmnxTacPlusAuthorUsePrivLvl is 'true(1)' and the value of
         tmnxTacPlusInteractiveAuthen is 'true(1)', a TACACS+ authentication
         request for the ENABLE service with this configured privilege level is
         used instead of requesting tmnxAdminPassword when the user wants to
         become a system administrator."
    DEFVAL      { -1 }
    ::= { tmnxPasswordInfo 16 }

tmnxPasswordHistory              OBJECT-TYPE
    SYNTAX      Unsigned32 (0..20)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordHistory specifies the number of old passwords
         of the user that will be remembered. A new password must not be the
         same as any remembered old password.

         A value of zero (0) indicates no password history will be kept,
         meaning a new password will only be matched against the current user
         password."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 17 }

tmnxPasswordMinChange            OBJECT-TYPE
    SYNTAX      Unsigned32 (1..20)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordMinChange specifies the minimum number of
         characters in the new password that must not be present in the old
         password. This is calculated using the Levenshtein distance algorithm.

         In addition, if 1/2 of the characters in the new password are
         different then the new password will be accepted anyway."
    DEFVAL      { 5 }
    ::= { tmnxPasswordInfo 18 }

tmnxPasswordMinAge               OBJECT-TYPE
    SYNTAX      Unsigned32 (0..86400)
    UNITS       "Seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordMinAge specifies the number of seconds
         required between two consecutive password changes.

         Among other this will prevent the user from flooding the password
         history in an attempt to reuse his current password."
    DEFVAL      { 600 }
    ::= { tmnxPasswordInfo 19 }

tmnxPasswordAllowUserName        OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordAllowUserName specifies if the new password
         will be allowed if it contains the user name in some form."
    DEFVAL      { false }
    ::= { tmnxPasswordInfo 20 }

tmnxPasswordMaxRepeatedChars     OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 2..8)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordMaxRepeatedChars specifies the maximum number
         of times the same character can be used consecutively in the password.

         A value of zero (0) indicates this check is disabled."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 21 }

tmnxPasswordCreditsLowerCase     OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordCreditsLowerCase specifies the maximum credit
         for having lowercase characters in your password. Please see
         tmnxPasswordMinLength for an explanation of how password credits work.

         A value of zero (0) indicates no credits will be given for having
         lowercase characters in your password.

         This field can only be set to non-zero if tmnxPasswordReqLowerCase,
         tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
         tmnxPasswordReqNumeric are all set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 22 }

tmnxPasswordCreditsUpperCase     OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordCreditsUpperCase specifies the maximum credit
         for having uppercase characters in your password. Please see
         tmnxPasswordMinLength for an explanation of how password credits work.

         A value of zero (0) indicates no credits will be given for having
         uppercase characters in your password.

         This field can only be set to non-zero if tmnxPasswordReqLowerCase,
         tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
         tmnxPasswordReqNumeric are all set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 23 }

tmnxPasswordCreditsNumeric       OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordCreditsNumeric specifies the maximum credit
         for having digits in your password. Please see tmnxPasswordMinLength
         for an explanation of how password credits work.

         A value of zero (0) indicates no credits will be given for having
         digits in your password.

         This field can only be set to non-zero if tmnxPasswordReqLowerCase,
         tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
         tmnxPasswordReqNumeric are all set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 24 }

tmnxPasswordCreditsSpecialChar   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordCreditsSpecialChar specifies the maximum
         credit for having special characters in your password. Please see
         tmnxPasswordMinLength for an explanation of how password credits work.

         A value of zero (0) indicates no credits will be given for having
         special characters in your password.

         This field can only be set to non-zero if tmnxPasswordReqLowerCase,
         tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
         tmnxPasswordReqNumeric are all set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 25 }

tmnxPasswordReqLowerCase         OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordReqLowerCase specifies the minimum number of
         lowercase characters that must be present in your password.

         A value of zero (0) indicates no lowercase characters are required.

         This field can only be set to non-zero if
         tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
         tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
         set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 26 }

tmnxPasswordReqUpperCase         OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordReqUpperCase specifies the minimum number of
         uppercase characters that must be present in your password.

         A value of zero (0) indicates no uppercase characters are required.

         This field can only be set to non-zero if
         tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
         tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
         set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 27 }

tmnxPasswordReqNumeric           OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordReqNumeric specifies the minimum number of
         digits that must be present in your password.

         A value of zero (0) indicates no digits are required.

         This field can only be set to non-zero if
         tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
         tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
         set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 28 }

tmnxPasswordReqSpecialChar       OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordReqSpecialChar specifies the minimum number
         of special characters that must be present in your password.

         A value of zero (0) indicates no digits are required.

         This field can only be set to non-zero if
         tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
         tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
         set to zero."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 29 }

tmnxPasswordReqNumCharClass      OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 2..4)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordReqNumCharClass specifies the minimum number
         of distinct kind of characters (uppercase, lowercase, digit or
         special) that must be present in your password.

         A value of zero (0) indicates this check is disabled."
    DEFVAL      { 0 }
    ::= { tmnxPasswordInfo 30 }

tmnxVsdPassword                  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..60))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxVsdPassword is used to configure the password which enables
         manual modification of VSD services.

         The password can be provided both as a plain text string, or as a
         bcrypt encrypted hash.

         The value of tmnxVsdPassword cannot be more than 56 characters if it
         is a plain text string.

         A get request on this object always returns an empty string."
    DEFVAL      { "" }
    ::= { tmnxPasswordInfo 31 }

tmnxPasswordAuthenOrder4         OBJECT-TYPE
    SYNTAX      TmnxPasswordAuthenOrder
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The least preferred method to authenticate and authorize a user."
    DEFVAL      { local }
    ::= { tmnxPasswordInfo 32 }

tmnxRadiusInfo                   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 6 }

tmnxRadiusAdminStatus            OBJECT-TYPE
    SYNTAX      TmnxAdminStateUpDown
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The desired administrative status of the RADIUS protocol operation."
    DEFVAL      { up }
    ::= { tmnxRadiusInfo 1 }

tmnxRadiusAccounting             OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxRadiusAccounting is set to 'TRUE', RADIUS
         command accounting is enabled."
    DEFVAL      { false }
    ::= { tmnxRadiusInfo 2 }

tmnxRadiusAuthorization          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxRadiusAuthorization is set to 'TRUE', RADIUS
         command authorization is enabled."
    DEFVAL      { false }
    ::= { tmnxRadiusInfo 3 }

tmnxRadiusRetryAttempts          OBJECT-TYPE
    SYNTAX      Unsigned32 (1..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of attempts to retry contacting the RADIUS server."
    DEFVAL      { 3 }
    ::= { tmnxRadiusInfo 4 }

tmnxRadiusTimeout                OBJECT-TYPE
    SYNTAX      Unsigned32 (1..90)
    UNITS       "Seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of seconds to wait before timing out a RADIUS server."
    DEFVAL      { 3 }
    ::= { tmnxRadiusInfo 5 }

tmnxRadiusPort                   OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The UDP port number on which to contact the RADIUS server."
    DEFVAL      { 1812 }
    ::= { tmnxRadiusInfo 6 }

tmnxRadiusServerTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxRadiusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusServerEntry has an entry for each RADIUS server. The
         table can have up to a maximum of 5 entries."
    ::= { tmnxRadiusInfo 7 }

tmnxRadiusServerEntry            OBJECT-TYPE
    SYNTAX      TmnxRadiusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxRadiusServerEntry is an entry (conceptual row) in the
         tmnxRadiusServerTable. Each entry represents the configuration for a
         RADIUS server.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxRadiusServerRowStatus."
    INDEX       { tmnxRadiusServerIndex }
    ::= { tmnxRadiusServerTable 1 }

TmnxRadiusServerEntry            ::= SEQUENCE
{
    tmnxRadiusServerIndex            Unsigned32,
    tmnxRadiusServerAddress          IpAddress,
    tmnxRadiusServerSecret           OCTET STRING,
    tmnxRadiusServerOperStatus       INTEGER,
    tmnxRadiusServerRowStatus        RowStatus,
    tmnxRadiusServerInetAddressType  InetAddressType,
    tmnxRadiusServerInetAddress      InetAddress
}

tmnxRadiusServerIndex            OBJECT-TYPE
    SYNTAX      Unsigned32 (1..5)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The unique value which identifies a specific Radius server."
    ::= { tmnxRadiusServerEntry 1 }

tmnxRadiusServerAddress          OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The IP address of the RADIUS server.

         tmnxRadiusServerAddress was made obsolete in 5.0 revision of
         Nokia SROS series system.  Radius servers are now
         configured using tmnxRadiusServerInetAddress and
         tmnxRadiusServerInetAddressType objects."
    ::= { tmnxRadiusServerEntry 2 }

tmnxRadiusServerSecret           OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The secret key associated with the RADIUS server. The value returned
         by tmnxRadiusServerSecret is always an empty string.

         The value of tmnxRadiusServerSecret cannot be set to an empty string."
    ::= { tmnxRadiusServerEntry 3 }

tmnxRadiusServerOperStatus       OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Current status of the RADIUS server."
    ::= { tmnxRadiusServerEntry 4 }

tmnxRadiusServerRowStatus        OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxRadiusServerRowStatus controls the creation and deletion of rows
         in the table.

         To create a row in the tmnxRadiusServerTable, set
         tmnxRadiusServerRowStatus to createAndGo(4). Objects
         tmnxRadiusServerSecret, tmnxRadiusServerInetAddressType, and
         tmnxRadiusServerInetAddress must also be set at creation time.

         To delete a row in the tmnxRadiusServerTable, set
         tmnxRadiusServerRowStatus to delete(6)."
    ::= { tmnxRadiusServerEntry 5 }

tmnxRadiusServerInetAddressType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusServerInetAddressType specifies the address
         type of tmnxRadiusServerInetAddress address.

         The value of tmnxRadiusServerInetAddressType can be either of
         InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or
         InetAddressType - 'ipv6z'."
    ::= { tmnxRadiusServerEntry 6 }

tmnxRadiusServerInetAddress      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusServerInetAddress specifies the address of the
         Radius server."
    ::= { tmnxRadiusServerEntry 7 }

tmnxRadiusSourceAddress          OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "tmnxRadiusSourceAddress is used to configure the source address of the
         Radius packet. It should be a valid unicast address.

         If this object is configured with the address of the router interface,
         the Radius client uses it while making a request to the server.

         If the address is not configured or is not the address of the one of
         interfaces, the source address is based on the address of the Radius
         server. If the server address is in-band, the client uses the system
         ip address. If it is out-of-band, the source address is the address of
         the management interface.

         tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of
         Nokia SROS series systems.  The source address of the Radius
         packet can now be set by creating a tmnxSourceIPEntry for Radius
         application in the tmnxSourceIPTable."
    DEFVAL      { '00000000'H }
    ::= { tmnxRadiusInfo 8 }

tmnxRadiusConfigured             OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "When the value of tmnxRadiusConfigured is set to 'false', all the
         Radius objects under the tmnxRadiusInfo tree will be set to their
         default values and all the rows in the tmnxRadiusServerTable will be
         removed. The value of this object will be set to 'true' if non-default
         values are set to the Radius objects.

         This object has been obsoleted in release 14.0 R1."
    DEFVAL      { false }
    ::= { tmnxRadiusInfo 9 }

tmnxRadiusPEDiscovery            OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxRadiusPEDiscovery specifies whether RADIUS provider
         edge discovery is enabled for VPLS services.

         This object was made obsolete in release 5.0."
    DEFVAL      { false }
    ::= { tmnxRadiusInfo 10 }

tmnxRadiusPEDiscoveryPassword    OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxRadiusPEDiscoveryPassword is used when contacting the
         RADIUS server for VPLS auto-discovery.

         This object was made obsolete in release 5.0."
    DEFVAL      { ''H }
    ::= { tmnxRadiusInfo 11 }

tmnxRadiusPEDiscoveryInterval    OBJECT-TYPE
    SYNTAX      Unsigned32 (1..30)
    UNITS       "minutes"
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxRadiusPEDiscoveryInterval specifies the polling
         interval for Radius PE discovery in minutes.

         This object was made obsolete in release 5.0."
    DEFVAL      { 5 }
    ::= { tmnxRadiusInfo 12 }

tmnxRadiusPEForceDiscovery       OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxRadiusPEForceDiscovery is set to 'doAction', the RADIUS
         server is immediately contacted to attempt discovery."
    DEFVAL      { notApplicable }
    ::= { tmnxRadiusInfo 13 }

tmnxRadiusPEForceDiscoverySvcId  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusPEForceDiscoverySvcId specifies a specific
         service ID to query the RADIUS server about.

         Reading this object returns the value 0."
    DEFVAL      { 0 }
    ::= { tmnxRadiusInfo 14 }

tmnxRadiusAccountingPort         OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The UDP port number on which to contact the RADIUS server for
         accounting requests."
    DEFVAL      { 1813 }
    ::= { tmnxRadiusInfo 15 }

tmnxRadiusUseTemplate            OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusUseTemplate specifies whether the RADIUS user
         template is actively applied to the RADIUS user if no VSAs are
         returned with the auth-accept from the RADIUS server. When the value
         of tmnxRadiusUseTemplate is set to 'TRUE', the RADIUS user template is
         actively applied if no VSAs are returned with the auth-accept from the
         RADIUS server."
    DEFVAL      { false }
    ::= { tmnxRadiusInfo 16 }

tmnxRadiusAuthAlgorithm          OBJECT-TYPE
    SYNTAX      TmnxSecRadiusServAlgorithm
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusAuthAlgorithm specifies the algorithm used to
         select a RADIUS server from the list of configured servers
         (tmnxRadiusServerTable)."
    DEFVAL      { direct }
    ::= { tmnxRadiusInfo 17 }

tmnxRadiusUserStatsTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxRadiusUserStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserStatsTable is the Radius server statistics per user
         using specific policy.

         Entries are created and deleted by the system."
    ::= { tmnxRadiusInfo 18 }

tmnxRadiusUserStatsEntry         OBJECT-TYPE
    SYNTAX      TmnxRadiusUserStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about Radius server statistics per user per policy."
    INDEX       {
        tmnxUserName,
        tmnxRadiusPolicyName,
        tmnxRadiusUserServerIndex
    }
    ::= { tmnxRadiusUserStatsTable 1 }

TmnxRadiusUserStatsEntry         ::= SEQUENCE
{
    tmnxRadiusPolicyName             TNamedItem,
    tmnxRadiusUserServerIndex        Unsigned32,
    tmnxRadiusUserReqTx              Counter32,
    tmnxRadiusUserReqRx              Counter32,
    tmnxRadiusUserOpenFail           Counter32,
    tmnxRadiusUserBindFail           Counter32,
    tmnxRadiusUserSendFail           Counter32,
    tmnxRadiusUserRecvFail           Counter32,
    tmnxRadiusUserSendTimeout        Counter32,
    tmnxRadiusUserLoginPass          Counter32,
    tmnxRadiusUserLoginFail          Counter32,
    tmnxRadiusUserMd5Fail            Counter32,
    tmnxRadiusUserPending            Counter32,
    tmnxRadiusUserAcctReqTx          Counter32,
    tmnxRadiusUserAcctRejRx          Counter32,
    tmnxRadiusUserAcctConnError      Counter32,
    tmnxRadiusUserAccChallengePkt    Counter32,
    tmnxRadiusUserAuthAvgDelay       Gauge32,
    tmnxRadiusUserAcctAvgDelay       Gauge32
}

tmnxRadiusPolicyName             OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusPolicyName indicates the policy name used by the user to
         access the Radius server."
    ::= { tmnxRadiusUserStatsEntry 1 }

tmnxRadiusUserServerIndex        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the tmnxRadiusUserServerIndex identifies a specific
         Radius server."
    ::= { tmnxRadiusUserStatsEntry 2 }

tmnxRadiusUserReqTx              OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserReqTx indicates the number of requests sent to the
         Radius server from the user using this policy."
    ::= { tmnxRadiusUserStatsEntry 3 }

tmnxRadiusUserReqRx              OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserReqRx indicates the number of requests received by
         the Radius server by the user using this policy."
    ::= { tmnxRadiusUserStatsEntry 4 }

tmnxRadiusUserOpenFail           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserOpenFail indicates the number of socket open
         failures to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 5 }

tmnxRadiusUserBindFail           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserBindFail indicates the number of socket bind
         failures to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 6 }

tmnxRadiusUserSendFail           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserSendFail indicates the number of socket send
         failures to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 7 }

tmnxRadiusUserRecvFail           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserRecvFail indicates the number of socket receive
         failures to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 8 }

tmnxRadiusUserSendTimeout        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserSendTimeout indicates the number of sends which
         timed out waiting for reply from the Radius server."
    ::= { tmnxRadiusUserStatsEntry 9 }

tmnxRadiusUserLoginPass          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserLoginPass indicates the number of authentication
         succeeded for the user using this policy to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 10 }

tmnxRadiusUserLoginFail          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserLoginFail indicates the number of authentication
         failed for the user using this policy to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 11 }

tmnxRadiusUserMd5Fail            OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserMd5Fail indicates the number of times authentication
         failed due to MD5 for the user using this policy to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 12 }

tmnxRadiusUserPending            OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserPending indicates the number of requests pending for
         the user using this policy to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 13 }

tmnxRadiusUserAcctReqTx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctReqTx indicates the number of accounting
         requests for the user using this policy to the Radius server."
    ::= { tmnxRadiusUserStatsEntry 14 }

tmnxRadiusUserAcctRejRx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctRejRx indicates the number of accounting
         rejections received for the user using this policy to the Radius
         server."
    ::= { tmnxRadiusUserStatsEntry 15 }

tmnxRadiusUserAcctConnError      OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctConnError indicates the number of accounting
         connection failures for the user using this policy to the Radius
         server."
    ::= { tmnxRadiusUserStatsEntry 16 }

tmnxRadiusUserAccChallengePkt    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAccChallengePkt indicates the number of packets
         which challenged access to the user account from the Radius server."
    ::= { tmnxRadiusUserStatsEntry 17 }

tmnxRadiusUserAuthAvgDelay       OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAuthAvgDelay indicates the average response delay of
         the last 10 authentication packets."
    ::= { tmnxRadiusUserStatsEntry 18 }

tmnxRadiusUserAcctAvgDelay       OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctAvgDelay indicates the average response delay of
         the last 10 accounting packets."
    ::= { tmnxRadiusUserStatsEntry 19 }

tmnxRadiusInteractiveAuthen      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusInteractiveAuthen specifies whether
         challenge/response authentication is enabled.

         If the value of this object is set to 'true(1)', the Reply-Message
         from the Access-Challenge packet is displayed, and the User-Password
         in the new Access-Request packet contains the response of the user.

         If the value of this object is set to 'false(2)', challenge/response
         authentication is disabled."
    DEFVAL      { false }
    ::= { tmnxRadiusInfo 19 }

tmnxTacPlusInfo                  OBJECT IDENTIFIER ::= { tmnxSecurityObjects 7 }

tmnxTacPlusAdminStatus           OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The desired administrative status of the Tacacs+ protocol operation."
    DEFVAL      { up }
    ::= { tmnxTacPlusInfo 1 }

tmnxTacPlusTimeout               OBJECT-TYPE
    SYNTAX      Unsigned32 (1..90)
    UNITS       "Seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of seconds to wait before timing out a Tacacs+ server."
    DEFVAL      { 3 }
    ::= { tmnxTacPlusInfo 2 }

tmnxTacPlusServerTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxTacPlusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxTacPlusServerEntry has an entry for each Tacacs+ server. The
         table can have up to a maximum of 5 entries."
    ::= { tmnxTacPlusInfo 3 }

tmnxTacPlusServerEntry           OBJECT-TYPE
    SYNTAX      TmnxTacPlusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusServerEntry is an entry (conceptual row) in the
         tmnxTacPlusServerTable. Each entry represents the configuration for a
         Tacacs+ server. Entries in this table can be created and deleted via
         SNMP SET operations to tmnxTacPlusServerRowStatus."
    INDEX       { tmnxTacPlusServerIndex }
    ::= { tmnxTacPlusServerTable 1 }

TmnxTacPlusServerEntry           ::= SEQUENCE
{
    tmnxTacPlusServerIndex           Unsigned32,
    tmnxTacPlusServerAddress         IpAddress,
    tmnxTacPlusServerSecret          OCTET STRING,
    tmnxTacPlusServerRowStatus       RowStatus,
    tmnxTacPlusServerOperStatus      INTEGER,
    tmnxTacPlusServerInetAddressType InetAddressType,
    tmnxTacPlusServerInetAddress     InetAddress,
    tmnxTacPlusServerPort            TTcpUdpPort
}

tmnxTacPlusServerIndex           OBJECT-TYPE
    SYNTAX      Unsigned32 (1..5)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The unique value which identifies a specific Tacacs+ server."
    ::= { tmnxTacPlusServerEntry 1 }

tmnxTacPlusServerAddress         OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The IP address of the Tacacs+ server.

         tmnxTacPlusServerAddress was made obsolete in 5.0 revision of Nokia
         SROS series system. Tacacs+ servers are now configured using
         tmnxTacPlusServerInetAddress and tmnxTacPlusServerInetAddressType
         objects."
    ::= { tmnxTacPlusServerEntry 2 }

tmnxTacPlusServerSecret          OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..128))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The secret key associated with the Tacacs+ server. The value returned
         by tmnxTacPlusServerSecret is always an empty string.

         The value of tmnxTacPlusServerSecret cannot be set to an empty string."
    ::= { tmnxTacPlusServerEntry 3 }

tmnxTacPlusServerRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusServerRowStatus controls the creation and deletion of rows
         in the table.

         To create a row in the tmnxTacPlusServerTable, set
         tmnxTacPlusServerRowStatus to createAndGo(4). Objects
         tmnxTacPlusServerSecret, tmnxTacPlusServerInetAddressType, and
         tmnxTacPlusServerInetAddress must also be set at creation time.

         To delete a row in the tmnxTacPlusServerTable, set
         tmnxTacPlusServerRowStatus to delete(6)."
    ::= { tmnxTacPlusServerEntry 4 }

tmnxTacPlusServerOperStatus      OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusServerOperStatus indicates the operational status of the
         TACACS+ server."
    ::= { tmnxTacPlusServerEntry 5 }

tmnxTacPlusServerInetAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusServerInetAddressType specifies the address
         type of tmnxTacPlusServerInetAddress address.

         The value of tmnxTacPlusServerInetAddressType can be either of
         InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or
         InetAddressType - 'ipv6z'."
    ::= { tmnxTacPlusServerEntry 6 }

tmnxTacPlusServerInetAddress     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusServerInetAddress specifies the address of the
         Tacplus server."
    ::= { tmnxTacPlusServerEntry 7 }

tmnxTacPlusServerPort            OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusServerPort specifies the TCP port on which to
         contact the Tacplus server."
    DEFVAL      { 49 }
    ::= { tmnxTacPlusServerEntry 8 }

tmnxTacPlusAccounting            OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTacPlusAccounting is set to 'TRUE', TACACS+
         command accounting is enabled."
    DEFVAL      { false }
    ::= { tmnxTacPlusInfo 4 }

tmnxTacPlusAcctRecType           OBJECT-TYPE
    SYNTAX      INTEGER {
        startStop (1),
        stopOnly  (2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusAcctRecType is used to configure the type of accounting
         record packet that is to be sent to the TACACS+ server. The value
         indicates whether TACACS+ accounting start and stop packets be sent or
         just stop packets be sent. TACACS+ start packet is sent whenever the
         user executes a command. A stop packet is sent whenever the command
         execution is complete. The default value for this object is
         'stopOnly'."
    DEFVAL      { stopOnly }
    ::= { tmnxTacPlusInfo 5 }

tmnxTacPlusAuthorization         OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTacPlusAuthorization is set to 'TRUE', TACACS+
         command authorization is enabled."
    DEFVAL      { false }
    ::= { tmnxTacPlusInfo 6 }

tmnxTacPlusSingleConnection      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "When the value of tmnxTacPlusSingleConnection is set to 'TRUE', a
         single connection is established with the TACACS+ server. The
         connection is kept open and is used by all the TELNET/SSH/FTP sessions
         for AAA operations.

         This object is obsoleted in release 8.0."
    DEFVAL      { false }
    ::= { tmnxTacPlusInfo 7 }

tmnxTacPlusSourceAddress         OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "tmnxTacPlusSourceAddress is used to configure the source address of
         the TACACS+ packet. It should be a valid unicast address.

         If this object is configured with the address of the router interface,
         the TACACS+ client uses it while making a request to the server.

         If the address is not configured or is not the address of the one of
         interfaces, the source address is based on the address of the TACACS+
         server. If the server address is in-band, the client uses the system
         ip address as the source address. If it is out-of-band, the source
         address is the address of the management interface.

         tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of Nokia
         SROS series systems. The source address of the TACACS+ packet can now
         be set by creating a tmnxSourceIPEntry for TACACS+ application in the
         tmnxSourceIPTable."
    DEFVAL      { '00000000'H }
    ::= { tmnxTacPlusInfo 8 }

tmnxTacPlusConfigured            OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "When the value of tmnxTacPlusConfigured is set to 'false', all the
         Tacplus objects under the tmnxTacPlusInfo tree will be set to their
         default values and all the rows in the tmnxTacPlusServerTable will be
         removed. The value of this object will be set to 'true' if non-default
         values are set to the 'TacPlus' objects.

         This object has been obsoleted in release 14.0 R1."
    DEFVAL      { false }
    ::= { tmnxTacPlusInfo 9 }

tmnxTacplusUseTemplate           OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacplusUseTemplate specifies whether the TACACS+ user
         template is actively applied to the TACACS+ user. When the value of
         tmnxTacplusUseTemplate is set to 'true(1)', the TACACS+ user template
         is actively applied."
    DEFVAL      { true }
    ::= { tmnxTacPlusInfo 10 }

tmnxTacPlusInteractiveAuthen     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusInteractiveAuthen specifies whether
         interactive authentication is enabled.

         If the value of this object is set to 'true(1)', no username nor
         password is sent in the TACACS+ authentication START message, and the
         server_msg in the TAC_PLUS_AUTHEN_STATUS_GETUSER and
         TAC_PLUS_AUTHEN_STATUS_GETPASS authentication REPLY messages from the
         TACACS+ server are displayed. The server_msg may contain an S/Key for
         one-time password operation.

         If the value of this object is set to 'false(2)', the username and
         password are sent in the TACACS+ authentication START message."
    DEFVAL      { false }
    ::= { tmnxTacPlusInfo 11 }

tmnxTacPlusAuthorUsePrivLvl      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusAuthorUsePrivLvl specifies whether the
         privilege level mapping is used.

         When the value of tmnxTacPlusAuthorization is 'true(1)' and the value
         of tmnxTacPlusAuthorUsePrivLvl is 'true(1)', the value of attribute
         'priv-lvl' in the TACACS+ authorization RESPONSE packet is mapped to
         the user profile defined in tmnxTacPlusPrivLvlMapTable. That user
         profile is used for authorization."
    DEFVAL      { false }
    ::= { tmnxTacPlusInfo 12 }

tmnxServerCtlObjs                OBJECT IDENTIFIER ::= { tmnxSecurityObjects 8 }

tmnxEnableServers                OBJECT-TYPE
    SYNTAX      BITS {
        telnet  (0),
        ssh     (1),
        ftp     (2),
        telnet6 (3)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxEnableServers is used to enable/disable telnet, SSH, FTP, and
         telnet v6 servers running on the system. By default, at system
         startup, only SSH server will be enabled."
    DEFVAL      { {ssh} }
    ::= { tmnxServerCtlObjs 1 }

tmnxTelnetServerOperStatus       OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxTelnetServerOperStatus indicates the operational status of the
         telnet server. If the value of this object changes, a generic trap
         TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 2 }

tmnxSSHServerOperStatus          OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxSSHServerOperStatus indicates the operational status of the SSH
         server. If the value of this object changes, a generic trap
         TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 3 }

tmnxFTPServerOperStatus          OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxFTPServerOperStatus indicates the operational status of the FTP
         server. If the value of this object changes, a generic trap
         TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 4 }

tmnxTelnet6ServerOperStatus      OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxTelnet6ServerOperStatus indicates the operational
         status of the IPv6 telnet server. If the value of this object changes,
         a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 5 }

tmnxCpmSecurityObjs              OBJECT IDENTIFIER ::= { tmnxSecurityObjects 9 }

tmnxCpmPerPeerQueuing            OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxCpmPerPeerQueuing is set to 'true', CPM hardware queuing
         per peer is enabled. This means that when a peering session is
         established, the router will automatically allocate a separate
         CPM hardware queue for that peer.  When tmnxCpmPerPeerQueuing is
         set to 'false', CPM hardware queuing per peer is disabled.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 1 }

tmnxCpmQueuesTotal               OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmQueuesTotal indicates the total number of CPM
         hardware queues.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 2 }

tmnxCpmQueuesInUse               OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmQueuesInUse indicates the number of CPM hardware
         queues that are in use.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 3 }

tCpmFilterQueueTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmFilterQueueEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmFilterQueueTable has an entry for each CPM filter queue
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 4 }

tCpmFilterQueueEntry             OBJECT-TYPE
    SYNTAX      TCpmFilterQueueEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular CPM Filter Queue. Entries are
         created/deleted by user. Entries have a presumed StorageType of
         nonVolatile."
    INDEX       { tCpmFilterQueueId }
    ::= { tCpmFilterQueueTable 1 }

TCpmFilterQueueEntry             ::= SEQUENCE
{
    tCpmFilterQueueId                TCpmFilterQueueId,
    tCpmFilterQueueRowStatus         RowStatus,
    tCpmFilterQueueLastChanged       TimeStamp,
    tCpmFilterQueueAdminPIR          TPIRRate,
    tCpmFilterQueueAdminCIR          TCIRRate,
    tCpmFilterQueueCBS               TCpmFilterBurstSize,
    tCpmFilterQueueMBS               TCpmFilterBurstSize,
    tCpmFilterQueueReferences        Unsigned32,
    tCpmFilterQueueOperPIR           TPIRRateOrZero,
    tCpmFilterQueueOperCIR           TCIRRate
}

tCpmFilterQueueId                OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId (33..2000)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueId is used to index into the
         tCpmFilterQueueTable. It uniquely identifies a CPM Queue as configured
         on this system."
    ::= { tCpmFilterQueueEntry 1 }

tCpmFilterQueueRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueRowStatus specifies the row status. It
         allows entries to be created or deleted in the tCpmFilterQueueEntry
         table."
    ::= { tCpmFilterQueueEntry 2 }

tCpmFilterQueueLastChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueLastChanged indicates the timestamp of the
         last change to this row in tCpmFilterQueueTable."
    ::= { tCpmFilterQueueEntry 3 }

tCpmFilterQueueAdminPIR          OBJECT-TYPE
    SYNTAX      TPIRRate
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueAdminPIR specifies the Peak Information
         Rate associated with this queue.

         This object can only be set to 1 or -1, when the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
    DEFVAL      { -1 }
    ::= { tCpmFilterQueueEntry 4 }

tCpmFilterQueueAdminCIR          OBJECT-TYPE
    SYNTAX      TCIRRate
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueAdminCIR specifies the Committed
         Information Rate associated with this queue.

         This object cannot be set when the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
    DEFVAL      { -1 }
    ::= { tCpmFilterQueueEntry 5 }

tCpmFilterQueueCBS               OBJECT-TYPE
    SYNTAX      TCpmFilterBurstSize
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueCBS specifies the Committed Burst Excess
         associated with this queue.

         This object cannot be set when the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
    DEFVAL      { -1 }
    ::= { tCpmFilterQueueEntry 6 }

tCpmFilterQueueMBS               OBJECT-TYPE
    SYNTAX      TCpmFilterBurstSize
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueMBS specifies the Maximum Burst Size
         associated with this queue."
    DEFVAL      { -1 }
    ::= { tCpmFilterQueueEntry 7 }

tCpmFilterQueueReferences        OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueReferences indicates the count of filter
         entries using this particular queue to forward traffic to the main
         CPU."
    ::= { tCpmFilterQueueEntry 8 }

tCpmFilterQueueOperPIR           OBJECT-TYPE
    SYNTAX      TPIRRateOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueOperPIR indicates the operational value of
         the Peak Information Rate associated with this queue. This value can
         be zero if the queue is not instantiated."
    ::= { tCpmFilterQueueEntry 9 }

tCpmFilterQueueOperCIR           OBJECT-TYPE
    SYNTAX      TCIRRate
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueOperCIR indicates the operational value of
         the Committed Information Rate associated with this queue."
    ::= { tCpmFilterQueueEntry 10 }

tmnxCpmHwFilterObjs              OBJECT IDENTIFIER ::= { tmnxCpmSecurityObjs 5 }

tCpmFilterDefaultAction          OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault { drop (1), forward (2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterDefaultAction specifies the action to take for
         packets that do not match any filter entries.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL      { forward }
    ::= { tmnxCpmHwFilterObjs 1 }

tCpmIpFilterAdminState           OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterAdminState specifies the administrative state
         of the CPM IPv4 filter.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL      { outOfService }
    ::= { tmnxCpmHwFilterObjs 2 }

tCpmIPv6FilterAdminState         OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterAdminState specifies the administrative
         state of the CPM IPv6 filter.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL      { outOfService }
    ::= { tmnxCpmHwFilterObjs 3 }

tCpmMacFilterAdminState          OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFilterAdminState specifies the administrative
         state of the CPM Mac filter.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL      { outOfService }
    ::= { tmnxCpmHwFilterObjs 4 }

tCpmIpFilterTable                OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIpFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIpFilterTable has an entry for each CPM IPv4 filter entry
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 6 }

tCpmIpFilterEntry                OBJECT-TYPE
    SYNTAX      TCpmIpFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular Cpm Filter match entry. Every
         Cpm Filter can have zero or more Cpm Filter match entries. A filter
         entry with no match criteria set will match every packet, and the
         entry action will be taken. Entries are created/deleted by user. There
         is no StorageType object, entries have a presumed StorageType of
         nonVolatile."
    INDEX       { tCpmIpFilterEntryId }
    ::= { tCpmIpFilterTable 1 }

TCpmIpFilterEntry                ::= SEQUENCE
{
    tCpmIpFilterEntryId              TEntryId,
    tCpmIpFilterEntryRowStatus       RowStatus,
    tCpmIpFilterEntryLastChanged     TimeStamp,
    tCpmIpFilterEntryLogId           TFilterLogId,
    tCpmIpFilterEntryDescription     TItemDescription,
    tCpmIpFilterEntryAction          TCpmFilterActionOrDefault,
    tCpmIpFilterEntryQueueId         TCpmFilterQueueId,
    tCpmIpFilterEntrySrcIPAddr       IpAddress,
    tCpmIpFilterEntrySrcIPMask       IpAddressPrefixLength,
    tCpmIpFilterEntryDestIPAddr      IpAddress,
    tCpmIpFilterEntryDestIPMask      IpAddressPrefixLength,
    tCpmIpFilterEntryProtocol        TIpProtocol,
    tCpmIpFilterEntrySrcPort         TTcpUdpPort,
    tCpmIpFilterEntrySrcPortMask     Integer32,
    tCpmIpFilterEntryDestPort        TTcpUdpPort,
    tCpmIpFilterEntryDestPortMask    Integer32,
    tCpmIpFilterEntryDSCP            TDSCPNameOrEmpty,
    tCpmIpFilterEntryFragment        TItemMatch,
    tCpmIpFilterEntryOptionPresent   TItemMatch,
    tCpmIpFilterEntryIPOptionValue   TIpOption,
    tCpmIpFilterEntryIPOptionMask    TIpOption,
    tCpmIpFilterEntryMultipleOption  TItemMatch,
    tCpmIpFilterEntryTcpSyn          TItemMatch,
    tCpmIpFilterEntryTcpAck          TItemMatch,
    tCpmIpFilterEntryIcmpCode        TIcmpCodeOrNone,
    tCpmIpFilterEntryIcmpType        TIcmpTypeOrNone,
    tCpmIpFilterEntryVRtrId          TmnxVRtrIDOrZero,
    tCpmIpFilterEntryLogCreated      TruthValue,
    tCpmIpFilterEntrySrcIpPrefixList TNamedItemOrEmpty,
    tCpmIpFilterEntryDstIpPrefixList TNamedItemOrEmpty,
    tCpmIpFilterEntrySrcPortHigh     TTcpUdpPort,
    tCpmIpFilterEntrySrcPortOper     TCpmFilterPortOperator,
    tCpmIpFilterEntryDestPortHigh    TTcpUdpPort,
    tCpmIpFilterEntryDestPortOper    TCpmFilterPortOperator,
    tCpmIpFilterEntrySrcPortList     TNamedItemOrEmpty,
    tCpmIpFilterEntryDstPortList     TNamedItemOrEmpty,
    tCpmIpFilterEntryPortSelector    TFltrPortSelector
}

tCpmIpFilterEntryId              OBJECT-TYPE
    SYNTAX      TEntryId (1..131072)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryId is used to index into the
         tCpmIpFilterTable. It uniquely identifies a CPM filter entry as
         configured on this system."
    ::= { tCpmIpFilterEntry 1 }

tCpmIpFilterEntryRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryRowStatus specifies the row status. It
         allows entries to be created and deleted in the tCpmIpFilterTable."
    ::= { tCpmIpFilterEntry 2 }

tCpmIpFilterEntryLastChanged     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryLastChanged indicates the timestamp of
         the last change to this row in tCpmIpFilterTable."
    ::= { tCpmIpFilterEntry 3 }

tCpmIpFilterEntryLogId           OBJECT-TYPE
    SYNTAX      TFilterLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryLogId specifies the log in which packets
         matching this entry should be entered. The value zero indicates that
         logging is disabled."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 4 }

tCpmIpFilterEntryDescription     OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDescription specifies the user-provided
         string describing this filter."
    DEFVAL      { ''H }
    ::= { tCpmIpFilterEntry 5 }

tCpmIpFilterEntryAction          OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryAction specifies the action to take for
         packets that match this filter entry. The value default(4) specifies
         this entry to inherit the behavior defined as the default for the
         filter in tCpmFilterDefaultAction.

         The value queue(3) can only be specified if a valid queue id is
         entered in tCpmIpFilterEntryQueueId.

         An 'inconsistentValue' error is returned if the value of this object
         is set to queue(3), when the value of the object
         tCpmIpFilterEntryProtocol is set to vrrp (112)."
    DEFVAL      { drop }
    ::= { tCpmIpFilterEntry 6 }

tCpmIpFilterEntryQueueId         OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryQueueId specifies which queue to put the
         packet in when tCpmIpFilterEntryAction is queue (3).

         If the value of tCpmIpFilterEntryAction is different from queue (3)
         tCpmIpFilterEntryQueueId will be forced by the system to 0, and any
         change attempt will be silently discarded."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 7 }

tCpmIpFilterEntrySrcIPAddr       OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcIPAddr specifies the IP address to
         match the source IP address of the packet."
    DEFVAL      { '00000000'H }
    ::= { tCpmIpFilterEntry 8 }

tCpmIpFilterEntrySrcIPMask       OBJECT-TYPE
    SYNTAX      IpAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcIPMask specifies the IP Mask value
         for this policy Cpm FilterEntry entry. The mask is ANDed with the IP
         to match the tCpmIpFilterEntrySrcIPAddr."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 9 }

tCpmIpFilterEntryDestIPAddr      OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestIPAddr specifies the IP address to
         match the destination IP address of the packet."
    DEFVAL      { '00000000'H }
    ::= { tCpmIpFilterEntry 10 }

tCpmIpFilterEntryDestIPMask      OBJECT-TYPE
    SYNTAX      IpAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestIPMask specifies the IP Mask value
         for this policy Cpm FilterEntry entry. The mask is ANDed with the IP
         to match the tCpmIpFilterEntryDestIPAddr."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 11 }

tCpmIpFilterEntryProtocol        OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryProtocol specifies the IP protocol to
         match. It can be set to -1 to disable matching Cpm protocol. If the
         protocol is changed, the protocol specific parameters are reset. For
         instance, if protocol is changed from TCP to UDP, then the objects
         tCpmIpFilterEntryTcpSyn and tCpmIpFilterEntryTcpAck will be turned
         off.

         An 'inconsistentValue' error is returned if the value of this object
         is is set to vrrp (112), when the value of the object
         tCpmIpFilterEntryAction is set to queue(3)."
    DEFVAL      { -1 }
    ::= { tCpmIpFilterEntry 12 }

tCpmIpFilterEntrySrcPort         OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcPort specifies the TCP/UDP port to
         match the source port of the packet.

         See also the description of tCpmIpFilterEntrySrcPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 13 }

tCpmIpFilterEntrySrcPortMask     OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcPortMask specifies the 16 bit mask to
         be applied when matching tCpmIpFilterEntrySrcPort.

         See also the description of tCpmIpFilterEntrySrcPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 14 }

tCpmIpFilterEntryDestPort        OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestPort specifies the TCP/UDP port to
         match the destination port of the packet.

         See also the description of tCpmIpFilterEntryDestPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 15 }

tCpmIpFilterEntryDestPortMask    OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestPortMask specifies the 16 bit mask
         to be applied when matching tCpmIpFilterEntryDestPortOper.

         See also the description of tCpmIpFilterEntryDestPortHigh for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 16 }

tCpmIpFilterEntryDSCP            OBJECT-TYPE
    SYNTAX      TDSCPNameOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDSCP specifies the DSCP to be matched on
         the packet."
    DEFVAL      { ''H }
    ::= { tCpmIpFilterEntry 17 }

tCpmIpFilterEntryFragment        OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryFragment specifies whether fragment
         matching is enabled. When enabled, this object matches
         fragmented/unfragmented packets as per the value of the object."
    DEFVAL      { off }
    ::= { tCpmIpFilterEntry 18 }

tCpmIpFilterEntryOptionPresent   OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryOptionPresent specifies whether IP
         options matching is enabled. When enables, this object matches packets
         if they have options present or not as per the value of the object."
    DEFVAL      { off }
    ::= { tCpmIpFilterEntry 19 }

tCpmIpFilterEntryIPOptionValue   OBJECT-TYPE
    SYNTAX      TIpOption
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIPOptionValue specifies the specific IP
         option to match."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 20 }

tCpmIpFilterEntryIPOptionMask    OBJECT-TYPE
    SYNTAX      TIpOption
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIPOptionMask specifies the mask that is
         ANDed with the IP option in the packet header before being compared to
         tCpmIpFilterEntryIPOptionValue."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 21 }

tCpmIpFilterEntryMultipleOption  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryMultipleOption specifies whether
         multiple options are to be matched as per the value of the object."
    DEFVAL      { off }
    ::= { tCpmIpFilterEntry 22 }

tCpmIpFilterEntryTcpSyn          OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryTcpSyn specifies whether a TCP Syn
         packet should match."
    DEFVAL      { off }
    ::= { tCpmIpFilterEntry 23 }

tCpmIpFilterEntryTcpAck          OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryTcpAck specifies whether a TCP Ack
         packet should match."
    DEFVAL      { off }
    ::= { tCpmIpFilterEntry 24 }

tCpmIpFilterEntryIcmpCode        OBJECT-TYPE
    SYNTAX      TIcmpCodeOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIcmpCode specifies the ICMP code to be
         matched.

         The value -1 means ICMP code matching is disabled."
    DEFVAL      { -1 }
    ::= { tCpmIpFilterEntry 25 }

tCpmIpFilterEntryIcmpType        OBJECT-TYPE
    SYNTAX      TIcmpTypeOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIcmpType specifies the ICMP type to be
         matched.

         The value -1 means ICMP type matching is disabled."
    DEFVAL      { -1 }
    ::= { tCpmIpFilterEntry 26 }

tCpmIpFilterEntryVRtrId          OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryVRtrId specifies the virtual router ID
         to be matched. When the value is '0', no virtual router matching
         occurs."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 27 }

tCpmIpFilterEntryLogCreated      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryLogCreated indicates whether the filter
         log for this filter entry has been instantiated."
    ::= { tCpmIpFilterEntry 28 }

tCpmIpFilterEntrySrcIpPrefixList OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the IP prefix list used as match
         criterion for the source ip address.

         The value specified for this object must correspond to a prefix list
         defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.

         If the value of this object is empty then the values of the objects
         tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask are used as
         source ip address match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask are reset to
         their default values by the system.

         Vice versa, when a new (non-default) value is provided for the objects
         tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask then this
         object is reset to its default (empty) value by the system.

         An attempt to set tCpmIpFilterEntrySrcIpPrefixList to a non-default
         value in combination with setting any of tCpmIpFilterEntrySrcIPAddr or
         tCpmIpFilterEntrySrcIPMask to (a) non-default value(s) is rejected by
         the system"
    DEFVAL      { ''H }
    ::= { tCpmIpFilterEntry 30 }

tCpmIpFilterEntryDstIpPrefixList OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the IP prefix list used as match
         criterion for the destination ip address.

         The value specified for this object must correspond to a prefix list
         defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.

         If the value of this object is empty then the values of the objects
         tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask are used
         as source ip address match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask are reset
         to their default values by the system.

         Vice versa, when a new (non-default) value is provided for the objects
         tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask then this
         object is reset to its default (empty) value by the system.

         An attempt to set tCpmIpFilterEntryDstIpPrefixList to a non-default
         value in combination with setting any of tCpmIpFilterEntryDestIPAddr
         or tCpmIpFilterEntryDestIPMask to (a) non-default value(s) is rejected
         by the system"
    DEFVAL      { ''H }
    ::= { tCpmIpFilterEntry 31 }

tCpmIpFilterEntrySrcPortHigh     OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the upper value for the TCP/UDP port range that
         is used as match criterion for the source port of a packet.

         See also the description of tCpmIpFilterEntrySrcPortOper for
         additional information about this object

         Setting tCpmIpFilterEntrySrcPortOper to range in combination with a
         value for tCpmIpFilterEntrySrcPort greater than the value for
         tCpmIpFilterEntrySrcPortHigh will be rejected by the system."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 32 }

tCpmIpFilterEntrySrcPortOper     OBJECT-TYPE
    SYNTAX      TCpmFilterPortOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the manner in which tCpmIpFilterEntrySrcPort,
         tCpmIpFilterEntrySrcPortMask, and tCpmIpFilterEntrySrcPortHigh are to
         be used. See description of TCpmFilterPortOperator."
    DEFVAL      { mask }
    ::= { tCpmIpFilterEntry 33 }

tCpmIpFilterEntryDestPortHigh    OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the upper value for the TCP/UDP port range that
         is used as match criterion for the destination port of a packet.

         See also the description of tCpmIpFilterEntryDestPortOper for
         additional information about this object

         Setting tCpmIpFilterEntryDestPortOper to range in combination with a
         value for tCpmIpFilterEntryDestPort greater than the value for
         tCpmIpFilterEntryDestPortHigh will be rejected by the system."
    DEFVAL      { 0 }
    ::= { tCpmIpFilterEntry 34 }

tCpmIpFilterEntryDestPortOper    OBJECT-TYPE
    SYNTAX      TCpmFilterPortOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the manner in which tCpmIpFilterEntryDestPort,
         tCpmIpFilterEntryDestPortMask, and tCpmIpFilterEntryDestPortHigh are
         to be used. See description of TCpmFilterPortOperator."
    DEFVAL      { mask }
    ::= { tCpmIpFilterEntry 35 }

tCpmIpFilterEntrySrcPortList     OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the port-list used as match
         criterion for the source port.

         The value specified for this object must correspond to a port-list
         defined in TIMETRA-FILTER-MIB::tFilterPortListTable.

         If the value of this object is empty then the values of the objects
         tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
         tCpmIpFilterEntrySrcPortHigh and tCpmIpFilterEntrySrcPortOper are used
         as source port match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
         tCpmIpFilterEntrySrcPortHigh and tCpmIpFilterEntrySrcPortOper are
         reset to their default values by the system.

         Vice versa, when a new (non-default) value is provided for one of the
         objects tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
         tCpmIpFilterEntrySrcPortHigh, or tCpmIpFilterEntrySrcPortOper then
         tCpmIpFilterEntrySrcPortList is reset to its default (empty) value by
         the system.

         Setting any one of the objects tCpmIpFilterEntrySrcPort,
         tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh,
         tCpmIpFilterEntrySrcPortOper to a non-default value in combination
         with a non-default value for the object tCpmIpFilterEntrySrcPortList
         is rejected by the system"
    DEFVAL      { ''H }
    ::= { tCpmIpFilterEntry 36 }

tCpmIpFilterEntryDstPortList     OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the port-list used as match
         criterion for the destination port.

         The value specified for this object must correspond to a port-list
         defined in TIMETRA-FILTER-MIB::tFilterPortListTable.

         If the value of this object is empty then the values of the objects
         tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
         tCpmIpFilterEntryDestPortHigh and tCpmIpFilterEntryDestPortOper are
         used as destination port match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
         tCpmIpFilterEntryDestPortHigh and tCpmIpFilterEntryDestPortOper are
         reset to their default values by the system.

         Vice versa, when a new (non-default) value is provided for one of the
         objects tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
         tCpmIpFilterEntryDestPortHigh or tCpmIpFilterEntryDestPortOper then
         tCpmIpFilterEntryDstPortList is reset to its default (empty) value by
         the system.

         Setting any one of the objects tCpmIpFilterEntryDestPort,
         tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh,
         tCpmIpFilterEntryDestPortOper to a non-default value in combination
         with a non-default value for the object tCpmIpFilterEntryDstPortList
         is rejected by the system."
    DEFVAL      { ''H }
    ::= { tCpmIpFilterEntry 37 }

tCpmIpFilterEntryPortSelector    OBJECT-TYPE
    SYNTAX      TFltrPortSelector
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies how the source port objects
         (tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
         tCpmIpFilterEntrySrcPortHigh, tCpmIpFilterEntrySrcPortOper,
         tCpmIpFilterEntrySrcPortList) and destination port objects
         (tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
         tCpmIpFilterEntryDestPortHigh, tCpmIpFilterEntryDestPortOper,
         tCpmIpFilterEntryDstPortList) are combined to form the filter match
         criterion. See description of TFltrPortSelector.

         An 'inconsistentValue' error is returned if this object is not set
         along with source port or destination port objects."
    DEFVAL      { and-port }
    ::= { tCpmIpFilterEntry 38 }

tCpmIpFilterStatsTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIpFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIpFilterStatsTable has a stats entry for each entry in each
         CPM filter configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 7 }

tCpmIpFilterStatsEntry           OBJECT-TYPE
    SYNTAX      TCpmIpFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmIpFilterEntry indexed by the same tCpmIpFilterEntryId. Entries are
         created when tCpmIpFilterEntry rows are created."
    INDEX       { tCpmIpFilterEntryId }
    ::= { tCpmIpFilterStatsTable 1 }

TCpmIpFilterStatsEntry           ::= SEQUENCE
{
    tCpmIpFilterStatsDroppedPkts     Counter64,
    tCpmIpFilterStatsForwardedPkts   Counter64
}

tCpmIpFilterStatsDroppedPkts     OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterStatsDroppedPkts indicates the number of
         packets dropped due to the tCpmIpFilterEntry with the same index."
    ::= { tCpmIpFilterStatsEntry 1 }

tCpmIpFilterStatsForwardedPkts   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterStatsForwardedPkts indicates the number of
         packets forwarded due to the tCpmIpFilterEntry with the same index."
    ::= { tCpmIpFilterStatsEntry 2 }

tCpmFilterQueueStatsTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmFilterQueueStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmFilterQueueStatsTable has a stats entry for each CPM filter
         queue configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 8 }

tCpmFilterQueueStatsEntry        OBJECT-TYPE
    SYNTAX      TCpmFilterQueueStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmFilterQueueEntry indexed by the same tCpmFilterQueueId. Entries
         are created when tCpmFilterQueueEntry rows are created."
    INDEX       { tCpmFilterQueueId }
    ::= { tCpmFilterQueueStatsTable 1 }

TCpmFilterQueueStatsEntry        ::= SEQUENCE
{
    tCpmFilterQInProfileDropPkts     Counter64,
    tCpmFilterQInProfileFwdPkts      Counter64,
    tCpmFilterQInProfileDropOctets   Counter64,
    tCpmFilterQInProfileFwdOctets    Counter64,
    tCpmFilterQOutProfileDropPkts    Counter64,
    tCpmFilterQOutProfileFwdPkts     Counter64,
    tCpmFilterQOutProfileDropOctets  Counter64,
    tCpmFilterQOutProfileFwdOctets   Counter64
}

tCpmFilterQInProfileDropPkts     OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileDropPkts indicates the number of
         packets complying to the queue Qos profile dropped from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 1 }

tCpmFilterQInProfileFwdPkts      OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileFwdPkts indicates the number of
         packets complying to the queue Qos profile forwarded from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 2 }

tCpmFilterQInProfileDropOctets   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileDropOctets indicates the number of
         octets complying to the queue Qos profile dropped from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 3 }

tCpmFilterQInProfileFwdOctets    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileFwdOctets indicates the number of
         octets complying to the queue Qos profile forwarded from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 4 }

tCpmFilterQOutProfileDropPkts    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileDropPkts indicates the number of
         packets not complying to the queue Qos profile dropped from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 5 }

tCpmFilterQOutProfileFwdPkts     OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileFwdPkts indicates the number of
         packets not complying to the queue Qos profile forwarded from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 6 }

tCpmFilterQOutProfileDropOctets  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileDropOctets indicates the number of
         octets not complying to the queue Qos profile dropped from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 7 }

tCpmFilterQOutProfileFwdOctets   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileFwdOctets indicates the number of
         octets not complying to the queue Qos profile forwarded from the
         tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 8 }

tCpmIPv6FilterTable              OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIPv6FilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIPv6FilterTable has an entry for each CPM IPv6 filter entry
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 9 }

tCpmIPv6FilterEntry              OBJECT-TYPE
    SYNTAX      TCpmIPv6FilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular CPM IPv6 filter match entry.
         The CPM IPv6 Filter can have zero or more CPM IPv6 filter match
         entries.

         A filter entry with no match criteria set will match every packet, and
         the entry action will be taken. Entries are created/deleted by user.
         There is no StorageType object, entries have a presumed StorageType of
         nonVolatile."
    INDEX       { tCpmIPv6FilterEntryId }
    ::= { tCpmIPv6FilterTable 1 }

TCpmIPv6FilterEntry              ::= SEQUENCE
{
    tCpmIPv6FilterEntryId            TEntryId,
    tCpmIPv6FilterEntryRowStatus     RowStatus,
    tCpmIPv6FilterEntryLastChanged   TimeStamp,
    tCpmIPv6FilterEntryLogId         TFilterLogId,
    tCpmIPv6FilterEntryDescription   TItemDescription,
    tCpmIPv6FilterEntryAction        TCpmFilterActionOrDefault,
    tCpmIPv6FilterEntryQueueId       TCpmFilterQueueId,
    tCpmIPv6FilterEntrySrcIPAddr     InetAddressIPv6,
    tCpmIPv6FilterEntrySrcIPMask     InetAddressPrefixLength,
    tCpmIPv6FilterEntryDestIPAddr    InetAddressIPv6,
    tCpmIPv6FilterEntryDestIPMask    InetAddressPrefixLength,
    tCpmIPv6FilterEntryNextHeader    TIpProtocol,
    tCpmIPv6FilterEntrySrcPort       TTcpUdpPort,
    tCpmIPv6FilterEntrySrcPortMask   Integer32,
    tCpmIPv6FilterEntryDestPort      TTcpUdpPort,
    tCpmIPv6FilterEntryDestPortMask  Integer32,
    tCpmIPv6FilterEntryDSCP          TDSCPNameOrEmpty,
    tCpmIPv6FilterEntryTcpSyn        TItemMatch,
    tCpmIPv6FilterEntryTcpAck        TItemMatch,
    tCpmIPv6FilterEntryIcmpCode      TIcmpCodeOrNone,
    tCpmIPv6FilterEntryIcmpType      TIcmpTypeOrNone,
    tCpmIPv6FilterEntryVRtrId        TmnxVRtrIDOrZero,
    tCpmIPv6FilterEntryLogCreated    TruthValue,
    tCpmIPv6FilterEntryFlowLabel     IPv6FlowLabel,
    tCpmIPv6FilterEntrySrcIpPfxList  TNamedItemOrEmpty,
    tCpmIPv6FilterEntryDstIpPfxList  TNamedItemOrEmpty,
    tCpmIPv6FilterEntrySrcPortHigh   TTcpUdpPort,
    tCpmIPv6FilterEntrySrcPortOper   TCpmFilterPortOperator,
    tCpmIPv6FilterEntryDestPortHigh  TTcpUdpPort,
    tCpmIPv6FilterEntryDestPortOper  TCpmFilterPortOperator,
    tCpmIPv6FilterEntrySrcPortList   TNamedItemOrEmpty,
    tCpmIPv6FilterEntryDstPortList   TNamedItemOrEmpty,
    tCpmIPv6FilterEntryPortSelector  TFltrPortSelector,
    tCpmIPv6FilterEntryFragment      TItemMatch,
    tCpmIPv6FilterEntryHopByHopOpt   TItemMatch
}

tCpmIPv6FilterEntryId            OBJECT-TYPE
    SYNTAX      TEntryId (1..131072)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryId is used to index into the
         tCpmIPv6FilterTable. It uniquely identifies a CPM IPv6 filter entry as
         configured on this system."
    ::= { tCpmIPv6FilterEntry 1 }

tCpmIPv6FilterEntryRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryRowStatus specifies the row status. It
         allows entries to be created and deleted in the tCpmIPv6FilterTable."
    ::= { tCpmIPv6FilterEntry 2 }

tCpmIPv6FilterEntryLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryLastChanged indicates the timestamp of
         the last change to this row in tCpmIPv6FilterTable."
    ::= { tCpmIPv6FilterEntry 3 }

tCpmIPv6FilterEntryLogId         OBJECT-TYPE
    SYNTAX      TFilterLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryLogId specifies the log in which
         packets matching this entry should be entered. The value zero
         indicates that logging is disabled."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 4 }

tCpmIPv6FilterEntryDescription   OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDescription specifies the
         user-provided string describing this filter entry."
    DEFVAL      { ''H }
    ::= { tCpmIPv6FilterEntry 5 }

tCpmIPv6FilterEntryAction        OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryAction specifies the action to take
         for packets that match this filter entry. The value default(4)
         specifies this entry to inherit the behavior defined as the default
         for the filter in tCpmFilterDefaultAction.

         The value queue(3) can only be specified if a valid queue id is
         entered in tCpmIPv6FilterEntryQueueId.

         An 'inconsistentValue' error is returned if the value of this object
         is set to queue(3), when the value of the object
         tCpmIPv6FilterEntryNextHeader is set to vrrp (112)."
    DEFVAL      { drop }
    ::= { tCpmIPv6FilterEntry 6 }

tCpmIPv6FilterEntryQueueId       OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryQueueId specifies which queue to put
         the packet in when tCpmIPv6FilterEntryAction is queue (3).

         If the value of tCpmIPv6FilterEntryAction is different from queue (3)
         tCpmIPv6FilterEntryQueueId will be forced by the system to 0, and any
         change attempt will be silently discarded."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 7 }

tCpmIPv6FilterEntrySrcIPAddr     OBJECT-TYPE
    SYNTAX      InetAddressIPv6
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntrySrcIPAddr specifies the IPv6 address
         to match the source IPv6 address in the packet."
    DEFVAL      { '00000000000000000000000000000000'H }
    ::= { tCpmIPv6FilterEntry 8 }

tCpmIPv6FilterEntrySrcIPMask     OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tCpmIPv6FilterEntrySrcIPMask holds the IPv6 source address mask for
         this IPv6 CPM filter entry. The mask specifies the bits to be compared
         between tCpmIPv6FilterEntrySrcIPAddr and the IPv6 source address in
         the packet."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 9 }

tCpmIPv6FilterEntryDestIPAddr    OBJECT-TYPE
    SYNTAX      InetAddressIPv6
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDestIPAddr specifies the IPv6 address
         to match the destination IPv6 address in the packet."
    DEFVAL      { '00000000000000000000000000000000'H }
    ::= { tCpmIPv6FilterEntry 10 }

tCpmIPv6FilterEntryDestIPMask    OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tCpmIPv6FilterEntryDestIPMask holds the IPv6 destination address mask
         for this IPv6 CPM filter entry.

         The mask specifies the bits to be compared between
         tCpmIPv6FilterEntryDestIPAddr and the IPv6 destination address in the
         packet."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 11 }

tCpmIPv6FilterEntryNextHeader    OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryNextHeader specifies the IPv6 protocol
         to match. '-1' specifies that the matching has been disabled. To
         change a protocol, the protocol specific values should be reset. For
         instance, to change the protocol from TCP(6) to UDP(7), the TCP
         specific attributes such as tCpmIPv6FilterEntryTcpSyn and
         tCpmIPv6FilterEntryTcpAck should be reset. Because the match criteria
         only pertains to the last next-header, the following values will not
         match a filter entry: 0, 43, 44, 50, 51, and 60.

         An 'inconsistentValue' error is returned if the value of this object
         is is set to vrrp (112), when the value of the object
         tCpmIPv6FilterEntryAction is set to queue(3)."
    DEFVAL      { -1 }
    ::= { tCpmIPv6FilterEntry 12 }

tCpmIPv6FilterEntrySrcPort       OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntrySrcPort specifies the TCP/UDP port to
         match the source port of the packet.

         See also the description of tCpmIPv6FilterEntrySrcPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 13 }

tCpmIPv6FilterEntrySrcPortMask   OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntrySrcPortMask specifies the bits to be
         compared between tCpmIPv6FilterEntrySrcPort and the TCP/UDP source
         port in the packet.

         See also the description of tCpmIPv6FilterEntrySrcPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 14 }

tCpmIPv6FilterEntryDestPort      OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDestPort specifies the TCP/UDP port to
         match the destination port of the packet.

         See also the description of tCpmIPv6FilterEntryDestPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 15 }

tCpmIPv6FilterEntryDestPortMask  OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDestPortMask specifies the bits to be
         compared between tCpmIPv6FilterEntryDestPort and the TCP/UDP source
         port in the packet.

         See also the description of tCpmIPv6FilterEntryDestPortOper for
         additional information about this object"
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 16 }

tCpmIPv6FilterEntryDSCP          OBJECT-TYPE
    SYNTAX      TDSCPNameOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDSCP specifies the DSCP to be matched
         on the packet."
    DEFVAL      { ''H }
    ::= { tCpmIPv6FilterEntry 17 }

tCpmIPv6FilterEntryTcpSyn        OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryTcpSyn specifies whether a TCP Syn
         packet should match."
    DEFVAL      { off }
    ::= { tCpmIPv6FilterEntry 23 }

tCpmIPv6FilterEntryTcpAck        OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryTcpAck specifies whether a TCP Ack
         packet should match."
    DEFVAL      { off }
    ::= { tCpmIPv6FilterEntry 24 }

tCpmIPv6FilterEntryIcmpCode      OBJECT-TYPE
    SYNTAX      TIcmpCodeOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryIcmpCode specifies the ICMP code to be
         matched.

         The value '-1' means ICMP code matching is disabled."
    DEFVAL      { -1 }
    ::= { tCpmIPv6FilterEntry 25 }

tCpmIPv6FilterEntryIcmpType      OBJECT-TYPE
    SYNTAX      TIcmpTypeOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryIcmpType specifies the ICMP type to be
         matched.

         The value '-1' means ICMP type matching is disabled."
    DEFVAL      { -1 }
    ::= { tCpmIPv6FilterEntry 26 }

tCpmIPv6FilterEntryVRtrId        OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryVRtrId specifies the virtual router ID
         to be matched. When the value is '0', no virtual router matching
         occurs."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 27 }

tCpmIPv6FilterEntryLogCreated    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryLogCreated indicates whether the
         filter log for this filter entry has been instantiated."
    ::= { tCpmIPv6FilterEntry 28 }

tCpmIPv6FilterEntryFlowLabel     OBJECT-TYPE
    SYNTAX      IPv6FlowLabel
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryFlowLabel specifies the flow label to
         be matched. When the value is '-1', no flow label matching occurs."
    DEFVAL      { -1 }
    ::= { tCpmIPv6FilterEntry 29 }

tCpmIPv6FilterEntrySrcIpPfxList  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the IPv6 prefix list used as match
         criterion for the source ipv6 address.

         The value specified for this object must correspond to a prefix list
         defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.

         If the value of this object is empty then the values of the objects
         tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask are used
         as source ipv6 address match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask are
         reset to their default values by the system.

         Vice versa, when a new (non-default) value is provided for the objects
         tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask then
         this object is reset to its default (empty) value by the system."
    DEFVAL      { ''H }
    ::= { tCpmIPv6FilterEntry 30 }

tCpmIPv6FilterEntryDstIpPfxList  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the IPv6 prefix list used as match
         criterion for the destination ipv6 address.

         The value specified for this object must correspond to a prefix list
         defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.

         If the value of this object is empty then the values of the objects
         tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask are
         used as destination ipv6 address match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask are
         reset to their default values by the system.

         Vice versa, when a new (non-default) value is provided for the objects
         tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask then
         this object is reset to its default (empty) value by the system."
    DEFVAL      { ''H }
    ::= { tCpmIPv6FilterEntry 31 }

tCpmIPv6FilterEntrySrcPortHigh   OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the upper value for the TCP/UDP port range that
         is used as match criterion for the source port of a packet.

         See also the description of tCpmIPv6FilterEntrySrcPortOper for
         additional information about this object

         Setting tCpmIPv6FilterEntrySrcPortOper to range in combination with a
         value for tCpmIPv6FilterEntrySrcPort greater than the value for
         tCpmIPv6FilterEntrySrcPortHigh will be rejected by the system."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 32 }

tCpmIPv6FilterEntrySrcPortOper   OBJECT-TYPE
    SYNTAX      TCpmFilterPortOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the manner in which tCpmIPv6FilterEntrySrcPort,
         tCpmIPv6FilterEntrySrcPortMask, and tCpmIPv6FilterEntrySrcPortHigh are
         to be used. See description of TCpmFilterPortOperator."
    DEFVAL      { mask }
    ::= { tCpmIPv6FilterEntry 33 }

tCpmIPv6FilterEntryDestPortHigh  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the upper value for the TCP/UDP port range that
         is used as match criterion for the source port of a packet.

         Setting tCpmIPv6FilterEntryDestPortOper to range in combination with a
         value for tCpmIPv6FilterEntryDestPort greater than the value for
         tCpmIPv6FilterEntryDestPortHigh will be rejected by the system."
    DEFVAL      { 0 }
    ::= { tCpmIPv6FilterEntry 34 }

tCpmIPv6FilterEntryDestPortOper  OBJECT-TYPE
    SYNTAX      TCpmFilterPortOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the manner in which tCpmIPv6FilterEntryDestPort,
         tCpmIPv6FilterEntryDestPortMask, and tCpmIPv6FilterEntryDestPortHigh
         are to be used. See description of TCpmFilterPortOperator."
    DEFVAL      { mask }
    ::= { tCpmIPv6FilterEntry 35 }

tCpmIPv6FilterEntrySrcPortList   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the port-list used as match
         criterion for the source port.

         The value specified for this object must correspond to a port-list
         defined in TIMETRA-FILTER-MIB::tFilterPortListTable.

         If the value of this object is empty then the values of the objects
         tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
         tCpmIPv6FilterEntrySrcPortHigh and tCpmIPv6FilterEntrySrcPortOper are
         used as source port match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
         tCpmIPv6FilterEntrySrcPortHigh and tCpmIPv6FilterEntrySrcPortOper are
         reset to their default values by the system.

         Vice versa, when a new (non-default) value is provided for one of the
         objects tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
         tCpmIPv6FilterEntrySrcPortHigh, or tCpmIPv6FilterEntrySrcPortOper then
         tCpmIPv6FilterEntrySrcPortList is reset to its default (empty) value
         by the system.

         Setting any one of the objects tCpmIPv6FilterEntrySrcPort,
         tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh,
         tCpmIPv6FilterEntrySrcPortOper to a non-default value in combination
         with a non-default value for the object tCpmIPv6FilterEntrySrcPortList
         is rejected by the system"
    DEFVAL      { ''H }
    ::= { tCpmIPv6FilterEntry 36 }

tCpmIPv6FilterEntryDstPortList   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object specifies the port-list used as match
         criterion for the destination port.

         The value specified for this object must correspond to a port-list
         defined in TIMETRA-FILTER-MIB::tFilterPortListTable.

         If the value of this object is empty then the values of the objects
         tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
         tCpmIPv6FilterEntryDestPortHigh and tCpmIPv6FilterEntryDestPortOper
         are used as destination port match criterion.

         When this object is set to a non-empty value then the objects
         tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
         tCpmIPv6FilterEntryDestPortHigh and tCpmIPv6FilterEntryDestPortOper
         are reset to their default values by the system.

         Vice versa, when a new (non-default) value is provided for one of the
         objects tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
         tCpmIPv6FilterEntryDestPortHigh or tCpmIPv6FilterEntryDestPortOper
         then tCpmIPv6FilterEntryDstPortList is reset to its default (empty)
         value by the system.

         Setting any one of the objects tCpmIPv6FilterEntryDestPort,
         tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh,
         tCpmIPv6FilterEntryDestPortOper to a non-default value in combination
         with a non-default value for the object tCpmIPv6FilterEntryDstPortList
         is rejected by the system."
    DEFVAL      { ''H }
    ::= { tCpmIPv6FilterEntry 37 }

tCpmIPv6FilterEntryPortSelector  OBJECT-TYPE
    SYNTAX      TFltrPortSelector
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies how the source port objects
         (tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
         tCpmIPv6FilterEntrySrcPortHigh, tCpmIPv6FilterEntrySrcPortOper,
         tCpmIPv6FilterEntrySrcPortList) and destination port objects
         (tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
         tCpmIPv6FilterEntryDestPortHigh, tCpmIPv6FilterEntryDestPortOper,
         tCpmIPv6FilterEntryDstPortList) are combined to form the filter match
         criterion. See description of TFltrPortSelector.

         An 'inconsistentValue' error is returned if this object is not set
         along with source port or destination port objects."
    DEFVAL      { and-port }
    ::= { tCpmIPv6FilterEntry 38 }

tCpmIPv6FilterEntryFragment      OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "If Enabled, matches a Fragmentation Extension Header as per value of
         the object."
    DEFVAL      { off }
    ::= { tCpmIPv6FilterEntry 39 }

tCpmIPv6FilterEntryHopByHopOpt   OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "If Enabled, matches a Hop-By-Hop options Extension Header as per value
         of the object."
    DEFVAL      { off }
    ::= { tCpmIPv6FilterEntry 40 }

tCpmIPv6FilterStatsTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIPv6FilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIPv6FilterStatsTable has a stats entry for each entry in each
         CPM filter configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 10 }

tCpmIPv6FilterStatsEntry         OBJECT-TYPE
    SYNTAX      TCpmIPv6FilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmIPv6FilterEntry indexed by the same tCpmIPv6FilterEntryId. Entries
         are created when tCpmIPv6FilterEntry rows are created."
    INDEX       { tCpmIPv6FilterEntryId }
    ::= { tCpmIPv6FilterStatsTable 1 }

TCpmIPv6FilterStatsEntry         ::= SEQUENCE
{
    tCpmIPv6FilterStatsDroppedPkts   Counter64,
    tCpmIPv6FilterStatsForwardedPkts Counter64
}

tCpmIPv6FilterStatsDroppedPkts   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterStatsDroppedPkts indicates the number of
         packets dropped due to the tCpmIPv6FilterEntry with the same index."
    ::= { tCpmIPv6FilterStatsEntry 1 }

tCpmIPv6FilterStatsForwardedPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterStatsForwardedPkts indicates the number of
         packets forwarded due to the tCpmIPv6FilterEntry with the same index."
    ::= { tCpmIPv6FilterStatsEntry 2 }

tmnxCpmProtPolTableLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolTableLastChanged indicates the sysUpTime at
         the time of the last modification of an entry in the
         tmnxCpmProtPolTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 11 }

tmnxCpmProtPolTable              OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtPolTable has an entry for each CPM Protection policy
         configured in the system. There are two default policies.

         CPM Protection policy (254) is the default Access CPM Protection
         policy. CPM Protection policy (255) is the default Network CPM
         Protection policy.

         The default CPM Protection policies are created by the system, and can
         be modified but cannot be destroyed.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 12 }

tmnxCpmProtPolEntry              OBJECT-TYPE
    SYNTAX      TmnxCpmProtPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the configuration information related to a
         CPM Protection policy."
    INDEX       { tmnxCpmProtPolicyId }
    ::= { tmnxCpmProtPolTable 1 }

TmnxCpmProtPolEntry              ::= SEQUENCE
{
    tmnxCpmProtPolicyId              TCpmProtPolicyID,
    tmnxCpmProtPolRowStatus          RowStatus,
    tmnxCpmProtPolLastChanged        TimeStamp,
    tmnxCpmProtPolDescription        TItemDescription,
    tmnxCpmProtPolPerSrcRateLimit    TmnxCpmPacketPolRateLimit,
    tmnxCpmProtPolOverallRateLimit   TmnxCpmPacketPolRateLimit,
    tmnxCpmProtPolAlarm              TruthValue,
    tmnxCpmProtPolOutProfileRate     TmnxCpmPacketPolRateLimit,
    tmnxCpmProtPolLimDhcpCiAddrZero  TruthValue,
    tmnxCpmProtPolOutProfRateLogEvnt TruthValue
}

tmnxCpmProtPolicyId              OBJECT-TYPE
    SYNTAX      TCpmProtPolicyID (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolicyId specifies the identification number
         of the CPM Protection policy."
    ::= { tmnxCpmProtPolEntry 1 }

tmnxCpmProtPolRowStatus          OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolRowStatus controls the creation and
         deletion of rows in this table."
    ::= { tmnxCpmProtPolEntry 2 }

tmnxCpmProtPolLastChanged        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolLastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxCpmProtPolEntry 3 }

tmnxCpmProtPolDescription        OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolDescription specifies the user provided
         description of this CPM Protection policy. The default CPM Protection
         policies 254 and 255 have a default description which can be modified
         by the user."
    DEFVAL      { ''H }
    ::= { tmnxCpmProtPolEntry 4 }

tmnxCpmProtPolPerSrcRateLimit    OBJECT-TYPE
    SYNTAX      TmnxCpmPacketPolRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolPerSrcRateLimit specifies the packet
         arrival rate limit to be applied to each source of packets.

         Objects referring to this CPM Protection policy that do not support
         per-source rate limiting, may ignore the
         tmnxCpmProtPolPerSrcRateLimit."
    DEFVAL      { -1 }
    ::= { tmnxCpmProtPolEntry 5 }

tmnxCpmProtPolOverallRateLimit   OBJECT-TYPE
    SYNTAX      TmnxCpmPacketPolRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolOverallRateLimit specifies the overall
         packet arrival rate limit to be applied to all sources of packets.

         A default value of -1, specifies an unrestricted packet arrival rate
         on the interface.

         The value of tmnxCpmProtPolOverallRateLimit is equal to 6000 for the
         default access policy (policy 254)."
    DEFVAL      { -1 }
    ::= { tmnxCpmProtPolEntry 6 }

tmnxCpmProtPolAlarm              OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolAlarm specifies if a notification must be
         issued when one of the packet arrival rate limits is crossed.

         A value of 'true' specifies that a notification must be issued."
    DEFVAL      { true }
    ::= { tmnxCpmProtPolEntry 7 }

tmnxCpmProtPolOutProfileRate     OBJECT-TYPE
    SYNTAX      TmnxCpmPacketPolRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolOutProfileRate specifies the threshold
         value at which incoming control packets are marked out of profile.

         A default value of -1 specifies absence of a set threshold on the
         interface.

         The value of tmnxCpmProtPolOutProfileRate is 6000 for the default
         access policy (policy 254)."
    DEFVAL      { 3000 }
    ::= { tmnxCpmProtPolEntry 8 }

tmnxCpmProtPolLimDhcpCiAddrZero  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolLimDhcpCiAddrZero specifies whether or not
         to apply per-source rate limiting to DHCP packets containing Client IP
         address zero (e.g., for IPv4, ciaddr = 0.0.0.0).

         For example, suppose a SAP has the following configuration:
           a) TIMETRA-SAP-MIB::sapCpmProtMonitorIP = 'true', and
           b) TIMETRA-SAP-MIB::sapCpmProtPolicyId = 7.

         Then, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection
         policy 7 is 'true', DHCP packets arriving at the SAP are rate limited
         using tmnxCpmProtPolPerSrcRateLimit, whether or not the ciaddr field is
         zero.  On the other hand, with the same SAP configuration, if the
         tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is
         'false', DHCP packets arriving at the SAP with ciaddr zero are exempt
         from the tmnxCpmProtPolPerSrcRateLimit.

         The value of this object is irrelevant if the SAP's
         TIMETRA-SAP-MIB::sapCpmProtMonitorIP value is 'false'."
    REFERENCE
        "RFC 2131 ('Dynamic Host Configuration Protocol') explains the role of
         the ciaddr field in the DHCP protocol."
    DEFVAL      { false }
    ::= { tmnxCpmProtPolEntry 9 }

tmnxCpmProtPolOutProfRateLogEvnt OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolOutProfRateLogEvnt controls the generation
         of log events when the out-profile-rate specified by
         tmnxCpmProtPolOutProfileRate is exceeded."
    DEFVAL      { false }
    ::= { tmnxCpmProtPolEntry 10 }

tmnxCpmProtDropUncfgdProtocolMsg OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtDropUncfgdProtocolMsg specifies the
         administrative state of the protocol protection facility.

         When the value of this object is set to 'inService (2)', network
         control protocol traffic is dropped if it is received on an interface
         where the protocol is not configured.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { outOfService }
    ::= { tmnxCpmSecurityObjs 13 }

tmnxCpmProtLinkRateLimit         OBJECT-TYPE
    SYNTAX      TmnxCpmPacketRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtLinkRateLimit specifies the link-specific
         packet arrival rate limit to be applied to link-level protocols such
         as LACP.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { 15000 }
    ::= { tmnxCpmSecurityObjs 14 }

tmnxCpmProtExcdTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdTableLastChanged indicates the sysUpTime
         at the time of the last add, change, or delete of a row in the
         tmnxCpmProtExcdTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 15 }

tmnxCpmProtExcdTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdTable has a row for each <service ID, SAP, source MAC
         address> triple that has exceeded the per-source rate limit configured
         for the <service ID, SAP> pair.  MAC-layer per-source rate limiting is
         enabled for a <service ID, SAP> pair by setting
         TIMETRA-SAP-MIB::sapCpmProtMonitorMac to 'true'.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 16 }

tmnxCpmProtExcdEntry             OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains statistics for a MAC packet stream that has exceeded
         its per-source rate limit.

         A row is created by the system the first time a <service ID, SAP,
         source MAC address> triple exceeds its per-source rate limit.  The
         row is updated by the system on subsequent violations.

         Rows are deleted when a clear operation is requested on the underlying
         statistics."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxCpmProtExcdMac
    }
    ::= { tmnxCpmProtExcdTable 1 }

TmnxCpmProtExcdEntry             ::= SEQUENCE
{
    tmnxCpmProtExcdMac               MacAddress,
    tmnxCpmProtExcdPeriods           Gauge32,
    tmnxCpmProtExcdTimeStarted       TimeStamp,
    tmnxCpmProtExcdTime              TimeStamp
}

tmnxCpmProtExcdMac               OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdMac indicates the MAC address of a source
         which has exceeded its per-source rate limit."
    ::= { tmnxCpmProtExcdEntry 1 }

tmnxCpmProtExcdPeriods           OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdPeriods indicates the number of times a
         per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdEntry 2 }

tmnxCpmProtExcdTimeStarted       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdTimeStarted indicates the sysUpTime at the
         time of the creation of this row."
    ::= { tmnxCpmProtExcdEntry 3 }

tmnxCpmProtExcdTime              OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdTime indicates the sysUpTime at the time
         of the last update of this row."
    ::= { tmnxCpmProtExcdEntry 4 }

tmnxCpmProtViolPortTableLastChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortTableLastChgd indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtViolPortTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 17 }

tmnxCpmProtViolPortTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolPortTable has an entry for each port where either
         the link-specific packet arrival rate limit or the per-port overall
         packet rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 18 }

tmnxCpmProtViolPortEntry         OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a port where the
         link-specific packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       { tmnxPortPortID }
    ::= { tmnxCpmProtViolPortTable 1 }

TmnxCpmProtViolPortEntry         ::= SEQUENCE
{
    tmnxCpmProtViolPortPeriods       Gauge32,
    tmnxCpmProtViolPortTimeStarted   TimeStamp,
    tmnxCpmProtViolPortTime          TimeStamp,
    tmnxCpmProtViolPortAggPeriods    Gauge32,
    tmnxCpmProtViolPortAggTimeStart  TimeStamp,
    tmnxCpmProtViolPortAggTime       TimeStamp
}

tmnxCpmProtViolPortPeriods       OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortPeriods indicates the number of times
         the link-specific rate limit violation was detected at this port.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolPortEntry 1 }

tmnxCpmProtViolPortTimeStarted   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortTimeStarted indicates the sysUpTime
         when the link-specific rate limit violation was detected the first
         time at this port."
    ::= { tmnxCpmProtViolPortEntry 2 }

tmnxCpmProtViolPortTime          OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortTime indicates the sysUpTime when the
         link-specific rate limit violation was detected the last time at this
         port."
    ::= { tmnxCpmProtViolPortEntry 3 }

tmnxCpmProtViolPortAggPeriods    OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortAggPeriods indicates the number of
         times the per-port overall rate limit violation was detected at this
         port."
    ::= { tmnxCpmProtViolPortEntry 4 }

tmnxCpmProtViolPortAggTimeStart  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortAggTimeStart indicates the sysUpTime
         when the per-port overall rate limit violation was detected the first
         time at this port."
    ::= { tmnxCpmProtViolPortEntry 5 }

tmnxCpmProtViolPortAggTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortAggTime indicates the sysUpTime when
         the per-port overall rate limit violation was detected the last time
         at this port."
    ::= { tmnxCpmProtViolPortEntry 6 }

tmnxCpmProtViolIfTableLastChgd   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfTableLastChgd indicates the sysUpTime at
         the time of the last modification of an entry in the
         tmnxCpmProtViolIfTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 19 }

tmnxCpmProtViolIfTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolIfTable has an entry for each router interface
         where the overall packet arrival rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 20 }

tmnxCpmProtViolIfEntry           OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a router
         interface where the overall packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        vRtrID,
        vRtrIfIndex
    }
    ::= { tmnxCpmProtViolIfTable 1 }

TmnxCpmProtViolIfEntry           ::= SEQUENCE
{
    tmnxCpmProtViolIfPeriods         Gauge32,
    tmnxCpmProtViolIfTimeStarted     TimeStamp,
    tmnxCpmProtViolIfTime            TimeStamp
}

tmnxCpmProtViolIfPeriods         OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfPeriods indicates the number of times
         the rate limit violation was detected at this router interface.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolIfEntry 1 }

tmnxCpmProtViolIfTimeStarted     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfTimeStarted indicates the sysUpTime at
         the time of the creation of this entry."
    ::= { tmnxCpmProtViolIfEntry 2 }

tmnxCpmProtViolIfTime            OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfTime indicates the sysUpTime at the time
         of the last modification of this entry."
    ::= { tmnxCpmProtViolIfEntry 3 }

tmnxCpmProtViolSapTableLastChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapTableLastChgd indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtViolSapTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 21 }

tmnxCpmProtViolSapTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolSapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolSapTable has an entry for each SAP where the
         overall packet arrival rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 22 }

tmnxCpmProtViolSapEntry          OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolSapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a SAP where the
         overall packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tmnxCpmProtViolSapTable 1 }

TmnxCpmProtViolSapEntry          ::= SEQUENCE
{
    tmnxCpmProtViolSapPeriods        Gauge32,
    tmnxCpmProtViolSapTimeStarted    TimeStamp,
    tmnxCpmProtViolSapTime           TimeStamp
}

tmnxCpmProtViolSapPeriods        OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapPeriods indicates the number of times
         the rate limit violation was detected at this SAP.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolSapEntry 1 }

tmnxCpmProtViolSapTimeStarted    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapTimeStarted indicates the sysUpTime at
         the time of the creation of this entry."
    ::= { tmnxCpmProtViolSapEntry 2 }

tmnxCpmProtViolSapTime           OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtViolSapEntry 3 }

tmnxCpmProtPortOverallRateLimit  OBJECT-TYPE
    SYNTAX      TmnxCpmPacketRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPortOverallRateLimit specifies the per-port
         packet arrival rate limit to be applied to all protocol messages that
         are to be processed by the CPM.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { -1 }
    ::= { tmnxCpmSecurityObjs 23 }

tmnxCpmProtDetectPeriod          OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "100 milliseconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtDetectPeriod indicates the length of a packet
         arrival rate limit detection period.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 24 }

tCpmMacFilterTable               OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmMacFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmMacFilterTable has an entry for each CPM Mac filter entry
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 25 }

tCpmMacFilterEntry               OBJECT-TYPE
    SYNTAX      TCpmMacFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular Cpm Mac Filter match entry. The
         Cpm Mac Filter can have zero or more Cpm Mac Filter match entries. A
         filter entry with no match criteria set will match every packet, and
         the entry action will be taken. Entries are created/deleted by user."
    INDEX       { tCpmMacFltrEntryId }
    ::= { tCpmMacFilterTable 1 }

TCpmMacFilterEntry               ::= SEQUENCE
{
    tCpmMacFltrEntryId               TEntryId,
    tCpmMacFltrEntryRowStatus        RowStatus,
    tCpmMacFltrEntryLastChanged      TimeStamp,
    tCpmMacFltrEntryLogId            TFilterLogId,
    tCpmMacFltrEntryDescription      TItemDescription,
    tCpmMacFltrEntryAction           TCpmFilterActionOrDefault,
    tCpmMacFltrEntryQueueId          TCpmFilterQueueId,
    tCpmMacFltrEntryFrameType        TmnxCpmMacFltrFrameType,
    tCpmMacFltrEntrySvcId            TmnxServId,
    tCpmMacFltrEntryDot1pValue       Dot1PPriority,
    tCpmMacFltrEntryDot1pMask        Dot1PPriorityMask,
    tCpmMacFltrEntryDsap             ServiceAccessPoint,
    tCpmMacFltrEntryDsapMask         ServiceAccessPoint,
    tCpmMacFltrEntrySrcMAC           MacAddress,
    tCpmMacFltrEntrySrcMACMask       MacAddress,
    tCpmMacFltrEntryDstMAC           MacAddress,
    tCpmMacFltrEntryDstMACMask       MacAddress,
    tCpmMacFltrEntryEtherType        Integer32,
    tCpmMacFltrEntrySsap             ServiceAccessPoint,
    tCpmMacFltrEntrySsapMask         ServiceAccessPoint,
    tCpmMacFltrEntryCfmOpCodeOper    TOperator,
    tCpmMacFltrEntryCfmOpCodeValue1  Unsigned32,
    tCpmMacFltrEntryCfmOpCodeValue2  Unsigned32,
    tCpmMacFltrEntryLogCreated       TruthValue
}

tCpmMacFltrEntryId               OBJECT-TYPE
    SYNTAX      TEntryId (1..131072)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryId is used to index into the
         tCpmMacFilterTable. It uniquely identifies a CPM Mac filter entry as
         configured on this system."
    ::= { tCpmMacFilterEntry 1 }

tCpmMacFltrEntryRowStatus        OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryRowStatus specifies the row status. It
         allows entries to be created and deleted in the tCpmMacFilterTable."
    ::= { tCpmMacFilterEntry 2 }

tCpmMacFltrEntryLastChanged      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryLastChanged indicates the timestamp of
         the last change to this row in tCpmMacFilterTable."
    ::= { tCpmMacFilterEntry 3 }

tCpmMacFltrEntryLogId            OBJECT-TYPE
    SYNTAX      TFilterLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryLogId specifies the log in which packets
         matching this entry should be entered. The value zero indicates that
         logging is disabled."
    DEFVAL      { 0 }
    ::= { tCpmMacFilterEntry 4 }

tCpmMacFltrEntryDescription      OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryDescription specifies the user-provided
         string describing this filter entry."
    DEFVAL      { ''H }
    ::= { tCpmMacFilterEntry 5 }

tCpmMacFltrEntryAction           OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryAction specifies the action to take for
         packets that match this filter entry. The value default(4) specifies
         this entry to inherit the behavior defined as the default for the
         filter in tCpmFilterDefaultAction.

         The value queue(3) can only be specified if a valid queue id is
         entered in tCpmMacFltrEntryQueueId."
    DEFVAL      { drop }
    ::= { tCpmMacFilterEntry 6 }

tCpmMacFltrEntryQueueId          OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryQueueId specifies which queue to put the
         packet in when tCpmMacFltrEntryAction is queue (3).

         If the value of tCpmMacFltrEntryAction is different from queue (3)
         tCpmMacFltrEntryQueueId will be forced by the system to 0, and any
         change attempt will be silently discarded."
    DEFVAL      { 0 }
    ::= { tCpmMacFilterEntry 7 }

tCpmMacFltrEntryFrameType        OBJECT-TYPE
    SYNTAX      TmnxCpmMacFltrFrameType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryFrameType specifies the type of mac frame
         for which we are defining this match criteria. The value 'none' means
         that this entry is not matching on any ethernet frame.

         The value 'e802dot1ag(4)' is deprecated, and replaced by
         e802dot2LLC(1)."
    DEFVAL      { none }
    ::= { tCpmMacFilterEntry 8 }

tCpmMacFltrEntrySvcId            OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySvcId specifies the service-id
         in which the packet is to be received for this entry to match. A value
         of 0 indicates: any service."
    DEFVAL      { 0 }
    ::= { tCpmMacFilterEntry 9 }

tCpmMacFltrEntryDot1pValue       OBJECT-TYPE
    SYNTAX      Dot1PPriority
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Filtering on dot1p bits is currently not offered on cpm-mac filters.
         All set actions on this object will therefore be ignored."
    DEFVAL      { -1 }
    ::= { tCpmMacFilterEntry 10 }

tCpmMacFltrEntryDot1pMask        OBJECT-TYPE
    SYNTAX      Dot1PPriorityMask
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Filtering on dot1p bits is currently not offered on cpm-mac filters.
         All set actions on this object will therefore be ignored."
    DEFVAL      { 0 }
    ::= { tCpmMacFilterEntry 11 }

tCpmMacFltrEntryDsap             OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDsap specifies the MAC DSAP to
         match for this MAC filter entry. This object has no significance if
         the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tCpmMacFilterEntry 12 }

tCpmMacFltrEntryDsapMask         OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDsapMask specifies the MAC
         DSAP mask for this MAC filter entry. This object has no significance
         if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tCpmMacFilterEntry 13 }

tCpmMacFltrEntrySrcMAC           OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySrcMAC specifies the source
         MAC to match for this policy MAC filter entry."
    DEFVAL      { '000000000000'H }
    ::= { tCpmMacFilterEntry 14 }

tCpmMacFltrEntrySrcMACMask       OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySrcMACMask specifies the
         source MAC mask value for this policy MAC filter entry. The mask is
         ANDed with the MAC to match tCpmMacFltrEntrySrcMAC. A zero bit means
         ignore this bit, do not match. A one bit means match this bit with
         tCpmMacFltrEntrySrcMAC. Use the value 00-00-00-00-00-00 to disable
         this filter criteria."
    DEFVAL      { '000000000000'H }
    ::= { tCpmMacFilterEntry 15 }

tCpmMacFltrEntryDstMAC           OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDstMAC specifies the
         Destination MAC mask value for this policy MAC filter entry."
    DEFVAL      { '000000000000'H }
    ::= { tCpmMacFilterEntry 16 }

tCpmMacFltrEntryDstMACMask       OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDstMACMask specifies
         the destination MAC mask value for this policy MAC filter entry.
         The mask is ANDed with the MAC to match tCpmMacFltrEntryDstMAC.
         A zero bit means ignore this bit, do not match.  a one bit means
         match this bit with tCpmMacFltrEntryDstMAC.
         Use the value 00-00-00-00-00-00 to disable this filter criteria."
    DEFVAL      { '000000000000'H }
    ::= { tCpmMacFilterEntry 17 }

tCpmMacFltrEntryEtherType        OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 1536..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryEtherType specifies the
         Ethertype for this MAC filter entry. Use -1 to disable matching by
         this criteria. This object has no significance if the object
         tCpmMacFltrEntryFrameType is not set to Ethernet_II."
    DEFVAL      { -1 }
    ::= { tCpmMacFilterEntry 18 }

tCpmMacFltrEntrySsap             OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySsap specifies the MAC SSAP to
         match for this MAC filter entry. This object has no significance if
         the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tCpmMacFilterEntry 21 }

tCpmMacFltrEntrySsapMask         OBJECT-TYPE
    SYNTAX      ServiceAccessPoint
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySsapMask specifies the MAC
         SSAP mask for this MAC filter entry. Use 0 to disable matching by this
         criteria. This object has no significance if the object
         tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
    DEFVAL      { -1 }
    ::= { tCpmMacFilterEntry 22 }

tCpmMacFltrEntryCfmOpCodeOper    OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryCfmOpCodeOper specifies which
         type of opcode checking is to be performed. If different from none,
         more info is provided in the objects tCpmMacFltrEntryCfmOpCodeValue1
         and tCpmMacFltrEntryCfmOpCodeValue2. This object has significance only
         if the object tCpmMacFltrEntryFrameType refers to either ieee802.1ag
         or Y1731."
    DEFVAL      { none }
    ::= { tCpmMacFilterEntry 23 }

tCpmMacFltrEntryCfmOpCodeValue1  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryCfmOpCodeValue1 specifies a
         cfm opcode. The value of this object is used as per the description
         for tCpmMacFltrEntryCfmOpCodeOper."
    DEFVAL      { 0 }
    ::= { tCpmMacFilterEntry 24 }

tCpmMacFltrEntryCfmOpCodeValue2  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryCfmOpCodeValue2 specifies a
         cfm opcode. The value of this object is used as per the description
         for tCpmMacFltrEntryCfmOpCodeOper."
    DEFVAL      { 0 }
    ::= { tCpmMacFilterEntry 25 }

tCpmMacFltrEntryLogCreated       OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryLogCreated indicates whether the filter
         log for this filter entry has been instantiated."
    ::= { tCpmMacFilterEntry 26 }

tCpmMacFilterStatsTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmMacFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmMacFilterStatsTable has a stats entry of the CPM Mac filter
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 26 }

tCpmMacFilterStatsEntry          OBJECT-TYPE
    SYNTAX      TCpmMacFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmMacFilterEntry indexed by the same tCpmMacFltrEntryId. Entries are
         created when tCpmMacFilterEntry rows are created."
    INDEX       { tCpmMacFltrEntryId }
    ::= { tCpmMacFilterStatsTable 1 }

TCpmMacFilterStatsEntry          ::= SEQUENCE
{
    tCpmMacFilterStatsDroppedPkts    Counter64,
    tCpmMacFilterStatsForwardedPkts  Counter64
}

tCpmMacFilterStatsDroppedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFilterStatsDroppedPkts indicates the number of
         packets dropped due to the tCpmMacFilterEntry with the same index."
    ::= { tCpmMacFilterStatsEntry 1 }

tCpmMacFilterStatsForwardedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFilterStatsForwardedPkts indicates the number of
         packets forwarded due to the tCpmMacFilterEntry with the same index."
    ::= { tCpmMacFilterStatsEntry 2 }

tmnxCpmProtAllowShamLinkPackets  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtAllowShamLinkPackets specifies whether OSPF
         sham-link traffic will be allowed over VPRN transport tunnels.

         When the value of this object is set to 'true (1)', OSPF sham-link
         traffic will be allowed even if OSPF is not configured. When the value
         of this object is set to 'false (2)', OSPF sham-link traffic is
         dropped if it is received on an interface where the protocol is not
         configured.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 27 }

tmnxCpmProtViolVdoSvcTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolVdoSvcEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolVdoSvcTable has an entry for each client address of
         a RTCP control traffic in VPLS service where the per-source rate limit
         was violated."
    ::= { tmnxCpmSecurityObjs 28 }

tmnxCpmProtViolVdoSvcEntry       OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolVdoSvcEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a client address
         of a RTCP control traffic in VPLS service where the per-source rate
         limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        tmnxCpmProtViolVdoSvcCltAddrType,
        tmnxCpmProtViolVdoSvcCltAddr
    }
    ::= { tmnxCpmProtViolVdoSvcTable 1 }

TmnxCpmProtViolVdoSvcEntry       ::= SEQUENCE
{
    tmnxCpmProtViolVdoSvcCltAddrType InetAddressType,
    tmnxCpmProtViolVdoSvcCltAddr     InetAddress,
    tmnxCpmProtViolVdoSvcPeriods     Gauge32,
    tmnxCpmProtViolVdoSvcTimeStarted TimeStamp,
    tmnxCpmProtViolVdoSvcTime        TimeStamp,
    tmnxCpmProtViolVdoSvcVrtrIfIndex InterfaceIndex
}

tmnxCpmProtViolVdoSvcCltAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcCltAddrType indicates the type of
         address represented by tmnxCpmProtViolVdoSvcCltAddr."
    ::= { tmnxCpmProtViolVdoSvcEntry 1 }

tmnxCpmProtViolVdoSvcCltAddr     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP
         address of a RTCP control traffic in VPLS service where the per-source
         rate limit was violated."
    ::= { tmnxCpmProtViolVdoSvcEntry 2 }

tmnxCpmProtViolVdoSvcPeriods     OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcPeriods indicates the number of
         times the per-source rate limit violation was detected for this
         client.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolVdoSvcEntry 3 }

tmnxCpmProtViolVdoSvcTimeStarted OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcTimeStarted indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolVdoSvcEntry 4 }

tmnxCpmProtViolVdoSvcTime        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtViolVdoSvcEntry 5 }

tmnxCpmProtViolVdoSvcVrtrIfIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcVrtrIfIndex specifies the secondary
         index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video
         interface where the per-source rate limit was violated. The value of
         primary index TIMETRA-VRTR-MIB::vRtrIfTable will be equal to the
         virtual router identifier of vpls-management which is 4094."
    ::= { tmnxCpmProtViolVdoSvcEntry 6 }

tmnxCpmProtViolVdoVrtrTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolVdoVrtrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolVdoVrtrTable has an entry for each client address
         of a RTCP control traffic in router context where the per-source rate
         limit was violated."
    ::= { tmnxCpmSecurityObjs 29 }

tmnxCpmProtViolVdoVrtrEntry      OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolVdoVrtrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a client address
         of a RTCP control traffic in router context where the per-source rate
         limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        vRtrID,
        tmnxCpmProtViolVdoVrtrCltAdrType,
        tmnxCpmProtViolVdoVrtrCltAddr
    }
    ::= { tmnxCpmProtViolVdoVrtrTable 1 }

TmnxCpmProtViolVdoVrtrEntry      ::= SEQUENCE
{
    tmnxCpmProtViolVdoVrtrCltAdrType InetAddressType,
    tmnxCpmProtViolVdoVrtrCltAddr    InetAddress,
    tmnxCpmProtViolVdoVrtrPeriods    Gauge32,
    tmnxCpmProtViolVdoVrtrTimeStart  TimeStamp,
    tmnxCpmProtViolVdoVrtrTime       TimeStamp,
    tmnxCpmProtViolVdoVrtrSvcId      TmnxServId,
    tmnxCpmProtViolVdoVrtrIfIndex    InterfaceIndex
}

tmnxCpmProtViolVdoVrtrCltAdrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrCltAdrType indicates the type of
         address represented by tmnxCpmProtViolVdoVrtrCltAddr."
    ::= { tmnxCpmProtViolVdoVrtrEntry 1 }

tmnxCpmProtViolVdoVrtrCltAddr    OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrCltAddr indicates the client IP
         address of a RTCP control traffic in router context where the
         per-source rate limit was violated."
    ::= { tmnxCpmProtViolVdoVrtrEntry 2 }

tmnxCpmProtViolVdoVrtrPeriods    OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrPeriods indicates the number of
         times the per-source rate limit violation was detected for this
         client.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolVdoVrtrEntry 3 }

tmnxCpmProtViolVdoVrtrTimeStart  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrTimeStart indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolVdoVrtrEntry 4 }

tmnxCpmProtViolVdoVrtrTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtViolVdoVrtrEntry 5 }

tmnxCpmProtViolVdoVrtrSvcId      OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrSvcId indicates the row index in
         the TIMETRA-SERV-MIB::svcBaseInfoTable corresponding to the service
         where the per-source rate limit was violated."
    ::= { tmnxCpmProtViolVdoVrtrEntry 6 }

tmnxCpmProtViolVdoVrtrIfIndex    OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrIfIndex specifies the secondary
         index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video
         interface where the per-source rate limit was violated. The value of
         vRtrID specifies the primary index in the
         TIMETRA-VRTR-MIB::vRtrIfTable."
    ::= { tmnxCpmProtViolVdoVrtrEntry 7 }

tmnxCpmProtEthCfmPolTableLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolTableLastChg indicates the value of
         the sysUpTime object when the last change was made to
         tmnxCpmProtEthCfmPolTable. A value of 0 indicates that no changes were
         made to tmnxCpmProtEthCfmPolTable since the system was last
         initialized."
    ::= { tmnxCpmSecurityObjs 30 }

tmnxCpmProtEthCfmPolTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtEthCfmPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an
         Access Control List) used to rate limit the flow of Ethernet
         Connectivity Fault Management packets.  The table can be used to
         minimize the impact of an Eth-CFM Denial of Service attack.

         The table extends tmnxCpmProtPolTable, by allowing several
         <rate-limit, eth-cfm-level, eth-cfm-opcode> triples to be defined for
         a CPM protection policy.

         For example, tmnxCpmProtEthCfmPolTable could contain the following
         information (where the column labels for the table's index objects are
         in upper case):
            POLICY ID  ENTRY NUM  Level  Opcode    Rate Limit
            ---------  ---------  -----  ------    ----------
            250        10         {4}    {10}      100 packets/sec
            250        20         {4,6}  {1,3}     200 packets/sec
            250        30         {0-7}  {0-255}   300 packets/sec

         {0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}.

         Suppose the example configuration above is in place, and an Eth-CFM
         PDU arrives on a SAP which has Policy ID 250 configured against it.
         If the PDU contains level=4 and opcode=1, the 200 packets/sec rate
         limit is applied.  Within a Policy ID, the first row (i.e.
         the row with the lowest entry number) matching the PDU applies.
         Therefore, the third row in the example applies a 300 packets/sec
         limit to any PDU which does not match the first or second row.

         At most four Policy IDs can have rows in this table.  At most 10 rows
         are supported per Policy ID.

         If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values
         (e.g. 10, 20, 30) when initially creating the rows for a particular
         tmnxCpmProtPolicyId, it will be possible to add rows in the gaps
         later, without reconfiguration.

         A prerequisite for creating a row in this table:  a row with the same
         tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable.  Deleting a row
         in tmnxCpmProtPolTable deletes all the rows in this table with
         matching tmnxCpmProtPolicyId values."
    REFERENCE
        "ITU-T Y.1731 Specification, 02/2008"
    ::= { tmnxCpmSecurityObjs 31 }

tmnxCpmProtEthCfmPolEntry        OBJECT-TYPE
    SYNTAX      TmnxCpmProtEthCfmPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row specifies a set of Ethernet CFM packets to be rate limited,
         and the associated rate limit.

         Table rows are created and destroyed using
         tmnxCpmProtEthCfmPolRowStatus."
    INDEX       {
        tmnxCpmProtPolicyId,
        tmnxCpmProtEthCfmPolEntryNum
    }
    ::= { tmnxCpmProtEthCfmPolTable 1 }

TmnxCpmProtEthCfmPolEntry        ::= SEQUENCE
{
    tmnxCpmProtEthCfmPolEntryNum     Unsigned32,
    tmnxCpmProtEthCfmPolRowStatus    RowStatus,
    tmnxCpmProtEthCfmPolLastChanged  TimeStamp,
    tmnxCpmProtEthCfmPolLevelSet     BITS,
    tmnxCpmProtEthCfmPolOpCodeSet    BITS,
    tmnxCpmProtEthCfmPolRateLimit    TmnxCpmPktPolRateLimitInclZero
}

tmnxCpmProtEthCfmPolEntryNum     OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolEntryNum specifies a user-selected
         entry number.  This index exists to allow multiple
         tmnxCpmProtEthCfmPolTable rows for one tmnxCpmProtPolicyId."
    ::= { tmnxCpmProtEthCfmPolEntry 1 }

tmnxCpmProtEthCfmPolRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolRowStatus specifies the row status of
         this tmnxCpmProtEthCfmPolEntry."
    ::= { tmnxCpmProtEthCfmPolEntry 2 }

tmnxCpmProtEthCfmPolLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolLastChanged indicates the value of
         the sysUpTime object when the last change was made to this row.  A
         value of 0 indicates that no changes were made to this row since the
         system was last initialized."
    ::= { tmnxCpmProtEthCfmPolEntry 3 }

tmnxCpmProtEthCfmPolLevelSet     OBJECT-TYPE
    SYNTAX      BITS {
        level0 (0),
        level1 (1),
        level2 (2),
        level3 (3),
        level4 (4),
        level5 (5),
        level6 (6),
        level7 (7)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolLevelSet specifies a set of MEG
         (Maintenance Entity Group) Level values.  At least one Level must be
         specified (i.e. the empty set is not supported).

         The rate limit specified by tmnxCpmProtEthCfmPolRateLimit applies to an
         Eth-CFM PDU if:
         a) tmnxCpmProtPolicyId is configured against the PDU stream containing
            the PDU, and
         b) the PDU's MEL (MEG Level) value is an element of
            tmnxCpmProtEthCfmPolLevelSet, and
         c) the PDU's Opcode value is an element of
            tmnxCpmProtEthCfmPolOpCodeSet."
    ::= { tmnxCpmProtEthCfmPolEntry 4 }

tmnxCpmProtEthCfmPolOpCodeSet    OBJECT-TYPE
    SYNTAX      BITS {
        opCode0   (0),
        opCode1   (1),
        opCode2   (2),
        opCode3   (3),
        opCode4   (4),
        opCode5   (5),
        opCode6   (6),
        opCode7   (7),
        opCode8   (8),
        opCode9   (9),
        opCode10  (10),
        opCode11  (11),
        opCode12  (12),
        opCode13  (13),
        opCode14  (14),
        opCode15  (15),
        opCode16  (16),
        opCode17  (17),
        opCode18  (18),
        opCode19  (19),
        opCode20  (20),
        opCode21  (21),
        opCode22  (22),
        opCode23  (23),
        opCode24  (24),
        opCode25  (25),
        opCode26  (26),
        opCode27  (27),
        opCode28  (28),
        opCode29  (29),
        opCode30  (30),
        opCode31  (31),
        opCode32  (32),
        opCode33  (33),
        opCode34  (34),
        opCode35  (35),
        opCode36  (36),
        opCode37  (37),
        opCode38  (38),
        opCode39  (39),
        opCode40  (40),
        opCode41  (41),
        opCode42  (42),
        opCode43  (43),
        opCode44  (44),
        opCode45  (45),
        opCode46  (46),
        opCode47  (47),
        opCode48  (48),
        opCode49  (49),
        opCode50  (50),
        opCode51  (51),
        opCode52  (52),
        opCode53  (53),
        opCode54  (54),
        opCode55  (55),
        opCode56  (56),
        opCode57  (57),
        opCode58  (58),
        opCode59  (59),
        opCode60  (60),
        opCode61  (61),
        opCode62  (62),
        opCode63  (63),
        opCode64  (64),
        opCode65  (65),
        opCode66  (66),
        opCode67  (67),
        opCode68  (68),
        opCode69  (69),
        opCode70  (70),
        opCode71  (71),
        opCode72  (72),
        opCode73  (73),
        opCode74  (74),
        opCode75  (75),
        opCode76  (76),
        opCode77  (77),
        opCode78  (78),
        opCode79  (79),
        opCode80  (80),
        opCode81  (81),
        opCode82  (82),
        opCode83  (83),
        opCode84  (84),
        opCode85  (85),
        opCode86  (86),
        opCode87  (87),
        opCode88  (88),
        opCode89  (89),
        opCode90  (90),
        opCode91  (91),
        opCode92  (92),
        opCode93  (93),
        opCode94  (94),
        opCode95  (95),
        opCode96  (96),
        opCode97  (97),
        opCode98  (98),
        opCode99  (99),
        opCode100 (100),
        opCode101 (101),
        opCode102 (102),
        opCode103 (103),
        opCode104 (104),
        opCode105 (105),
        opCode106 (106),
        opCode107 (107),
        opCode108 (108),
        opCode109 (109),
        opCode110 (110),
        opCode111 (111),
        opCode112 (112),
        opCode113 (113),
        opCode114 (114),
        opCode115 (115),
        opCode116 (116),
        opCode117 (117),
        opCode118 (118),
        opCode119 (119),
        opCode120 (120),
        opCode121 (121),
        opCode122 (122),
        opCode123 (123),
        opCode124 (124),
        opCode125 (125),
        opCode126 (126),
        opCode127 (127),
        opCode128 (128),
        opCode129 (129),
        opCode130 (130),
        opCode131 (131),
        opCode132 (132),
        opCode133 (133),
        opCode134 (134),
        opCode135 (135),
        opCode136 (136),
        opCode137 (137),
        opCode138 (138),
        opCode139 (139),
        opCode140 (140),
        opCode141 (141),
        opCode142 (142),
        opCode143 (143),
        opCode144 (144),
        opCode145 (145),
        opCode146 (146),
        opCode147 (147),
        opCode148 (148),
        opCode149 (149),
        opCode150 (150),
        opCode151 (151),
        opCode152 (152),
        opCode153 (153),
        opCode154 (154),
        opCode155 (155),
        opCode156 (156),
        opCode157 (157),
        opCode158 (158),
        opCode159 (159),
        opCode160 (160),
        opCode161 (161),
        opCode162 (162),
        opCode163 (163),
        opCode164 (164),
        opCode165 (165),
        opCode166 (166),
        opCode167 (167),
        opCode168 (168),
        opCode169 (169),
        opCode170 (170),
        opCode171 (171),
        opCode172 (172),
        opCode173 (173),
        opCode174 (174),
        opCode175 (175),
        opCode176 (176),
        opCode177 (177),
        opCode178 (178),
        opCode179 (179),
        opCode180 (180),
        opCode181 (181),
        opCode182 (182),
        opCode183 (183),
        opCode184 (184),
        opCode185 (185),
        opCode186 (186),
        opCode187 (187),
        opCode188 (188),
        opCode189 (189),
        opCode190 (190),
        opCode191 (191),
        opCode192 (192),
        opCode193 (193),
        opCode194 (194),
        opCode195 (195),
        opCode196 (196),
        opCode197 (197),
        opCode198 (198),
        opCode199 (199),
        opCode200 (200),
        opCode201 (201),
        opCode202 (202),
        opCode203 (203),
        opCode204 (204),
        opCode205 (205),
        opCode206 (206),
        opCode207 (207),
        opCode208 (208),
        opCode209 (209),
        opCode210 (210),
        opCode211 (211),
        opCode212 (212),
        opCode213 (213),
        opCode214 (214),
        opCode215 (215),
        opCode216 (216),
        opCode217 (217),
        opCode218 (218),
        opCode219 (219),
        opCode220 (220),
        opCode221 (221),
        opCode222 (222),
        opCode223 (223),
        opCode224 (224),
        opCode225 (225),
        opCode226 (226),
        opCode227 (227),
        opCode228 (228),
        opCode229 (229),
        opCode230 (230),
        opCode231 (231),
        opCode232 (232),
        opCode233 (233),
        opCode234 (234),
        opCode235 (235),
        opCode236 (236),
        opCode237 (237),
        opCode238 (238),
        opCode239 (239),
        opCode240 (240),
        opCode241 (241),
        opCode242 (242),
        opCode243 (243),
        opCode244 (244),
        opCode245 (245),
        opCode246 (246),
        opCode247 (247),
        opCode248 (248),
        opCode249 (249),
        opCode250 (250),
        opCode251 (251),
        opCode252 (252),
        opCode253 (253),
        opCode254 (254),
        opCode255 (255)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolOpCodeSet specifies a set of Eth-CFM
         PDU Opcode values to be matched against the Opcode field of an Eth-CFM
         PDU which is subject to rate limiting.  At least one Opcode must be
         specified (i.e. the empty set is not supported).

         This object works in conjunction with tmnxCpmProtEthCfmPolLevelSet, as
         described in the tmnxCpmProtEthCfmPolLevelSet DESCRIPTION."
    ::= { tmnxCpmProtEthCfmPolEntry 5 }

tmnxCpmProtEthCfmPolRateLimit    OBJECT-TYPE
    SYNTAX      TmnxCpmPktPolRateLimitInclZero
    UNITS       "packets per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolRateLimit specifies the rate limit to
         be enforced for the Eth-CFM packet stream specified by
         tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolLevelSet, and
         tmnxCpmProtEthCfmPolOpCodeSet."
    DEFVAL      { -1 }
    ::= { tmnxCpmProtEthCfmPolEntry 6 }

tmnxCpmProtViolSdpBindTblLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindTblLastChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtViolSdpBindTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 32 }

tmnxCpmProtViolSdpBindTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtViolSdpBindTable has a row for each SDP binding, where the
         overall packet arrival rate limit was violated."
    ::= { tmnxCpmSecurityObjs 33 }

tmnxCpmProtViolSdpBindEntry      OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for an SDP binding where the overall
         packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sdpBindId
    }
    ::= { tmnxCpmProtViolSdpBindTable 1 }

TmnxCpmProtViolSdpBindEntry      ::= SEQUENCE
{
    tmnxCpmProtViolSdpBindPeriods    Counter32,
    tmnxCpmProtViolSdpBindTimeStartd TimeStamp,
    tmnxCpmProtViolSdpBindTime       TimeStamp
}

tmnxCpmProtViolSdpBindPeriods    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindPeriods indicates the number of
         times a rate limit violation was detected at this SDP binding.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolSdpBindEntry 1 }

tmnxCpmProtViolSdpBindTimeStartd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindTimeStartd indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolSdpBindEntry 2 }

tmnxCpmProtViolSdpBindTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtViolSdpBindEntry 3 }

tmnxCpmProtExcdSdpBindTblLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindTblLastChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtExcdSdpBindTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 34 }

tmnxCpmProtExcdSdpBindTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSdpBindTable has a row for each SDP binding and source
         MAC address pair that has exceeded its per-source rate limit. The
         equivalent table for SAPs is tmnxCpmProtExcdTable."
    ::= { tmnxCpmSecurityObjs 35 }

tmnxCpmProtExcdSdpBindEntry      OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for a PDU stream that has exceeded
         its per-source rate limit.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sdpBindId,
        tmnxCpmProtExcdSdpBindMac
    }
    ::= { tmnxCpmProtExcdSdpBindTable 1 }

TmnxCpmProtExcdSdpBindEntry      ::= SEQUENCE
{
    tmnxCpmProtExcdSdpBindMac        MacAddress,
    tmnxCpmProtExcdSdpBindPeriods    Counter32,
    tmnxCpmProtExcdSdpBindTimeStartd TimeStamp,
    tmnxCpmProtExcdSdpBindTime       TimeStamp
}

tmnxCpmProtExcdSdpBindMac        OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindMac specifies the MAC address of
         the source."
    ::= { tmnxCpmProtExcdSdpBindEntry 1 }

tmnxCpmProtExcdSdpBindPeriods    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindPeriods indicates the number of
         times a per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSdpBindEntry 2 }

tmnxCpmProtExcdSdpBindTimeStartd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindTimeStartd indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtExcdSdpBindEntry 3 }

tmnxCpmProtExcdSdpBindTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtExcdSdpBindEntry 4 }

tmnxCpmProtExcdSdpBindEcmTblLChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmTblLChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtExcdSdpBindEcmTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 36 }

tmnxCpmProtExcdSdpBindEcmTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSdpBindEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSdpBindEcmTable has a row for each Ethernet
         Connectivity Fault Management (Eth-CFM) PDU stream, served by an SDP
         binding, that has exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmSecurityObjs 37 }

tmnxCpmProtExcdSdpBindEcmEntry   OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSdpBindEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for an Eth-CFM PDU stream that has
         exceeded its Eth-CFM rate limit.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sdpBindId,
        tmnxCpmProtExcdSdpBindEcmMac,
        tmnxCpmProtExcdSdpBindEcmLevel,
        tmnxCpmProtExcdSdpBindEcmOpCode
    }
    ::= { tmnxCpmProtExcdSdpBindEcmTable 1 }

TmnxCpmProtExcdSdpBindEcmEntry   ::= SEQUENCE
{
    tmnxCpmProtExcdSdpBindEcmMac     MacAddress,
    tmnxCpmProtExcdSdpBindEcmLevel   Dot1agCfmMDLevel,
    tmnxCpmProtExcdSdpBindEcmOpCode  TmnxCpmProtEthCfmOpCode,
    tmnxCpmProtExcdSdpBindEcmPeriods Counter32,
    tmnxCpmProtExcdSdpBindEcmStarted TimeStamp,
    tmnxCpmProtExcdSdpBindEcmTime    TimeStamp
}

tmnxCpmProtExcdSdpBindEcmMac     OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmMac specifies a source MAC
         address.  The Eth-CFM PDU stream matching the MAC address (and
         matching the other index values of this table) has exceeded its
         Eth-CFM rate limit.

         The manager must provide the all-zero MAC address to get a row for a
         stream which is Eth-CFM rate limited using the
         'ethCfmMonitorAggregate(1)' option of the
         sdpBindCpmProtEthCfmMonitorFlags object."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 1 }

tmnxCpmProtExcdSdpBindEcmLevel   OBJECT-TYPE
    SYNTAX      Dot1agCfmMDLevel
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmLevel specifies an Eth-CFM domain
         level.  The Eth-CFM PDU stream matching the domain level (and matching
         the other index values of this table) has exceeded its Eth-CFM rate
         limit."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 2 }

tmnxCpmProtExcdSdpBindEcmOpCode  OBJECT-TYPE
    SYNTAX      TmnxCpmProtEthCfmOpCode
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmOpCode specifies an Eth-CFM
         opcode (e.g. Continuity Check Message == 1).  The Eth-CFM PDU stream
         matching the opcode (and matching the other index values of this table)
         has exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 3 }

tmnxCpmProtExcdSdpBindEcmPeriods OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmPeriods indicates the number of
         times a rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 4 }

tmnxCpmProtExcdSdpBindEcmStarted OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmStarted indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 5 }

tmnxCpmProtExcdSdpBindEcmTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmTime indicates the sysUpTime at
         the time of the last update of this entry."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 6 }

tmnxCpmProtExcdSapEcmTblLChg     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmTblLChg indicates the sysUpTime at
         the time of the last modification of an entry in the
         tmnxCpmProtExcdSapEcmTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 38 }

tmnxCpmProtExcdSapEcmTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSapEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSapEcmTable has a row for each Ethernet Connectivity
         Fault Management (Eth-CFM) PDU stream, served by a SAP, that has
         exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmSecurityObjs 39 }

tmnxCpmProtExcdSapEcmEntry       OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSapEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for an Eth-CFM PDU stream that has
         exceeded its Eth-CFM rate limit.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxCpmProtExcdSapEcmMac,
        tmnxCpmProtExcdSapEcmLevel,
        tmnxCpmProtExcdSapEcmOpCode
    }
    ::= { tmnxCpmProtExcdSapEcmTable 1 }

TmnxCpmProtExcdSapEcmEntry       ::= SEQUENCE
{
    tmnxCpmProtExcdSapEcmMac         MacAddress,
    tmnxCpmProtExcdSapEcmLevel       Dot1agCfmMDLevel,
    tmnxCpmProtExcdSapEcmOpCode      TmnxCpmProtEthCfmOpCode,
    tmnxCpmProtExcdSapEcmPeriods     Counter32,
    tmnxCpmProtExcdSapEcmStarted     TimeStamp,
    tmnxCpmProtExcdSapEcmTime        TimeStamp
}

tmnxCpmProtExcdSapEcmMac         OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmMac specifies a source MAC
         address.  The Eth-CFM PDU stream matching the MAC address (and
         matching the other index values of this table) has exceeded its
         Eth-CFM rate limit.

         The manager must provide the all-zero MAC address to get a row for a
         stream which is Eth-CFM rate limited using the
         'ethCfmMonitorAggregate(1)' option of the sapCpmProtEthCfmMonitorFlags
         object."
    ::= { tmnxCpmProtExcdSapEcmEntry 1 }

tmnxCpmProtExcdSapEcmLevel       OBJECT-TYPE
    SYNTAX      Dot1agCfmMDLevel
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmLevel specifies an Eth-CFM domain
         level.  The Eth-CFM PDU stream matching the domain level (and matching
         the other index values of this table) has exceeded its Eth-CFM rate
         limit."
    ::= { tmnxCpmProtExcdSapEcmEntry 2 }

tmnxCpmProtExcdSapEcmOpCode      OBJECT-TYPE
    SYNTAX      TmnxCpmProtEthCfmOpCode
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmOpCode specifies an Eth-CFM opcode
         (e.g. Continuity Check Message == 1).  The Eth-CFM PDU stream matching
         the opcode (and matching the other index values of this table) has
         exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmProtExcdSapEcmEntry 3 }

tmnxCpmProtExcdSapEcmPeriods     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmPeriods indicates the number of
         times a rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSapEcmEntry 4 }

tmnxCpmProtExcdSapEcmStarted     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmStarted indicates the sysUpTime at
         the time of the creation of this entry."
    ::= { tmnxCpmProtExcdSapEcmEntry 5 }

tmnxCpmProtExcdSapEcmTime        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtExcdSapEcmEntry 6 }

tmnxCpmVprnNwExceptions          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmVprnNwExceptions specifies whether the MPLS
         exception messages are allowed to be received on all VPRN instances.

         When the value of tmnxCpmVprnNwExceptions is set to 'true', the MPLS
         exception messages are allowed to be received on all VPRN instances in
         the system from all network interfaces.

         When the value of tmnxCpmVprnNwExceptions is set to 'false', the MPLS
         exception messages are not allowed to be received on all VPRN
         instances in the system from all network interfaces."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 40 }

tmnxCpmNumVprnNwExceptions       OBJECT-TYPE
    SYNTAX      Unsigned32 (10..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmNumVprnNwExceptions specifies the number of MPLS
         exception messages allowed to be received in the time frame specified
         by tmnxCpmVprnNwExceptionsTime."
    DEFVAL      { 100 }
    ::= { tmnxCpmSecurityObjs 41 }

tmnxCpmVprnNwExceptionsTime      OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmVprnNwExceptionsTime specifies the time frame in
         seconds that is used to limit the number of MPLS exception messages
         issued per time frame."
    DEFVAL      { 10 }
    ::= { tmnxCpmSecurityObjs 42 }

tmnxCpmProtExcdSapIpTableLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpTableLastChg indicates the sysUpTime
         at the time of the last add, change, or delete of a row in the
         tmnxCpmProtExcdSapIpTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero."
    ::= { tmnxCpmSecurityObjs 43 }

tmnxCpmProtExcdSapIpTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSapIpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSapIpTable has a row for each <service ID, SAP, source
         IP address> triple that has exceeded the per-source rate limit
         configured for the <service ID, SAP> pair.  IP layer per-source rate
         limiting is enabled for a <service ID, SAP> pair by setting
         TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'true'."
    ::= { tmnxCpmSecurityObjs 44 }

tmnxCpmProtExcdSapIpEntry        OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSapIpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains statistics for an IP packet stream that has exceeded
         its per-source rate limit.

         A row is created by the system the first time a <service ID, SAP,
         source IP address> triple exceeds its per-source rate limit.  The
         row is updated by the system on subsequent violations.

         Rows are deleted when a clear operation is requested on the underlying
         statistics."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxCpmProtExcdSapIpAddrType,
        tmnxCpmProtExcdSapIpAddr
    }
    ::= { tmnxCpmProtExcdSapIpTable 1 }

TmnxCpmProtExcdSapIpEntry        ::= SEQUENCE
{
    tmnxCpmProtExcdSapIpAddrType     InetAddressType,
    tmnxCpmProtExcdSapIpAddr         InetAddress,
    tmnxCpmProtExcdSapIpPeriods      Counter32,
    tmnxCpmProtExcdSapIpStarted      TimeStamp,
    tmnxCpmProtExcdSapIpTime         TimeStamp
}

tmnxCpmProtExcdSapIpAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpAddrType indicates the address type of
         tmnxCpmProtExcdSapIpAddr.  'ipv4(1)' is the only supported value."
    ::= { tmnxCpmProtExcdSapIpEntry 1 }

tmnxCpmProtExcdSapIpAddr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpAddr indicates the IP address of a
         source which has exceeded its per-source rate limit."
    ::= { tmnxCpmProtExcdSapIpEntry 2 }

tmnxCpmProtExcdSapIpPeriods      OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpPeriods indicates the number of times
         a per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSapIpEntry 3 }

tmnxCpmProtExcdSapIpStarted      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpStarted indicates the sysUpTime at
         the time of the creation of this row."
    ::= { tmnxCpmProtExcdSapIpEntry 4 }

tmnxCpmProtExcdSapIpTime         OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpTime indicates the sysUpTime at the
         time of the last update of this row."
    ::= { tmnxCpmProtExcdSapIpEntry 5 }

tmnxDCpuProtPolicyTblLstChg      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtPolicyTblLstChg indicates the timestamp of
         the last change to the tmnxDCpuProtPolicyTable. A value of 0 indicates
         that no changes were made to this table since the system was last
         initialized."
    ::= { tmnxCpmSecurityObjs 45 }

tmnxDCpuProtPolicyTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxDCpuProtPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtPolicyTable has an entry for each Distributed CPU
         Protection Policy configured in the system."
    ::= { tmnxCpmSecurityObjs 46 }

tmnxDCpuProtPolicyEntry          OBJECT-TYPE
    SYNTAX      TmnxDCpuProtPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the configuration information related to a
         Distributed CPU Protection Policy."
    INDEX       { tmnxDCpuProtPolicyName }
    ::= { tmnxDCpuProtPolicyTable 1 }

TmnxDCpuProtPolicyEntry          ::= SEQUENCE
{
    tmnxDCpuProtPolicyName           TNamedItem,
    tmnxDCpuProtPolicyRowStatus      RowStatus,
    tmnxDCpuProtPolicyLastMdfy       TimeStamp,
    tmnxDCpuProtPolicyDescr          TItemDescription
}

tmnxDCpuProtPolicyName           OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtPolicyName specifies Distributed CPU
         Protection Policy name."
    ::= { tmnxDCpuProtPolicyEntry 1 }

tmnxDCpuProtPolicyRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtPolicyRowStatus object is used to create and delete
         rows in the tmnxDCpuProtPolicyTable."
    ::= { tmnxDCpuProtPolicyEntry 2 }

tmnxDCpuProtPolicyLastMdfy       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtPolicyLastMdfy object indicates the timestamp of the
         last change to this row. A value of zero indicates that this row was
         not modified since the system was last initialized."
    ::= { tmnxDCpuProtPolicyEntry 3 }

tmnxDCpuProtPolicyDescr          OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtPolicyDescr specifies the user provided
         description of this Distributed CPU Protection Policy."
    DEFVAL      { ''H }
    ::= { tmnxDCpuProtPolicyEntry 4 }

tmnxDCpuProtStaticPlcrTblLstChg  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrTblLstChg indicates the timestamp
         of the last change to the tmnxDCpuProtStaticPlcrTable. A value of 0
         indicates that no changes were made to this table since the system was
         last initialized."
    ::= { tmnxCpmSecurityObjs 47 }

tmnxDCpuProtStaticPlcrTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxDCpuProtStaticPlcrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtStaticPlcrTable has an entry for static-policer
         configured for each Distributed CPU Protection Policy identified by
         tmnxDCpuProtPolicyName."
    ::= { tmnxCpmSecurityObjs 48 }

tmnxDCpuProtStaticPlcrEntry      OBJECT-TYPE
    SYNTAX      TmnxDCpuProtStaticPlcrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the configuration information related to
         static-policer for Distributed CPU Protection Policy."
    INDEX       {
        tmnxDCpuProtPolicyName,
        tmnxDCpuProtStaticPlcrName
    }
    ::= { tmnxDCpuProtStaticPlcrTable 1 }

TmnxDCpuProtStaticPlcrEntry      ::= SEQUENCE
{
    tmnxDCpuProtStaticPlcrName       TNamedItem,
    tmnxDCpuProtStaticPlcrRowStatus  RowStatus,
    tmnxDCpuProtStaticPlcrLastMdfy   TimeStamp,
    tmnxDCpuProtStaticPlcrDescr      TItemDescription,
    tmnxDCpuProtStaticPlcrPackets    TmnxDistCpuProtPacketRateLimit,
    tmnxDCpuProtStaticPlcrWithin     Unsigned32,
    tmnxDCpuProtStaticPlcrInitDelay  Unsigned32,
    tmnxDCpuProtStaticPlcrKbps       TmnxDistCpuProtRate,
    tmnxDCpuProtStaticPlcrMbs        TmnxDistCpuProtBurstSize,
    tmnxDCpuProtStaticPlcrExdActn    TmnxDistCpuProtAction,
    tmnxDCpuProtStaticPlcrExdHold    TmnxDistCpuProtActionDuration,
    tmnxDCpuProtStaticPlcrRateType   TmnxDistCpuProtRateType,
    tmnxDCpuProtStaticPlcrDectnTime  Unsigned32,
    tmnxDCpuProtStaticPlcrLogEvent   TmnxDistCpuProtLogEventType
}

tmnxDCpuProtStaticPlcrName       OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrName specifies the static-policer
         name for Distributed CPU Protection Policy."
    ::= { tmnxDCpuProtStaticPlcrEntry 1 }

tmnxDCpuProtStaticPlcrRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtStaticPlcrRowStatus object is used to create and
         delete rows in the tmnxDCpuProtStaticPlcrTable."
    ::= { tmnxDCpuProtStaticPlcrEntry 2 }

tmnxDCpuProtStaticPlcrLastMdfy   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtStaticPlcrLastMdfy object indicates the timestamp of
         the last change to this row. A value of zero indicates that this row
         was not modified since the system was last initialized."
    ::= { tmnxDCpuProtStaticPlcrEntry 3 }

tmnxDCpuProtStaticPlcrDescr      OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrDescr specifies the user provided
         description for this static-policer."
    DEFVAL      { ''H }
    ::= { tmnxDCpuProtStaticPlcrEntry 4 }

tmnxDCpuProtStaticPlcrPackets    OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtPacketRateLimit
    UNITS       "packets per interval"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrPackets specifies the overall
         packet arrival rate limit to be applied to all sources of packets.

         A default value of -1, specifies an unrestricted packet arrival rate."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtStaticPlcrEntry 5 }

tmnxDCpuProtStaticPlcrWithin     OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32767)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrWithin specifies packets rate
         limiting time base."
    DEFVAL      { 1 }
    ::= { tmnxDCpuProtStaticPlcrEntry 6 }

tmnxDCpuProtStaticPlcrInitDelay  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    UNITS       "packets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrInitDelay specifies the number of
         packets allowed in an initial burst or burst after the policer bucket
         has drained to zero."
    DEFVAL      { 0 }
    ::= { tmnxDCpuProtStaticPlcrEntry 7 }

tmnxDCpuProtStaticPlcrKbps       OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtRate
    UNITS       "kilobps"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrKbps specifies the limiting rate.
         When tmnxDCpuProtStaticPlcrKbps is used, bucket limit in the policer
         is initialized to value specified by tmnxDCpuProtStaticPlcrMbs."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtStaticPlcrEntry 8 }

tmnxDCpuProtStaticPlcrMbs        OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtBurstSize
    UNITS       "bytes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrMbs specifies buffer space
         assigned. When tmnxDCpuProtStaticPlcrKbps is used, bucket limit in the
         policer is initialized to value specified by
         tmnxDCpuProtStaticPlcrMbs."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtStaticPlcrEntry 9 }

tmnxDCpuProtStaticPlcrExdActn    OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrExdActn specifies the exceed-action
         performed on the incoming packets. When the value of
         tmnxDCpuProtStaticPlcrExdActn is set to discard, all packets that are
         non-conformant are discarded and when it is set to low-priority, all
         packets that are non-conformant are marked as low-priority."
    DEFVAL      { none }
    ::= { tmnxDCpuProtStaticPlcrEntry 10 }

tmnxDCpuProtStaticPlcrExdHold    OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtActionDuration
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrExdHold specifies the hold-down
         behavior.

         When an enforcement policer has marked or discarded one or more
         packets and tmnxDCpuProtStaticPlcrExdHold has been specified for the
         exceed-action, then the policer will be set into a mark-all or
         drop-all mode that causes the policer state to be updated as normal
         and also causes all packets to be marked as low-priority or discard
         regardless of the results of the policing decisions/actions/state."
    DEFVAL      { 0 }
    ::= { tmnxDCpuProtStaticPlcrEntry 11 }

tmnxDCpuProtStaticPlcrRateType   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtRateType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrRateType specifies the rate type
         applied for static-policer specified by tmnxDCpuProtStaticPlcrName.

         When the value of tmnxDCpuProtStaticPlcrName is 'packets', the values
         of tmnxDCpuProtStaticPlcrKbps and tmnxDCpuProtStaticPlcrMbs are set to
         default values.

         When the value of tmnxDCpuProtStaticPlcrName is 'kbps', the values of
         tmnxDCpuProtStaticPlcrPackets, tmnxDCpuProtStaticPlcrWithin and
         tmnxDCpuProtStaticPlcrInitDelay are set to default values."
    DEFVAL      { packets }
    ::= { tmnxDCpuProtStaticPlcrEntry 12 }

tmnxDCpuProtStaticPlcrDectnTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..128000)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrDectnTime specifies contiguous
         conformant period, when a static-policer specified by
         tmnxDCpuProtStaticPlcrName is declared in an 'exceed' state."
    DEFVAL      { 30 }
    ::= { tmnxDCpuProtStaticPlcrEntry 13 }

tmnxDCpuProtStaticPlcrLogEvent   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtLogEventType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtStaticPlcrLogEvent controls the creation of
         log events related to static policer status and activity."
    DEFVAL      { enable }
    ::= { tmnxDCpuProtStaticPlcrEntry 14 }

tmnxDCpuProtLocMonPlcrTblLstChg  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrTblLstChg indicates the timestamp
         of the last change to the tmnxDCpuProtLocMonPlcrTable. A value of 0
         indicates that no changes were made to this table since the system was
         last initialized."
    ::= { tmnxCpmSecurityObjs 49 }

tmnxDCpuProtLocMonPlcrTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxDCpuProtLocMonPlcrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtLocMonPlcrTable has an entry for each Distributed CPU
         Protection Policy configured in the system."
    ::= { tmnxCpmSecurityObjs 50 }

tmnxDCpuProtLocMonPlcrEntry      OBJECT-TYPE
    SYNTAX      TmnxDCpuProtLocMonPlcrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the configuration information related to
         Local Monitoring Policer for Distributed CPU Protection Policy."
    INDEX       {
        tmnxDCpuProtPolicyName,
        tmnxDCpuProtLocMonPlcrName
    }
    ::= { tmnxDCpuProtLocMonPlcrTable 1 }

TmnxDCpuProtLocMonPlcrEntry      ::= SEQUENCE
{
    tmnxDCpuProtLocMonPlcrName       TNamedItem,
    tmnxDCpuProtLocMonPlcrRowStatus  RowStatus,
    tmnxDCpuProtLocMonPlcrLastMdfy   TimeStamp,
    tmnxDCpuProtLocMonPlcrDescr      TItemDescription,
    tmnxDCpuProtLocMonPlcrPackets    TmnxDistCpuProtPacketRateLimit,
    tmnxDCpuProtLocMonPlcrWithin     Unsigned32,
    tmnxDCpuProtLocMonPlcrInitDelay  Unsigned32,
    tmnxDCpuProtLocMonPlcrKbps       TmnxDistCpuProtRate,
    tmnxDCpuProtLocMonPlcrMbs        TmnxDistCpuProtBurstSize,
    tmnxDCpuProtLocMonPlcrExcdActn   TmnxDistCpuProtAction,
    tmnxDCpuProtLocMonPlcrRateType   TmnxDistCpuProtRateType,
    tmnxDCpuProtLocMonPlcrLogEvent   TmnxDistCpuProtLogEventType
}

tmnxDCpuProtLocMonPlcrName       OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrName specifies the local monitoring
         policy name for Distributed CPU Protection Policy."
    ::= { tmnxDCpuProtLocMonPlcrEntry 1 }

tmnxDCpuProtLocMonPlcrRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtLocMonPlcrRowStatus object is used to create and
         delete rows in the tmnxDCpuProtLocMonPlcrTable."
    ::= { tmnxDCpuProtLocMonPlcrEntry 2 }

tmnxDCpuProtLocMonPlcrLastMdfy   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtLocMonPlcrLastMdfy object indicates the timestamp of
         the last change to this row. A value of zero indicates that this row
         was not modified since the system was last initialized."
    ::= { tmnxDCpuProtLocMonPlcrEntry 3 }

tmnxDCpuProtLocMonPlcrDescr      OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrDescr specifies the user provided
         description of this Distributed CPU Protection Policy."
    DEFVAL      { ''H }
    ::= { tmnxDCpuProtLocMonPlcrEntry 4 }

tmnxDCpuProtLocMonPlcrPackets    OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtPacketRateLimit
    UNITS       "packets per interval"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrPackets specifies the overall
         packet arrival rate limit to be applied to all sources of packets.

         A default value of -1, specifies an unrestricted packet arrival rate."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtLocMonPlcrEntry 5 }

tmnxDCpuProtLocMonPlcrWithin     OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32767)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrWithin specifies packets rate
         limiting time base."
    DEFVAL      { 1 }
    ::= { tmnxDCpuProtLocMonPlcrEntry 6 }

tmnxDCpuProtLocMonPlcrInitDelay  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    UNITS       "packets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrInitDelay specifies the number of
         packets allowed in an initial burst or burst after the policer bucket
         has drained to zero."
    DEFVAL      { 0 }
    ::= { tmnxDCpuProtLocMonPlcrEntry 7 }

tmnxDCpuProtLocMonPlcrKbps       OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtRate
    UNITS       "kilobps"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrKbps specifies the limiting rate.
         When tmnxDCpuProtLocMonPlcrKbps is used, bucket limit in the policer
         is initialized to value specified by tmnxDCpuProtLocMonPlcrMbs."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtLocMonPlcrEntry 8 }

tmnxDCpuProtLocMonPlcrMbs        OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtBurstSize
    UNITS       "bytes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrMbs specifies buffer space
         assigned. When tmnxDCpuProtLocMonPlcrKbps is used, bucket limit in the
         policer is initialized to value specified by
         tmnxDCpuProtLocMonPlcrMbs."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtLocMonPlcrEntry 9 }

tmnxDCpuProtLocMonPlcrExcdActn   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrExcdActn specifies the
         exceed-action performed on the incoming packets. When the value of
         tmnxDCpuProtLocMonPlcrExcdActn is set to discard, all packets that are
         non-conformant are discarded and when it is set to low-priority, all
         packets that are non-conformant are marked as low-priority."
    DEFVAL      { none }
    ::= { tmnxDCpuProtLocMonPlcrEntry 10 }

tmnxDCpuProtLocMonPlcrRateType   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtRateType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrRateType specifies the rate type
         applied for local-monitoring-policer specified by
         tmnxDCpuProtLocMonPlcrName.

         When the value of tmnxDCpuProtLocMonPlcrRateType is 'packets', the
         values of tmnxDCpuProtLocMonPlcrKbps and tmnxDCpuProtLocMonPlcrMbs are
         set to default values.

         When the value of tmnxDCpuProtLocMonPlcrRateType is 'kbps', the values
         of tmnxDCpuProtLocMonPlcrPackets, tmnxDCpuProtLocMonPlcrWithin and
         tmnxDCpuProtLocMonPlcrInitDelay are set to default values."
    DEFVAL      { packets }
    ::= { tmnxDCpuProtLocMonPlcrEntry 11 }

tmnxDCpuProtLocMonPlcrLogEvent   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtLogEventType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtLocMonPlcrLogEvent controls the creation of
         log events related to local-monitoring policer status and activity."
    DEFVAL      { enable }
    ::= { tmnxDCpuProtLocMonPlcrEntry 12 }

tmnxDCpuProtProtocolTblLstChg    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolTblLstChg indicates the timestamp of
         the last change to the tmnxDCpuProtProtocolTable. A value of 0
         indicates that no changes were made to this table since the system was
         last initialized."
    ::= { tmnxCpmSecurityObjs 51 }

tmnxDCpuProtProtocolTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxDCpuProtProtocolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtProtocolTable has an entry for each Distributed CPU
         Protection Policy configured in the system."
    ::= { tmnxCpmSecurityObjs 52 }

tmnxDCpuProtProtocolEntry        OBJECT-TYPE
    SYNTAX      TmnxDCpuProtProtocolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the configuration information related to
         type of Protocol Policer monitored by Distributed CPU Protection
         Policy."
    INDEX       {
        tmnxDCpuProtPolicyName,
        tmnxDCpuProtProtocol
    }
    ::= { tmnxDCpuProtProtocolTable 1 }

TmnxDCpuProtProtocolEntry        ::= SEQUENCE
{
    tmnxDCpuProtProtocol             TmnxDistCpuProtProtocolId,
    tmnxDCpuProtProtocolRowStatus    RowStatus,
    tmnxDCpuProtProtocolLastMdfy     TimeStamp,
    tmnxDCpuProtProtocolEnforce      TmnxDistCpuProtEnforceType,
    tmnxDCpuProtProtocolEnfrcePolNme TNamedItem,
    tmnxDCpuProtProtocolDynPackets   TmnxDistCpuProtPacketRateLimit,
    tmnxDCpuProtProtocolDynWithin    Unsigned32,
    tmnxDCpuProtProtocolDynInitDly   Unsigned32,
    tmnxDCpuProtProtocolDynKbps      TmnxDistCpuProtRate,
    tmnxDCpuProtProtocolDynMbs       TmnxDistCpuProtBurstSize,
    tmnxDCpuProtProtocolDynDectnTime Unsigned32,
    tmnxDCpuProtProtocolDynExdActn   TmnxDistCpuProtAction,
    tmnxDCpuProtProtocolDynExdHold   TmnxDistCpuProtActionDuration,
    tmnxDCpuProtProtocolDynRateType  TmnxDistCpuProtRateType,
    tmnxDCpuProtProtocolDynLogEvent  TmnxDistCpuProtLogEventType
}

tmnxDCpuProtProtocol             OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtProtocolId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocol specifies the
         protocol name to be monitored  by Distributed CPU Protection Policy."
    ::= { tmnxDCpuProtProtocolEntry 1 }

tmnxDCpuProtProtocolRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtProtocolRowStatus object is used to create and delete
         rows in the tmnxDCpuProtProtocolTable."
    ::= { tmnxDCpuProtProtocolEntry 2 }

tmnxDCpuProtProtocolLastMdfy     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxDCpuProtProtocolLastMdfy object indicates the timestamp of the
         last change to this row. A value of zero indicates that this row was
         not modified since the system was last initialized."
    ::= { tmnxDCpuProtProtocolEntry 3 }

tmnxDCpuProtProtocolEnforce      OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtEnforceType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolEnforce specifies the type of
         enforcement policer used."
    DEFVAL      { dynamic }
    ::= { tmnxDCpuProtProtocolEntry 4 }

tmnxDCpuProtProtocolEnfrcePolNme OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolEnfrcePolNme specifies the
         enforcement policer name."
    DEFVAL      { "local-mon-bypass" }
    ::= { tmnxDCpuProtProtocolEntry 5 }

tmnxDCpuProtProtocolDynPackets   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtPacketRateLimit
    UNITS       "packets per interval"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynPackets specifies the overall
         packet arrival rate limit to be applied to all sources of packets.

         A default value of -1, specifies an unrestricted packet arrival rate."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtProtocolEntry 6 }

tmnxDCpuProtProtocolDynWithin    OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32767)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynWithin specifies packets rate
         limiting time base."
    DEFVAL      { 1 }
    ::= { tmnxDCpuProtProtocolEntry 7 }

tmnxDCpuProtProtocolDynInitDly   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    UNITS       "packets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynInitDly specifies the number of
         packets allowed in an initial burst or burst after the policer bucket
         has drained to zero."
    DEFVAL      { 0 }
    ::= { tmnxDCpuProtProtocolEntry 8 }

tmnxDCpuProtProtocolDynKbps      OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtRate
    UNITS       "kilobps"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynKbps specifies the limiting rate.
         When tmnxDCpuProtProtocolDynKbps is used, bucket limit in the policer
         is initialized to value specified by tmnxDCpuProtProtocolDynMbs."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtProtocolEntry 9 }

tmnxDCpuProtProtocolDynMbs       OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtBurstSize
    UNITS       "bytes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynMbs specifies buffer space
         assigned. When tmnxDCpuProtProtocolDynKbps is used, bucket limit in
         the policer is initialized to value specified by
         tmnxDCpuProtProtocolDynMbs."
    DEFVAL      { -1 }
    ::= { tmnxDCpuProtProtocolEntry 10 }

tmnxDCpuProtProtocolDynDectnTime OBJECT-TYPE
    SYNTAX      Unsigned32 (1..128000)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynDectnTime specifies contiguous
         conformant period of min-enforce-time when dynamic enforcing policer
         is instantiated."
    DEFVAL      { 30 }
    ::= { tmnxDCpuProtProtocolEntry 11 }

tmnxDCpuProtProtocolDynExdActn   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynExdActn specifies the action
         performed on the incoming packets. When the value of
         tmnxDCpuProtProtocolDynExdActn is set to discard, all packets that are
         non-conformant are discarded and when it is set to low-priority, all
         packets that are non-conformant are marked as low-priority."
    DEFVAL      { none }
    ::= { tmnxDCpuProtProtocolEntry 12 }

tmnxDCpuProtProtocolDynExdHold   OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtActionDuration
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynExdHold specifies the hold-down
         behavior.

         When an enforcement policer has marked or discarded one or more
         packets and tmnxDCpuProtProtocolDynExdHold has been specified for the
         exceed-action, then the policer will be set into a mark-all or
         drop-all mode that causes the policer state to be updated as normal
         and also causes all packets to be marked as low-priority or discard
         regardless of the results of the policing decisions/actions/state."
    DEFVAL      { 0 }
    ::= { tmnxDCpuProtProtocolEntry 13 }

tmnxDCpuProtProtocolDynRateType  OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtRateType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynRateType specifies the rate type
         applied for the protocol specified by tmnxDCpuProtProtocol.

         When the value of tmnxDCpuProtProtocolDynRateType is 'packets', the
         values of tmnxDCpuProtProtocolDynKbps and tmnxDCpuProtProtocolDynMbs
         are set to default values.

         When the value of tmnxDCpuProtProtocolDynRateType is 'kbps', the
         values of tmnxDCpuProtProtocolDynPackets,
         tmnxDCpuProtProtocolDynWithin and tmnxDCpuProtProtocolDynInitDly are
         set to default values."
    DEFVAL      { packets }
    ::= { tmnxDCpuProtProtocolEntry 14 }

tmnxDCpuProtProtocolDynLogEvent  OBJECT-TYPE
    SYNTAX      TmnxDistCpuProtLogEventType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxDCpuProtProtocolDynLogEvent controls the creation of
         log events related to dynamic enforcement policer status and activity."
    DEFVAL      { enable }
    ::= { tmnxDCpuProtProtocolEntry 15 }

tmnxCpmProtBlockPIMTunneled      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtBlockPIMTunneled specifies whether to block
         extraction and processing of arriving PIM packets inside a tunnel on a
         network interface.

         When the value of this object is set to 'false (2)', tunneling of PIM
         packet will be allowed even if PIM is not configured. When the value
         of this object is set to 'true (1)', tunneling of PIM packets is
         blocked on an interface where the protocol is not configured.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 53 }

tmnxCpmProtPortRateActionLowPrio OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPortRateActionLowPrio specifies whether to
         mark packets as low-priority when port-overall-rate-limit specified by
         tmnxCpmProtPortOverallRateLimit is exceeded.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 54 }

tmnxCpmProtIPSrcMonDhcp          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtIPSrcMonDhcp specifies whether DHCP protocol
         should be included for monitoring of source IP.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { true }
    ::= { tmnxCpmSecurityObjs 55 }

tmnxCpmProtIPSrcMonGtp           OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtIPSrcMonGtp specifies whether GTP protocol
         should be included for monitoring of source IP.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 56 }

tmnxCpmProtIPSrcMonIcmp          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtIPSrcMonIcmp specifies whether ICMP protocol
         should be included for monitoring of source IP.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 57 }

tmnxCpmProtIPSrcMonIgmp          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtIPSrcMonIgmp specifies whether IGMP protocol
         should be included for monitoring of source IP.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    DEFVAL      { false }
    ::= { tmnxCpmSecurityObjs 58 }

tCpmProtOutProfViolIfTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmProtOutProfViolIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmProtOutProfViolIfTable has an entry for each router interface
         where the cpu protection policy's out-of-profile rate limit was
         violated.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 61 }

tCpmProtOutProfViolIfEntry       OBJECT-TYPE
    SYNTAX      TCpmProtOutProfViolIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a router
         interface where the cpu protection policy's out-of-profile rate limit
         was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        vRtrID,
        vRtrIfIndex
    }
    ::= { tCpmProtOutProfViolIfTable 1 }

TCpmProtOutProfViolIfEntry       ::= SEQUENCE
{
    tCpmProtOutProfViolIfPeriods     Gauge32,
    tCpmProtOutProfViolIfTimeStart   TimeStamp,
    tCpmProtOutProfViolIfTime        TimeStamp
}

tCpmProtOutProfViolIfPeriods     OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolIfPeriods indicates the number of
         times the out-of-profile rate limit violation was detected at this
         router interface.

         The out-of-profile rate limit is indicated by the object
         tmnxCpmProtPolOutProfileRate."
    ::= { tCpmProtOutProfViolIfEntry 1 }

tCpmProtOutProfViolIfTimeStart   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolIfTimeStart indicates the sysUpTime at
         the time of the creation of this entry."
    ::= { tCpmProtOutProfViolIfEntry 2 }

tCpmProtOutProfViolIfTime        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolIfTime indicates the sysUpTime at the
         time of the last modification of this entry."
    ::= { tCpmProtOutProfViolIfEntry 3 }

tCpmProtOutProfViolSapTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmProtOutProfViolSapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmProtOutProfViolSapTable has an entry for each SAP where the
         cpu protection policy's out-of-profile rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 62 }

tCpmProtOutProfViolSapEntry      OBJECT-TYPE
    SYNTAX      TCpmProtOutProfViolSapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a SAP where the
         cpu protection policy's out-of-profile rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tCpmProtOutProfViolSapTable 1 }

TCpmProtOutProfViolSapEntry      ::= SEQUENCE
{
    tCpmProtOutProfViolSapPeriods    Gauge32,
    tCpmProtOutProfViolSapTimeStart  TimeStamp,
    tCpmProtOutProfViolSapTime       TimeStamp
}

tCpmProtOutProfViolSapPeriods    OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolSapPeriods indicates the number of
         times the out-of-profile rate limit violation was detected at this
         SAP.

         The out-of-profile rate limit is indicated by the object
         tmnxCpmProtPolOutProfileRate."
    ::= { tCpmProtOutProfViolSapEntry 1 }

tCpmProtOutProfViolSapTimeStart  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolSapTimeStart indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tCpmProtOutProfViolSapEntry 2 }

tCpmProtOutProfViolSapTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolSapTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tCpmProtOutProfViolSapEntry 3 }

tCpmProtOutProfViolSdpBindTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmProtOutProfViolSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmProtOutProfViolSdpBindTable has an entry for each SDP binding
         where the cpu protection policy's out-of-profile rate limit was
         violated.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 63 }

tCpmProtOutProfViolSdpBindEntry  OBJECT-TYPE
    SYNTAX      TCpmProtOutProfViolSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a SDP binding
         where the cpu protection policy's out-of-profile rate limit was
         violated.

         Rows are created or removed automatically by the system."
    INDEX       {
        svcId,
        sdpBindId
    }
    ::= { tCpmProtOutProfViolSdpBindTable 1 }

TCpmProtOutProfViolSdpBindEntry  ::= SEQUENCE
{
    tCpmProtOutProfViolSdpBindPeriod Gauge32,
    tCpmProtOutProfViolSdpBindTmeStr TimeStamp,
    tCpmProtOutProfViolSdpBindTime   TimeStamp
}

tCpmProtOutProfViolSdpBindPeriod OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolSdpBindPeriod indicates the number of
         times the out-of-profile rate limit violation was detected at this SDP
         binding.

         The out-of-profile rate limit is indicated by the object
         tmnxCpmProtPolOutProfileRate."
    ::= { tCpmProtOutProfViolSdpBindEntry 1 }

tCpmProtOutProfViolSdpBindTmeStr OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolSdpBindTmeStr indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tCpmProtOutProfViolSdpBindEntry 2 }

tCpmProtOutProfViolSdpBindTime   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmProtOutProfViolSdpBindTime indicates the sysUpTime at
         the time of the last update of this entry."
    ::= { tCpmProtOutProfViolSdpBindEntry 3 }

tmnxCpmProtExcdSdpBindIpTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSdpBindIpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtExcdSdpBindIpTable has a row for each service-id, sdp
         and source IP address that has exceeded the per-source rate limit
         configured for the <service-id, sdp> pair.  IP layer per-source rate
         limiting is enabled for a <service-id, sdp> pair by setting
         TIMETRA-SDP-MIB::sdpBindCpmProtMonitorIP to 'true'."
    ::= { tmnxCpmSecurityObjs 64 }

tmnxCpmProtExcdSdpBindIpEntry    OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSdpBindIpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains statistics for an IP packet stream that has exceeded
         its per-source rate limit.

         A row is created by the system the first time a service-id, sdp and
         source IP address exceeds its per-source rate limit.  The row is
         updated by the system on subsequent violations.

         Rows are deleted when a clear operation is requested on the underlying
         statistics."
    INDEX       {
        svcId,
        sdpBindId,
        tmnxCpmProtExcdSdpBindIpAddrType,
        tmnxCpmProtExcdSdpBindIpAddr
    }
    ::= { tmnxCpmProtExcdSdpBindIpTable 1 }

TmnxCpmProtExcdSdpBindIpEntry    ::= SEQUENCE
{
    tmnxCpmProtExcdSdpBindIpAddrType InetAddressType,
    tmnxCpmProtExcdSdpBindIpAddr     InetAddress,
    tmnxCpmProtExcdSdpBindIpPeriods  Counter32,
    tmnxCpmProtExcdSdpBindIpStarted  TimeStamp,
    tmnxCpmProtExcdSdpBindIpTime     TimeStamp
}

tmnxCpmProtExcdSdpBindIpAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindIpAddrType indicates the address
         type of tmnxCpmProtExcdSdpBindIpAddr.  'ipv4(1)' is the only supported
         value."
    ::= { tmnxCpmProtExcdSdpBindIpEntry 1 }

tmnxCpmProtExcdSdpBindIpAddr     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindIpAddr indicates the IP address of
         a source which has exceeded its per-source rate limit."
    ::= { tmnxCpmProtExcdSdpBindIpEntry 2 }

tmnxCpmProtExcdSdpBindIpPeriods  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindIpPeriods indicates the number of
         times a per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSdpBindIpEntry 3 }

tmnxCpmProtExcdSdpBindIpStarted  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindIpStarted indicates the sysUpTime
         at the time of the creation of this row."
    ::= { tmnxCpmProtExcdSdpBindIpEntry 4 }

tmnxCpmProtExcdSdpBindIpTime     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindIpTime indicates the sysUpTime at
         the time of the last update of this row."
    ::= { tmnxCpmProtExcdSdpBindIpEntry 5 }

tmnxPasswordHashObjs             OBJECT IDENTIFIER ::= { tmnxSecurityObjects 10 }

tmnxPassHashReadVersion          OBJECT-TYPE
    SYNTAX      TmnxPassHashReadType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashReadVersion specifies the hash algorithm accepted by the
         system while executing commands."
    DEFVAL      { all-hash }
    ::= { tmnxPasswordHashObjs 1 }

tmnxPassHashWriteVersion         OBJECT-TYPE
    SYNTAX      TmnxPassHashWriteType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashWriteVersion specifies the hash version to be used while
         saving the configuration files."
    DEFVAL      { hash2 }
    ::= { tmnxPasswordHashObjs 2 }

tmnxPassHashWriteVersionMdCli    OBJECT-TYPE
    SYNTAX      TmnxPassHashWriteType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashWriteVersionMdCli specifies the hash version to be used
         while saving the configuration files in Md-Cli."
    DEFVAL      { hash2 }
    ::= { tmnxPasswordHashObjs 3 }

tmnxPassHashWriteVersionNetconf  OBJECT-TYPE
    SYNTAX      TmnxPassHashWriteType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashWriteVersionNetconf specifies the hash version to be used
         while saving the configuration files in Netconf."
    DEFVAL      { hash2 }
    ::= { tmnxPasswordHashObjs 4 }

tmnxPassHashWriteVersionGrpc     OBJECT-TYPE
    SYNTAX      TmnxPassHashWriteType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashWriteVersionGrpc specifies the hash version to be used
         while saving the configuration files in Grpc."
    DEFVAL      { hash2 }
    ::= { tmnxPasswordHashObjs 5 }

tmnxSSHServerObjs                OBJECT IDENTIFIER ::= { tmnxSecurityObjects 11 }

tmnxSSHServerPreserveKey         OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxSSHServerPreserveKey specifies the persistence of the SSH
         server host key. A value of 'true' specifies that the host key
         will be saved by the server and restored following a system
         reboot.  The SSH client also saves the host key and
         restores it following a system reboot.

         A value of 'false' specifies that the host key will be held in memory
         by both the SSH server and the SSH client and is not restored
         following a system reboot."
    DEFVAL      { false }
    ::= { tmnxSSHServerObjs 1 }

tmnxSSHServerVersion             OBJECT-TYPE
    SYNTAX      INTEGER {
        version1 (1),
        version2 (2),
        both     (3)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxSSHServerVersion specifies the SSH protocol version that will be
         by supported by the SSH server.

         A value of tmnxSSHServerVersion 'version1' specifies that the SSH
         server will only accept connections from clients that support SSH
         protocol  version 1. A value of 'both' specifies that the SSH server
         will accept connections from clients supporting either SSH protocol
         version 1, or SSH protocol version 2 or both."
    DEFVAL      { version2 }
    ::= { tmnxSSHServerObjs 2 }

tmnxSourceIPTable                OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSourceIPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxSourceIPEntry has an entry for the source IP to be used by the
         specified protocol."
    ::= { tmnxSecurityObjects 12 }

tmnxSourceIPEntry                OBJECT-TYPE
    SYNTAX      TmnxSourceIPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxSourceIPEntry is an entry (conceptual row) in the
         tmnxSourceIPTable. Each entry represents the source IP address to be
         used by the specified application for a particular Virtual Router
         instance.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxSourceIPRowStatus."
    INDEX       {
        vRtrID,
        tmnxSourceIPProtoApp
    }
    ::= { tmnxSourceIPTable 1 }

TmnxSourceIPEntry                ::= SEQUENCE
{
    tmnxSourceIPProtoApp             INTEGER,
    tmnxSourceIPRowStatus            RowStatus,
    tmnxSourceIPAddressType          InetAddressType,
    tmnxSourceIPAddress              InetAddress,
    tmnxSourceIPIfIndex              InterfaceIndexOrZero,
    tmnxSourceIPOperStatus           INTEGER
}

tmnxSourceIPProtoApp             OBJECT-TYPE
    SYNTAX      INTEGER {
        telnet      (1),
        ftp         (2),
        ssh         (3),
        radius      (4),
        tacplus     (5),
        snmpTrap    (6),
        syslog      (7),
        icmpPing    (8),
        traceRoute  (9),
        dns         (10),
        sntp        (11),
        ntp         (12),
        cflowd      (13),
        telnet6     (14),
        ftp6        (15),
        radius6     (16),
        tacplus6    (17),
        snmpTrap6   (18),
        syslog6     (19),
        icmpPing6   (20),
        traceRoute6 (21),
        dns6        (22),
        ptp         (23),
        mcreporter  (24),
        cflowd6     (25),
        ntp6        (26),
        sFlow       (27),
        sFlow6      (28),
        icmpError   (29),
        icmpError6  (30),
        ldap        (31),
        ldap6       (32),
        reserved33  (33)
    }
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPProtoApp specifies the application which
         should use the source IP address specified by the value of
         tmnxSourceIPAddress.

         tmnxSourceIPAddressType must be 'ipv6 (2)' when setting the value of
         this object to 'telnet6 (14)', 'ftp6 (15)', 'radius6 (16)', 'tacplus6
         (17)', 'snmpTrap6 (18)', 'syslog6 (19)', 'icmpPing6 (20)',
         'traceRoute6 (21)', 'dns6 (22)', 'cflowd6 (25)', 'ntp6 (26)',  'sFlow6
         (28)',  'icmpError6 (30)', 'ldap6 (32)' ."
    ::= { tmnxSourceIPEntry 2 }

tmnxSourceIPRowStatus            OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPRowStatus is used to create or destroy
         entries in this table.

         A row entry for a particular vRtrID with tmnxSourceIPProtoApp set to
         any value can be created only if the value of tmnxSourceIPAddress or
         tmnxSourceIPIfIndex is specified."
    ::= { tmnxSourceIPEntry 3 }

tmnxSourceIPAddressType          OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPAddressType specifies the address type of
         tmnxSourceIPAddress address.

         The value of tmnxSourceIPAddressType can be either of InetAddressType
         - 'ipv4' or InetAddressType - 'ipv6'."
    DEFVAL      { unknown }
    ::= { tmnxSourceIPEntry 4 }

tmnxSourceIPAddress              OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPAddress specifies the source address that
         should be used in all unsolicited packets sent by the application
         specified by the value of tmnxSourceIPProtoApp. For the value
         specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or
         tmnxSourceIPIfIndex can be specified, but not both."
    DEFVAL      { ''H }
    ::= { tmnxSourceIPEntry 5 }

tmnxSourceIPIfIndex              OBJECT-TYPE
    SYNTAX      InterfaceIndexOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxSourceIPIfIndex specifies the interface index whose IP address
         should be used in all unsolicited packets sent by the application
         specified by the value of tmnxSourceIPProtoApp. For the value
         specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or
         tmnxSourceIPIfIndex can be specified, but not both."
    DEFVAL      { 0 }
    ::= { tmnxSourceIPEntry 6 }

tmnxSourceIPOperStatus           OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPOperStatus indicates the state of
         tmnxSourceIPEntry. A value of 'up' indicates that the IP address
         specified by tmnxSourceIPAddress will be used for all unsolicited
         packets sent by the application specified by the value of
         tmnxSourceIPProtoApp."
    DEFVAL      { down }
    ::= { tmnxSourceIPEntry 7 }

tmnxUserTemplateTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserTemplateEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserTemplateTable contains configuration information for the
         template of a system user."
    ::= { tmnxSecurityObjects 13 }

tmnxUserTemplateEntry            OBJECT-TYPE
    SYNTAX      TmnxUserTemplateEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserTemplateEntry is an entry (conceptual row) in the
         tmnxUserTemplateTable. Each entry represents the configuration for the
         template of a system user. Entries in this table cannot be created or
         deleted."
    INDEX       { IMPLIED tmnxTemplateName }
    ::= { tmnxUserTemplateTable 1 }

TmnxUserTemplateEntry            ::= SEQUENCE
{
    tmnxTemplateName                 TNamedItem,
    tmnxTemplateAccess               BITS,
    tmnxTemplateHomeDirectory        DisplayString,
    tmnxTemplateRestrictedToHome     TruthValue,
    tmnxTemplateConsoleLoginExecFile DisplayString,
    tmnxTemplateProfile              TNamedItem
}

tmnxTemplateName                 OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateName specifies the name of the template from
         which a system user can be derived. This name must be unique amongst
         the table entries."
    ::= { tmnxUserTemplateEntry 1 }

tmnxTemplateAccess               OBJECT-TYPE
    SYNTAX      BITS {
        console (0),
        ftp     (1),
        grpc    (2),
        li      (3),
        netconf (4)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateAccess specifies the type of access
         permitted to the user derived from this template. To allow  this user
         access to the console or FTP, set the corresponding bit in
         tmnxTemplateAccess. Reset the bit to deny the access."
    DEFVAL      { { console } }
    ::= { tmnxUserTemplateEntry 2 }

tmnxTemplateHomeDirectory        OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..200))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateHomeDirectory specifies the local home
         directory on FTP and console access of the user derived from this
         template."
    DEFVAL      { ''H }
    ::= { tmnxUserTemplateEntry 3 }

tmnxTemplateRestrictedToHome     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTemplateRestrictedToHome is 'true', the user
         derived from this template is not allowed to navigate to directories
         above his home directory for file access.

         When the value of tmnxTemplateRestrictedToHome is 'false', the access
         is allowed to directories above the home directory."
    DEFVAL      { false }
    ::= { tmnxUserTemplateEntry 4 }

tmnxTemplateConsoleLoginExecFile OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..200))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateConsoleLoginExecFile specifies the file that
         should be executed whenever the user derived from this template has
         successfully logged in to a console session."
    DEFVAL      { ''H }
    ::= { tmnxUserTemplateEntry 5 }

tmnxTemplateProfile              OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateProfile specifies the user profile entry from
         the tmnxUserProfileTable that will be applied to the user derived from
         this template.

         For users authenticated by TACACS+, the profile specified by
         tmnxTemplateProfile will only apply if TACACS+ command authorization
         is disabled as specified by tmnxTacPlusAuthorization being set to
         'false'."
    DEFVAL      { "default" }
    ::= { tmnxUserTemplateEntry 6 }

tmnxKeyChainTable                OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxKeyChainEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxKeyChainEntry has an entry for a particular configured
         keychain used by the protocol session."
    ::= { tmnxSecurityObjects 14 }

tmnxKeyChainEntry                OBJECT-TYPE
    SYNTAX      TmnxKeyChainEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxKeyChainEntry is an entry (conceptual row) in the
         tmnxKeyChainTable. Each entry represents the keychain configuration
         which will be applied to a protocol session.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxKeyChainRowStatus."
    INDEX       { tmnxKeyChainName }
    ::= { tmnxKeyChainTable 1 }

TmnxKeyChainEntry                ::= SEQUENCE
{
    tmnxKeyChainName                 TNamedItem,
    tmnxKeyChainRowStatus            RowStatus,
    tmnxKeyChainDescription          TItemDescription,
    tmnxKeyChainSendTcpOptionNum     TmnxKeyChainTcpOptionNum,
    tmnxKeyChainReceiveTcpOptionNum  TmnxKeyChainTcpOptionNum,
    tmnxKeyChainAdminState           TmnxAdminState,
    tmnxKeyChainOperState            TmnxOperState,
    tmnxKeyChainExpired              TruthValue
}

tmnxKeyChainName                 OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainName specifies a unique keychain name which
         identifies this particular keychain entry."
    ::= { tmnxKeyChainEntry 1 }

tmnxKeyChainRowStatus            OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainRowStatus is used to create or destroy
         entries in this table."
    ::= { tmnxKeyChainEntry 2 }

tmnxKeyChainDescription          OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainDescription specifies the description of the
         key chain identified by the keychain name tmnxKeyChainName."
    DEFVAL      { ''H }
    ::= { tmnxKeyChainEntry 3 }

tmnxKeyChainSendTcpOptionNum     OBJECT-TYPE
    SYNTAX      TmnxKeyChainTcpOptionNum
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainSendTcpOptionNum specifies the TCP option
         value to use in the TCP header of packets being sent by the router to
         another device.

         The value of tmnxKeyChainSendTcpOptionNum is valid only when
         tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the
         TCP protocol stream."
    DEFVAL      { value254 }
    ::= { tmnxKeyChainEntry 4 }

tmnxKeyChainReceiveTcpOptionNum  OBJECT-TYPE
    SYNTAX      TmnxKeyChainTcpOptionNum
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainReceiveTcpOptionNum specifies the TCP option
         value to check for in the TCP header of packets being received by the
         router.

         The value of tmnxKeyChainReceiveTcpOptionNum is valid only when
         tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the
         TCP protocol stream."
    DEFVAL      { value254 }
    ::= { tmnxKeyChainEntry 5 }

tmnxKeyChainAdminState           OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainAdminState specifies the desired
         administrative state of the keychain. If the value is 'outOfService'
         the keychain capabilities are disabled but the keychain configuration
         parameters are retained."
    DEFVAL      { inService }
    ::= { tmnxKeyChainEntry 6 }

tmnxKeyChainOperState            OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainOperState indicates the operational state of
         the keychain. A value of 'inService' indicates that the key chain can
         be used to sign and/or authenticate protocol streams."
    ::= { tmnxKeyChainEntry 7 }

tmnxKeyChainExpired              OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainExpired specifies whether this keychain is
         expired or not."
    DEFVAL      { false }
    ::= { tmnxKeyChainEntry 8 }

tmnxKeyChainKeyTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxKeyChainKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxKeyChainKeyEntry has an entry for a particular configured key
         that will be used in a particular keychain defined by
         tmnxKeyChainEntry in tmnxKeyChainTable."
    ::= { tmnxSecurityObjects 15 }

tmnxKeyChainKeyEntry             OBJECT-TYPE
    SYNTAX      TmnxKeyChainKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxKeyChainKeyEntry is an entry (conceptual row) in the
         tmnxKeyChainKeyTable. Each entry represents the key configuration
         which will be applied to a keychain.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxKeyChainKeyRowStatus."
    INDEX       {
        tmnxKeyChainName,
        tmnxKeyChainKeyDirection,
        tmnxKeyChainKeyID
    }
    ::= { tmnxKeyChainKeyTable 1 }

TmnxKeyChainKeyEntry             ::= SEQUENCE
{
    tmnxKeyChainKeyDirection         TmnxKeyChainKeyDirection,
    tmnxKeyChainKeyID                Unsigned32,
    tmnxKeyChainKeyRowStatus         RowStatus,
    tmnxKeyChainAuthenticationKey    OCTET STRING,
    tmnxKeyChainKeyAlgorithm         TmnxKeyChainKeyAlgorithm,
    tmnxKeyChainKeyBeginTime         DateAndTime,
    tmnxKeyChainKeyEndTime           DateAndTime,
    tmnxKeyChainKeyTolerance         Unsigned32,
    tmnxKeyChainKeyAdminState        TmnxAdminState,
    tmnxKeyChainKeyOption            TmnxKeyChainKeyOption
}

tmnxKeyChainKeyDirection         OBJECT-TYPE
    SYNTAX      TmnxKeyChainKeyDirection
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyDirection is used to specify the
         protocol-stream direction to encrypt.

         A value of 'send' specifies that this key entry will be used to sign
         protocol packets that are being sent by the router to another device.

         A value of 'receive' specifies this key entry will be used to
         authenticate protocol packets that are being received by the router.

         A value of 'send-receive' specifies that this key will be used to sign
         protocol packet that are being sent by the router to another device,
         as well as to authenticate protocol packets that are being received by
         the router."
    ::= { tmnxKeyChainKeyEntry 1 }

tmnxKeyChainKeyID                OBJECT-TYPE
    SYNTAX      Unsigned32 (0..63 | 255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyID specifies a key id which is used along
         with tmnxKeyChainName and tmnxKeyChainKeyDirection to uniquely
         identify this particular key entry.

         A value of 255 identifies this as a 'null-key' entry which enables the
         transition from an unauthenticated session to an enhanced
         authentication session."
    ::= { tmnxKeyChainKeyEntry 2 }

tmnxKeyChainKeyRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyRowStatus is used to create or destroy
         entries in this table.

         tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm must be set
         in the same SNMP request PDU as tmnxKeyChainKeyRowStatus during row
         creation else the set request will fail with an inconsistentValue
         error."
    ::= { tmnxKeyChainKeyEntry 3 }

tmnxKeyChainAuthenticationKey    OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainAuthenticationKey specifies the key that will
         be used by the encryption algorithm specified by
         tmnxKeyChainKeyAlgorithm. tmnxKeyChainAuthenticationKey is used to
         sign and authenticate a protocol packet.

         The value of tmnxKeyChainAuthenticationKey can be any combination of
         letters or numbers.

         tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which
         indicates the encryption algorithm to be used, must be set together in
         the same SNMP request PDU or else the set request will fail with an
         inconsistentValue error.

         When read, tmnxKeyChainAuthenticationKey always returns an Octet
         string of length zero."
    ::= { tmnxKeyChainKeyEntry 4 }

tmnxKeyChainKeyAlgorithm         OBJECT-TYPE
    SYNTAX      TmnxKeyChainKeyAlgorithm
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyAlgorithm specifies the algorithm that
         will be used to sign and/or authenticate the protocol stream.

         tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which
         indicates the encryption algorithm to be used, must be set together in
         the same SNMP request PDU or else the set request will fail with an
         inconsistentValue error."
    ::= { tmnxKeyChainKeyEntry 5 }

tmnxKeyChainKeyBeginTime         OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyBeginTime specifies the calendar date and
         time after which the key specified by tmnxKeyChainAuthenticationKey
         will be used to sign and/or authenticate the protocol stream.

         If no date and time is set, tmnxKeyChainKeyBeginTime is represented by
         a DateAndTime string with all NULLs and the key is not valid by
         default."
    DEFVAL      { '0000000000000000'H }
    ::= { tmnxKeyChainKeyEntry 6 }

tmnxKeyChainKeyEndTime           OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyEndTime specifies the calendar date and
         time after which the key specified by tmnxKeyChainAuthenticationKey is
         no longer eligible to sign and/or authenticate the protocol stream.

         tmnxKeyChainKeyEndTime is not applicable when tmnxKeyChainKeyDirection
         is set to 'send' or 'send-receive'.

         If no date and time is set, tmnxKeyChainKeyEndTime is represented by a
         DateAndTime string with all NULLs and the key is valid indefinitely."
    DEFVAL      { '0000000000000000'H }
    ::= { tmnxKeyChainKeyEntry 7 }

tmnxKeyChainKeyTolerance         OBJECT-TYPE
    SYNTAX      Unsigned32 (0..4294967295)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyTolerance specifies the number of seconds
         that a eligible receive key should overlap with the active send key.

         tmnxKeyChainKeyTolerance is valid only when tmnxKeyChainKeyDirection
         is set to 'send-receive' or 'receive'."
    DEFVAL      { 300 }
    ::= { tmnxKeyChainKeyEntry 8 }

tmnxKeyChainKeyAdminState        OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyAdminState specifies the desired
         administrative state of the particular key in the keychain.  When the
         value is 'outOfService' the keychain capabilities are disabled but the
         particular key's configuration parameters are retained."
    DEFVAL      { inService }
    ::= { tmnxKeyChainKeyEntry 9 }

tmnxKeyChainKeyOption            OBJECT-TYPE
    SYNTAX      TmnxKeyChainKeyOption
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyOption specifies the description of the
         key chain identified by the keychain name tmnxKeyChainName."
    DEFVAL      { none }
    ::= { tmnxKeyChainKeyEntry 10 }

tmnxSecurityNotificationObjs     OBJECT IDENTIFIER ::= { tmnxSecurityObjects 16 }

tmnxKeyChainAuthFailReason       OBJECT-TYPE
    SYNTAX      INTEGER {
        other                (1),
        noEnhAuthOptionRecvd (2),
        invalidOptionLen     (3),
        mismatchRecvOption   (4),
        invalidKeyId         (5),
        digestMismatch       (6),
        mismatchAlgId        (7),
        notConfigured        (9),
        noTcpAuthOptionRecvd (10)
    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "tmnxKeyChainAuthFailReason is used by tmnxKeyChainAuthFailure to
         notify the reason for the keychain authentication failure."
    ::= { tmnxSecurityNotificationObjs 1 }

tmnxKeyChainAuthAddrType         OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxKeyChainAuthAddrType indicates the address
         type (ipv4 or ipv6) of the source address in the authentication
         packet."
    ::= { tmnxSecurityNotificationObjs 2 }

tmnxKeyChainAuthAddr             OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxKeyChainAuthAddr indicates the source
         address in the authentication packet."
    ::= { tmnxSecurityNotificationObjs 3 }

tmnxMD5AuthFailReason            OBJECT-TYPE
    SYNTAX      INTEGER {
        digestMismatch   (1),
        noMD5OptionRcvd  (2),
        invalidOptionLen (3),
        notConfigured    (5)
    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "tmnxMD5AuthFailReason is used by tmnxMD5AuthFailure to notify the
         reason for the MD5 authentication failure."
    ::= { tmnxSecurityNotificationObjs 4 }

tmnxMD5AuthAddrType              OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMD5AuthAddrType indicates the address type
         (ipv4 or ipv6) of the source address in the authentication packet."
    ::= { tmnxSecurityNotificationObjs 5 }

tmnxMD5AuthAddr                  OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMD5AuthAddr indicates the source address
         in the authentication packet."
    ::= { tmnxSecurityNotificationObjs 6 }

tmnxMD5AuthKey                   OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..255))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMD5AuthKey indicates the MD5 key used for
         authentication."
    ::= { tmnxSecurityNotificationObjs 7 }

tmnxCpmProtPolId                 OBJECT-TYPE
    SYNTAX      TCpmProtPolicyID (1..255)
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCpmProtPolId indicates the policy index of
         the cpm protection policy."
    ::= { tmnxSecurityNotificationObjs 8 }

tmnxSecNotifFailureReason        OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifFailureReason indicates the reason
         for the generation of the notification."
    ::= { tmnxSecurityNotificationObjs 9 }

tmnxSecNotifFile                 OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifFile indicates the file associated
         with the notification."
    ::= { tmnxSecurityNotificationObjs 10 }

tmnxSecNotifTunnelName           OBJECT-TYPE
    SYNTAX      TXLNamedItemOrEmpty
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifTunnelName indicates the name of
         tunnel associated with the notification."
    ::= { tmnxSecurityNotificationObjs 11 }

tmnxSecNotifCert                 OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifCert indicates the certificate
         name associated with the notification."
    ::= { tmnxSecurityNotificationObjs 12 }

tmnxSecNotifOrigProtocol         OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxSecNotifOrigProtocol indicates the originating
         protocol that generated the notification."
    ::= { tmnxSecurityNotificationObjs 13 }

tmnxPkiExpRemainingHours         OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "hours"
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiExpRemainingHours indicates the time (in hours)
         remaining for the certificate or CRL (certificate revocation list) to
         expire."
    ::= { tmnxSecurityNotificationObjs 14 }

tmnxPkiExpRemainingMinutes       OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "minutes"
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiExpRemainingMinutes indicates the time (in
         minutes) remaining for the certificate or CRL (certificate revocation
         list) to expire."
    ::= { tmnxSecurityNotificationObjs 15 }

tmnxPkiExpReason                 OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiExpReason indicates the reason why the expiration
         warning for a certificate or CRL (certificate revocation list) no
         longer applies."
    ::= { tmnxSecurityNotificationObjs 16 }

tmnxSecNotifFileType             OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxSecNotifFileType indicates the file type (certificate
         or key) associated with the notification."
    ::= { tmnxSecurityNotificationObjs 17 }

tmnxSecPwdHistLoadFailReason     OBJECT-TYPE
    SYNTAX      INTEGER {
        notFound  (1),
        corrupted (2)
    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "tmnxSecPwdHistLoadFailReason is used by
         tmnxSecPwdHistoryFileLoadFailed to notify the reason for the failure
         to load the password history."
    ::= { tmnxSecurityNotificationObjs 18 }

tmnxPkiCAProfileNameForNotify    OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileNameForNotify indicates the name of the
         Certificate-Authority profile."
    ::= { tmnxSecurityNotificationObjs 19 }

tmnxSecNotifFileSize             OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    UNITS       "bytes"
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxSecNotifFileSize indicates the size of the file to be
         written at the path specified in tmnxSecNotifFile."
    ::= { tmnxSecurityNotificationObjs 20 }

tmnxSessionLimitExceededName     OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSessionLimitExceededName indicates the
         name of the object of which the session limit has been exceeded."
    ::= { tmnxSecurityNotificationObjs 21 }

tmnxSessionLimitExceededType     OBJECT-TYPE
    SYNTAX      INTEGER {
        sshSessionLimit    (1),
        telnetSessionLimit (2),
        totalSessionLimit  (3)
    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSessionLimitExceededType indicates the
         type of the session limit that has been exceeded.

         sshSessionLimit    (1): limit for number of concurrent SSH user
                                 access sessions
         telnetSessionLimit (2): limit for number of concurrent Telnet user
                                 access sessions
         totalSessionLimit  (3): limit for number of all concurrent user
                                 access sessions"
    ::= { tmnxSecurityNotificationObjs 22 }

tmnxSecNotifyUserName            OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifyUserName indicates the name of a
         system user for a security notification."
    ::= { tmnxSecurityNotificationObjs 23 }

tmnxSecNotifyAddrType            OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr."
    ::= { tmnxSecurityNotificationObjs 24 }

tmnxSecNotifyAddr                OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifyAddr indicates an IP address for
         a security notification."
    ::= { tmnxSecurityNotificationObjs 25 }

tmnxSecNotifClientAppName        OBJECT-TYPE
    SYNTAX      TXLNamedItemOrEmpty
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifClientAppName indicates the name
         of the client application associated with the notification."
    ::= { tmnxSecurityNotificationObjs 26 }

tmnxSecurityCpmProtNotificationObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 17 }

tmnxCpmProtViolMacAddress        OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolMacAddress indicates the MAC address of
         the source.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityCpmProtNotificationObjs 1 }

tmnxCpmProtViolMacPeriods        OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolMacPeriods indicates the number of times
         the per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityCpmProtNotificationObjs 2 }

tmnxCpmProtViolExcdPktHexDump    OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtViolExcdPktHexDump contains at most the first
         64 bytes (octets) of the first packet that was detected as exceeding
         the configured rate.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityCpmProtNotificationObjs 3 }

tmnxPkiSecurityObjs              OBJECT IDENTIFIER ::= { tmnxSecurityObjects 18 }

tmnxPkiMaxCertChainDepth         OBJECT-TYPE
    SYNTAX      Unsigned32 (1..7)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiMaxCertChainDepth specifies maximum depth of certificate
         chain verification."
    DEFVAL      { 7 }
    ::= { tmnxPkiSecurityObjs 1 }

tmnxPkiCAProfileTableLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxPkiCAProfileTableLastChanged indicates
         the timestamp of the last change to the tmnxPkiCAProfileTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxPkiSecurityObjs 2 }

tmnxPkiCAProfileTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileTable is the Certificate-Authority profile table.
         Entries are created and deleted by the user."
    ::= { tmnxPkiSecurityObjs 3 }

tmnxPkiCAProfileEntry            OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single Certificate-Authority profile."
    INDEX       { tmnxPkiCAProfile }
    ::= { tmnxPkiCAProfileTable 1 }

TmnxPkiCAProfileEntry            ::= SEQUENCE
{
    tmnxPkiCAProfile                 TNamedItem,
    tmnxPkiCAProfileRowStatus        RowStatus,
    tmnxPkiCAProfileLastChanged      TimeStamp,
    tmnxPkiCAProfileDescr            TItemDescription,
    tmnxPkiCAProfileCRLFile          DisplayString,
    tmnxPkiCAProfileCertFile         DisplayString,
    tmnxPkiCAProfileAdminState       TmnxAdminState,
    tmnxPkiCAProfileOperState        TmnxOperState,
    tmnxPkiCAProfileOperFlags        BITS,
    tmnxPkiCAProfOcspRespUrl         DisplayString,
    tmnxPkiCAProfOcspSvcID           TmnxServId,
    tmnxPkiCAProfOcspVerifyCertFile  DisplayString,
    tmnxPkiCAProfOcspVerifyCertCA    TruthValue,
    tmnxPkiCAProfOcspVerifyCertOvr   TruthValue,
    tmnxPkiCAProfCmpHttpTimeout      Unsigned32,
    tmnxPkiCAProfCmpUrl              DisplayString,
    tmnxPkiCAProfCmpSvcID            TmnxServId,
    tmnxPkiCAProfCmpRespSignCert     DisplayString,
    tmnxPkiCAProfCmpAccUnprotErr     TruthValue,
    tmnxPkiCAProfCmpAccUnprotPki     TruthValue,
    tmnxPkiCAProfCmpSameRecipNonce   TruthValue,
    tmnxPkiCAProfCmpAlSetSndrForIr   TruthValue,
    tmnxPkiCAProfCmpHttpVersion      INTEGER,
    tmnxPkiCAProfRevokeChk           INTEGER,
    tmnxPkiCAProfCmpSvcName          TLNamedItemOrEmpty,
    tmnxPkiCAProfOcspSvcName         TLNamedItemOrEmpty,
    tmnxPkiCAProfOcspTransProf       TNamedItemOrEmpty
}

tmnxPkiCAProfile                 OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfile specifies the name of the Certificate-Authority
         profile."
    ::= { tmnxPkiCAProfileEntry 1 }

tmnxPkiCAProfileRowStatus        OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileRowStatus specifies row status for the
         Certificate-Authority profile."
    ::= { tmnxPkiCAProfileEntry 2 }

tmnxPkiCAProfileLastChanged      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileLastChanged is the timestamp of last
         change to this row in tmnxPkiCAProfileTable."
    ::= { tmnxPkiCAProfileEntry 3 }

tmnxPkiCAProfileDescr            OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileDescr specifies the description of the
         Certificate-Authority profile."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 4 }

tmnxPkiCAProfileCRLFile          OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileCRLFile specifies the name of the
         Certificate Revocation List (CRL) file."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 5 }

tmnxPkiCAProfileCertFile         OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileCertFile specifies the name of the
         Certificate file."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 6 }

tmnxPkiCAProfileAdminState       OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileAdminState specifies the administrative
         state of this Certificate-Authority profile."
    DEFVAL      { outOfService }
    ::= { tmnxPkiCAProfileEntry 7 }

tmnxPkiCAProfileOperState        OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileOperState indicates the current
         operational status of this Certificate-Authority profile."
    ::= { tmnxPkiCAProfileEntry 8 }

tmnxPkiCAProfileOperFlags        OBJECT-TYPE
    SYNTAX      BITS {
        adminDown                   (0),
        invalidCrl                  (1),
        invalidCert                 (2),
        invalidCmpv2SigningCert     (3),
        expiredCrl                  (4),
        expiredCert                 (5),
        expiredCmpv2SigningCert     (6),
        notYetValidCrl              (7),
        notYetValidCert             (8),
        notYetValidCmpv2SigningCert (9),
        loadingCrl                  (10),
        loadingCert                 (11),
        loadingCmpv2SigningCert     (12)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileOperFlags indicates the reason that this
         Certificate-Authority profile is not in service. I.e.,
         tmnxPkiCAProfileOperState has the value 'outOfService':
         adminDown                   - tmnxPkiCAProfileAdminState is
                                       'outOfService (3)'
         invalidCrl                  - CRL file is invalid or could not be found
         invalidCert                 - Certificate file is invalid or could not
                                       be found
         invalidCmpv2SigningCert     - CMPv2 Signing Cert file is invalid
         expiredCrl                  - CRL file is expired
         expiredCert                 - Certificate file is expired
         expiredCmpv2SigningCert     - CMPv2 Signing Cert file is expired
         notYetValidCrl              - CRL file is not yet valid
         notYetValidCert             - Certificate file is not yet valid
         notYetValidCmpv2SigningCert - CMPv2 Signing Certificate file is not yet
                                       valid
         loadingCrl                  - CRL file is loading now
         loadingCert                 - Certificate file is loading now
         loadingCmpv2SigningCert     - CMPv2 Signing Certificate file is loading
                                       now"
    ::= { tmnxPkiCAProfileEntry 9 }

tmnxPkiCAProfOcspRespUrl         OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspRespUrl specifies the URL of the OCSP
         (Online Certificate Status Protocol) responder."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 10 }

tmnxPkiCAProfOcspSvcID           OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspSvcID specifies the IES or VPRN service
         router instance in which to reach the OCSP (Online Certificate Status
         Protocol) URL (tmnxPkiCAProfOcspUrl).

         The value of tmnxPkiCAProfOcspSvcID must be zero when
         tmnxPkiCAProfOcspSvcName is not default and vice-versa.

         When the values of tmnxPkiCAProfOcspSvcID and tmnxPkiCAProfOcspSvcName
         are both default, the Base router instance is used."
    DEFVAL      { 0 }
    ::= { tmnxPkiCAProfileEntry 11 }

tmnxPkiCAProfOcspVerifyCertFile  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspVerifyCertFile specifies the location
         and name of the certificate file which is used to verify the OCSP
         (Online Certificate Status Protocol) response."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 12 }

tmnxPkiCAProfOcspVerifyCertCA    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspVerifyCertCA specifies whether to use
         certificate file configured in CA profile to verify the OCSP (Online
         Certificate Status Protocol) response."
    DEFVAL      { true }
    ::= { tmnxPkiCAProfileEntry 13 }

tmnxPkiCAProfOcspVerifyCertOvr   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspVerifyCertOvr specifies whether to allow
         the system to use the certificate in the OCSP (Online Certificate
         Status Protocol) response if present, instead of the certificate
         configured by tmnxPkiCAProfOcspVerifyCertFile or
         tmnxPkiCAProfOcspVerifyCertCA."
    DEFVAL      { true }
    ::= { tmnxPkiCAProfileEntry 14 }

tmnxPkiCAProfCmpHttpTimeout      OBJECT-TYPE
    SYNTAX      Unsigned32 (1..3600)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpHttpTimeout specifies the timeout
         interval Certificate Management Protocol version 2 (CMPv2) requests to
         the CA server."
    DEFVAL      { 30 }
    ::= { tmnxPkiCAProfileEntry 15 }

tmnxPkiCAProfCmpUrl              OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpUrl specifies the URL of the CA server."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 16 }

tmnxPkiCAProfCmpSvcID            OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpSvcID specifies the IES or VPRN service
         router instance in which to reach the CMP URL (tmnxPkiCAProfCmpUrl).

         The value of tmnxPkiCAProfCmpSvcID must be zero when
         tmnxPkiCAProfCmpSvcName is not default and vice-versa.

         When values of tmnxPkiCAProfCmpSvcName and tmnxPkiCAProfCmpSvcID are
         both default, the system first checks the management router instance.
         If the management router instance is unreachable, the Base router
         instance is used."
    DEFVAL      { 0 }
    ::= { tmnxPkiCAProfileEntry 17 }

tmnxPkiCAProfCmpRespSignCert     OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpRespSignCert specifies the location and
         name of the certificate file which is used to verify the signature of
         the response."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 18 }

tmnxPkiCAProfCmpAccUnprotErr     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpAccUnprotErr specifies whether to accept
         unprotected error messages in this profile for CMPv2."
    DEFVAL      { false }
    ::= { tmnxPkiCAProfileEntry 19 }

tmnxPkiCAProfCmpAccUnprotPki     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpAccUnprotPki specifies whether to accept
         unprotected PKI configuration messages in this profile for CMPv2."
    DEFVAL      { false }
    ::= { tmnxPkiCAProfileEntry 20 }

tmnxPkiCAProfCmpSameRecipNonce   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpSameRecipNonce specifies whether to use
         the same recipient nonce for poll requests."
    DEFVAL      { false }
    ::= { tmnxPkiCAProfileEntry 21 }

tmnxPkiCAProfCmpAlSetSndrForIr   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpAlSetSndrForIr specifies whether to
         always set the sender field in CMPv2 header of all Initial
         Registration (IR) messages with the subject name for this CA profile.
         The subject name is available in the IR message body, but certain CA
         implementation may require it in the sender field of the message
         header as well. By default, the sender field is only set if an
         optional certificate is specified in the CMPv2 request."
    DEFVAL      { false }
    ::= { tmnxPkiCAProfileEntry 22 }

tmnxPkiCAProfCmpHttpVersion      OBJECT-TYPE
    SYNTAX      INTEGER {
        v10 (1),
        v11 (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpHttpVersion specifies the HTTP version
         used in CMPv2 requests. The system by default uses HTTP version 1.1
         unless explicitly specified."
    DEFVAL      { v11 }
    ::= { tmnxPkiCAProfileEntry 23 }

tmnxPkiCAProfRevokeChk           OBJECT-TYPE
    SYNTAX      INTEGER {
        crl         (1),
        crlOptional (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfRevokeChk specifies the method system uses
         to verify the revocation status of certificates issued by the CA."
    DEFVAL      { crl }
    ::= { tmnxPkiCAProfileEntry 24 }

tmnxPkiCAProfCmpSvcName          OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpSvcName specifies the IES or VPRN service
         name in which to reach the CMP URL (tmnxPkiCAProfCmpUrl).

         The value of tmnxPkiCAProfCmpSvcName must be empty when
         tmnxPkiCAProfCmpSvcID is not default and vice-versa.

         When the values of tmnxPkiCAProfCmpSvcName and tmnxPkiCAProfCmpSvcID
         are both default, the system first checks the management router
         instance. If the management router instance is unreachable, the Base
         router instance is used."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 25 }

tmnxPkiCAProfOcspSvcName         OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspSvcName specifies the IES or VPRN
         service name in which to reach the OCSP (Online Certificate Status
         Protocol) URL (tmnxPkiCAProfOcspUrl).

         The value of tmnxPkiCAProfOcspSvcName must be empty when
         tmnxPkiCAProfOcspSvcID is not default and vice-versa.

         When the values of tmnxPkiCAProfOcspSvcName and tmnxPkiCAProfOcspSvcID
         are both default, the Base router instance is used.

         Managers are encouraged to use tmnxPkiCAProfOcspTransProf (instead of
         tmnxPkiCAProfOcspSvcName) because tmnxPkiCAProfOcspSvcName will be
         deleted in a future release."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfileEntry 26 }

tmnxPkiCAProfOcspTransProf       OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfOcspTransProf specifies the name of the file
         transmission profile to be matched.

         Transmission profiles are configured using tmnxSysFileTransProfTable.

         Managers are encouraged to use tmnxPkiCAProfOcspTransProf (instead of
         tmnxPkiCAProfOcspSvcName) because tmnxPkiCAProfOcspSvcName will be
         deleted in a future release."
    DEFVAL      { "" }
    ::= { tmnxPkiCAProfileEntry 27 }

tmnxPkiCAProfCmpKeyTblLastChgd   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxPkiCAProfCmpKeyTblLastChgd indicates the
         timestamp of the last change to the tmnxPkiCAProfCmpKeyTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxPkiSecurityObjs 4 }

tmnxPkiCAProfCmpKeyTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfCmpKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfCmpKeyTable contains the CA's initial authentication
         keys used for authentication in message exchanges with the CA server."
    ::= { tmnxPkiSecurityObjs 5 }

tmnxPkiCAProfCmpKeyEntry         OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfCmpKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single CA initial authentication key."
    INDEX       {
        tmnxPkiCAProfile,
        tmnxPkiCAProfCmpKeyRefnum
    }
    ::= { tmnxPkiCAProfCmpKeyTable 1 }

TmnxPkiCAProfCmpKeyEntry         ::= SEQUENCE
{
    tmnxPkiCAProfCmpKeyRefnum        DisplayString,
    tmnxPkiCAProfCmpKeyRowStatus     RowStatus,
    tmnxPkiCAProfCmpKeyLastChanged   TimeStamp,
    tmnxPkiCAProfCmpKeySecret        DisplayString
}

tmnxPkiCAProfCmpKeyRefnum        OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpKeyRefnum specifies the reference number
         for this CA initial authentication key."
    ::= { tmnxPkiCAProfCmpKeyEntry 1 }

tmnxPkiCAProfCmpKeyRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpKeyRowStatus specifies row status for the
         Certificate-Authority profile."
    ::= { tmnxPkiCAProfCmpKeyEntry 2 }

tmnxPkiCAProfCmpKeyLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpKeyLastChanged is the timestamp of last
         change to this row in tmnxPkiCAProfCmpKeyTable."
    ::= { tmnxPkiCAProfCmpKeyEntry 3 }

tmnxPkiCAProfCmpKeySecret        OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCmpKeySecret specifies the shared secret for
         this CA initial authentication key.

         This object will always return an empty string on a read.

         The value of tmnxPkiCAProfCmpKeySecret must be specified at the time
         of row creation."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfCmpKeyEntry 4 }

tmnxPkiCertDisplayFormat         OBJECT-TYPE
    SYNTAX      INTEGER {
        ascii (1),
        utf8  (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCertDisplayFormat specifies the display format
         used for Certificates and Certificate Revocation Lists."
    DEFVAL      { ascii }
    ::= { tmnxPkiSecurityObjs 7 }

tmnxPkiCertExpWarningHours       OBJECT-TYPE
    SYNTAX      Integer32 (-1..8760)
    UNITS       "hours"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCertExpWarningHours specifies the time period (in
         hours) at which the system will generate the
         tmnxPkiCertBeforeExpWarning trap for all in-use certificates before
         expiration. If tmnxPkiCertExpWarningHours is configured, the system
         will also generate the tmnxPkiCertAfterExpWarning trap when a
         certificate expires.

         If both tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs
         are configured to 0, the system will only generate the
         tmnxPkiCertAfterExpWarning trap when a certificate expires.

         A value of -1 indicates that tmnxPkiCertExpWarningHours is not
         configured. In this case, the system will not generate a trap even
         when a certificate expires.

         The objects tmnxPkiCertExpWarningHours and
         tmnxPkiCertExpWarningRepeatHrs have to be set together for the
         specific action to be performed."
    DEFVAL      { -1 }
    ::= { tmnxPkiSecurityObjs 8 }

tmnxPkiCertExpWarningRepeatHrs   OBJECT-TYPE
    SYNTAX      Integer32 (0..8760)
    UNITS       "hours"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCertExpWarningRepeatHrs specifies the time period
         (in hours) at which the system will repeatedly generate the
         tmnxPkiCertBeforeExpWarning trap for all in-use certificates before
         expiration.

         If both tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs
         are configured to 0, the system will only generate the
         tmnxPkiCertAfterExpWarning trap when a certificate expires.

         The objects tmnxPkiCertExpWarningHours and
         tmnxPkiCertExpWarningRepeatHrs have to be set together for the
         specific action to be performed."
    DEFVAL      { 0 }
    ::= { tmnxPkiSecurityObjs 9 }

tmnxPkiCRLExpWarningHours        OBJECT-TYPE
    SYNTAX      Integer32 (-1..8760)
    UNITS       "hours"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCRLExpWarningHours specifies the time period (in
         hours) at which the system will generate the
         tmnxPkiCRLBeforeExpWarning trap for all in-use CRLs (certificate
         revocation lists) before expiration. If tmnxPkiCRLExpWarningHours is
         configured, the system will also generate the
         tmnxPkiCRLAfterExpWarning trap when a CRL expires.

         If both tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs
         are configured to 0, the system will only generate the
         tmnxPkiCRLAfterExpWarning trap when a CRL expires.

         A value of -1 indicates that tmnxPkiCRLExpWarningHours is not
         configured. In this case, the system will not generate a trap even
         when a CRL expires.

         The objects tmnxPkiCRLExpWarningHours and
         tmnxPkiCRLExpWarningRepeatHrs have to be set together for the specific
         action to be performed."
    DEFVAL      { -1 }
    ::= { tmnxPkiSecurityObjs 10 }

tmnxPkiCRLExpWarningRepeatHrs    OBJECT-TYPE
    SYNTAX      Integer32 (0..8760)
    UNITS       "hours"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCRLExpWarningRepeatHrs specifies the time period
         (in hours) at which the system will repeatedly generate
         tmnxPkiCRLBeforeExpWarning trap for all in-use CRLs (certificate
         revocation lists) before expiration.

         If both tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs
         are configured to 0, the system will only generate the
         tmnxPkiCRLAfterExpWarning trap when a CRL expires.

         The objects tmnxPkiCRLExpWarningHours and
         tmnxPkiCRLExpWarningRepeatHrs have to be set together for the specific
         action to be performed."
    DEFVAL      { 0 }
    ::= { tmnxPkiSecurityObjs 11 }

tmnxPkiCAProfAtCrlUpdTblLstChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdTblLstChgd indicates the time, since
         system startup, when tmnxPkiCAProfAtCrlUpdTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxPkiSecurityObjs 12 }

tmnxPkiCAProfAtCrlUpdTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfAtCrlUpdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfAtCrlUpdTable contains objects used to configure
         instances of automated Certificate Revocation List (CRL) updates."
    ::= { tmnxPkiSecurityObjs 13 }

tmnxPkiCAProfAtCrlUpdEntry       OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfAtCrlUpdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each tmnxPkiCAProfAtCrlUpdEntry contains the configuration for one
         automated Certificate Revocation List (CRL) update.

         Rows in tmnxPkiCAProfAtCrlUpdTable can only be created and destroyed
         via SNMP set operations to tmnxPkiCAProfAtCrlUpdRowStatus, when an
         associated row exists in tmnxPkiCAProfileTable."
    INDEX       { tmnxPkiCAProfile }
    ::= { tmnxPkiCAProfAtCrlUpdTable 1 }

TmnxPkiCAProfAtCrlUpdEntry       ::= SEQUENCE
{
    tmnxPkiCAProfAtCrlUpdRowStatus   RowStatus,
    tmnxPkiCAProfAtCrlUpdLastChgd    TimeStamp,
    tmnxPkiCAProfAtCrlUpdAdminState  TmnxAdminState,
    tmnxPkiCAProfAtCrlUpdScheduleT   INTEGER,
    tmnxPkiCAProfAtCrlUpdPrdcUpdIntv Unsigned32,
    tmnxPkiCAProfAtCrlUpdPreUpdTime  Unsigned32,
    tmnxPkiCAProfAtCrlUpdRetryIntv   Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstSucsEtId Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstSucsTmSt Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstSucsTmEd Unsigned32,
    tmnxPkiCAProfAtCrlUpdNxCrlUpdTm  Unsigned32
}

tmnxPkiCAProfAtCrlUpdRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdRowStatus specifies the status of
         this row. It is used to create and delete row entries in
         tmnxPkiCAProfAtCrlUpdTable.

         In order to delete an entry, tmnxPkiCAProfAtCrlUpdAdminState must
         first be set to 'outOfService(3)'.

         When the tmnxPkiCAProfAtCrlUpdEntry is deleted, the agent also deletes
         all rows in the tmnxPkiCAProfUrlTable associated to the entry."
    ::= { tmnxPkiCAProfAtCrlUpdEntry 1 }

tmnxPkiCAProfAtCrlUpdLastChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLastChgd indicates time, since
         system startup, that the configuration of this row was created or
         modified."
    ::= { tmnxPkiCAProfAtCrlUpdEntry 2 }

tmnxPkiCAProfAtCrlUpdAdminState  OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdAdminState specifies the
         administrative state of this automated CRL update.

         Automated CRL update and manual CRL update are mutually exclusive.

         When the value of tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
         and the current CRL is missing, expired or unusable, then the system
         will start the update process immediately regardless of
         tmnxPkiCAProfAtCrlUpdScheduleT.

         When the value of tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService
         (3)', the system shall stop the CRL update process immediately.

         tmnxPkiCAProfAtCrlUpdAdminState can only be configured to 'inService
         (2)', if tmnxPkiCAProfileAdminState is 'inService (2)' and the system
         is not manually updating a CRL file."
    DEFVAL      { outOfService }
    ::= { tmnxPkiCAProfAtCrlUpdEntry 3 }

tmnxPkiCAProfAtCrlUpdScheduleT   OBJECT-TYPE
    SYNTAX      INTEGER {
        nextUpdateBased (1),
        periodic        (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdScheduleT specifies the type of time
         scheduler to update the CRL.

         The value of tmnxPkiCAProfAtCrlUpdScheduleT must be either of
         'nextUpdateBased (1)' or 'periodic (2)':

         Values:
             nextUpdateBased(1)
                 The system starts updating a CRL file in
                 tmnxPkiCAProfAtCrlUpdPreUpdTime seconds prior to the
                 'nextUpdate' value of the current CRL. It will try to download
                 the CRL file from each URL location in order until it finds one
                 that qualifies. If none of the configured URLs work or none
                 of the downloaded CRLs qualifies, the system will wait for
                 tmnxPkiCAProfAtCrlUpdRetryIntv seconds before attempting to
                 download the CRL file again. In this case, if
                 tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop
                 attempting to update the CRL file and
                 tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.

                 If the 'nextUpdate' field is missing from the CRL,
                 then the system cannot schedule the next CRL update and
                 tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.
                 If the CRL is expected to be issued without a 'nextUpdate'
                 field, then the periodic scheduler type should be used instead.

             periodic(2)
                 The system updates the CRL file every
                 tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. It will try to
                 download a CRL from each URL location in order until it finds
                 one that qualifies. If none of the configured URLs work or
                 none of the downloaded CRLs qualifies, the system
                 will try again in tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.
                 The 'nextUpdate' field of the CRL, if present, is ignored in
                 this mode.

         The cases that a downloaded CRL does not qualify are:
             - the downloaded CRL file cannot be decoded by the system (e.g.,
               wrong file type, truncated content)
             - the downloaded CRL is not issued by the correct Certificate
               Authority (CA)
             - the downloaded CRL has expired or is not yet valid
             - the downloaded CRL has not been updated

         The URLs are configured using tmnxPkiCAProfUrlTable."
    REFERENCE
        "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
         Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5,
         'CRL and CRL Extensions Profile'."
    DEFVAL      { nextUpdateBased }
    ::= { tmnxPkiCAProfAtCrlUpdEntry 4 }

tmnxPkiCAProfAtCrlUpdPrdcUpdIntv OBJECT-TYPE
    SYNTAX      Unsigned32 (3600..31622400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv specifies the number of
         seconds required between the start time points of two consecutive CRL
         update operations.

         The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is only used when
         tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'.

         The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is ignored when
         tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'.

         The maximum value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is 366 days
         (31622400 seconds)."
    DEFVAL      { 86400 }
    ::= { tmnxPkiCAProfAtCrlUpdEntry 5 }

tmnxPkiCAProfAtCrlUpdPreUpdTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..31622400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdPreUpdTime specifies the number of
         seconds prior to the 'nextUpdate' time of the current CRL that the
         system shall download a new CRL.

         The value of tmnxPkiCAProfAtCrlUpdPreUpdTime is only used when
         tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'.

         The value of tmnxPkiCAProfAtCrlUpdPreUpdTime is ignored when
         tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'.

         If the 'nextUpdate' field is missing, then the value of
         tmnxPkiCAProfAtCrlUpdPreUpdTime has no effect.

         The maximum value of tmnxPkiCAProfAtCrlUpdPreUpdTime is 366 days
         (31622400 seconds)."
    REFERENCE
        "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
         Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5,
         'CRL and CRL Extensions Profile'."
    DEFVAL      { 3600 }
    ::= { tmnxPkiCAProfAtCrlUpdEntry 6 }

tmnxPkiCAProfAtCrlUpdRetryIntv   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..31622400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdRetryIntv specifies the interval of
         time that the system shall wait before attempting to download the CRL
         file again, if none of the URLs works.

         The value of tmnxPkiCAProfAtCrlUpdRetryIntv is only used when
         tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'.

         The value of tmnxPkiCAProfAtCrlUpdRetryIntv is ignored when
         tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'.

         If the value of tmnxPkiCAProfAtCrlUpdRetryIntv is zero and none of the
         URLs work, then the system will not attempt to download the CRL file
         any further and tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.

         The URLs are configured using tmnxPkiCAProfUrlTable."
    DEFVAL      { 3600 }
    ::= { tmnxPkiCAProfAtCrlUpdEntry 7 }

tmnxPkiCAProfAtCrlUpdLstSucsEtId OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..8)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstSucsEtId indicates the entry ID
         of the last successful automated CRL update.

         A value of zero is returned if the system never successfully updated a
         CRL file since tmnxPkiCAProfAtCrlUpdAdminState was configured to
         'inService (2)'.

         The entry, which is configured using tmnxPkiCAProfUrlTable, contains
         the information for one URL which is where the system downloads the
         CRL file from."
    ::= { tmnxPkiCAProfAtCrlUpdEntry 8 }

tmnxPkiCAProfAtCrlUpdLstSucsTmSt OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstSucsTmSt indicates the time at
         which the last successful automated CRL update was initiated. It is
         measured in seconds from 1-Jan-1970 00:00:00 UTC.

         A value of zero indicates that the system has not successfully updated
         a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
         (2)'."
    ::= { tmnxPkiCAProfAtCrlUpdEntry 9 }

tmnxPkiCAProfAtCrlUpdLstSucsTmEd OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstSucsTmEd indicates the time at
         which the last successful automated CRL update was finished. It is
         measured in seconds from 1-Jan-1970 00:00:00 UTC.

         A value of zero indicates that the system has not successfully updated
         a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
         (2)'."
    ::= { tmnxPkiCAProfAtCrlUpdEntry 10 }

tmnxPkiCAProfAtCrlUpdNxCrlUpdTm  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdNxCrlUpdTm indicates the start time
         of the next scheduled update. It is measured in seconds from
         1-Jan-1970 00:00:00 UTC. The next scheduled update time depends on the
         value of tmnxPkiCAProfAtCrlUpdScheduleT.

         A value of zero indicates that there is no scheduled update for the
         CRL."
    ::= { tmnxPkiCAProfAtCrlUpdEntry 11 }

tmnxPkiCAProfUrlTablLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfUrlTablLastChgd indicates the time, since
         system startup, when tmnxPkiCAProfUrlTable last changed configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxPkiSecurityObjs 14 }

tmnxPkiCAProfUrlTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfUrlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfUrlTable contains objects used to configure instances
         of URL information, which includes the URL location and the file
         transmission profile to use. The URL location indicates where an
         updated CRL can be downloaded from.

         The maximum number of rows in tmnxPkiCAProfUrlTable is 8."
    ::= { tmnxPkiSecurityObjs 15 }

tmnxPkiCAProfUrlEntry            OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfUrlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each tmnxPkiCAProfUrlEntry contains the information for one URL.

         Rows in tmnxPkiCAProfUrlTable are created and destroyed via SNMP set
         operations to tmnxPkiCAProfUrlRowStatus. When the
         tmnxPkiCAProfileEntry or tmnxPkiCAProfAtCrlUpdEntry is deleted, the
         agent also deletes all rows in the tmnxPkiCAProfUrlTable associated to
         the entry."
    INDEX       {
        tmnxPkiCAProfile,
        tmnxPkiCAProfUrlId
    }
    ::= { tmnxPkiCAProfUrlTable 1 }

TmnxPkiCAProfUrlEntry            ::= SEQUENCE
{
    tmnxPkiCAProfUrlId               Unsigned32,
    tmnxPkiCAProfUrlRowStatus        RowStatus,
    tmnxPkiCAProfUrlLastChanged      TimeStamp,
    tmnxPkiCAProfUrl                 TmnxDisplayStringURL,
    tmnxPkiCAProfUrlFileTransProf    TNamedItemOrEmpty
}

tmnxPkiCAProfUrlId               OBJECT-TYPE
    SYNTAX      Unsigned32 (1..8)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfUrlId uniquely specifies one URL configured
         on this system."
    ::= { tmnxPkiCAProfUrlEntry 1 }

tmnxPkiCAProfUrlRowStatus        OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfUrlRowStatus specifies the status of this
         row. It is used to create and delete row entries in
         tmnxPkiCAProfUrlTable."
    ::= { tmnxPkiCAProfUrlEntry 2 }

tmnxPkiCAProfUrlLastChanged      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfUrlLastChanged indicates the time, since
         system startup, that the configuration of this row was created or
         modified."
    ::= { tmnxPkiCAProfUrlEntry 3 }

tmnxPkiCAProfUrl                 OBJECT-TYPE
    SYNTAX      TmnxDisplayStringURL
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfUrl specifies the URL, which specifies the
         location, where an updated CRL can be downloaded from.

         This object must be configured together with
         tmnxPkiCAProfUrlFileTransProf.

         The value of an empty string specifies no URL is configured."
    REFERENCE
        "RFC 1738. 'Uniform Resource Locators (URL)', IETF, December 1994."
    DEFVAL      { "" }
    ::= { tmnxPkiCAProfUrlEntry 4 }

tmnxPkiCAProfUrlFileTransProf    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfUrlFileTransProf specifies the name of the
         file transmission profile to be matched.

         This object must be configured together with tmnxPkiCAProfUrl.

         File transmission profiles are configured using
         tmnxSysFileTransProfTable.

         The value of an empty string specifies that no file transmission
         profile is configured."
    DEFVAL      { "" }
    ::= { tmnxPkiCAProfUrlEntry 5 }

tmnxPkiCAProfManCrlUpdTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfManCrlUpdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfManCrlUpdTable contains objects used to configure
         instances of manual Certificate Revocation List (CRL) update
         operation."
    ::= { tmnxPkiSecurityObjs 16 }

tmnxPkiCAProfManCrlUpdEntry      OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfManCrlUpdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each tmnxPkiCAProfManCrlUpdEntry contains the configuration for one
         manual Certificate Revocation List (CRL) update operation.

         Rows in tmnxPkiCAProfManCrlUpdTable are automatically created and
         destroyed when an associated row is created or destroyed in the
         tmnxPkiCAProfAtCrlUpdEntry."
    AUGMENTS    { tmnxPkiCAProfAtCrlUpdEntry }
    ::= { tmnxPkiCAProfManCrlUpdTable 1 }

TmnxPkiCAProfManCrlUpdEntry      ::= SEQUENCE
{
    tmnxPkiCAProfManCrlUpdAct        TmnxActionType,
    tmnxPkiCAProfManCrlUpdAbort      TmnxActionType
}

tmnxPkiCAProfManCrlUpdAct        OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfManCrlUpdAct specifies whether or not to
         trigger the manual CRL update operation.

         Manual CRL update and automated CRL update are mutually exclusive.

         tmnxPkiCAProfManCrlUpdAct can only be configured to 'doAction (1)'
         when tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)' and
         tmnxPkiCAProfileAdminState is 'inService (2)'."
    ::= { tmnxPkiCAProfManCrlUpdEntry 1 }

tmnxPkiCAProfManCrlUpdAbort      OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfManCrlUpdAbort specifies whether or not to
         abort the manual CRL update operation.

         Manual CRL download and automated CRL update, which is configured via
         tmnxPkiCAProfAtCrlUpdTable, are mutually exclusive.

         tmnxPkiCAProfManCrlUpdAbort can only be configured to 'doAction (1)'
         when tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)' and
         tmnxPkiCAProfileAdminState is 'inService (2)'."
    ::= { tmnxPkiCAProfManCrlUpdEntry 2 }

tmnxPkiCAProfCrlUpdTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfCrlUpdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfCrlUpdTable contains the statistics information of
         the automated and manual Certificate Revocation List (CRL) update
         operations."
    ::= { tmnxPkiSecurityObjs 17 }

tmnxPkiCAProfCrlUpdEntry         OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfCrlUpdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each tmnxPkiCAProfCrlUpdEntry contains the statistics information for
         the automated and manual Certificate Revocation List (CRL) update
         operation.

         Rows in tmnxPkiCAProfManCrlUpdTable are automatically created and
         destroyed when an associated row is created or destroyed in the
         tmnxPkiCAProfAtCrlUpdEntry."
    AUGMENTS    { tmnxPkiCAProfAtCrlUpdEntry }
    ::= { tmnxPkiCAProfCrlUpdTable 1 }

TmnxPkiCAProfCrlUpdEntry         ::= SEQUENCE
{
    tmnxPkiCAProfCrlCurUpdStatus     INTEGER,
    tmnxPkiCAProfCrlCurUpdEtId       Unsigned32,
    tmnxPkiCAProfCrlCurUpdStartTime  Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstFailedId Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstFailTmSt Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstFailTmEd Unsigned32,
    tmnxPkiCAProfAtCrlUpdLstFailReas INTEGER
}

tmnxPkiCAProfCrlCurUpdStatus     OBJECT-TYPE
    SYNTAX      INTEGER {
        notUpdating       (0),
        autoScheduled     (1),
        autoDownloading   (2),
        manualDownloading (3),
        stopped           (4),
        autoVerifying     (5),
        manualVerifying   (6)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCrlCurUpdStatus indicates the CRL update
         status of this row.

         Values:
             notUpdating       (0)
                 The system is not updating the CRL file. This happens when
                 the following conditions are met:
                     1) The system is not manually updating a CRL file, and
                     2) tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)'.

             autoScheduled     (1)
                 The system is waiting for the next scheduled CRL update time
                 (tmnxPkiCAProfAtCrlUpdNxCrlUpdTm) in an automated
                 CRL update operation. This happens when the following
                 conditions are met:
                     1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
                        and
                     2) The next scheduled CRL update time is not reached.

             autoDownloading   (2)
                 The system is downloading the CRL file in an automated CRL
                 update operation. This happens when the following conditions
                 are met:
                     1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
                        and
                     2) The current CRL is invalid, or next scheduled CRL update
                        time is reached.

             manualDownloading (3)
                 The system is downloading the CRL file in a manual CRL update
                 operation (tmnxPkiCAProfManCrlUpdTable).

             stopped           (4)
                 The system stopped updating the CRL. This happens when one
                 of the following conditions are met:
                     1) In the automated CRL update case, the system did not find
                        a CRL that qualifies from any of the configured URLs.
                        Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
                        'nextUpdateBased (1)' and the value of
                        tmnxPkiCAProfAtCrlUpdRetryIntv is zero; or
                     2) In the automated CRL update case, the system finds a CRL
                        that qualifies from one of the configured URLs, but
                        the 'nextUpdate' field is missing.
                        Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
                        'nextUpdateBased (1)'; or
                     3) In the manual CRL update case, the system did not find
                        a CRL that qualifies from any of the configured URLs.
                     4) The manual CRL update was aborted by configuring
                        tmnxPkiCAProfManCrlUpdAbort to 'doAction (1)'.

                 tmnxPkiCAProfCrlCurUpdStatus will never be 'stopped (4)' when
                 tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. In this
                 case, after attempting all URLs, the system will try to
                 update the CRL file again in
                 tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.

             autoVerifying     (5)
                 The system is verifying the downloaded CRL file in an
                 automated CRL update operation.

             manualVerifying   (6)
                 The system is verifying the downloaded CRL file in a
                 manual CRL update operation."
    ::= { tmnxPkiCAProfCrlUpdEntry 1 }

tmnxPkiCAProfCrlCurUpdEtId       OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..8)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCrlCurUpdEtId indicates the entry ID which
         is being used in the current update for a CRL file. A value of zero is
         returned if the value of tmnxPkiCAProfCrlCurUpdStatus is 'notUpdating
         (0)' or 'stopped (4)'.

         The entry, which is configured using tmnxPkiCAProfUrlTable, contains
         the information for one URL which is where the system downloads the
         CRL file from."
    ::= { tmnxPkiCAProfCrlUpdEntry 2 }

tmnxPkiCAProfCrlCurUpdStartTime  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfCrlCurUpdStartTime indicates the time at
         which the current automated CRL update was initiated. It is measured
         in seconds from 1-Jan-1970 00:00:00 UTC.

         A value of zero indicates that the system has not started updating a
         CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
         (2)'."
    ::= { tmnxPkiCAProfCrlUpdEntry 3 }

tmnxPkiCAProfAtCrlUpdLstFailedId OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..8)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstFailedId indicates the entry ID
         of the last failed automated CRL update.

         A value of zero is returned if the system has not failed to update any
         CRL file since tmnxPkiCAProfAtCrlUpdAdminState was configured to
         'inService (2)'.

         The entry, which is configured using tmnxPkiCAProfUrlTable, contains
         the information for one URL which is where the system downloads the
         CRL file from."
    ::= { tmnxPkiCAProfCrlUpdEntry 4 }

tmnxPkiCAProfAtCrlUpdLstFailTmSt OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstFailTmSt indicates the time at
         which the last failed automated CRL update was initiated. It is
         measured in seconds from 1-Jan-1970 00:00:00 UTC.

         A value of zero indicates that the system has not failed to update any
         CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
         (2)'."
    ::= { tmnxPkiCAProfCrlUpdEntry 5 }

tmnxPkiCAProfAtCrlUpdLstFailTmEd OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstFailTmEd indicates the time at
         which the last failed automated CRL update was finished. It is
         measured in seconds from 1-Jan-1970 00:00:00 UTC.

         A value of zero indicates that the system has not failed to update any
         CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
         (2)'."
    ::= { tmnxPkiCAProfCrlUpdEntry 6 }

tmnxPkiCAProfAtCrlUpdLstFailReas OBJECT-TYPE
    SYNTAX      INTEGER {
        noFailure      (0),
        downloadFailed (1),
        invalidCRL     (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAtCrlUpdLstFailReas indicates the reason of
         the recent failed automated CRL update.

             noFailure      (0) -- The system never fails to update the CRL file
             downloadFailed (1) -- The system failed to download the CRL file
             invalidCRL     (2) -- The verification of the downloaded CRL file
                                   failed"
    ::= { tmnxPkiCAProfCrlUpdEntry 7 }

tmnxPkiCAProfActnTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfActnEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnTable allows actions on the Certificate-Authority
         profiles."
    ::= { tmnxPkiSecurityObjs 22 }

tmnxPkiCAProfActnEntry           OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfActnEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnEntry allows action on a specific
         Certificate-Authority profile."
    INDEX       { tmnxPkiCAProfile }
    ::= { tmnxPkiCAProfActnTable 1 }

TmnxPkiCAProfActnEntry           ::= SEQUENCE
{
    tmnxPkiCAProfActnType            INTEGER,
    tmnxPkiCAProfAction              TmnxActionType,
    tmnxPkiCAProfActnKey             DisplayString,
    tmnxPkiCAProfActnProtAlgPass     DisplayString,
    tmnxPkiCAProfActnProtAlgRef      DisplayString,
    tmnxPkiCAProfActnProtAlgSigCert  DisplayString,
    tmnxPkiCAProfActnProtAlgSigHash  INTEGER,
    tmnxPkiCAProfActnSubjectDn       DisplayString,
    tmnxPkiCAProfActnSaveAsFile      DisplayString,
    tmnxPkiCAProfActnNewKey          DisplayString,
    tmnxPkiCAProfActnStatus          INTEGER,
    tmnxPkiCAProfActnStatusString    DisplayString,
    tmnxPkiCAProfActnStatusCode      INTEGER,
    tmnxPkiCAProfActnOrigCmdTime     DateAndTime,
    tmnxPkiCAProfActnLastCAResp      DateAndTime,
    tmnxPkiCAProfActnSendChain       TruthValue,
    tmnxPkiCAProfActnSendChainCA     TNamedItemOrEmpty,
    tmnxPkiCAProfActnProtKey         DisplayString,
    tmnxPkiCAProfActnDomain          TmnxLongDisplayString,
    tmnxPkiCAProfActnInetAddrType    InetAddressType,
    tmnxPkiCAProfActnInetAddr        InetAddress
}

tmnxPkiCAProfActnType            OBJECT-TYPE
    SYNTAX      INTEGER {
        initialRegistration (1),
        certRequest         (2),
        keyUpdate           (3),
        poll                (4),
        clearRequest        (5),
        abortRequest        (6)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnType specifies the action to be performed on the
         CA profile.

         The tmnxPkiCAProfActnType and tmnxPkiCAProfAction objects must be set
         together for the specific action to be performed."
    ::= { tmnxPkiCAProfActnEntry 1 }

tmnxPkiCAProfAction              OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfAction specifies to perform action specified
         in the tmnxPkiCAProfActnType object.

         The value of tmnxPkiCAProfAction will always be returned as
         'notApplicable'.

         The tmnxPkiCAProfActnType and tmnxPkiCAProfAction objects must be set
         together for the specific action to be performed."
    DEFVAL      { notApplicable }
    ::= { tmnxPkiCAProfActnEntry 2 }

tmnxPkiCAProfActnKey             OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..95))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnKey specifies the key associated with requested
         action on the CA profile."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 3 }

tmnxPkiCAProfActnProtAlgPass     OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnProtAlgPass specifies the password of the
         protection algorithm associated with requested action on the CA
         profile.

         The value of tmnxPkiCAProfActnProtAlgPass cannot be set to an empty
         string if tmnxPkiCAProfAction is set to 'initialRegistration' and the
         CMP request is to be protected by Message Authentication Code (MAC).

         GETs and GETNEXTs on this variable return an empty string."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 4 }

tmnxPkiCAProfActnProtAlgRef      OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnProtAlgRef specifies the reference number of the
         protection algorithm associated with requested action on the CA
         profile.

         The value of tmnxPkiCAProfActnProtAlgRef cannot be set to an empty
         string if tmnxPkiCAProfAction is set to 'initialRegistration' and the
         CMP request is to be protected by Message Authentication Code (MAC)."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 5 }

tmnxPkiCAProfActnProtAlgSigCert  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..95))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnProtAlgSigCert specifies the signature
         certificate file for the protection algorithm associated with
         requested action on the CA profile.

         The value of tmnxPkiCAProfActnProtAlgSigCert cannot be set to an empty
         string if tmnxPkiCAProfAction is set to 'certRequest' or 'keyUpdate'
         and the CMP request is to be protected by Digital Signature."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 6 }

tmnxPkiCAProfActnProtAlgSigHash  OBJECT-TYPE
    SYNTAX      INTEGER {
        null   (1),
        md5    (2),
        sha1   (3),
        sha256 (4),
        sha384 (5),
        sha512 (6),
        sha224 (7)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnProtAlgSigHash specifies the signature hash
         algorithm for the protection algorithm associated with requested
         action on the CA profile.

         The value of tmnxPkiCAProfActnProtAlgSigHash cannot be set to 'null'
         if tmnxPkiCAProfAction is set to 'initialRegistration' or
         'certRequest' or 'keyUpdate', and the CMP request is to be protected
         by Digital Signature."
    DEFVAL      { sha1 }
    ::= { tmnxPkiCAProfActnEntry 7 }

tmnxPkiCAProfActnSubjectDn       OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnSubjectDn specifies the domain of the subject
         associated with requested action on the CA profile.

         The value of tmnxPkiCAProfActnSubjectDn cannot be set to an empty
         string if tmnxPkiCAProfAction is set to 'initialRegistration' or
         'certRequest'."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 8 }

tmnxPkiCAProfActnSaveAsFile      OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..200))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnSaveAsFile specifies the file name to which
         resultant certificate is saved associated with the requested action on
         the CA profile.

         The value of tmnxPkiCAProfActnSaveAsFile cannot be set to an empty
         string if tmnxPkiCAProfAction is set to 'initialRegistration' or
         'certRequest' or 'keyUpdate'."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 9 }

tmnxPkiCAProfActnNewKey          OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..95))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnNewKey specifies the new key associated with
         requested action on the CA profile.

         The value of tmnxPkiCAProfActnNewKey cannot be set to an empty string
         if tmnxPkiCAProfAction is set to 'keyUpdate'."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 10 }

tmnxPkiCAProfActnStatus          OBJECT-TYPE
    SYNTAX      INTEGER {
        processed  (0),
        inProgress (1),
        failed     (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnStatus indicates the status of the last action on
         the CA profile."
    ::= { tmnxPkiCAProfActnEntry 11 }

tmnxPkiCAProfActnStatusString    OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnStatusString indicates the detailed status of the
         last action on the CA profile."
    ::= { tmnxPkiCAProfActnEntry 12 }

tmnxPkiCAProfActnStatusCode      OBJECT-TYPE
    SYNTAX      INTEGER {
        none                   (0),
        accepted               (1),
        grantedWithMods        (2),
        rejection              (3),
        waiting                (4),
        revocationWarning      (5),
        revocationNotification (6),
        keyUpdateWarning       (7)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnStatusCode indicates the status of the last
         action on the CA profile."
    ::= { tmnxPkiCAProfActnEntry 13 }

tmnxPkiCAProfActnOrigCmdTime     OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnOrigCmdTime indicates the time when original
         command request was issued."
    ::= { tmnxPkiCAProfActnEntry 14 }

tmnxPkiCAProfActnLastCAResp      OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnLastCAResp indicates the last response from the
         the CA server."
    ::= { tmnxPkiCAProfActnEntry 15 }

tmnxPkiCAProfActnSendChain       OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnSendChain specifies whether to send the chain in
         the extra certificates."
    DEFVAL      { false }
    ::= { tmnxPkiCAProfActnEntry 16 }

tmnxPkiCAProfActnSendChainCA     OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnSendChainCA specifies the Certificate Authority
         profile to pick the chain in case of multiple chains available.

         System will calculate the chain, if the value of this object is set to
         empty.

         The action will fail, if the unique chain can not be resolved."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 17 }

tmnxPkiCAProfActnProtKey         OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..95))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnProtKey specifies the protection key associated
         with requested action on the CA profile."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 18 }

tmnxPkiCAProfActnDomain          OBJECT-TYPE
    SYNTAX      TmnxLongDisplayString (SIZE (0..512))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfActnDomain specifies the comma separated domain names
         associated with requested action on the CA profile.

         The tmnxPkiCAProfActnDomain may be set non-default when
         tmnxPkiCAProfAction is being set to 'initialRegistration' or
         'certRequest'."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 19 }

tmnxPkiCAProfActnInetAddrType    OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCAProfActnInetAddrType specifies the
         address type of the 'tmnxPkiCAProfActnInetAddr' object."
    DEFVAL      { unknown }
    ::= { tmnxPkiCAProfActnEntry 20 }

tmnxPkiCAProfActnInetAddr        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCAProfActnInetAddr specifies the IP
         address as 'subjectAltName' in certificate template of CMPv2 initial
         registration or certificate-request action.

         The tmnxPkiCAProfActnInetAddr must be set together with
         tmnxPkiCAProfActnInetAddrType object."
    DEFVAL      { ''H }
    ::= { tmnxPkiCAProfActnEntry 21 }

tmnxPkiCNListTableLastChanged    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListTableLastChanged indicates the
         timestamp of the last change to the tmnxPkiCNListTable. A value of
         zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxPkiSecurityObjs 23 }

tmnxPkiCNListTable               OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCNListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCNListTable is the Common Name List table. It contains
         lists of supported Common Names. Entries are created and deleted by
         the user. Common name is domain name or IP address, which is present
         in a certificate in field 'Common Name' (CN) or in the extension
         'Subject Alternative Name' (SAN). Certificate is valid, if CN or one
         of SANs corresponds to any item in the CN List."
    ::= { tmnxPkiSecurityObjs 24 }

tmnxPkiCNListEntry               OBJECT-TYPE
    SYNTAX      TmnxPkiCNListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCNListEntry is an entry (conceptual row) in the
         tmnxPkiCNListTable. Each entry represents the configuration for an
         ordered list of supported Common Names."
    INDEX       { tmnxPkiCNListName }
    ::= { tmnxPkiCNListTable 1 }

TmnxPkiCNListEntry               ::= SEQUENCE
{
    tmnxPkiCNListName                TNamedItem,
    tmnxPkiCNListLastChanged         TimeStamp,
    tmnxPkiCNListRowStatus           RowStatus
}

tmnxPkiCNListName                OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListName specifies the name of an
         ordered list of supported common names."
    ::= { tmnxPkiCNListEntry 1 }

tmnxPkiCNListLastChanged         OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListLastChanged indicates the
         sysUpTime at the time of the most recent management-initiated change
         to this entry."
    ::= { tmnxPkiCNListEntry 2 }

tmnxPkiCNListRowStatus           OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListRowStatus indicates the status of
         the conceptual row in tmnxPkiCNListTable. Only values 'createAndGo(4)'
         and 'destroy(6)' are supported."
    ::= { tmnxPkiCNListEntry 3 }

tmnxPkiCNListParamTableLstChgd   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxPkiCNListParamTableLstChgd indicates the
         timestamp of the last change to the tmnxPkiCNListParamTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxPkiSecurityObjs 25 }

tmnxPkiCNListParamTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCNListParamEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCNListParamTable stores configuration and status
         information related to Common Names which belong to ordered lists of
         Common Names specified by entries in tmnxPkiCNListTable."
    ::= { tmnxPkiSecurityObjs 26 }

tmnxPkiCNListParamEntry          OBJECT-TYPE
    SYNTAX      TmnxPkiCNListParamEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCNListParamEntry is an entry (conceptual row) in the
         tmnxPkiCNListParamTable. Each entry contains information pertaining to
         a Common Name which belongs to a list specified by tmnxPkiCNListName."
    INDEX       {
        tmnxPkiCNListName,
        tmnxPkiCNListParamIndex
    }
    ::= { tmnxPkiCNListParamTable 1 }

TmnxPkiCNListParamEntry          ::= SEQUENCE
{
    tmnxPkiCNListParamIndex          Unsigned32,
    tmnxPkiCNListParamLastChanged    TimeStamp,
    tmnxPkiCNListParamRowStatus      RowStatus,
    tmnxPkiCNListParamCNType         TmnxPkiCNType,
    tmnxPkiCNListParamCNValue        TRegularExpression
}

tmnxPkiCNListParamIndex          OBJECT-TYPE
    SYNTAX      Unsigned32 (1..128)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListParamIndex specifies the order of
         preference of a Common Name within the list specified by
         tmnxPkiCNListName."
    ::= { tmnxPkiCNListParamEntry 1 }

tmnxPkiCNListParamLastChanged    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCNListParamLastChanged is the timestamp of last
         change to this entry."
    ::= { tmnxPkiCNListParamEntry 2 }

tmnxPkiCNListParamRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListParamRowStatus specifies the
         status of the conceptual row in tmnxPkiCNListParamTable."
    ::= { tmnxPkiCNListParamEntry 3 }

tmnxPkiCNListParamCNType         OBJECT-TYPE
    SYNTAX      TmnxPkiCNType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListParamCNType specifies the type of
         Common Name."
    ::= { tmnxPkiCNListParamEntry 4 }

tmnxPkiCNListParamCNValue        OBJECT-TYPE
    SYNTAX      TRegularExpression
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxPkiCNListParamCNValue specifies value of
         Common Name for which a certificate is issued."
    ::= { tmnxPkiCNListParamEntry 5 }

tmnxPkiImportedFormat            OBJECT-TYPE
    SYNTAX      INTEGER {
        any    (1),
        secure (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiImportedFormat specifies the supported encrypted
         file formats.

             any    - both old and new encrypted file format are supported
             secure - only the new encrypted file format is supported"
    DEFVAL      { any }
    ::= { tmnxPkiSecurityObjs 27 }

tmnxCertMgrStatsGroup            OBJECT IDENTIFIER ::= { tmnxSecurityObjects 19 }

tmnxCertMgrAuthFailed            OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxCertMgrAuthFailed indicates the number of authentication
         failures using the certificates."
    ::= { tmnxCertMgrStatsGroup 1 }

tmnxCertMgrAuthPassed            OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxCertMgrAuthPassed indicates the number of authentication
         checks passed using the certificates."
    ::= { tmnxCertMgrStatsGroup 2 }

tmnxCertMgrTotalAuth             OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxCertMgrTotalAuth indicates the number of authentication
         attempts using the certificates."
    ::= { tmnxCertMgrStatsGroup 3 }

tmnxUserPublicKeyObjects         OBJECT IDENTIFIER ::= { tmnxSecurityObjects 20 }

tmnxUserPublicKeyTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserPublicKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxUserPublicKeyTable has entries for Secure Shell version 2
         (SSHv2) RSA public keys configured for the system users."
    ::= { tmnxUserPublicKeyObjects 1 }

tmnxUserPublicKeyEntry           OBJECT-TYPE
    SYNTAX      TmnxUserPublicKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a Secure Shell version 2 (SSHv2) RSA public
         key associated with the system user. Entries in this table can be
         created and deleted via SNMP SET operations to
         tmnxUserPublicKeyRowStatus."
    INDEX       {
        tmnxUserName,
        tmnxUserPublicKeyNumber
    }
    ::= { tmnxUserPublicKeyTable 1 }

TmnxUserPublicKeyEntry           ::= SEQUENCE
{
    tmnxUserPublicKeyNumber          Unsigned32,
    tmnxUserPublicKeyRowStatus       RowStatus,
    tmnxUserPublicKeyLastChanged     TimeStamp,
    tmnxUserPublicKeyName            TmnxLongDisplayString,
    tmnxUserPublicKeyDescription     TItemDescription
}

tmnxUserPublicKeyNumber          OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPublicKeyNumber specifies the number of the
         Secure Shell version 2 (SSHv2) RSA public key that is associated with
         the system user."
    ::= { tmnxUserPublicKeyEntry 1 }

tmnxUserPublicKeyRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPublicKeyRowStatus specifies the row status of
         this entry. It is used for creation and deletion of the Secure Shell
         version 2 (SSHv2) RSA public key.

         Only values 'active (1)', 'createAndGo(4)', and 'destroy (6)' are
         supported."
    ::= { tmnxUserPublicKeyEntry 2 }

tmnxUserPublicKeyLastChanged     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPublicKeyLastChanged indicates the timestamp of
         the last change to this row in tmnxUserPublicKeyTable."
    ::= { tmnxUserPublicKeyEntry 3 }

tmnxUserPublicKeyName            OBJECT-TYPE
    SYNTAX      TmnxLongDisplayString (SIZE (0..800))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPublicKeyName specifies the value of the Secure
         Shell version 2 (SSHv2) RSA public key associated with the system
         user."
    DEFVAL      { ''H }
    ::= { tmnxUserPublicKeyEntry 4 }

tmnxUserPublicKeyDescription     OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPublicKeyDescription specifies the user-provided
         string describing this RSA public key."
    DEFVAL      { ''H }
    ::= { tmnxUserPublicKeyEntry 5 }

tmnxUserPubKeyTableLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxUserPubKeyTableLastChanged indicates the
         timestamp of the last change to the tmnxUserPublicKeyTable. A value of
         0 indicates that no changes were made to this table since the system
         was last initialized."
    ::= { tmnxUserPublicKeyObjects 2 }

tmnxUserPubEcdsaKeyTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserPubEcdsaKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxUserPubEcdsaKeyTable has entries for Secure Shell version 2
         (SSHv2) ECDSA public keys configured for the system users."
    ::= { tmnxUserPublicKeyObjects 3 }

tmnxUserPubEcdsaKeyEntry         OBJECT-TYPE
    SYNTAX      TmnxUserPubEcdsaKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a Secure Shell version 2 (SSHv2) ECDSA
         public key associated with the system user. Entries in this table can
         be created and deleted via SNMP SET operations to
         tmnxUserPubEcdsaKeyRowStatus."
    INDEX       {
        tmnxUserName,
        tmnxUserPubEcdsaKeyNumber
    }
    ::= { tmnxUserPubEcdsaKeyTable 1 }

TmnxUserPubEcdsaKeyEntry         ::= SEQUENCE
{
    tmnxUserPubEcdsaKeyNumber        Unsigned32,
    tmnxUserPubEcdsaKeyRowStatus     RowStatus,
    tmnxUserPubEcdsaKeyLastChanged   TimeStamp,
    tmnxUserPubEcdsaKeyName          DisplayString,
    tmnxUserPubEcdsaKeyDescription   TItemDescription
}

tmnxUserPubEcdsaKeyNumber        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPubEcdsaKeyNumber specifies the number of the
         Secure Shell version 2 (SSHv2) ECDSA public key that is associated
         with the system user."
    ::= { tmnxUserPubEcdsaKeyEntry 1 }

tmnxUserPubEcdsaKeyRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPubEcdsaKeyRowStatus specifies the row status of
         this entry. It is used for creation and deletion of the Secure Shell
         version 2 (SSHv2) ECDSA public key.

         Only values 'active (1)', 'createAndGo(4)', and 'destroy (6)' are
         supported."
    ::= { tmnxUserPubEcdsaKeyEntry 2 }

tmnxUserPubEcdsaKeyLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPubEcdsaKeyLastChanged indicates the timestamp of
         the last change to this row in tmnxUserPubEcdsaKeyTable."
    ::= { tmnxUserPubEcdsaKeyEntry 3 }

tmnxUserPubEcdsaKeyName          OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..255))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPubEcdsaKeyName specifies the value of the Secure
         Shell version 2 (SSHv2) ECDSA public key associated with the system
         user."
    DEFVAL      { ''H }
    ::= { tmnxUserPubEcdsaKeyEntry 4 }

tmnxUserPubEcdsaKeyDescription   OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPubEcdsaKeyDescription specifies the
         user-provided string describing this ECDSA public key."
    DEFVAL      { ''H }
    ::= { tmnxUserPubEcdsaKeyEntry 5 }

tmnxUserPubEcdsaKeyTblLstChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxUserPubEcdsaKeyTblLstChgd indicates the
         timestamp of the last change to the tmnxUserPubEcdsaKeyTable. A value
         of 0 indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxUserPublicKeyObjects 4 }

tmnxUserActionObjs               OBJECT IDENTIFIER ::= { tmnxSecurityObjects 21 }

tmnxUserActionUserName           OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserActionUserName specifies the user name on which
         the action applies."
    ::= { tmnxUserActionObjs 1 }

tmnxUserActionUnlock             OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxUserActionUnlock is set to 'doAction', the user specified in
         tmnxUserActionUserName can make again tmnxPasswordAttemptsCount
         unsuccessful login attempts before he is locked out for
         tmnxPasswordAttemptsLockoutPeriod minutes, and his exponential backoff
         period is reset to 1 second if slcLoginExponentialBackOff is set to
         'true'.

         When setting the value of this object to 'doAction', the value of
         tmnxUserActionUserName must be set as well in the same SNMP SET PDU.

         If the value of tmnxUserActionUserName is set to an empty string, this
         action applies to all users."
    ::= { tmnxUserActionObjs 2 }

tmnxUserActionClearPwdHistory    OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxUserActionClearPwdHistory is set to 'doAction', the password
         history of one or more users will be cleared, allowing them to reuse
         any password that they previously used.

         When setting the value of this object to 'doAction', the value of
         tmnxUserActionUserName must be set as well in the same SNMP SET PDU.

         If the value of tmnxUserActionUserName is set to a non-empty string
         only the password history of the specified user will be cleared.
         Otherwise the password history of all users will be cleared."
    ::= { tmnxUserActionObjs 3 }

tmnxTacPlusPrivLvlMapTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxTacPlusPrivLvlMapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table which maps privilege levels to user profiles.

         This table is used during TACACS+ authorization to map priv-lvl to a
         user profile when tmnxTacPlusAuthorUsePrivLvl is 'true(1)', and it is
         also used during the TACACS+ enable request to map
         tmnxTacPlusEnableAdminPrivLvl to a user profile."
    ::= { tmnxSecurityObjects 22 }

tmnxTacPlusPrivLvlMapEntry       OBJECT-TYPE
    SYNTAX      TmnxTacPlusPrivLvlMapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single user profile."
    INDEX       { tmnxTacPlusPrivLvlMapPrivLvl }
    ::= { tmnxTacPlusPrivLvlMapTable 1 }

TmnxTacPlusPrivLvlMapEntry       ::= SEQUENCE
{
    tmnxTacPlusPrivLvlMapPrivLvl     Unsigned32,
    tmnxTacPlusPrivLvlRowStatus      RowStatus,
    tmnxTacPlusPrivLvlMapUserProfile TNamedItem
}

tmnxTacPlusPrivLvlMapPrivLvl     OBJECT-TYPE
    SYNTAX      Unsigned32 (0..15)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusPrivLvlMapPrivLvl specifies the privilege
         level for this mapping."
    ::= { tmnxTacPlusPrivLvlMapEntry 1 }

tmnxTacPlusPrivLvlRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusPrivLvlRowStatus controls the creation and
         deletion of rows in this table."
    ::= { tmnxTacPlusPrivLvlMapEntry 2 }

tmnxTacPlusPrivLvlMapUserProfile OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusPrivLvlMapUserProfile specifies the user
         profile for this mapping.

         This user profile refers to a profile configured in
         tmnxUserProfileTable."
    ::= { tmnxTacPlusPrivLvlMapEntry 3 }

tmnxOcspCacheTable               OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxOcspCacheEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxOcspCacheTable maintains a cache of OCSP (Online Certificate
         Status Protocol) requests."
    ::= { tmnxSecurityObjects 23 }

tmnxOcspCacheEntry               OBJECT-TYPE
    SYNTAX      TmnxOcspCacheEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxOcspCacheEntry maintains OCSP cache of an OCSP request."
    INDEX       { tmnxOcspCacheEntryId }
    ::= { tmnxOcspCacheTable 1 }

TmnxOcspCacheEntry               ::= SEQUENCE
{
    tmnxOcspCacheEntryId             Integer32,
    tmnxOcspCacheCertSerial          OCTET STRING,
    tmnxOcspCacheCertIssuer          TLDisplayString,
    tmnxOcspCacheExpiry              Unsigned32,
    tmnxOcspCacheCertStatus          INTEGER
}

tmnxOcspCacheEntryId             OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxOcspCacheEntryId indicates the local cache entry
         identifier of the certificate that was validated by the OCSP
         responder."
    ::= { tmnxOcspCacheEntry 1 }

tmnxOcspCacheCertSerial          OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (1..20))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxOcspCacheCertSerial indicates the the serial number
         of the certificate associated with this OCSP (Online Certificate
         Status Protocol) cache entry."
    ::= { tmnxOcspCacheEntry 2 }

tmnxOcspCacheCertIssuer          OBJECT-TYPE
    SYNTAX      TLDisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxOcspCacheCertIssuer indicates the issuer of the
         certificate that was validated by the OCSP responder."
    ::= { tmnxOcspCacheEntry 3 }

tmnxOcspCacheExpiry              OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxOcspCacheExpiry indicates the time at which this
         cache entry will automatically be purged by the system."
    ::= { tmnxOcspCacheEntry 4 }

tmnxOcspCacheCertStatus          OBJECT-TYPE
    SYNTAX      INTEGER {
        good    (0),
        revoked (1)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxOcspCacheCertStatus indicates status of the
         certificate associated with this OCSP (Online Certificate Status
         Protocol) cache entry."
    ::= { tmnxOcspCacheEntry 5 }

tmnxSecurityTech                 OBJECT IDENTIFIER ::= { tmnxSecurityObjects 24 }

tmnxSecurityTechSupportLocation  OBJECT-TYPE
    SYNTAX      TmnxDisplayStringURL
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxSecurityTechSupportLocation specifies the default
         file path for generated tech-support files. If not specified, there is
         no default location, and one must be manually specified when
         generating an admin tech-support file."
    DEFVAL      { "" }
    ::= { tmnxSecurityTech 1 }

tmnxSSHCipherTable               OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHCipherEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This Table indicates the ciphers allowed for SSH protocol version 1
         and SSH protocol version 2."
    ::= { tmnxSecurityObjects 25 }

tmnxSSHCipherEntry               OBJECT-TYPE
    SYNTAX      TmnxSSHCipherEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single cipher."
    INDEX       {
        tmnxSSHCipherProtocolVersion,
        tmnxSSHCipherNumber
    }
    ::= { tmnxSSHCipherTable 1 }

TmnxSSHCipherEntry               ::= SEQUENCE
{
    tmnxSSHCipherProtocolVersion     INTEGER,
    tmnxSSHCipherNumber              TSSHCipherNumber,
    tmnxSSHCipherName                DisplayString
}

tmnxSSHCipherProtocolVersion     OBJECT-TYPE
    SYNTAX      INTEGER {
        version1 (1),
        version2 (2)
    }
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHCipherProtocolVersion indicates the SSH protocol
         version."
    ::= { tmnxSSHCipherEntry 1 }

tmnxSSHCipherNumber              OBJECT-TYPE
    SYNTAX      TSSHCipherNumber
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHCipherNumber indicates the cipher."
    ::= { tmnxSSHCipherEntry 2 }

tmnxSSHCipherName                OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHCipherName indicates the name of the cipher."
    ::= { tmnxSSHCipherEntry 3 }

tmnxSSHServerCipherListTable     OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHServerCipherListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to configure the ordered list of ciphers allowed for SSH
         protocol version 1 and SSH protocol version 2 by the SSH server."
    ::= { tmnxSecurityObjects 26 }

tmnxSSHServerCipherListEntry     OBJECT-TYPE
    SYNTAX      TmnxSSHServerCipherListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single cipher in the cipher list."
    INDEX       {
        tmnxSSHCipherProtocolVersion,
        tmnxSSHServerCipherListIndex
    }
    ::= { tmnxSSHServerCipherListTable 1 }

TmnxSSHServerCipherListEntry     ::= SEQUENCE
{
    tmnxSSHServerCipherListIndex     Integer32,
    tmnxSSHServerCipherListRowStatus RowStatus,
    tmnxSSHServerCipherListNumber    TSSHCipherNumber
}

tmnxSSHServerCipherListIndex     OBJECT-TYPE
    SYNTAX      Integer32 (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHServerCipherListIndex specifies the position of
         this cipher in the cipher list."
    ::= { tmnxSSHServerCipherListEntry 1 }

tmnxSSHServerCipherListRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHServerCipherListRowStatus specifies the row status
         of this entry."
    ::= { tmnxSSHServerCipherListEntry 2 }

tmnxSSHServerCipherListNumber    OBJECT-TYPE
    SYNTAX      TSSHCipherNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHServerCipherListNumber specifies the cipher."
    DEFVAL      { none }
    ::= { tmnxSSHServerCipherListEntry 3 }

tmnxSSHClientCipherListTable     OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHClientCipherListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to configure the ordered list of ciphers allowed for SSH
         protocol version 1 and SSH protocol version 2 by the SSH client."
    ::= { tmnxSecurityObjects 27 }

tmnxSSHClientCipherListEntry     OBJECT-TYPE
    SYNTAX      TmnxSSHClientCipherListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single cipher in the cipher list."
    INDEX       {
        tmnxSSHCipherProtocolVersion,
        tmnxSSHClientCipherListIndex
    }
    ::= { tmnxSSHClientCipherListTable 1 }

TmnxSSHClientCipherListEntry     ::= SEQUENCE
{
    tmnxSSHClientCipherListIndex     Integer32,
    tmnxSSHClientCipherListRowStatus RowStatus,
    tmnxSSHClientCipherListNumber    TSSHCipherNumber
}

tmnxSSHClientCipherListIndex     OBJECT-TYPE
    SYNTAX      Integer32 (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHClientCipherListIndex specifies the position of
         this cipher in the cipher list."
    ::= { tmnxSSHClientCipherListEntry 1 }

tmnxSSHClientCipherListRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHClientCipherListRowStatus specifies the row status
         of this entry."
    ::= { tmnxSSHClientCipherListEntry 2 }

tmnxSSHClientCipherListNumber    OBJECT-TYPE
    SYNTAX      TSSHCipherNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHClientCipherListNumber specifies the cipher."
    DEFVAL      { none }
    ::= { tmnxSSHClientCipherListEntry 3 }

tmnxCliScriptAuthObjs            OBJECT IDENTIFIER ::= { tmnxSecurityObjects 29 }

tmnxCliScriptAuthTblLastChange   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliScriptAuthTblLastChange
         indicates the value of sysUpTime at the time of the last
         modification of a  row in the tmnxCliScriptAuthTable."
    ::= { tmnxCliScriptAuthObjs 1 }

tmnxCliScriptAuthTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCliScriptAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The table tmnxCliScriptAuthTable contains the information pertaining
         to authorization of cli script execution. User profile names are
         associated with CLI command scripts started by Cron, Event Handling
         System (EHS) or VSD."
    ::= { tmnxCliScriptAuthObjs 2 }

tmnxCliScriptAuthEntry           OBJECT-TYPE
    SYNTAX      TmnxCliScriptAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Rows in table tmnxCliScriptAuthTable are created and destroyed by SNMP
         set operations on the object tmnxCliScriptAuthRowStatus."
    INDEX       {
        tmnxCliScriptAuthUserType,
        IMPLIED tmnxCliScriptAuthUserName
    }
    ::= { tmnxCliScriptAuthTable 1 }

TmnxCliScriptAuthEntry           ::= SEQUENCE
{
    tmnxCliScriptAuthUserType        TmnxScriptAuthType,
    tmnxCliScriptAuthUserName        TNamedItem,
    tmnxCliScriptAuthRowStatus       RowStatus
}

tmnxCliScriptAuthUserType        OBJECT-TYPE
    SYNTAX      TmnxScriptAuthType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the index object tmnxCliScriptAuthUserType specifies the
         type of module that will execute a CLI command script. The value 'none
         (0)' cannot be used as a table index."
    ::= { tmnxCliScriptAuthEntry 1 }

tmnxCliScriptAuthUserName        OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the index object tmnxCliScriptAuthUserName specifies user
         profile name to be used for command authorization when executing a CLI
         command script started by the module specified by the value of
         tmnxCliScriptAuthUserType."
    ::= { tmnxCliScriptAuthEntry 2 }

tmnxCliScriptAuthRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliScriptAuthRowStatus
         specifies the status of
         the conceptual row in  tmnxCliScriptAuthTable. Row is created and
         destroyed by SNMP SET operations on this object. Only values
         'createAndGo(4)' and 'destroy(6)' are supported."
    ::= { tmnxCliScriptAuthEntry 3 }

tmnxCliSessionGroupTableLstChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupTableLstChgd indicates the
         sysUpTime at the time of the last modification of
         tmnxCliSessionGroupTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxSecurityObjects 30 }

tmnxCliSessionGroupTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCliSessionGroupEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store Cli Session Group parameters"
    ::= { tmnxSecurityObjects 31 }

tmnxCliSessionGroupEntry         OBJECT-TYPE
    SYNTAX      TmnxCliSessionGroupEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCliSessionGroupEntry is an entry in tmnxCliSessionGroupTable.
         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxCliSessionGroupRowStatus."
    INDEX       { tmnxCliSessionGroupName }
    ::= { tmnxCliSessionGroupTable 1 }

TmnxCliSessionGroupEntry         ::= SEQUENCE
{
    tmnxCliSessionGroupName          TNamedItem,
    tmnxCliSessionGroupLastChanged   TimeStamp,
    tmnxCliSessionGroupRowStatus     RowStatus,
    tmnxCliSessionGroupDescription   TItemDescription,
    tmnxCliSessionGroupSshLimit      TmnxSessionLimit,
    tmnxCliSessionGroupTelnetLimit   TmnxSessionLimit,
    tmnxCliSessionGroupTotalLimit    TmnxSessionLimit
}

tmnxCliSessionGroupName          OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupName specifies the name of
         the Cli Session Group."
    ::= { tmnxCliSessionGroupEntry 1 }

tmnxCliSessionGroupLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupLastChanged indicates the
         timestamp of the last change of this row in tmnxCliSessionGroupTable."
    ::= { tmnxCliSessionGroupEntry 2 }

tmnxCliSessionGroupRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupRowStatus specifies the
         status of the conceptual row in tmnxCliSessionGroupTable.

         Rows are created and destroyed by SNMP SET operations on this object.

         Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are
         supported."
    ::= { tmnxCliSessionGroupEntry 3 }

tmnxCliSessionGroupDescription   OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupDescription specifies the
         user-provided description for given Cli Session Group."
    DEFVAL      { ''H }
    ::= { tmnxCliSessionGroupEntry 4 }

tmnxCliSessionGroupSshLimit      OBJECT-TYPE
    SYNTAX      TmnxSessionLimit
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupSshLimit specifies the
         maximum limit of concurrent SSH sessions for given Cli Session Group."
    DEFVAL      { -1 }
    ::= { tmnxCliSessionGroupEntry 5 }

tmnxCliSessionGroupTelnetLimit   OBJECT-TYPE
    SYNTAX      TmnxSessionLimit
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupTelnetLimit specifies the
         maximum limit of concurrent TELNET sessions for given Cli Session
         Group."
    DEFVAL      { -1 }
    ::= { tmnxCliSessionGroupEntry 6 }

tmnxCliSessionGroupTotalLimit    OBJECT-TYPE
    SYNTAX      TmnxSessionLimit
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCliSessionGroupTotalLimit specifies the
         combined maximum limit of concurrent TELNET and SSH sessions for given
         Cli Session Group."
    DEFVAL      { -1 }
    ::= { tmnxCliSessionGroupEntry 7 }

tmnxSSHMacTable                  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHMacEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This Table indicates the MAC algorithms allowed for SSH protocol
         version 2."
    ::= { tmnxSecurityObjects 32 }

tmnxSSHMacEntry                  OBJECT-TYPE
    SYNTAX      TmnxSSHMacEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single MAC algorithm."
    INDEX       { tmnxSSHMacNumber }
    ::= { tmnxSSHMacTable 1 }

TmnxSSHMacEntry                  ::= SEQUENCE
{
    tmnxSSHMacNumber                 TSSHMacNumber,
    tmnxSSHMacName                   DisplayString
}

tmnxSSHMacNumber                 OBJECT-TYPE
    SYNTAX      TSSHMacNumber
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHMacNumber indicates the MAC algorithm."
    ::= { tmnxSSHMacEntry 1 }

tmnxSSHMacName                   OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHMacName indicates the name of the MAC algorithm."
    ::= { tmnxSSHMacEntry 2 }

tmnxSSHServerMacListTableLstChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerMacListTableLstChgd indicates the
         timestamp of the last change to the tmnxSSHServerMacListTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxSecurityObjects 33 }

tmnxSSHServerMacListTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHServerMacListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to configure the ordered list of MACs allowed for SSH protocol
         version 2 by the SSH server."
    ::= { tmnxSecurityObjects 34 }

tmnxSSHServerMacListEntry        OBJECT-TYPE
    SYNTAX      TmnxSSHServerMacListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single MAC algorithm in the MAC list."
    INDEX       { tmnxSSHServerMacListIndex }
    ::= { tmnxSSHServerMacListTable 1 }

TmnxSSHServerMacListEntry        ::= SEQUENCE
{
    tmnxSSHServerMacListIndex        Unsigned32,
    tmnxSSHServerMacListLastChanged  TimeStamp,
    tmnxSSHServerMacListRowStatus    RowStatus,
    tmnxSSHServerMacListNumber       TSSHMacNumber
}

tmnxSSHServerMacListIndex        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerMacListIndex specifies the
         position of this MAC in the MAC list."
    ::= { tmnxSSHServerMacListEntry 1 }

tmnxSSHServerMacListLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerMacListLastChanged is the
         timestamp of last change to this entry."
    ::= { tmnxSSHServerMacListEntry 2 }

tmnxSSHServerMacListRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerMacListRowStatus specifies the
         row status of this entry. Only values 'active(1)', 'createAndGo(4)'
         and 'destroy(6)' are supported."
    ::= { tmnxSSHServerMacListEntry 3 }

tmnxSSHServerMacListNumber       OBJECT-TYPE
    SYNTAX      TSSHMacNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerMacListNumber specifies the MAC
         algorithm."
    ::= { tmnxSSHServerMacListEntry 4 }

tmnxSSHClientMacListTableLstChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientMacListTableLstChgd indicates the
         timestamp of the last change to the tmnxSSHServerMacListTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxSecurityObjects 35 }

tmnxSSHClientMacListTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHClientMacListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to configure the ordered list of MACs allowed for SSH protocol
         version 2 by the SSH client."
    ::= { tmnxSecurityObjects 36 }

tmnxSSHClientMacListEntry        OBJECT-TYPE
    SYNTAX      TmnxSSHClientMacListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single MAC algorithm in the MAC list."
    INDEX       { tmnxSSHClientMacListIndex }
    ::= { tmnxSSHClientMacListTable 1 }

TmnxSSHClientMacListEntry        ::= SEQUENCE
{
    tmnxSSHClientMacListIndex        Unsigned32,
    tmnxSSHClientMacListLastChanged  TimeStamp,
    tmnxSSHClientMacListRowStatus    RowStatus,
    tmnxSSHClientMacListNumber       TSSHMacNumber
}

tmnxSSHClientMacListIndex        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientMacListIndex specifies the
         position of this MAC in the MAC list."
    ::= { tmnxSSHClientMacListEntry 1 }

tmnxSSHClientMacListLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientMacListLastChanged is the
         timestamp of last change to this entry."
    ::= { tmnxSSHClientMacListEntry 2 }

tmnxSSHClientMacListRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientMacListRowStatus specifies the
         row status of this entry. Only values 'active(1)', 'createAndGo(4)'
         and 'destroy(6)' are supported."
    ::= { tmnxSSHClientMacListEntry 3 }

tmnxSSHClientMacListNumber       OBJECT-TYPE
    SYNTAX      TSSHMacNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientMacListNumber specifies the MAC
         algorithm."
    ::= { tmnxSSHClientMacListEntry 4 }

tmnxSSHServerKeyReExchangeObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 37 }

tmnxSSHServerKeyReExLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKeyReExLastChanged indicates the
         timestamp of the last change to the tmnxSSHServerKeyReExchangeObjs. A
         value of 0 indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxSSHServerKeyReExchangeObjs 1 }

tmnxSSHServerKeyReExAdminState   OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKeyReExAdminState specifies the
         desired administrative state of the server key re-exchange
         functionality. When the value is 'outOfService' the ssh server will
         not initiate key re-exchange when bytes or minutes thresholds are
         reached."
    DEFVAL      { inService }
    ::= { tmnxSSHServerKeyReExchangeObjs 2 }

tmnxSSHServerKeyReExMinutes      OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..1440)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKeyReExMinutes specifies the time
         interval at which the ssh server will initiate the key re-exchange
         with client. When the value of tmnxSSHServerKeyReExMinutes is set to
         '0', it disables initiating key re-exchange at time intervals."
    DEFVAL      { 60 }
    ::= { tmnxSSHServerKeyReExchangeObjs 3 }

tmnxSSHServerKeyReExMBytes       OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..64000)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKeyReExMBytes specifies amount of
         data transferred after which the ssh server will initiate the key
         re-exchange with client. When the value of tmnxSSHServerKeyReExMBytes
         is set to '0', it disables initiating key re-exchange based on amount
         of transferred data."
    DEFVAL      { 1024 }
    ::= { tmnxSSHServerKeyReExchangeObjs 4 }

tmnxSSHClientKeyReExchangeObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 38 }

tmnxSSHClientKeyReExLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKeyReExLastChanged indicates the
         timestamp of the last change to the tmnxSSHClientKeyReExchangeObjs. A
         value of 0 indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxSSHClientKeyReExchangeObjs 1 }

tmnxSSHClientKeyReExAdminState   OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKeyReExAdminState specifies the
         desired administrative state of the client key re-exchange
         functionality. When the value is 'outOfService' the ssh client will
         not initiate key re-exchange when bytes or minutes thresholds are
         reached."
    DEFVAL      { inService }
    ::= { tmnxSSHClientKeyReExchangeObjs 2 }

tmnxSSHClientKeyReExMinutes      OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..1440)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKeyReExMinutes specifies the time
         interval at which the ssh client will initiate the key re-exchange
         with server. When the value of tmnxSSHClientKeyReExMinutes is set to
         '0', it disables initiating key re-exchange at time intervals."
    DEFVAL      { 60 }
    ::= { tmnxSSHClientKeyReExchangeObjs 3 }

tmnxSSHClientKeyReExMBytes       OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..64000)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKeyReExMBytes specifies amount of
         data transferred after which the ssh client will initiate the key
         re-exchange with server. When the value of tmnxSSHClientKeyReExMBytes
         is set to '0', it disables initiating key re-exchange based on amount
         of transferred data."
    DEFVAL      { 1024 }
    ::= { tmnxSSHClientKeyReExchangeObjs 4 }

tmnxServerAccessCtlObjs          OBJECT IDENTIFIER ::= { tmnxSecurityObjects 39 }

tmnxAllowServersAccess           OBJECT-TYPE
    SYNTAX      BITS {
        ssh     (0),
        telnet  (1),
        ftp     (2),
        telnet6 (3),
        netconf (4),
        grpc    (5)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxAllowServersAccess is used to allow/disallow access to management
         interfaces running on the system. By default, access to all servers is
         allowed."
    DEFVAL      { {ssh, telnet, ftp, telnet6, netconf, grpc} }
    ::= { tmnxServerAccessCtlObjs 1 }

tmnxServerAccessCtlObjsLstChgd   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxServerAccessCtlObjsLstChgd indicates the
         sysUpTime at the time of the last modification of
         tmnxServerAccessCtlObjs.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxServerAccessCtlObjs 2 }

tmnxSSHKexTable                  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHKexEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This Table indicates the KEX algorithms allowed for SSH protocol
         version 2."
    ::= { tmnxSecurityObjects 40 }

tmnxSSHKexEntry                  OBJECT-TYPE
    SYNTAX      TmnxSSHKexEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single KEX algorithm."
    INDEX       { tmnxSSHKexNumber }
    ::= { tmnxSSHKexTable 1 }

TmnxSSHKexEntry                  ::= SEQUENCE
{
    tmnxSSHKexNumber                 TSSHKexNumber,
    tmnxSSHKexName                   DisplayString
}

tmnxSSHKexNumber                 OBJECT-TYPE
    SYNTAX      TSSHKexNumber
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHKexNumber indicates the KEX algorithm."
    ::= { tmnxSSHKexEntry 1 }

tmnxSSHKexName                   OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxSSHKexName indicates the name of the KEX algorithm."
    ::= { tmnxSSHKexEntry 2 }

tmnxSSHServerKexListTableLstChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKexListTableLstChgd indicates the
         timestamp of the last change to the tmnxSSHServerKexListTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxSecurityObjects 41 }

tmnxSSHServerKexListTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHServerKexListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to configure the ordered list of KEXs allowed for SSH protocol
         version 2 by the SSH server."
    ::= { tmnxSecurityObjects 42 }

tmnxSSHServerKexListEntry        OBJECT-TYPE
    SYNTAX      TmnxSSHServerKexListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single KEX algorithm in the KEX list."
    INDEX       { tmnxSSHServerKexListIndex }
    ::= { tmnxSSHServerKexListTable 1 }

TmnxSSHServerKexListEntry        ::= SEQUENCE
{
    tmnxSSHServerKexListIndex        Unsigned32,
    tmnxSSHServerKexListLastChanged  TimeStamp,
    tmnxSSHServerKexListRowStatus    RowStatus,
    tmnxSSHServerKexListNumber       TSSHKexNumber
}

tmnxSSHServerKexListIndex        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKexListIndex specifies the
         position of this KEX in the KEX list."
    ::= { tmnxSSHServerKexListEntry 1 }

tmnxSSHServerKexListLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKexListLastChanged is the
         timestamp of last change to this entry."
    ::= { tmnxSSHServerKexListEntry 2 }

tmnxSSHServerKexListRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKexListRowStatus specifies the
         row status of this entry. Only values 'active(1)', 'createAndGo(4)'
         and 'destroy(6)' are supported."
    ::= { tmnxSSHServerKexListEntry 3 }

tmnxSSHServerKexListNumber       OBJECT-TYPE
    SYNTAX      TSSHKexNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHServerKexListNumber specifies the KEX
         algorithm."
    ::= { tmnxSSHServerKexListEntry 4 }

tmnxSSHClientKexListTableLstChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKexListTableLstChgd indicates the
         timestamp of the last change to the tmnxSSHServerKexListTable. A value
         of zero indicates that no changes were made to this table since the
         system was last initialized."
    ::= { tmnxSecurityObjects 43 }

tmnxSSHClientKexListTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSSHClientKexListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to configure the ordered list of KEXs allowed for SSH protocol
         version 2 by the SSH client."
    ::= { tmnxSecurityObjects 44 }

tmnxSSHClientKexListEntry        OBJECT-TYPE
    SYNTAX      TmnxSSHClientKexListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single KEX algorithm in the KEX list."
    INDEX       { tmnxSSHClientKexListIndex }
    ::= { tmnxSSHClientKexListTable 1 }

TmnxSSHClientKexListEntry        ::= SEQUENCE
{
    tmnxSSHClientKexListIndex        Unsigned32,
    tmnxSSHClientKexListLastChanged  TimeStamp,
    tmnxSSHClientKexListRowStatus    RowStatus,
    tmnxSSHClientKexListNumber       TSSHKexNumber
}

tmnxSSHClientKexListIndex        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKexListIndex specifies the
         position of this KEX in the KEX list."
    ::= { tmnxSSHClientKexListEntry 1 }

tmnxSSHClientKexListLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKexListLastChanged is the
         timestamp of last change to this entry."
    ::= { tmnxSSHClientKexListEntry 2 }

tmnxSSHClientKexListRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKexListRowStatus specifies the
         row status of this entry. Only values 'active(1)', 'createAndGo(4)'
         and 'destroy(6)' are supported."
    ::= { tmnxSSHClientKexListEntry 3 }

tmnxSSHClientKexListNumber       OBJECT-TYPE
    SYNTAX      TSSHKexNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSSHClientKexListNumber specifies the KEX
         algorithm."
    ::= { tmnxSSHClientKexListEntry 4 }

tmnxSecurityConformance          OBJECT IDENTIFIER ::= { tmnxSRConfs 22 }

tmnxSecurityCompliances          OBJECT IDENTIFIER ::= { tmnxSecurityConformance 1 }

tmnxSecurity7450V4v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R4.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserGroup,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV4v0Group,
            tmnxSecurityTacPlusV4v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV3v0r2Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationGroup,
            tmnxSecuritySourceIpV4v0Group
        }
    ::= { tmnxSecurityCompliances 5 }

tmnxSecurity7750V4v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750 SR series systems release R4.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV4v0Group,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV4v0Group,
            tmnxSecurityTacPlusV4v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV3v0r2Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationGroup,
            tmnxSecuritySourceIpV4v0Group
        }
    ::= { tmnxSecurityCompliances 6 }

tmnxSecurity7450V5v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R5.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV4v0Group,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV5v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityRadiusAuthV5v0Group
        }
    ::= { tmnxSecurityCompliances 7 }

tmnxSecurity7750V5v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750/7710 SR series systems release R5.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV4v0Group,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV5v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityRadiusAuthV5v0Group
        }
    ::= { tmnxSecurityCompliances 8 }

tmnxSecurity7450V6v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R6.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup
        }
    ::= { tmnxSecurityCompliances 9 }

tmnxSecurity7750V6v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750/7710 SR series systems release R6.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup
        }
    ::= { tmnxSecurityCompliances 10 }

tmnxSecurity7450V6v1Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R6.1."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup
        }
    ::= { tmnxSecurityCompliances 11 }

tmnxSecurity7750V6v1Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750/7710 SR series systems release R6.1."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup
        }
    ::= { tmnxSecurityCompliances 12 }

tmnxSecurity7450V7v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R7.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group
        }
    ::= { tmnxSecurityCompliances 13 }

tmnxSecurity7750V7v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750/7710 SR series systems release R7.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp
        }
    ::= { tmnxSecurityCompliances 14 }

tmnxSecurity7450V8v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R8.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp
        }
    ::= { tmnxSecurityCompliances 15 }

tmnxSecurity7710V8v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7710 SR series systems release R8.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp
        }
    ::= { tmnxSecurityCompliances 16 }

tmnxSecurity7750V8v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750 SR series systems release R8.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp
        }
    ::= { tmnxSecurityCompliances 17 }

tmnxSecurity7450V9v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R9.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group
        }
    ::= { tmnxSecurityCompliances 18 }

tmnxSecurity7710V9v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7710 SR series systems release R9.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup
        }
    ::= { tmnxSecurityCompliances 19 }

tmnxSecurity7750V9v0Compliance   MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750 SR series systems release R9.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group
        }
    ::= { tmnxSecurityCompliances 20 }

tmnxSecurity7450V10v0Compliance  MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7450 ESS series systems release R10.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCpmFltrPrefixListV10v0Group,
            tmnxSecTechGroup
        }
    ::= { tmnxSecurityCompliances 21 }

tmnxSecurity7710V10v0Compliance  MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7710 SR series systems release R10.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmFltrPrefixListV10v0Group,
            tmnxSecTechGroup
        }
    ::= { tmnxSecurityCompliances 22 }

tmnxSecurity7750V10v0Compliance  MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         7750 SR series systems release R10.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCpmFltrPrefixListV10v0Group,
            tmnxSecTechGroup
        }
    ::= { tmnxSecurityCompliances 23 }

tmnxSecurityV11v0Compliance      MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R11.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityPasswordsV11v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityTacPlusV11v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV11v0Grp,
            tmnxSecurityCpmIPv6FltrV11v0Grp,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxRadiusUserExV11v0Group,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCAProfileV11v0Group,
            tmnxCpmFltrPrefixListV11v0Group,
            tmnxPkiCAProfNotifyV11v0Group,
            tmnxDistCpuProtectionV11v0Group,
            tmnxSecurityUserV12v0Group,
            tmnxCpmProtectionV11v0Group,
            tmnxSecTechGroup,
            tmnxSecurityNetconfV110Group,
            tCAProfCmpv2SetSndrV11v0Group
        }
    ::= { tmnxSecurityCompliances 24 }

tmnxSecurityV12v0Compliance      MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R12.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV12v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV12v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityTacPlusV11v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV11v0Grp,
            tmnxSecurityCpmIPv6FltrV11v0Grp,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityKeyChainV12v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxSecurityNotifyObjsV12v0Group,
            tmnxSecurityNotificationV12v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxRadiusUserExV11v0Group,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCAProfileV11v0Group,
            tmnxCpmFltrPrefixListV11v0Group,
            tmnxPkiCAProfNotifyV11v0Group,
            tmnxDistCpuProtectionV11v0Group,
            tmnxCpmProtectionV11v0Group,
            tmnxSecurityCpmProtV12v0Group,
            tmnxSecCpmProtNotifyV12v0Grp,
            tmnxSecCpmProtNotifyObjsV12v0Grp,
            tmnxSecTechGroup,
            tmnxSecurityNetconfV110Group,
            tmnxChainSecurityNotifyObjsGroup,
            tCAProfCmpv2SetSndrV11v0Group,
            tmnxSecurityPublicKeyGroup,
            tmnxSecuritySSHCipherGroup,
            tCAProfCmpv2HttpVerV12v0Group,
            tmnxPkiCertDispFmtV12v0Group,
            tmnxSecurityProfRateV12v0Group,
            tmnxSecCpmProtProtocolV12v0Group,
            tmnxPkiCAProfRevokeChkGroup,
            tmnxSecPwdHistNotifyObjsV12v0Grp,
            tmnxSecPwdHistNotifV12v0Grp
        }
    ::= { tmnxSecurityCompliances 25 }

tmnxSecurityV13v0Compliance      MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R13.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV12v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV12v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityTacPlusV11v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV11v0Grp,
            tmnxSecurityCpmIPv6FltrV11v0Grp,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityKeyChainV12v0Group,
            tmnxSecurityKeyChainV13v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxSecurityNotifyObjsV12v0Group,
            tmnxSecurityNotificationV12v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxRadiusUserExV11v0Group,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCAProfileV11v0Group,
            tmnxCpmFltrPrefixListV11v0Group,
            tmnxPkiCAProfNotifyV11v0Group,
            tmnxDistCpuProtectionV11v0Group,
            tmnxCpmProtectionV11v0Group,
            tmnxSecurityCpmProtV12v0Group,
            tmnxSecCpmProtNotifyV12v0Grp,
            tmnxSecCpmProtNotifyObjsV12v0Grp,
            tmnxSecTechGroup,
            tmnxSecurityNetconfV110Group,
            tmnxChainSecurityNotifyObjsGroup,
            tCAProfCmpv2SetSndrV11v0Group,
            tmnxSecurityPublicKeyGroup,
            tmnxSecuritySSHCipherGroup,
            tCAProfCmpv2HttpVerV12v0Group,
            tmnxPkiCertDispFmtV12v0Group,
            tmnxSecurityProfRateV12v0Group,
            tmnxSecCpmProtProtocolV12v0Group,
            tmnxPkiCAProfRevokeChkGroup,
            tmnxPkiCAProf13v0Group,
            tmnxCliScriptAuthUserV13v0Group,
            tmnxSecurityNotifyObjsV13v0Group,
            tmnxCertExpNotificationV13v0Grp,
            tmnxCertExpWarningV13v0Group,
            tmnxSecurityRadiusV13v0Group,
            tmnxSecCertRldNotifyObjsV13v0Grp,
            tmnxCertRldNotificationV13v0Grp,
            tmnxPkiCAProfAtCrlUpdV13v0Group,
            tmnxCliSessionGroupV13v0Group,
            tmnxSecPwdHistNotifyObjsV12v0Grp,
            tmnxSecPwdHistNotifV12v0Grp,
            tmnxSecVsdGroup,
            tmnxSessLimNotifyV13v0Grp
        }
    ::= { tmnxSecurityCompliances 26 }

tmnxSecurityV14v0Compliance      MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R14.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserV12v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV12v0Group,
            tmnxSecurityRadiusV14v0Group,
            tmnxSecurityTacPlusV11v0Group,
            tmnxSecurityTacPlusV14v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV11v0Grp,
            tmnxSecurityCpmIPv6FltrV11v0Grp,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityKeyChainV12v0Group,
            tmnxSecurityKeyChainV13v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxSecurityNotifyObjsV12v0Group,
            tmnxSecurityNotificationV12v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxRadiusUserExV11v0Group,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCAProfileV11v0Group,
            tmnxCpmFltrPrefixListV11v0Group,
            tmnxPkiCAProfNotifyV11v0Group,
            tmnxDistCpuProtectionV11v0Group,
            tmnxCpmProtectionV11v0Group,
            tmnxSecurityCpmProtV12v0Group,
            tmnxSecCpmProtNotifyV12v0Grp,
            tmnxSecCpmProtNotifyObjsV12v0Grp,
            tmnxSecTechGroup,
            tmnxSecurityNetconfV110Group,
            tmnxChainSecurityNotifyObjsGroup,
            tCAProfCmpv2SetSndrV11v0Group,
            tmnxSecurityPublicKeyGroup,
            tmnxSecuritySSHCipherGroup,
            tCAProfCmpv2HttpVerV12v0Group,
            tmnxPkiCertDispFmtV12v0Group,
            tmnxSecurityProfRateV12v0Group,
            tmnxSecCpmProtProtocolV12v0Group,
            tmnxPkiCAProfRevokeChkGroup,
            tmnxPkiCAProf13v0Group,
            tmnxCliScriptAuthUserV13v0Group,
            tmnxSecurityNotifyObjsV13v0Group,
            tmnxCertExpNotificationV13v0Grp,
            tmnxCertExpWarningV13v0Group,
            tmnxSecurityRadiusV13v0Group,
            tmnxSecCertRldNotifyObjsV13v0Grp,
            tmnxCertRldNotificationV13v0Grp,
            tmnxPkiCAProfAtCrlUpdV13v0Group,
            tmnxCliSessionGroupV13v0Group,
            tmnxSecPwdHistNotifyObjsV12v0Grp,
            tmnxSecPwdHistNotifV12v0Grp,
            tmnxSecVsdGroup,
            tmnxSessLimNotifyV13v0Grp,
            tmnxLogMaxAttNotifyV14v0Grp,
            tmnxSecuritySSHv2PubKeyV14v0Grp,
            tmnxPkiCAProfCrlSizeLimtV14v0Grp,
            tmnxSecurityNetconfLockV14v0Grp,
            tmnxSecurityPasswordsV14v0Group,
            tmnxSecNotifyObjsV14v0Group,
            tmnxCertNotifyV14v0Group,
            tmnxSecurityGrpcV15v0Grp,
            tmnxPkiCNV15v0Grp,
            tmnxSecuritySSHMacListV15v0Group,
            tmnxSecuritySSHKeyReExV15v0Group
        }
    ::= { tmnxSecurityCompliances 27 }

tmnxSecurityV15v1Compliance      MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R15.1."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecUserV15v1Group,
            tmnxCAProfileV15v1Group,
            tmnxLogMaxAttNotifyV15v1Grp,
            tmnxSecurityMafMacFilterGroup
        }
    ::= { tmnxSecurityCompliances 28 }

tmnxSecurityV16v0Compliance      MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R16.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityGrpcV16v0Grp,
            tmnxHashControlV16v0Group,
            tmnxServerAccessCtlV16v0Group,
            tmnxPkiV16v0Group,
            tmnxCAProfileV16v0Group
        }
    ::= { tmnxSecurityCompliances 29 }

tmnxSecurityV19v0Compliance      MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of security features on Nokia
         SR series systems release R19.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV12v0Group,
            tmnxSecurityRadiusV14v0Group,
            tmnxSecurityTacPlusV11v0Group,
            tmnxSecurityTacPlusV14v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV11v0Grp,
            tmnxSecurityCpmIPv6FltrV11v0Grp,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityKeyChainV12v0Group,
            tmnxSecurityKeyChainV13v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxSecurityNotifyObjsV12v0Group,
            tmnxSecurityNotificationV12v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxRadiusUserExV11v0Group,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCAProfileV11v0Group,
            tmnxCpmFltrPrefixListV11v0Group,
            tmnxPkiCAProfNotifyV11v0Group,
            tmnxDistCpuProtectionV11v0Group,
            tmnxCpmProtectionV11v0Group,
            tmnxSecurityCpmProtV12v0Group,
            tmnxSecCpmProtNotifyV12v0Grp,
            tmnxSecCpmProtNotifyObjsV12v0Grp,
            tmnxSecTechGroup,
            tmnxSecurityNetconfV110Group,
            tmnxChainSecurityNotifyObjsGroup,
            tCAProfCmpv2SetSndrV11v0Group,
            tmnxSecurityPublicKeyGroup,
            tmnxSecuritySSHCipherGroup,
            tCAProfCmpv2HttpVerV12v0Group,
            tmnxPkiCertDispFmtV12v0Group,
            tmnxSecurityProfRateV12v0Group,
            tmnxSecCpmProtProtocolV12v0Group,
            tmnxPkiCAProfRevokeChkGroup,
            tmnxPkiCAProf13v0Group,
            tmnxCliScriptAuthUserV13v0Group,
            tmnxSecurityNotifyObjsV13v0Group,
            tmnxCertExpNotificationV13v0Grp,
            tmnxCertExpWarningV13v0Group,
            tmnxSecurityRadiusV13v0Group,
            tmnxSecCertRldNotifyObjsV13v0Grp,
            tmnxCertRldNotificationV13v0Grp,
            tmnxPkiCAProfAtCrlUpdV13v0Group,
            tmnxCliSessionGroupV13v0Group,
            tmnxSecPwdHistNotifyObjsV12v0Grp,
            tmnxSecPwdHistNotifV12v0Grp,
            tmnxSecVsdGroup,
            tmnxSessLimNotifyV13v0Grp,
            tmnxLogMaxAttNotifyV14v0Grp,
            tmnxSecuritySSHv2PubKeyV14v0Grp,
            tmnxPkiCAProfCrlSizeLimtV14v0Grp,
            tmnxSecurityNetconfLockV14v0Grp,
            tmnxSecurityPasswordsV14v0Group,
            tmnxSecNotifyObjsV14v0Group,
            tmnxCertNotifyV14v0Group,
            tmnxSecurityGrpcV15v0Grp,
            tmnxPkiCNV15v0Grp,
            tmnxSecuritySSHMacListV15v0Group,
            tmnxSecuritySSHKeyReExV15v0Group,
            tmnxSecUserV19v0Group,
            tmnxSecuritySSHKexListV19v0Group
        }
    ::= { tmnxSecurityCompliances 30 }

tmnxSecurityGroups               OBJECT IDENTIFIER ::= { tmnxSecurityConformance 2 }

tmnxSecurityUserGroup            OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserPasswordEncrypted,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 1 }

tmnxSecurityMafR2r1Group         OBJECT-GROUP
    OBJECTS     {
        tmnxMafRowStatus,
        tmnxMafDefaultAction,
        tmnxMafAdminState,
        tmnxMafMatchRowStatus,
        tmnxMafMatchLastChanged,
        tmnxMafMatchAction,
        tmnxMafMatchDescription,
        tmnxMafMatchSrcIpAddr,
        tmnxMafMatchSrcIpMask,
        tmnxMafMatchSrcPortType,
        tmnxMafMatchSrcPortId,
        tmnxMafMatchDestPort,
        tmnxMafMatchDestPortMask,
        tmnxMafMatchProtocol,
        tmnxMafMatchCount,
        tmnxMafMatchRouter,
        tmnxMafMatchLog
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of Management Access
         Filters (MAF) capabilities on Nokia SROS series systems release 2.1."
    ::= { tmnxSecurityGroups 6 }

tmnxSecurityPasswordsR2r1Group   OBJECT-GROUP
    OBJECTS     {
        tmnxPasswordAging,
        tmnxPasswordMinLength,
        tmnxPasswordComplexity,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsTime,
        tmnxPasswordAttemptsLockoutPeriod,
        tmnxPasswordAuthenOrder1,
        tmnxPasswordAuthenOrder2,
        tmnxPasswordAuthenOrder3,
        tmnxPasswordAuthenExitOnReject,
        tmnxAdminPassword,
        tmnxAdminPasswordEncrypted,
        tmnxPasswordHealthCheck
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of passwords on Nokia SROS
         series systems."
    ::= { tmnxSecurityGroups 7 }

tmnxSecurityCpmGroup             OBJECT-GROUP
    OBJECTS     {
        tmnxCpmPerPeerQueuing,
        tmnxCpmQueuesTotal,
        tmnxCpmQueuesInUse
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CPM security capabilities for revision
         2.1 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 11 }

tmnxSecurityPasswordHashGroup    OBJECT-GROUP
    OBJECTS     {
        tmnxPassHashReadVersion,
        tmnxPassHashWriteVersion
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting password hashing capabilities for
         revision 2.1 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 12 }

tmnxSecurityNotificationGroup    NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSSHServerPreserveKeyFail
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of notifications supporting security in revision 3.0 on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 14 }

tmnxSecurityCpmIpFilterV3v0r2Group OBJECT-GROUP
    OBJECTS     {
        tCpmFilterQueueRowStatus,
        tCpmFilterQueueLastChanged,
        tCpmFilterQueueAdminPIR,
        tCpmFilterQueueAdminCIR,
        tCpmFilterQueueCBS,
        tCpmFilterQueueMBS,
        tCpmFilterQueueReferences,
        tCpmFilterDefaultAction,
        tCpmIpFilterAdminState,
        tCpmIpFilterEntryRowStatus,
        tCpmIpFilterEntryLastChanged,
        tCpmIpFilterEntryLogId,
        tCpmIpFilterEntryDescription,
        tCpmIpFilterEntryAction,
        tCpmIpFilterEntryQueueId,
        tCpmIpFilterEntrySrcIPAddr,
        tCpmIpFilterEntrySrcIPMask,
        tCpmIpFilterEntryDestIPAddr,
        tCpmIpFilterEntryDestIPMask,
        tCpmIpFilterEntryProtocol,
        tCpmIpFilterEntrySrcPort,
        tCpmIpFilterEntrySrcPortMask,
        tCpmIpFilterEntryDestPort,
        tCpmIpFilterEntryDestPortMask,
        tCpmIpFilterEntryDSCP,
        tCpmIpFilterEntryFragment,
        tCpmIpFilterEntryOptionPresent,
        tCpmIpFilterEntryIPOptionValue,
        tCpmIpFilterEntryIPOptionMask,
        tCpmIpFilterEntryMultipleOption,
        tCpmIpFilterEntryTcpSyn,
        tCpmIpFilterEntryTcpAck,
        tCpmIpFilterEntryIcmpCode,
        tCpmIpFilterEntryIcmpType,
        tCpmIpFilterEntryVRtrId,
        tCpmIpFilterEntryLogCreated,
        tCpmIpFilterStatsDroppedPkts,
        tCpmIpFilterStatsForwardedPkts,
        tCpmFilterQInProfileDropPkts,
        tCpmFilterQInProfileFwdPkts,
        tCpmFilterQInProfileDropOctets,
        tCpmFilterQInProfileFwdOctets,
        tCpmFilterQOutProfileDropPkts,
        tCpmFilterQOutProfileFwdPkts,
        tCpmFilterQOutProfileDropOctets,
        tCpmFilterQOutProfileFwdOctets
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter capabilities
         for revision 3.0r2 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 17 }

tmnxSecurityCpmIPv6FilterV4v0Group OBJECT-GROUP
    OBJECTS     {
        tCpmIPv6FilterEntryRowStatus,
        tCpmIPv6FilterEntryLastChanged,
        tCpmIPv6FilterEntryLogId,
        tCpmIPv6FilterEntryDescription,
        tCpmIPv6FilterEntryAction,
        tCpmIPv6FilterEntryQueueId,
        tCpmIPv6FilterEntrySrcIPAddr,
        tCpmIPv6FilterEntrySrcIPMask,
        tCpmIPv6FilterEntryDestIPAddr,
        tCpmIPv6FilterEntryDestIPMask,
        tCpmIPv6FilterEntryNextHeader,
        tCpmIPv6FilterEntrySrcPort,
        tCpmIPv6FilterEntrySrcPortMask,
        tCpmIPv6FilterEntryDestPort,
        tCpmIPv6FilterEntryDestPortMask,
        tCpmIPv6FilterEntryDSCP,
        tCpmIPv6FilterEntryTcpSyn,
        tCpmIPv6FilterEntryTcpAck,
        tCpmIPv6FilterEntryIcmpCode,
        tCpmIPv6FilterEntryIcmpType,
        tCpmIPv6FilterEntryVRtrId,
        tCpmIPv6FilterEntryLogCreated,
        tCpmIPv6FilterEntryFlowLabel,
        tCpmIPv6FilterStatsDroppedPkts,
        tCpmIPv6FilterStatsForwardedPkts,
        tCpmIPv6FilterAdminState
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter IPv6
         capabilities for revision 4.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 18 }

tmnxSecurityServerCtlV4v0Group   OBJECT-GROUP
    OBJECTS     {
        tmnxEnableServers,
        tmnxTelnetServerOperStatus,
        tmnxSSHServerOperStatus,
        tmnxFTPServerOperStatus,
        tmnxTelnet6ServerOperStatus
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of TELNET/SSH/FTP
         capabilities for revision 4.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 19 }

tmnxSSHServerV4v0Group           OBJECT-GROUP
    OBJECTS     {
        tmnxSSHServerPreserveKey,
        tmnxSSHServerVersion
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of SSH capabilities for
         revision 4.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 20 }

tmnxSecuritySourceIpV4v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxSourceIPRowStatus,
        tmnxSourceIPAddressType,
        tmnxSourceIPAddress,
        tmnxSourceIPIfIndex,
        tmnxSourceIPOperStatus
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of application source IP
         address override capabilities for revision 4.0 on Nokia SROS series
         systems."
    ::= { tmnxSecurityGroups 21 }

tmnxSecurityRadiusV4v0Group      OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusAdminStatus,
        tmnxRadiusAccounting,
        tmnxRadiusAuthorization,
        tmnxRadiusRetryAttempts,
        tmnxRadiusTimeout,
        tmnxRadiusPort,
        tmnxRadiusServerAddress,
        tmnxRadiusServerSecret,
        tmnxRadiusServerOperStatus,
        tmnxRadiusServerRowStatus,
        tmnxRadiusConfigured,
        tmnxRadiusPEDiscovery,
        tmnxRadiusPEDiscoveryPassword,
        tmnxRadiusPEDiscoveryInterval,
        tmnxRadiusPEForceDiscovery,
        tmnxRadiusPEForceDiscoverySvcId,
        tmnxRadiusAccountingPort
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities for
         revision 4.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 22 }

tmnxSecurityTacPlusV4v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerAddress,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusSingleConnection,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities for
         revision 4.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 23 }

tmnxSecurityObsoleteGroup        OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusSourceAddress,
        tmnxTacPlusServerAddress,
        tmnxTacPlusSourceAddress,
        tmnxRadiusPEDiscovery,
        tmnxRadiusPEDiscoveryPassword,
        tmnxRadiusPEDiscoveryInterval,
        tmnxRadiusServerAddress,
        tmnxPasswordComplexity
    }
    STATUS      current
    DESCRIPTION
        "The group of objects in TIMETRA-SECURITY-MIB which are obsoleted."
    ::= { tmnxSecurityGroups 24 }

tmnxSecurityUserV4v0Group        OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserPasswordEncrypted,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged,
        tmnxTemplateAccess,
        tmnxTemplateHomeDirectory,
        tmnxTemplateRestrictedToHome,
        tmnxTemplateConsoleLoginExecFile
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 25 }

tmnxSecurityKeyChainV5v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxKeyChainRowStatus,
        tmnxKeyChainDescription,
        tmnxKeyChainReceiveTcpOptionNum,
        tmnxKeyChainSendTcpOptionNum,
        tmnxKeyChainAdminState,
        tmnxKeyChainOperState,
        tmnxKeyChainKeyRowStatus,
        tmnxKeyChainAuthenticationKey,
        tmnxKeyChainKeyAlgorithm,
        tmnxKeyChainKeyBeginTime,
        tmnxKeyChainKeyEndTime,
        tmnxKeyChainKeyTolerance,
        tmnxKeyChainKeyAdminState
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Keychain capabilities
         for revision 5.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 26 }

tmnxSecurityRadiusV5v0Group      OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusAdminStatus,
        tmnxRadiusAccounting,
        tmnxRadiusAuthorization,
        tmnxRadiusTimeout,
        tmnxRadiusPort,
        tmnxRadiusServerSecret,
        tmnxRadiusServerOperStatus,
        tmnxRadiusServerRowStatus,
        tmnxRadiusRetryAttempts,
        tmnxRadiusConfigured,
        tmnxRadiusPEForceDiscovery,
        tmnxRadiusPEForceDiscoverySvcId,
        tmnxRadiusAccountingPort,
        tmnxRadiusServerInetAddressType,
        tmnxRadiusServerInetAddress,
        tmnxRadiusUseTemplate
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities for
         revision 5.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 27 }

tmnxSecurityTacPlusV5v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusSingleConnection,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities for
         revision 5.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 28 }

tmnxSecurityCpmIpFilterV5v0Group OBJECT-GROUP
    OBJECTS     {
        tCpmFilterQueueRowStatus,
        tCpmFilterQueueLastChanged,
        tCpmFilterQueueAdminPIR,
        tCpmFilterQueueAdminCIR,
        tCpmFilterQueueCBS,
        tCpmFilterQueueMBS,
        tCpmFilterQueueReferences,
        tCpmFilterQueueOperPIR,
        tCpmFilterQueueOperCIR,
        tCpmFilterDefaultAction,
        tCpmIpFilterAdminState,
        tCpmIpFilterEntryRowStatus,
        tCpmIpFilterEntryLastChanged,
        tCpmIpFilterEntryLogId,
        tCpmIpFilterEntryDescription,
        tCpmIpFilterEntryAction,
        tCpmIpFilterEntryQueueId,
        tCpmIpFilterEntrySrcIPAddr,
        tCpmIpFilterEntrySrcIPMask,
        tCpmIpFilterEntryDestIPAddr,
        tCpmIpFilterEntryDestIPMask,
        tCpmIpFilterEntryProtocol,
        tCpmIpFilterEntrySrcPort,
        tCpmIpFilterEntrySrcPortMask,
        tCpmIpFilterEntryDestPort,
        tCpmIpFilterEntryDestPortMask,
        tCpmIpFilterEntryDSCP,
        tCpmIpFilterEntryFragment,
        tCpmIpFilterEntryOptionPresent,
        tCpmIpFilterEntryIPOptionValue,
        tCpmIpFilterEntryIPOptionMask,
        tCpmIpFilterEntryMultipleOption,
        tCpmIpFilterEntryTcpSyn,
        tCpmIpFilterEntryTcpAck,
        tCpmIpFilterEntryIcmpCode,
        tCpmIpFilterEntryIcmpType,
        tCpmIpFilterEntryVRtrId,
        tCpmIpFilterEntryLogCreated,
        tCpmIpFilterStatsDroppedPkts,
        tCpmIpFilterStatsForwardedPkts,
        tCpmFilterQInProfileDropPkts,
        tCpmFilterQInProfileFwdPkts,
        tCpmFilterQInProfileDropOctets,
        tCpmFilterQInProfileFwdOctets,
        tCpmFilterQOutProfileDropPkts,
        tCpmFilterQOutProfileFwdPkts,
        tCpmFilterQOutProfileDropOctets,
        tCpmFilterQOutProfileFwdOctets
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter capabilities
         for revision 5.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 29 }

tmnxSecurityNotificationV5v0Group NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSSHServerPreserveKeyFail,
        tmnxKeyChainAuthFailure
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting security in revision 5.0 on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 30 }

tmnxSecurityNotifyObjsGroup      OBJECT-GROUP
    OBJECTS     {
        tmnxKeyChainAuthFailReason,
        tmnxKeyChainAuthAddrType,
        tmnxKeyChainAuthAddr
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications on Nokia SROS
         series systems 5.0 release."
    ::= { tmnxSecurityGroups 31 }

tmnxSecurityTacPlusV6v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusSingleConnection,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress,
        tmnxTacPlusServerPort
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities for
         revision 6.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 32 }

tmnxSecurityPasswordsV6v0Group   OBJECT-GROUP
    OBJECTS     {
        tmnxPasswordAging,
        tmnxPasswordMinLength,
        tmnxPasswordComplexity,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsTime,
        tmnxPasswordAttemptsLockoutPeriod,
        tmnxPasswordAuthenOrder1,
        tmnxPasswordAuthenOrder2,
        tmnxPasswordAuthenOrder3,
        tmnxPasswordAuthenExitOnReject,
        tmnxAdminPassword,
        tmnxAdminPasswordEncrypted,
        tmnxPasswordHealthCheck,
        tmnxPasswordHealthCheckInterval
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of passwords on Nokia SROS
         series systems."
    ::= { tmnxSecurityGroups 33 }

tmnxSecurityMafV6v0Group         OBJECT-GROUP
    OBJECTS     {
        tmnxGenMafTableLastChanged,
        tmnxMafIPMatchTableLastChanged,
        tmnxGenMafLastModified,
        tmnxGenMafRowStatus,
        tmnxGenMafAdminState,
        tmnxGenMafDefaultAction,
        tmnxIPMafMatchRowStatus,
        tmnxIPMafMatchLastChanged,
        tmnxIPMafMatchAction,
        tmnxIPMafMatchDescription,
        tmnxIPMafMatchSrcIpAddrType,
        tmnxIPMafMatchSrcIpAddr,
        tmnxIPMafMatchSrcIpMask,
        tmnxIPMafMatchSrcPortType,
        tmnxIPMafMatchSrcPortId,
        tmnxIPMafMatchDestPort,
        tmnxIPMafMatchDestPortMask,
        tmnxIPMafMatchProtNxtHdr,
        tmnxIPMafMatchCount,
        tmnxIPMafMatchRouter,
        tmnxIPMafMatchFlowLabel,
        tmnxIPMafMatchLog
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Management Access
         Filters (MAF) capabilities on Nokia SROS series systems release 6.0"
    ::= { tmnxSecurityGroups 34 }

tmnxObsoletedObjectsV6v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxMafRowStatus,
        tmnxMafDefaultAction,
        tmnxMafAdminState,
        tmnxMafMatchRowStatus,
        tmnxMafMatchLastChanged,
        tmnxMafMatchAction,
        tmnxMafMatchDescription,
        tmnxMafMatchSrcIpAddr,
        tmnxMafMatchSrcIpMask,
        tmnxMafMatchSrcPortType,
        tmnxMafMatchSrcPortId,
        tmnxMafMatchDestPort,
        tmnxMafMatchDestPortMask,
        tmnxMafMatchProtocol,
        tmnxMafMatchCount,
        tmnxMafMatchRouter,
        tmnxMafMatchLog
    }
    STATUS      current
    DESCRIPTION
        "The group of objects that are obsoleted in  on Nokia SROS
         series systems release 6.0"
    ::= { tmnxSecurityGroups 35 }

tmnxSecurityCpmProtectGroup      OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtPolTableLastChanged,
        tmnxCpmProtPolRowStatus,
        tmnxCpmProtPolLastChanged,
        tmnxCpmProtPolDescription,
        tmnxCpmProtPolPerSrcRateLimit,
        tmnxCpmProtPolOverallRateLimit,
        tmnxCpmProtPolAlarm,
        tmnxCpmProtPolOutProfileRate,
        tmnxCpmProtDropUncfgdProtocolMsg,
        tmnxCpmProtLinkRateLimit,
        tmnxCpmProtExcdTableLastChanged,
        tmnxCpmProtExcdPeriods,
        tmnxCpmProtExcdTime,
        tmnxCpmProtExcdTimeStarted,
        tmnxCpmProtViolPortTableLastChgd,
        tmnxCpmProtViolPortPeriods,
        tmnxCpmProtViolPortTimeStarted,
        tmnxCpmProtViolPortTime,
        tmnxCpmProtViolPortAggPeriods,
        tmnxCpmProtViolPortAggTimeStart,
        tmnxCpmProtViolPortAggTime,
        tmnxCpmProtViolIfTableLastChgd,
        tmnxCpmProtViolIfPeriods,
        tmnxCpmProtViolIfTimeStarted,
        tmnxCpmProtViolIfTime,
        tmnxCpmProtViolSapTableLastChgd,
        tmnxCpmProtViolSapPeriods,
        tmnxCpmProtViolSapTimeStarted,
        tmnxCpmProtViolSapTime,
        tmnxCpmProtPortOverallRateLimit,
        tmnxCpmProtDetectPeriod
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of CPM Protection on Nokia
         SROS series systems."
    ::= { tmnxSecurityGroups 36 }

tmnxSecurityLiGroup              OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileLi
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Lawful Intercept (LI)
         users."
    ::= { tmnxSecurityGroups 37 }

tmnxSecurityCpmProtNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolPort,
        tmnxCpmProtViolPortAgg,
        tmnxCpmProtViolIf,
        tmnxCpmProtViolSap,
        tmnxCpmProtViolMac
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CPM Protection on Nokia SROS
         series systems."
    ::= { tmnxSecurityGroups 38 }

tmnxSecurityCpmProtNotificationObjsGroup OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtViolMacAddress,
        tmnxCpmProtViolMacPeriods
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CPM Protection notifications."
    ::= { tmnxSecurityGroups 39 }

tmnxSecurityCpmMacFilterGroup    OBJECT-GROUP
    OBJECTS     {
        tCpmMacFilterAdminState,
        tCpmMacFltrEntryRowStatus,
        tCpmMacFltrEntryLastChanged,
        tCpmMacFltrEntryLogId,
        tCpmMacFltrEntryDescription,
        tCpmMacFltrEntryAction,
        tCpmMacFltrEntryQueueId,
        tCpmMacFltrEntryFrameType,
        tCpmMacFltrEntrySvcId,
        tCpmMacFltrEntryDot1pValue,
        tCpmMacFltrEntryDot1pMask,
        tCpmMacFltrEntryDsap,
        tCpmMacFltrEntryDsapMask,
        tCpmMacFltrEntrySrcMAC,
        tCpmMacFltrEntrySrcMACMask,
        tCpmMacFltrEntryDstMAC,
        tCpmMacFltrEntryDstMACMask,
        tCpmMacFltrEntryEtherType,
        tCpmMacFltrEntrySsap,
        tCpmMacFltrEntrySsapMask,
        tCpmMacFltrEntryCfmOpCodeOper,
        tCpmMacFltrEntryCfmOpCodeValue1,
        tCpmMacFltrEntryCfmOpCodeValue2,
        tCpmMacFltrEntryLogCreated,
        tCpmMacFilterStatsDroppedPkts,
        tCpmMacFilterStatsForwardedPkts
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the CPM hardware Mac filter
         capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 40 }

tmnxSecurityMafMacFilterGroup    OBJECT-GROUP
    OBJECTS     {
        tmnxMafMacMatchTableLastChanged,
        tmnxMacMafMatchRowStatus,
        tmnxMacMafMatchLastChanged,
        tmnxMacMafMatchAction,
        tmnxMacMafMatchDescription,
        tmnxMacMafMatchLog,
        tmnxMacMafMatchFrameType,
        tmnxMacMafMatchSvcId,
        tmnxMacMafMatchDot1pValue,
        tmnxMacMafMatchDot1pMask,
        tmnxMacMafMatchDsap,
        tmnxMacMafMatchDsapMask,
        tmnxMacMafMatchSrcMAC,
        tmnxMacMafMatchSrcMACMask,
        tmnxMacMafMatchDstMAC,
        tmnxMacMafMatchDstMACMask,
        tmnxMacMafMatchEtherType,
        tmnxMacMafMatchSnapOui,
        tmnxMacMafMatchSnapPid,
        tmnxMacMafMatchSsap,
        tmnxMacMafMatchSsapMask,
        tmnxMacMafMatchCfmOpCodeOper,
        tmnxMacMafMatchCfmOpCodeValue1,
        tmnxMacMafMatchCfmOpCodeValue2,
        tmnxMacMafMatchCount
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the Maf Mac filter capabilities on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 41 }

tmnxSecurityUserV6v0Group        OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserPasswordEncrypted,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged,
        tmnxTemplateAccess,
        tmnxTemplateHomeDirectory,
        tmnxTemplateRestrictedToHome,
        tmnxTemplateConsoleLoginExecFile,
        tmnxTemplateProfile
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 42 }

tmnxSecurityRadiusAuthV5v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusAuthAlgorithm
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities for
         revision 5.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 43 }

tmnxSecurityV7v0Group            OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtAllowShamLinkPackets,
        tmnxCpmProtViolVdoSvcPeriods,
        tmnxCpmProtViolVdoSvcTimeStarted,
        tmnxCpmProtViolVdoSvcTime,
        tmnxCpmProtViolVdoSvcVrtrIfIndex,
        tmnxCpmProtViolVdoVrtrPeriods,
        tmnxCpmProtViolVdoVrtrTimeStart,
        tmnxCpmProtViolVdoVrtrTime,
        tmnxCpmProtViolVdoVrtrSvcId,
        tmnxCpmProtViolVdoVrtrIfIndex
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of CPM Protection on Nokia
         SROS 7.0 series systems."
    ::= { tmnxSecurityGroups 44 }

tmnxSecurityCpmProtNotifyV7v0Grp NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolVdoSvcClient,
        tmnxCpmProtViolVdoVrtrClient
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CPM Protection on Nokia SROS 7.0
         series systems."
    ::= { tmnxSecurityGroups 45 }

tmnxSecurityTacPlusV8v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress,
        tmnxTacPlusServerPort
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 46 }

tmnxObsoletedObjectsV8v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusSingleConnection
    }
    STATUS      current
    DESCRIPTION
        "The group of objects that are made obsolete on Nokia SROS series
         systems in release 8.0"
    ::= { tmnxSecurityGroups 47 }

tmnxSecurityNotifyObjsV8v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxMD5AuthFailReason,
        tmnxMD5AuthAddrType,
        tmnxMD5AuthAddr,
        tmnxMD5AuthKey,
        tmnxCpmProtPolId
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications in revision 8.0
         on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 48 }

tmnxSecurityNotificationV8v0Grp  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxMD5AuthFailure,
        tmnxCpmProtDefPolModified
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting security in revision 8.0 on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 49 }

tmnxCpmProtEthCfmPolV8v0Grp      OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtEthCfmPolTableLastChg,
        tmnxCpmProtEthCfmPolRowStatus,
        tmnxCpmProtEthCfmPolLastChanged,
        tmnxCpmProtEthCfmPolLevelSet,
        tmnxCpmProtEthCfmPolOpCodeSet,
        tmnxCpmProtEthCfmPolRateLimit,
        tmnxCpmProtExcdSdpBindEcmTblLChg,
        tmnxCpmProtExcdSdpBindEcmPeriods,
        tmnxCpmProtExcdSdpBindEcmStarted,
        tmnxCpmProtExcdSdpBindEcmTime,
        tmnxCpmProtExcdSapEcmTblLChg,
        tmnxCpmProtExcdSapEcmPeriods,
        tmnxCpmProtExcdSapEcmStarted,
        tmnxCpmProtExcdSapEcmTime
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CPM protection policies for Ethernet
         CFM packets in revision 8.0 R5 on Nokia SROS systems."
    ::= { tmnxSecurityGroups 50 }

tmnxCpmProtPolV8v0Grp            OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtViolSdpBindTblLastChg,
        tmnxCpmProtViolSdpBindPeriods,
        tmnxCpmProtViolSdpBindTimeStartd,
        tmnxCpmProtViolSdpBindTime,
        tmnxCpmProtExcdSdpBindTblLastChg,
        tmnxCpmProtExcdSdpBindPeriods,
        tmnxCpmProtExcdSdpBindTimeStartd,
        tmnxCpmProtExcdSdpBindTime
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CPM protection policies in revision
         8.0 R5 on Nokia SROS systems."
    ::= { tmnxSecurityGroups 51 }

tmnxCpmProtPolNotifyV8v0Grp      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolSdpBind,
        tmnxCpmProtExcdSdpBind,
        tmnxCpmProtExcdSapEcm,
        tmnxCpmProtExcdSdpBindEcm
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CPM protection policies in
         revision 8.0 R5 on Nokia SROS systems."
    ::= { tmnxSecurityGroups 52 }

tmnxSecPkiV9v0Grp                OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfileAdminState,
        tmnxPkiCAProfileCRLFile,
        tmnxPkiCAProfileCertFile,
        tmnxPkiCAProfileDescr,
        tmnxPkiCAProfileLastChanged,
        tmnxPkiCAProfileRowStatus,
        tmnxPkiCAProfileTableLastChanged,
        tmnxPkiMaxCertChainDepth,
        tmnxPkiCAProfileOperFlags,
        tmnxPkiCAProfileOperState,
        tmnxCertMgrAuthFailed,
        tmnxCertMgrAuthPassed,
        tmnxCertMgrTotalAuth
    }
    STATUS      current
    DESCRIPTION
        "The tmnxSecPkiV9v0Grp indicates the group of objects supporting PKI
         objects in revision 9.0 R4 on Nokia SROS systems."
    ::= { tmnxSecurityGroups 53 }

tmnxSecurityNwExceptionsGroup    OBJECT-GROUP
    OBJECTS     {
        tmnxCpmVprnNwExceptions,
        tmnxCpmNumVprnNwExceptions,
        tmnxCpmVprnNwExceptionsTime
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting MPLS Network Exception capabilities
         for on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 54 }

tmnxCertNotifyGroup              NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxPkiCAProfCrlUpdateStart,
        tmnxPkiCAProfCrlUpdateSuccess,
        tmnxPkiCAProfCrlUpdateUrlFail,
        tmnxPkiCAProfCrlUpdAllUrlsFail,
        tmnxPkiFileWriteFailed,
        tmnxPkiCAProfCrlUpdNoNxtUpdTime,
        tmnxPkiCAProfCrlUpdLargPreUpdTm,
        tmnxPkiFileReadFailed,
        tmnxPkiCertVerificationFailed,
        tmnxCAProfileStateChange
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CA Profile certificate
         capabilities on Nokia SROS systems."
    ::= { tmnxSecurityGroups 55 }

tmnxSecNotifyObjsV10v0Group      OBJECT-GROUP
    OBJECTS     {
        tmnxSecNotifCert,
        tmnxSecNotifFailureReason,
        tmnxSecNotifFile,
        tmnxSecNotifTunnelName
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications in revision 8.0
         on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 56 }

tmnxRadiusUserGroup              OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusUserAcctConnError,
        tmnxRadiusUserAcctRejRx,
        tmnxRadiusUserAcctReqTx,
        tmnxRadiusUserBindFail,
        tmnxRadiusUserLoginFail,
        tmnxRadiusUserLoginPass,
        tmnxRadiusUserMd5Fail,
        tmnxRadiusUserOpenFail,
        tmnxRadiusUserPending,
        tmnxRadiusUserRecvFail,
        tmnxRadiusUserReqRx,
        tmnxRadiusUserReqTx,
        tmnxRadiusUserSendFail,
        tmnxRadiusUserSendTimeout
    }
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserGroup indicates the group of objects supporting
         Radius objects on Nokia SROS systems."
    ::= { tmnxSecurityGroups 57 }

tmnxCpmProtExcdSapIpV9v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtExcdSapIpTableLastChg,
        tmnxCpmProtExcdSapIpPeriods,
        tmnxCpmProtExcdSapIpStarted,
        tmnxCpmProtExcdSapIpTime,
        tmnxCpmProtPolLimDhcpCiAddrZero
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting per-SAP, per-source rate limiting of
         IP packets in release 9.0 Nokia SROS series systems."
    ::= { tmnxSecurityGroups 58 }

tmnxCpmProtPolNotifyV9v0Group    NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtExcdSapIp
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CPM protection policies in Nokia
         SROS systems, release 9.0."
    ::= { tmnxSecurityGroups 59 }

tmnxCpmFltrPrefixListV10v0Group  OBJECT-GROUP
    OBJECTS     {
        tCpmIpFilterEntrySrcIpPrefixList,
        tCpmIpFilterEntryDstIpPrefixList
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of IP prefix lists in CPM
         filters on Nokia SROS series systems 10.0 release."
    ::= { tmnxSecurityGroups 60 }

tmnxRadiusUserExGroup            OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusUserAccChallengePkt
    }
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserGroup indicates the group of additional objects
         supporting Radius objects on Nokia SROS systems."
    ::= { tmnxSecurityGroups 61 }

tmnxSecurityUserActionGroup      OBJECT-GROUP
    OBJECTS     {
        tmnxUserActionUserName,
        tmnxUserActionUnlock
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of user lockout on Nokia
         SROS systems."
    ::= { tmnxSecurityGroups 62 }

tmnxCpmFltrPrefixListV11v0Group  OBJECT-GROUP
    OBJECTS     {
        tCpmIpFilterEntrySrcIpPrefixList,
        tCpmIpFilterEntryDstIpPrefixList,
        tCpmIPv6FilterEntrySrcIpPfxList,
        tCpmIPv6FilterEntryDstIpPfxList
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IP prefix lists in CPM
         filters on Nokia SROS series systems 11.0 release."
    ::= { tmnxSecurityGroups 63 }

tmnxSecurityCpmIpFilterV11v0Grp  OBJECT-GROUP
    OBJECTS     {
        tCpmFilterQueueRowStatus,
        tCpmFilterQueueLastChanged,
        tCpmFilterQueueAdminPIR,
        tCpmFilterQueueAdminCIR,
        tCpmFilterQueueCBS,
        tCpmFilterQueueMBS,
        tCpmFilterQueueReferences,
        tCpmFilterQueueOperPIR,
        tCpmFilterQueueOperCIR,
        tCpmFilterDefaultAction,
        tCpmIpFilterAdminState,
        tCpmIpFilterEntryRowStatus,
        tCpmIpFilterEntryLastChanged,
        tCpmIpFilterEntryLogId,
        tCpmIpFilterEntryDescription,
        tCpmIpFilterEntryAction,
        tCpmIpFilterEntryQueueId,
        tCpmIpFilterEntrySrcIPAddr,
        tCpmIpFilterEntrySrcIPMask,
        tCpmIpFilterEntryDestIPAddr,
        tCpmIpFilterEntryDestIPMask,
        tCpmIpFilterEntryProtocol,
        tCpmIpFilterEntrySrcPort,
        tCpmIpFilterEntrySrcPortMask,
        tCpmIpFilterEntryDestPort,
        tCpmIpFilterEntryDestPortMask,
        tCpmIpFilterEntryDSCP,
        tCpmIpFilterEntryFragment,
        tCpmIpFilterEntryOptionPresent,
        tCpmIpFilterEntryIPOptionValue,
        tCpmIpFilterEntryIPOptionMask,
        tCpmIpFilterEntryMultipleOption,
        tCpmIpFilterEntryTcpSyn,
        tCpmIpFilterEntryTcpAck,
        tCpmIpFilterEntryIcmpCode,
        tCpmIpFilterEntryIcmpType,
        tCpmIpFilterEntryVRtrId,
        tCpmIpFilterEntryLogCreated,
        tCpmIpFilterStatsDroppedPkts,
        tCpmIpFilterStatsForwardedPkts,
        tCpmFilterQInProfileDropPkts,
        tCpmFilterQInProfileFwdPkts,
        tCpmFilterQInProfileDropOctets,
        tCpmFilterQInProfileFwdOctets,
        tCpmFilterQOutProfileDropPkts,
        tCpmFilterQOutProfileFwdPkts,
        tCpmFilterQOutProfileDropOctets,
        tCpmFilterQOutProfileFwdOctets,
        tCpmIpFilterEntrySrcPortHigh,
        tCpmIpFilterEntrySrcPortOper,
        tCpmIpFilterEntryDestPortHigh,
        tCpmIpFilterEntryDestPortOper,
        tCpmIpFilterEntrySrcPortList,
        tCpmIpFilterEntryDstPortList,
        tCpmIpFilterEntryPortSelector
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter capabilities
         for revision 11.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 64 }

tmnxSecurityCpmIPv6FltrV11v0Grp  OBJECT-GROUP
    OBJECTS     {
        tCpmIPv6FilterEntryRowStatus,
        tCpmIPv6FilterEntryLastChanged,
        tCpmIPv6FilterEntryLogId,
        tCpmIPv6FilterEntryDescription,
        tCpmIPv6FilterEntryAction,
        tCpmIPv6FilterEntryQueueId,
        tCpmIPv6FilterEntrySrcIPAddr,
        tCpmIPv6FilterEntrySrcIPMask,
        tCpmIPv6FilterEntryDestIPAddr,
        tCpmIPv6FilterEntryDestIPMask,
        tCpmIPv6FilterEntryNextHeader,
        tCpmIPv6FilterEntrySrcPort,
        tCpmIPv6FilterEntrySrcPortMask,
        tCpmIPv6FilterEntryDestPort,
        tCpmIPv6FilterEntryDestPortMask,
        tCpmIPv6FilterEntryDSCP,
        tCpmIPv6FilterEntryTcpSyn,
        tCpmIPv6FilterEntryTcpAck,
        tCpmIPv6FilterEntryIcmpCode,
        tCpmIPv6FilterEntryIcmpType,
        tCpmIPv6FilterEntryVRtrId,
        tCpmIPv6FilterEntryLogCreated,
        tCpmIPv6FilterEntryFlowLabel,
        tCpmIPv6FilterStatsDroppedPkts,
        tCpmIPv6FilterStatsForwardedPkts,
        tCpmIPv6FilterAdminState,
        tCpmIPv6FilterEntrySrcPortHigh,
        tCpmIPv6FilterEntrySrcPortOper,
        tCpmIPv6FilterEntryDestPortHigh,
        tCpmIPv6FilterEntryDestPortOper,
        tCpmIPv6FilterEntrySrcPortList,
        tCpmIPv6FilterEntryDstPortList,
        tCpmIPv6FilterEntryPortSelector,
        tCpmIPv6FilterEntryFragment,
        tCpmIPv6FilterEntryHopByHopOpt
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter IPv6
         capabilities for revision 11.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 65 }

tmnxDistCpuProtectionV11v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxDCpuProtPolicyRowStatus,
        tmnxDCpuProtPolicyLastMdfy,
        tmnxDCpuProtPolicyDescr,
        tmnxDCpuProtPolicyTblLstChg,
        tmnxDCpuProtStaticPlcrTblLstChg,
        tmnxDCpuProtStaticPlcrRowStatus,
        tmnxDCpuProtStaticPlcrLastMdfy,
        tmnxDCpuProtStaticPlcrDescr,
        tmnxDCpuProtStaticPlcrPackets,
        tmnxDCpuProtStaticPlcrWithin,
        tmnxDCpuProtStaticPlcrInitDelay,
        tmnxDCpuProtStaticPlcrKbps,
        tmnxDCpuProtStaticPlcrMbs,
        tmnxDCpuProtStaticPlcrExdActn,
        tmnxDCpuProtStaticPlcrExdHold,
        tmnxDCpuProtStaticPlcrRateType,
        tmnxDCpuProtStaticPlcrDectnTime,
        tmnxDCpuProtStaticPlcrLogEvent,
        tmnxDCpuProtLocMonPlcrTblLstChg,
        tmnxDCpuProtLocMonPlcrRowStatus,
        tmnxDCpuProtLocMonPlcrLastMdfy,
        tmnxDCpuProtLocMonPlcrDescr,
        tmnxDCpuProtLocMonPlcrPackets,
        tmnxDCpuProtLocMonPlcrWithin,
        tmnxDCpuProtLocMonPlcrInitDelay,
        tmnxDCpuProtLocMonPlcrKbps,
        tmnxDCpuProtLocMonPlcrMbs,
        tmnxDCpuProtLocMonPlcrExcdActn,
        tmnxDCpuProtLocMonPlcrRateType,
        tmnxDCpuProtLocMonPlcrLogEvent,
        tmnxDCpuProtProtocolTblLstChg,
        tmnxDCpuProtProtocolRowStatus,
        tmnxDCpuProtProtocolLastMdfy,
        tmnxDCpuProtProtocolEnforce,
        tmnxDCpuProtProtocolEnfrcePolNme,
        tmnxDCpuProtProtocolDynPackets,
        tmnxDCpuProtProtocolDynWithin,
        tmnxDCpuProtProtocolDynInitDly,
        tmnxDCpuProtProtocolDynKbps,
        tmnxDCpuProtProtocolDynMbs,
        tmnxDCpuProtProtocolDynDectnTime,
        tmnxDCpuProtProtocolDynExdActn,
        tmnxDCpuProtProtocolDynExdHold,
        tmnxDCpuProtProtocolDynRateType,
        tmnxDCpuProtProtocolDynLogEvent
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Distributed Cpu
         Protection on Nokia SROS series systems 11.0 release."
    ::= { tmnxSecurityGroups 66 }

tmnxCAProfileV11v0Group          OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfCmpAccUnprotErr,
        tmnxPkiCAProfCmpAccUnprotPki,
        tmnxOcspCacheCertStatus,
        tmnxOcspCacheExpiry,
        tmnxOcspCacheCertIssuer,
        tmnxOcspCacheCertSerial,
        tmnxPkiCAProfActnOrigCmdTime,
        tmnxPkiCAProfActnLastCAResp,
        tmnxPkiCAProfActnType,
        tmnxPkiCAProfAction,
        tmnxPkiCAProfActnKey,
        tmnxPkiCAProfActnProtKey,
        tmnxPkiCAProfActnProtAlgPass,
        tmnxPkiCAProfActnProtAlgRef,
        tmnxPkiCAProfActnProtAlgSigCert,
        tmnxPkiCAProfActnProtAlgSigHash,
        tmnxPkiCAProfActnSubjectDn,
        tmnxPkiCAProfActnSaveAsFile,
        tmnxPkiCAProfActnNewKey,
        tmnxPkiCAProfActnStatus,
        tmnxPkiCAProfActnStatusString,
        tmnxPkiCAProfActnStatusCode,
        tmnxPkiCAProfActnSendChain,
        tmnxPkiCAProfActnSendChainCA,
        tmnxPkiCAProfCmpRespSignCert,
        tmnxPkiCAProfOcspRespUrl,
        tmnxPkiCAProfOcspSvcID,
        tmnxPkiCAProfOcspVerifyCertFile,
        tmnxPkiCAProfOcspVerifyCertCA,
        tmnxPkiCAProfOcspVerifyCertOvr,
        tmnxPkiCAProfCmpKeyRowStatus,
        tmnxPkiCAProfCmpKeyLastChanged,
        tmnxPkiCAProfCmpKeySecret,
        tmnxPkiCAProfCmpKeyTblLastChgd,
        tmnxPkiCAProfCmpHttpTimeout,
        tmnxPkiCAProfCmpUrl,
        tmnxPkiCAProfCmpSvcID,
        tmnxPkiCAProfCmpSameRecipNonce
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CA profile related objects Nokia SROS
         series systems 11.0 release."
    ::= { tmnxSecurityGroups 67 }

tmnxRadiusUserExV11v0Group       OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusUserAuthAvgDelay,
        tmnxRadiusUserAcctAvgDelay
    }
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserGroup indicates the group of additional objects
         supporting Radius objects on Nokia SROS release 11.0 systems."
    ::= { tmnxSecurityGroups 68 }

tmnxSecurityTacPlusV11v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusAuthorUsePrivLvl,
        tmnxTacPlusEnableAdminPrivLvl,
        tmnxTacPlusPrivLvlMapUserProfile,
        tmnxTacPlusPrivLvlRowStatus,
        tmnxTacPlusInteractiveAuthen
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of TACACS+ interactive
         authentication on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 69 }

tmnxSecurityPasswordsV11v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxDynSvcPassword
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of passwords on Nokia SROS
         series release 11.0 systems."
    ::= { tmnxSecurityGroups 70 }

tmnxPkiCAProfNotifyV11v0Group    NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxPkiCAProfActnStatusChg
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting PKI Certificate Authority
         features in the Nokia SROS systems, release 11.0."
    ::= { tmnxSecurityGroups 71 }

tmnxCpmProtectionV11v0Group      OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtBlockPIMTunneled
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CPU Protocol Protection features
         on Nokia SROS series release 11.0 systems."
    ::= { tmnxSecurityGroups 72 }

tmnxSecurityCpmProtV12v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtPortRateActionLowPrio,
        tmnxCpmProtIPSrcMonDhcp,
        tCpmProtOutProfViolIfPeriods,
        tCpmProtOutProfViolIfTimeStart,
        tCpmProtOutProfViolIfTime,
        tCpmProtOutProfViolSapPeriods,
        tCpmProtOutProfViolSapTimeStart,
        tCpmProtOutProfViolSapTime,
        tCpmProtOutProfViolSdpBindPeriod,
        tCpmProtOutProfViolSdpBindTmeStr,
        tCpmProtOutProfViolSdpBindTime,
        tmnxCpmProtExcdSdpBindIpPeriods,
        tmnxCpmProtExcdSdpBindIpStarted,
        tmnxCpmProtExcdSdpBindIpTime
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of CPM Protection on Nokia
         SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 73 }

tmnxSecurityPasswordsV12v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxPasswordAging,
        tmnxPasswordMinLength,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsTime,
        tmnxPasswordAttemptsLockoutPeriod,
        tmnxPasswordAuthenOrder1,
        tmnxPasswordAuthenOrder2,
        tmnxPasswordAuthenOrder3,
        tmnxPasswordAuthenExitOnReject,
        tmnxAdminPassword,
        tmnxAdminPasswordEncrypted,
        tmnxPasswordHealthCheck,
        tmnxPasswordHealthCheckInterval,
        tmnxDynSvcPassword,
        tmnxPasswordHistory,
        tmnxPasswordMinChange,
        tmnxPasswordMinAge,
        tmnxPasswordAllowUserName,
        tmnxPasswordMaxRepeatedChars,
        tmnxPasswordCreditsLowerCase,
        tmnxPasswordCreditsUpperCase,
        tmnxPasswordCreditsSpecialChar,
        tmnxPasswordCreditsNumeric,
        tmnxPasswordReqLowerCase,
        tmnxPasswordReqUpperCase,
        tmnxPasswordReqSpecialChar,
        tmnxPasswordReqNumeric,
        tmnxPasswordReqNumCharClass
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of passwords on Nokia SROS
         series release 12.0 systems."
    ::= { tmnxSecurityGroups 74 }

tmnxSecCpmProtNotifyV12v0Grp     NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolSapOutProf,
        tmnxCpmProtViolIfOutProf,
        tmnxCpmProtViolSdpBindOutProf,
        tmnxCpmProtExcdSdpBindIp
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting CPM protection policies on Nokia
         SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 75 }

tmnxSecCpmProtNotifyObjsV12v0Grp OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CPM Protection notifications on Nokia
         SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 76 }

tmnxSecTechGroup                 OBJECT-GROUP
    OBJECTS     {
        tmnxSecurityTechSupportLocation
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting tech-support MIB support for Nokia
         SROS series release 10.0 systems."
    ::= { tmnxSecurityGroups 77 }

tmnxSecurityUserV12v0Group       OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged,
        tmnxUserActionClearPwdHistory,
        tmnxTemplateAccess,
        tmnxTemplateHomeDirectory,
        tmnxTemplateRestrictedToHome,
        tmnxTemplateConsoleLoginExecFile,
        tmnxTemplateProfile
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 78 }

tmnxSecurityV12v0ObsoletedGroup  OBJECT-GROUP
    OBJECTS     {
        tmnxUserPasswordEncrypted
    }
    STATUS      current
    DESCRIPTION
        "The group of objects obsoleted in release 12.0 of the capabilities on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 79 }

tmnxSecurityNetconfV110Group     OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileNCKillSession
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of NETCONF operations and
         users."
    ::= { tmnxSecurityGroups 80 }

tmnxChainSecurityNotifyObjsGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSecComputeCertChainFailure
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security chain notifications on Nokia
         SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 81 }

tCAProfCmpv2SetSndrV11v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfCmpAlSetSndrForIr
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CA profile related objects Nokia SROS
         series systems 11.0 release."
    ::= { tmnxSecurityGroups 82 }

tmnxSecurityKeyChainV12v0Group   OBJECT-GROUP
    OBJECTS     {
        tmnxKeyChainExpired,
        tmnxKeyChainKeyOption
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Keychain capabilities on
         Nokia SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 83 }

tmnxSecurityPublicKeyGroup       OBJECT-GROUP
    OBJECTS     {
        tmnxUserPublicKeyRowStatus,
        tmnxUserPublicKeyLastChanged,
        tmnxUserPublicKeyName
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting Secure Shell version 2 (SSHv2) RSA
         public key capabilities on Nokia SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 84 }

tCAProfCmpv2HttpVerV12v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfCmpHttpVersion
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CA profile related objects Nokia SROS
         series systems 12.0 release."
    ::= { tmnxSecurityGroups 85 }

tmnxSecurityNotifyObjsV12v0Group OBJECT-GROUP
    OBJECTS     {
        tmnxSecNotifOrigProtocol
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications in revision
         12.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 86 }

tmnxSecurityNotificationV12v0Grp NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSecNotifKeyChainExpired,
        tmnxCAProfUpDueToRevokeChkCrlOpt
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting security in revision 12.0 on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 87 }

tmnxPkiCertDispFmtV12v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCertDisplayFormat
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting security PKI certificate display
         format feature in revision 12.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 88 }

tmnxSecurityProfRateV12v0Group   OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtPolOutProfRateLogEvnt
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of CPM Protection policies
         on Nokia SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 89 }

tmnxSecCpmProtProtocolV12v0Group OBJECT-GROUP
    OBJECTS     {
        tmnxCpmProtIPSrcMonGtp,
        tmnxCpmProtIPSrcMonIcmp,
        tmnxCpmProtIPSrcMonIgmp
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of CPM Protection on Nokia
         SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 90 }

tmnxSecuritySSHCipherGroup       OBJECT-GROUP
    OBJECTS     {
        tmnxSSHCipherName,
        tmnxSSHServerCipherListRowStatus,
        tmnxSSHServerCipherListNumber,
        tmnxSSHClientCipherListRowStatus,
        tmnxSSHClientCipherListNumber
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Secure Shell cipher
         capabilities on Nokia SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 91 }

tmnxPkiCAProfRevokeChkGroup      OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfRevokeChk
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of PKI CA-profile related
         features on Nokia SROS series release 12.0 systems."
    ::= { tmnxSecurityGroups 92 }

tmnxSecurityKeyChainV13v0Group   OBJECT-GROUP
    OBJECTS     {
        tmnxKeyChainKeyOption
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Keychain capabilities on
         Nokia SROS series release 13.0 systems."
    ::= { tmnxSecurityGroups 93 }

tmnxPkiCAProf13v0Group           OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfActnDomain,
        tmnxPkiCAProfActnInetAddrType,
        tmnxPkiCAProfActnInetAddr
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of security capabilities on
         Nokia SROS series release 13.0 systems."
    ::= { tmnxSecurityGroups 94 }

tmnxSecurityNotifyObjsV13v0Group OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfileNameForNotify,
        tmnxSecNotifFileSize,
        tmnxPkiExpRemainingHours,
        tmnxPkiExpRemainingMinutes,
        tmnxPkiExpReason
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications in revision
         13.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 96 }

tmnxCertExpNotificationV13v0Grp  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxPkiCertNotYetValid,
        tmnxPkiCRLNotYetValid,
        tmnxPkiCertBeforeExpWarning,
        tmnxPkiCertAfterExpWarning,
        tmnxPkiCertExpWarningCleared,
        tmnxPkiCRLBeforeExpWarning,
        tmnxPkiCRLAfterExpWarning,
        tmnxPkiCRLExpWarningCleared
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting certificate/CRL expiry warnings
         feature in revision 13.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 97 }

tmnxCertExpWarningV13v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCertExpWarningHours,
        tmnxPkiCertExpWarningRepeatHrs,
        tmnxPkiCRLExpWarningHours,
        tmnxPkiCRLExpWarningRepeatHrs
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting certificate/CRL expiry warning feature
         in revision 13.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 98 }

tmnxCliScriptAuthUserV13v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxCliScriptAuthTblLastChange,
        tmnxCliScriptAuthRowStatus
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of cli script user
         authorization on Nokia SROS series release 13.0 systems."
    ::= { tmnxSecurityGroups 99 }

tmnxSecurityRadiusV13v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusInteractiveAuthen
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities on
         Nokia SROS series systems since release 13.0."
    ::= { tmnxSecurityGroups 100 }

tmnxSecCertRldNotifyObjsV13v0Grp OBJECT-GROUP
    OBJECTS     {
        tmnxSecNotifFileType
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications for
         certificate/key reload in revision 13.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 101 }

tmnxCertRldNotificationV13v0Grp  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSecNotifFileReloaded
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting certificate/key reload feature
         in revision 13.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 102 }

tmnxPkiCAProfAtCrlUpdV13v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfAtCrlUpdTblLstChgd,
        tmnxPkiCAProfAtCrlUpdRowStatus,
        tmnxPkiCAProfAtCrlUpdLastChgd,
        tmnxPkiCAProfAtCrlUpdAdminState,
        tmnxPkiCAProfAtCrlUpdScheduleT,
        tmnxPkiCAProfAtCrlUpdPrdcUpdIntv,
        tmnxPkiCAProfAtCrlUpdPreUpdTime,
        tmnxPkiCAProfAtCrlUpdRetryIntv,
        tmnxPkiCAProfAtCrlUpdLstSucsEtId,
        tmnxPkiCAProfAtCrlUpdLstSucsTmSt,
        tmnxPkiCAProfAtCrlUpdLstSucsTmEd,
        tmnxPkiCAProfAtCrlUpdNxCrlUpdTm,
        tmnxPkiCAProfCrlCurUpdStatus,
        tmnxPkiCAProfCrlCurUpdEtId,
        tmnxPkiCAProfUrlTablLastChgd,
        tmnxPkiCAProfUrlRowStatus,
        tmnxPkiCAProfUrlLastChanged,
        tmnxPkiCAProfUrl,
        tmnxPkiCAProfUrlFileTransProf,
        tmnxPkiCAProfManCrlUpdAct,
        tmnxPkiCAProfManCrlUpdAbort
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the configuration of automated CRL
         update features on Nokia SROS series release 13.0 systems."
    ::= { tmnxSecurityGroups 103 }

tmnxCliSessionGroupV13v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxCliSessionGroupTableLstChgd,
        tmnxCliSessionGroupLastChanged,
        tmnxCliSessionGroupRowStatus,
        tmnxCliSessionGroupDescription,
        tmnxCliSessionGroupSshLimit,
        tmnxCliSessionGroupTelnetLimit,
        tmnxCliSessionGroupTotalLimit,
        tmnxUserProfileSshLimit,
        tmnxUserProfileTelnetLimit,
        tmnxUserProfileTotalLimit,
        tmnxUserProfileCliSessionGroup
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting limitation of number of concurrent SSH
         & Telnet sessions on Nokia SROS series systems since release 13.0."
    ::= { tmnxSecurityGroups 104 }

tmnxSecPwdHistNotifyObjsV12v0Grp OBJECT-GROUP
    OBJECTS     {
        tmnxSecPwdHistLoadFailReason
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting password history feature in
         revision 12.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 105 }

tmnxSecPwdHistNotifV12v0Grp      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSecPwdHistoryFileLoadFailed,
        tmnxSecPwdHistoryFileWriteFailed
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting password history feature in
         revision 12.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 106 }

tmnxSecVsdGroup                  OBJECT-GROUP
    OBJECTS     {
        tmnxVsdPassword
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting VSD configuration feature on Nokia
         SROS series systems."
    ::= { tmnxSecurityGroups 107 }

tmnxSessLimNotifyObjsV13v0Grp    OBJECT-GROUP
    OBJECTS     {
        tmnxSessionLimitExceededName,
        tmnxSessionLimitExceededType
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications for user access
         session limits on Nokia SROS series release 13.0 systems."
    ::= { tmnxSecurityGroups 108 }

tmnxSessLimNotifyV13v0Grp        NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxUsrProfSessionLimitExceeded,
        tmnxCliGroupSessionLimitExceeded
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting user access session limits
         feature on Nokia SROS series release 13.0 systems."
    ::= { tmnxSecurityGroups 109 }

tmnxSecNotifyObjsV14v0Grp        OBJECT-GROUP
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting information for security notifications
         on Nokia SROS series release 14.0 systems."
    ::= { tmnxSecurityGroups 110 }

tmnxLogMaxAttNotifyV14v0Grp      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxUserCliLoginMaxAttempts,
        tmnxUserFtpLoginMaxAttempts,
        tmnxUserSshLoginMaxAttempts,
        tmnxLiUserCliLoginMaxAttempts,
        tmnxLiUserFtpLoginMaxAttempts,
        tmnxLiUserSshLoginMaxAttempts
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting maximum number of unsuccessful
         user login attempts exceeded on Nokia SROS series release 14.0
         systems."
    ::= { tmnxSecurityGroups 111 }

tmnxSecuritySSHv2PubKeyV14v0Grp  OBJECT-GROUP
    OBJECTS     {
        tmnxUserPubEcdsaKeyRowStatus,
        tmnxUserPubEcdsaKeyLastChanged,
        tmnxUserPubEcdsaKeyName,
        tmnxUserPubEcdsaKeyDescription,
        tmnxUserPublicKeyDescription,
        tmnxUserPubKeyTableLastChanged,
        tmnxUserPubEcdsaKeyTblLstChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting Secure Shell version 2 (SSHv2) public
         key capabilities on Nokia SROS series release 14.0 systems."
    ::= { tmnxSecurityGroups 112 }

tmnxPkiCAProfCrlSizeLimtV14v0Grp OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfCrlCurUpdStartTime,
        tmnxPkiCAProfAtCrlUpdLstFailedId,
        tmnxPkiCAProfAtCrlUpdLstFailTmSt,
        tmnxPkiCAProfAtCrlUpdLstFailTmEd,
        tmnxPkiCAProfAtCrlUpdLstFailReas
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the statistics of CRL size limit
         feature on Nokia SROS series release 14.0 systems."
    ::= { tmnxSecurityGroups 113 }

tmnxSecurityNetconfLockV14v0Grp  OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileNCLock
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the netconf lock/unlock feature on
         Nokia SROS series release 14.0 systems."
    ::= { tmnxSecurityGroups 114 }

tmnxSecurityRadiusV14v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusAdminStatus,
        tmnxRadiusAccounting,
        tmnxRadiusAuthorization,
        tmnxRadiusTimeout,
        tmnxRadiusPort,
        tmnxRadiusServerSecret,
        tmnxRadiusServerOperStatus,
        tmnxRadiusServerRowStatus,
        tmnxRadiusRetryAttempts,
        tmnxRadiusPEForceDiscovery,
        tmnxRadiusPEForceDiscoverySvcId,
        tmnxRadiusAccountingPort,
        tmnxRadiusServerInetAddressType,
        tmnxRadiusServerInetAddress,
        tmnxRadiusUseTemplate
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities for
         revision 14.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 115 }

tmnxSecurityTacPlusV14v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress,
        tmnxTacPlusServerPort
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities for
         revision 14.0 on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 116 }

tmnxSecurityObsoletedV14v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxRadiusConfigured,
        tmnxTacPlusConfigured
    }
    STATUS      current
    DESCRIPTION
        "The group of objects in TIMETRA-SECURITY-MIB which are obsoleted in
         release 14.0."
    ::= { tmnxSecurityGroups 117 }

tmnxSecurityPasswordsV14v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxPasswordAuthenOrder4
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of passwords on Nokia SROS
         series release 14.0 systems."
    ::= { tmnxSecurityGroups 118 }

tmnxSecNotifyObjsV14v0Group      OBJECT-GROUP
    OBJECTS     {
        tmnxSecNotifClientAppName
    }
    STATUS      current
    DESCRIPTION
        "The group of additional objects supporting security notifications on
         Nokia SROS series release 14.0 systems."
    ::= { tmnxSecurityGroups 119 }

tmnxCertNotifyV14v0Group         NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxAppPkiCertVerificationFailed
    }
    STATUS      current
    DESCRIPTION
        "The group of additional notifications supporting certificate
         verification capabilities on Nokia SROS series release 14.0 systems."
    ::= { tmnxSecurityGroups 120 }

tmnxSecurityGrpcV15v0Grp         OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileGrpcAuthGet,
        tmnxUserProfileGrpcAuthSet,
        tmnxUserProfileGrpcAuthSubscribe
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the gRPC feature on Nokia SROS series
         release 15.0 systems."
    ::= { tmnxSecurityGroups 122 }

tmnxPkiCNV15v0Grp                OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCNListLastChanged,
        tmnxPkiCNListParamCNType,
        tmnxPkiCNListParamCNValue,
        tmnxPkiCNListParamLastChanged,
        tmnxPkiCNListParamRowStatus,
        tmnxPkiCNListParamTableLstChgd,
        tmnxPkiCNListRowStatus,
        tmnxPkiCNListTableLastChanged
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the management of Common Name lists."
    ::= { tmnxSecurityGroups 123 }

tmnxSecuritySSHMacListV15v0Group OBJECT-GROUP
    OBJECTS     {
        tmnxSSHMacName,
        tmnxSSHServerMacListTableLstChgd,
        tmnxSSHServerMacListLastChanged,
        tmnxSSHServerMacListRowStatus,
        tmnxSSHServerMacListNumber,
        tmnxSSHClientMacListTableLstChgd,
        tmnxSSHClientMacListLastChanged,
        tmnxSSHClientMacListRowStatus,
        tmnxSSHClientMacListNumber
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Secure Shell MAC
         algorithm capabilities on Nokia SROS series release 15.0 systems."
    ::= { tmnxSecurityGroups 124 }

tmnxSecuritySSHKeyReExV15v0Group OBJECT-GROUP
    OBJECTS     {
        tmnxSSHServerKeyReExLastChanged,
        tmnxSSHServerKeyReExAdminState,
        tmnxSSHServerKeyReExMinutes,
        tmnxSSHServerKeyReExMBytes,
        tmnxSSHClientKeyReExLastChanged,
        tmnxSSHClientKeyReExAdminState,
        tmnxSSHClientKeyReExMinutes,
        tmnxSSHClientKeyReExMBytes
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Secure Shell key
         re-exchange capabilities on Nokia SROS series release 15.0 systems."
    ::= { tmnxSecurityGroups 125 }

tmnxSecUserV15v1Group            OBJECT-GROUP
    OBJECTS     {
        tmnxUserCliEngine1,
        tmnxUserCliEngine2
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting cli engine accessibility configuration
         on Nokia SROS series release 15.1 systems."
    ::= { tmnxSecurityGroups 127 }

tmnxCAProfileV15v1Group          OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfCmpSvcName,
        tmnxPkiCAProfOcspSvcName
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CA profile capabilities on Nokia SROS
         series release 15.1 systems."
    ::= { tmnxSecurityGroups 128 }

tmnxLogMaxAttNotifyV15v1Grp      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxUserNetconfLoginMaxAttempts
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting maximum number of unsuccessful
         user login attempts exceeded on Nokia SROS series release 15.1
         systems."
    ::= { tmnxSecurityGroups 129 }

tmnxSecurityGrpcV16v0Grp         OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileGrpcAuthGnmiCap,
        tmnxUserProfileGrpcAuthRAModify,
        tmnxUserProfileGrpcAuthRAGetVer,
        tmnxUserProfileGrpcAuthCMRotate,
        tmnxUserProfileGrpcAuthCMInstall,
        tmnxUserProfileGrpcAuthCMGetCert,
        tmnxUserProfileGrpcAuthCMRevoke,
        tmnxUserProfileGrpcAuthCMCanGen
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the gRPC feature on Nokia SROS series
         release 16.0 systems."
    ::= { tmnxSecurityGroups 130 }

tmnxHashControlV16v0Group        OBJECT-GROUP
    OBJECTS     {
        tmnxPassHashWriteVersionMdCli,
        tmnxPassHashWriteVersionNetconf,
        tmnxPassHashWriteVersionGrpc
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting hash control configuration on Nokia
         SROS series release 16.0 systems."
    ::= { tmnxSecurityGroups 131 }

tmnxPkiV16v0Group                OBJECT-GROUP
    OBJECTS     {
        tmnxPkiImportedFormat
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting PKI configuration on Nokia SROS series
         release 16.0 systems."
    ::= { tmnxSecurityGroups 132 }

tmnxCAProfileV16v0Group          OBJECT-GROUP
    OBJECTS     {
        tmnxPkiCAProfOcspTransProf
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CA profile capabilities on Nokia SROS
         series release 16.0 systems."
    ::= { tmnxSecurityGroups 133 }

tmnxServerAccessCtlV16v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxAllowServersAccess,
        tmnxServerAccessCtlObjsLstChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management interface protocols
         configuration for the Base router on Nokia SROS series systems in
         release 16.0."
    ::= { tmnxSecurityGroups 134 }

tmnxSecUserV19v0Group            OBJECT-GROUP
    OBJECTS     {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserActionClearPwdHistory,
        tmnxTemplateAccess,
        tmnxTemplateHomeDirectory,
        tmnxTemplateRestrictedToHome,
        tmnxTemplateConsoleLoginExecFile,
        tmnxTemplateProfile,
        tmnxUserPasswordChangedTime,
        tmnxUserPasswordExpirationTime
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 135 }

tmnxSecUserV19v0GroupObsoleted   OBJECT-GROUP
    OBJECTS     {
        tmnxUserPasswordChanged
    }
    STATUS      current
    DESCRIPTION
        "The group of objects obsoleted in release 19.0 of the capabilities on
         Nokia SROS series systems."
    ::= { tmnxSecurityGroups 136 }

tmnxSecuritySSHKexListV19v0Group OBJECT-GROUP
    OBJECTS     {
        tmnxSSHKexName,
        tmnxSSHServerKexListTableLstChgd,
        tmnxSSHServerKexListLastChanged,
        tmnxSSHServerKexListRowStatus,
        tmnxSSHServerKexListNumber,
        tmnxSSHClientKexListTableLstChgd,
        tmnxSSHClientKexListLastChanged,
        tmnxSSHClientKexListRowStatus,
        tmnxSSHClientKexListNumber
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Secure Shell KEX
         algorithm capabilities on Nokia SROS series systems."
    ::= { tmnxSecurityGroups 137 }

tmnxSecurityNotifyPrefix         OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 22 }

tmnxSecurityNotifications        OBJECT IDENTIFIER ::= { tmnxSecurityNotifyPrefix 0 }

tmnxSSHServerPreserveKeyFail     NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmFlashHwIndex,
        tmnxCpmFlashOperStatus
    }
    STATUS      current
    DESCRIPTION
        "The tmnxSSHServerPreserveKeyFail notification is generated when the
         saving of SSH server host key on the persistent drive fails by the CPM
         module.

         tmnxCpmFlashId identifies the failed compact flash.
         tmnxCpmFlashOperStatus indicates the status of the compact flash
         reported in tmnxCpmFlashId."
    ::= { tmnxSecurityNotifications 1 }

tmnxKeyChainAuthFailure          NOTIFICATION-TYPE
    OBJECTS     {
        tmnxKeyChainReceiveTcpOptionNum,
        tmnxKeyChainAuthFailReason,
        tmnxKeyChainAuthAddrType,
        tmnxKeyChainAuthAddr,
        vRtrID
    }
    STATUS      current
    DESCRIPTION
        "The tmnxKeyChainAuthFailure notification is generated when the
         incoming packet is dropped due to key chain authentication failure.

         Failure could be due to the following reasons or more:
         - Send packet had not auth keychain but recv side had keychain enabled.
         - Keychain key id's did not match.
         - Keychain key digest mismatch
         - Received packet with invalid enhanced authentication option length.
         - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'."
    ::= { tmnxSecurityNotifications 2 }

tmnxCpmProtViolPort              NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolPortPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolPort notification is generated when a link-specific
         packet arrival rate limit violation is detected for a port.

         This notification is not supported on SR-1 and ESS-1, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityNotifications 3 }

tmnxCpmProtViolPortAgg           NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolPortAggPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolPortAgg notification is generated when a per-port
         overall packet rate limit violation is detected for a port.

         This notification is not supported on SR-1 and ESS-1, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityNotifications 4 }

tmnxCpmProtViolIf                NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolIfPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolIf notification is generated when a overall packet
         arrival rate violation is detected for an interface, and this
         notification is enabled.

         This notification is not supported on SR-1 and ESS-1, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityNotifications 5 }

tmnxCpmProtViolSap               NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolSapPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolSap notification is generated when a overall packet
         arrival rate violation is detected for a SAP, and this notification is
         enabled.

         This notification is not supported on SR-1 and ESS-1, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityNotifications 6 }

tmnxCpmProtViolMac               NOTIFICATION-TYPE
    OBJECTS     {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxCpmProtViolMacAddress,
        tmnxCpmProtViolMacPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolMac notification is generated when a per-source
         rate limit violation was detected for a source, and this notification
         is enabled.

         This notification is not supported on SR-1 and ESS-1, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxSecurityNotifications 7 }

tmnxCpmProtViolVdoSvcClient      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolVdoSvcPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolVdoSvcClient notification is generated when a
         per-source rate limit violation was detected for a client address of a
         RTCP control traffic in VPLS service."
    ::= { tmnxSecurityNotifications 8 }

tmnxCpmProtViolVdoVrtrClient     NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolVdoVrtrPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolVdoVrtrClient notification is generated when a
         per-source rate limit violation was detected for a client address of a
         RTCP control traffic in router context."
    ::= { tmnxSecurityNotifications 9 }

tmnxMD5AuthFailure               NOTIFICATION-TYPE
    OBJECTS     {
        tmnxMD5AuthKey,
        tmnxMD5AuthFailReason,
        tmnxMD5AuthAddrType,
        tmnxMD5AuthAddr,
        vRtrID
    }
    STATUS      current
    DESCRIPTION
        "The tmnxMD5AuthFailure notification is generated when the incoming
         packet is dropped due to MD5 authentication failure."
    ::= { tmnxSecurityNotifications 10 }

tmnxCpmProtDefPolModified        NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtPolId
    }
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtDefPolModified notification is generated when the user
         modifies a default access or default network policy."
    ::= { tmnxSecurityNotifications 11 }

tmnxCpmProtViolSdpBind           NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtViolSdpBindPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtViolSdpBind notification is generated when the
         packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's
         configured overall-rate.

         [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
         discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured overall-rate for the SDP."
    ::= { tmnxSecurityNotifications 12 }

tmnxCpmProtExcdSdpBind           NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtExcdSdpBindPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSdpBind notification is generated when a
         source (identified by a MAC address) sends a packet stream to a local
         mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured
         per-source-rate.

         [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
         discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured per-source-rate for the SDP."
    ::= { tmnxSecurityNotifications 13 }

tmnxCpmProtExcdSapEcm            NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtExcdSapEcmPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSapEcm notification is generated when an
         Eth-CFM packet stream (identified by a source MAC address, domain
         level, and Eth-CFM opcode) arrives at a local SAP at a rate which
         exceeds the configured Eth-CFM rate limit for the stream.

         [EFFECT] One or more Eth-CFM packets arriving at the SAP was
         discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured Eth-CFM rate limit for the stream."
    ::= { tmnxSecurityNotifications 14 }

tmnxCpmProtExcdSdpBindEcm        NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtExcdSdpBindEcmPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSdpBindEcm notification is generated when
         an Eth-CFM packet stream (identified by a source MAC address, domain
         level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at
         a rate which exceeds the configured Eth-CFM rate limit for the stream.

         [EFFECT] One or more Eth-CFM packets arriving at the mesh-sdp or
         spoke-sdp was discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured Eth-CFM rate limit for the stream."
    ::= { tmnxSecurityNotifications 15 }

tmnxPkiFileReadFailed            NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiFileReadFailed notification is generated when an
         attempt to read the file fails. The reason for the failure is
         indicated by the tmnxSecNotifFailureReason object.

         [EFFECT] Operational status of tunnels configured to use this
         certificate will be set to 'down'.

         [RECOVERY] Make sure the path specified in tmnxSecNotifFile is correct
         and the file exists."
    ::= { tmnxSecurityNotifications 16 }

tmnxPkiCertVerificationFailed    NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifTunnelName,
        tmnxSecNotifCert,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCertVerificationFailed notification is generated
         when an attempt to verify the certificate fails. This notification is
         only used by the IPsec application.

         [EFFECT] Authentication of the tunnel configured with the certificate
         will start to fail.

         [RECOVERY] Make sure the certificate specified in tmnxSecNotifCert is
         a valid certificate and an appropriate trust anchor is configured."
    ::= { tmnxSecurityNotifications 17 }

tmnxCAProfileStateChange         NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfileOperState,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCAProfileStateChange notification is generated when
         Certificate Authority profile changes state to 'down' due to
         tmnxSecNotifFailureReason.

         [EFFECT] Certificate Authority profile will remain in this state until
         a corrective action is taken.

         [RECOVERY] Depending on the reason indicated by
         tmnxSecNotifFailureReason, corrective action should be taken."
    ::= { tmnxSecurityNotifications 18 }

tmnxCpmProtExcdSapIp             NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtExcdSapIpPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSapIp notification is generated when a
         source (identified by an IP address) sends a packet stream to a local
         SAP at a rate which exceeds the SAP's configured per-source-rate.

         [EFFECT] One or more packets arriving at the SAP was discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, OR
         increase the locally configured per-source-rate for the SAP, OR
         disable per-IP-source rate limiting on the SAP by setting
         TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'."
    ::= { tmnxSecurityNotifications 19 }

tmnxPkiCAProfActnStatusChg       NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfActnType,
        tmnxPkiCAProfActnStatus,
        tmnxPkiCAProfActnStatusString,
        tmnxPkiCAProfActnStatusCode,
        tmnxPkiCAProfActnOrigCmdTime,
        tmnxPkiCAProfActnLastCAResp
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCAProfActnStatusChg notification is generated when
         tmnxPkiCAProfActnStatus changes status. More information is available
         through tmnxPkiCAProfActnStatusString and tmnxPkiCAProfActnStatusCode.

         [EFFECT] This is due to the action performed using
         tmnxPkiCAProfActnTable.

         [RECOVERY] Depending on the information available in this trap,
         another tmnxPkiCAProfActnType request may be issued by correcting the
         parameters in the tmnxPkiCAProfActnTable."
    ::= { tmnxSecurityNotifications 20 }

tmnxCpmProtViolSapOutProf        NOTIFICATION-TYPE
    OBJECTS     {
        tCpmProtOutProfViolSapPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtViolSapOutProf notification is generated when
         the rate at which incoming control packets are marked as
         out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded.
         This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt
         is set to 'true'.

         [EFFECT] One or more control packets being marked as out-of-profile
         will be discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for
         this SAP."
    ::= { tmnxSecurityNotifications 21 }

tmnxCpmProtViolIfOutProf         NOTIFICATION-TYPE
    OBJECTS     {
        tCpmProtOutProfViolIfPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtViolIfOutProf notification is generated when
         the rate at which incoming control packets are marked as
         out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded.
         This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt
         is set to 'true'.

         [EFFECT] One or more control packets being marked as out-of-profile
         will be discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for
         this interface."
    ::= { tmnxSecurityNotifications 22 }

tmnxCpmProtExcdSdpBindIp         NOTIFICATION-TYPE
    OBJECTS     {
        tmnxCpmProtExcdSdpBindIpPeriods,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSdpBindIp notification is generated when a
         source (identified by an IP address) sends a packet stream to a local
         mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured
         per-source-rate.

         [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
         discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured per-source-rate for the SDP."
    ::= { tmnxSecurityNotifications 23 }

tmnxSecComputeCertChainFailure   NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecComputeCertChainFailure notification is generated
         when a compute chain-failure has occurred.

         [EFFECT] The chain cannot be built for a configured certificate and
         the corresponding chain will be empty.

         [RECOVERY] Depending on the reason indicated by
         tmnxSecNotifFailureReason, corrective action should be taken."
    ::= { tmnxSecurityNotifications 24 }

tmnxCpmProtViolSdpBindOutProf    NOTIFICATION-TYPE
    OBJECTS     {
        tCpmProtOutProfViolSdpBindPeriod,
        tmnxCpmProtViolExcdPktHexDump
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtViolSdpBindOutProf notification is generated
         when the rate at which incoming control packets are marked as
         out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded.
         This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt
         is set to 'true'.

         [EFFECT] One or more control packets being marked as out-of-profile
         will be discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for
         this SDP binding."
    ::= { tmnxSecurityNotifications 25 }

tmnxSecNotifKeyChainExpired      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxKeyChainExpired,
        tmnxSecNotifOrigProtocol
    }
    STATUS      current
    DESCRIPTION
        "The tmnxSecNotifKeyChainExpired notification is generated when a
         protocol instance tries to use a keychain, for which the last key
         entry has expired."
    ::= { tmnxSecurityNotifications 26 }

tmnxCAProfUpDueToRevokeChkCrlOpt NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfileOperState,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCAProfUpDueToRevokeChkCrlOpt notification is generated
         when Certificate Authority profile changes state to 'up' due to
         tmnxPkiCAProfRevokeChk set to 'crlOptional' even with the errors in
         tmnxSecNotifFailureReason.

         [EFFECT] Certificate Authority profile will remain up.

         [RECOVERY] Errors described in tmnxSecNotifFailureReason should still
         be corrected."
    ::= { tmnxSecurityNotifications 27 }

tmnxPkiCertBeforeExpWarning      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxPkiExpRemainingHours,
        tmnxPkiExpRemainingMinutes,
        tmnxSecNotifClientAppName
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCertBeforeExpWarning notification is generated when
         the certificate indicated in tmnxSecNotifFile will expire in the time
         period indicated by tmnxPkiExpRemainingHours and
         tmnxPkiExpRemainingMinutes.

         [EFFECT] The indicated certificate will expire.

         [RECOVERY] Replace the indicated file with an updated certificate."
    ::= { tmnxSecurityNotifications 28 }

tmnxPkiCertAfterExpWarning       NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxSecNotifClientAppName
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCertAfterExpWarning notification is generated when
         the certificate indicated in tmnxSecNotifFile has expired.

         [EFFECT] The indicated certificate has expired.

         [RECOVERY] Replace the indicated file with an updated certificate."
    ::= { tmnxSecurityNotifications 29 }

tmnxPkiCertExpWarningCleared     NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxPkiExpReason,
        tmnxSecNotifClientAppName
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCertExpWarningCleared notification is generated
         when the expiration warning for the certificate indicated in
         tmnxSecNotifFile no longer applies because of the reason indicated in
         tmnxPkiExpReason.

         [EFFECT] The indicated certificate is no longer going to expire.

         [RECOVERY] None needed."
    ::= { tmnxSecurityNotifications 30 }

tmnxPkiCRLBeforeExpWarning       NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxPkiExpRemainingHours,
        tmnxPkiExpRemainingMinutes
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCRLBeforeExpWarning notification is generated when
         the CRL (certificate revocation list) indicated in tmnxSecNotifFile
         will expire in the time period indicated by tmnxPkiExpRemainingHours
         and tmnxPkiExpRemainingMinutes.

         [EFFECT] The indicated CRL (certificate revocation list) will expire.

         [RECOVERY] Replace the indicated file with an updated CRL."
    ::= { tmnxSecurityNotifications 31 }

tmnxPkiCRLAfterExpWarning        NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCRLAfterExpWarning notification is generated when
         the CRL (certificate revocation list) indicated in tmnxSecNotifFile
         has expired.

         [EFFECT] The indicated CRL (certificate revocation list) has expired.

         [RECOVERY] Replace the indicated file with an updated CRL."
    ::= { tmnxSecurityNotifications 32 }

tmnxPkiCRLExpWarningCleared      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxPkiExpReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCRLExpWarningCleared notification is generated when
         the expiration warning for the CRL (certificate revocation list)
         indicated in tmnxSecNotifFile no longer applies.

         [EFFECT] The indicated CRL (certificate revocation list) is no longer
         going to expire because of the reason indicated in tmnxPkiExpReason.

         [RECOVERY] None needed."
    ::= { tmnxSecurityNotifications 33 }

tmnxSecNotifFileReloaded         NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxSecNotifFileType
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecNotifFileReloaded notification is generated when
         the certificate or key indicated in tmnxSecNotifFile is reloaded.
         tmnxSecNotifFileType indicates whether a certificate or key has been
         reloaded.

         [EFFECT] The indicated certificate or key has been reloaded.

         [RECOVERY] None needed."
    ::= { tmnxSecurityNotifications 34 }

tmnxSecPwdHistoryFileLoadFailed  NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecPwdHistLoadFailReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecPwdHistoryFileLoadFailed notification is generated
         when the password history is enabled (tmnxPasswordHistory is not 0)
         for the first time and the system was unable to load and process the
         password history.

         Failure could be due to the following reasons or more:
         - This is the first time the password history is enabled on this system.
         - A previous attempt to store the password history failed.
         - Somebody removed or modified the password history file.

         [EFFECT] The system might not be able to compare the new user password
         with the user's password history from before the last reboot. If
         tmnxSecPwdHistLoadFailReason is set to 'notFound(1)', a new, empty
         history file will be created.

         [RECOVERY] Investigation might be warranted."
    ::= { tmnxSecurityNotifications 35 }

tmnxSecPwdHistoryFileWriteFailed NOTIFICATION-TYPE
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecPwdHistoryFileWriteFailed notification is generated
         when the system is unable to store the password history when an user's
         password is changed.

         [EFFECT] After a reboot,  the system might not be able to compare the
         new user password with the user's password history.

         [RECOVERY] Ensure the compact flash is present, and all file
         permissions are correct."
    ::= { tmnxSecurityNotifications 36 }

tmnxPkiCAProfCrlUpdateStart      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfileNameForNotify
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxPkiCAProfCrlUpdateStart notification is generated when a
         CRL update operation is started for an existing CA Profile.

         The CA Profile is configured via tmnxPkiCAProfileTable.

         [EFFECT] The system is downloading the CRL file from a URL, which is
         configured via tmnxPkiCAProfUrlTable.

         [RECOVERY] No recovery is required for this notification."
    ::= { tmnxSecurityNotifications 37 }

tmnxPkiCAProfCrlUpdateSuccess    NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfUrl
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxPkiCAProfCrlUpdateSuccess notification is generated when
         a new valid CRL file is successfully updated for an existing CA
         Profile.

         The CA Profile is configured via tmnxPkiCAProfileTable.

         [EFFECT] tmnxPkiCAProfileCRLFile will be replaced if the downloaded
         CRL file qualified.

         The cases that a downloaded CRL does not qualify are explained in the
         DESCRIPTION clause of tmnxPkiCAProfAtCrlUpdScheduleT.

         [RECOVERY] No recovery is required for this notification."
    ::= { tmnxSecurityNotifications 38 }

tmnxPkiCAProfCrlUpdateUrlFail    NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfUrl,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxPkiCAProfCrlUpdateUrlFail notification is generated when
         the CRL update operation has failed after attempting the indicated URL
         for an existing CA Profile.

         The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an
         existing CA Profile are configured via tmnxPkiCAProfUrlTable.

         A tmnxPkiCAProfCrlUpdateUrlFail will not be sent when the URL is the
         last one in the URL list for an existing CA Profile. In such case, a
         tmnxPkiCAProfCrlUpdAllUrlsFail notification will be sent.

         [EFFECT] The system will attempt to download the CRL file from the
         next URL in the URL list.

         [RECOVERY] Make sure the URLs specified in tmnxPkiCAProfUrlTable are
         correct."
    ::= { tmnxSecurityNotifications 39 }

tmnxPkiCAProfCrlUpdAllUrlsFail   NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfUrl,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxPkiCAProfCrlUpdAllUrlsFail notification is generated
         when the CRL update operation failed after attempting all URLs for an
         existing CA Profile.

         The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an
         existing CA Profile are configured via tmnxPkiCAProfUrlTable.

         [EFFECT] When tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)'
         and tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop
         attempting to update the CRL file.

         The system will attempt to download the same CRL file
         starting from the first URL in the URL list again after
             1) tmnxPkiCAProfAtCrlUpdRetryIntv (>0) seconds, when
                tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)', or
             2) tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds, when
                tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'.

         [RECOVERY] Make sure the URLs specified in tmnxPkiCAProfUrlTable are
         correct."
    ::= { tmnxSecurityNotifications 40 }

tmnxPkiFileWriteFailed           NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxSecNotifFailureReason,
        tmnxSecNotifFileSize
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiFileWriteFailed notification is generated when an
         attempt to write the file fails. Reason for the failure is indicated
         by the tmnxSecNotifFailureReason object.

         [EFFECT] The downloaded file is not saved to disk.

         [RECOVERY] Make sure the path specified in tmnxSecNotifFile is
         correct, file permission is writable and there is sufficient disk
         space."
    ::= { tmnxSecurityNotifications 41 }

tmnxPkiCAProfCrlUpdNoNxtUpdTime  NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfileNameForNotify
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxPkiCAProfCrlUpdNoNxtUpdTime notification is generated
         when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and
         one of the following conditions is true:
         1) The 'nextUpdate' field is missing from the CRL file or contains
            a value that is beyond the limit of the system
         2) tmnxPkiCAProfAtCrlUpdRetryIntv is zero, and none of the configured
            URLs work or contain a CRL that qualifies from the first scheduled
            update.

         [EFFECT] The system will not download a new CRL file.

         [RECOVERY] Change tmnxPkiCAProfAtCrlUpdScheduleT to 'periodic (2)' if
         the system is to check for an updated CRL every
         tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. Otherwise, configure the
         tmnxPkiCAProfAtCrlUpdAdminState to 'outOfService (3)'."
    ::= { tmnxSecurityNotifications 42 }

tmnxUsrProfSessionLimitExceeded  NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSessionLimitExceededName,
        tmnxSessionLimitExceededType
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxUsrProfSessionLimitExceeded notification is generated
         when an attempt to establish a new user access session is not
         successful because any of SSH / Telnet / Total session limits defined
         for the profile of which the user is a member has been exceeded.

         The value of the object tmnxSessionLimitExceededName indicates the
         name of the user profile of which the session limit has been exceeded.

         The value of the object tmnxSessionLimitExceededType indicates the
         type of the session limit that has been exceeded.

         [EFFECT] The user access session has not been established.

         [RECOVERY] An administrator may execute one of the following actions
         in order to allow a successful session establishment:

         1) force disconnection of an existing session(s) using
            'admin disconnect' CLI command
         2) increase the value of the session limit using CLI or SNMP SET
            operation on the corresponding object in tmnxUserProfileTable
         3) revoke the profile membership for the particular user (beware that
            this action may have impact on user's privileges)"
    ::= { tmnxSecurityNotifications 43 }

tmnxCliGroupSessionLimitExceeded NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSessionLimitExceededName,
        tmnxSessionLimitExceededType
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxCliGroupSessionLimitExceeded notification is generated
         when an attempt to establish a new user access session is not
         successful because any of SSH / Telnet / Total session limits defined
         for the CLI session group of which the user is an indirect member (as
         a member of a user profile that is a member of the CLI session group)
         has been exceeded.

         The value of the object tmnxSessionLimitExceededName indicates the
         name of the CLI session group of which the session limit has been
         exceeded.

         The value of the object tmnxSessionLimitExceededType indicates the
         type of the session limit that has been exceeded.

         [EFFECT] The user access session has not been established.

         [RECOVERY] An administrator may execute one of the following actions
         in order to allow a successful session establishment:

         1) force disconnection of an existing session(s) using
            'admin disconnect' CLI command
         2) increase the value of the session limit using CLI or SNMP SET
            operation on the corresponding object in tmnxCliSessionGroupTable
         3) revoke the profile membership for the particular user (beware that
            this action may have impact on user's privileges)
         4) revoke the session group membership for the particular profile"
    ::= { tmnxSecurityNotifications 44 }

tmnxPkiCAProfCrlUpdLargPreUpdTm  NOTIFICATION-TYPE
    OBJECTS     {
        tmnxPkiCAProfileNameForNotify
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxPkiCAProfCrlUpdLargPreUpdTm notification is generated
         when the 'nextUpdate' time of a newly downloaded CRL is earlier than
         the last successful update time or the time of setting
         tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)' plus the pre-update
         time.

         The last successful update time is stored in
         tmnxPkiCAProfAtCrlUpdLstSucsTmSt. The pre-update time is configured
         via tmnxPkiCAProfAtCrlUpdPreUpdTime.

         [EFFECT] The system will update the CRL again in
         tmnxPkiCAProfAtCrlUpdRetryIntv seconds rather than immediately.

         [RECOVERY] Configure tmnxPkiCAProfAtCrlUpdPreUpdTime to a value less
         than (the 'nextUpdate' value of the newly downloaded CRL - the last
         successful update time). The ideal value would be a value slightly
         lower than the CRL overlap period to avoid unnecessary download
         attempts.

         No recovery is needed for if the notification is generated in case of
         setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)'."
    ::= { tmnxSecurityNotifications 45 }

tmnxUserCliLoginMaxAttempts      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxUserCliLoginMaxAttempts notification is generated when a
         non Lawful Interception user attempting to open a CLI session failed
         to authenticate for more than a maximum allowed number of times in a
         period of tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to open a CLI session.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to open a CLI session.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 46 }

tmnxUserFtpLoginMaxAttempts      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxUserFtpLoginMaxAttempts notification is generated when a
         non Lawful Interception user attempting to connect via FTP failed to
         authenticate for more than a maximum allowed number of times in a
         period of tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to connect via FTP.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to connect via FTP.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 47 }

tmnxUserSshLoginMaxAttempts      NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxUserSshLoginMaxAttempts notification is generated when a
         non Lawful Interception user attempting to connect via SSH failed to
         authenticate for more than a maximum allowed number of times in a
         period of tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to connect via SSH.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to connect via SSH.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 48 }

tmnxPkiCertNotYetValid           NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile,
        tmnxSecNotifClientAppName
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCertNotYetValid notification is generated when the
         certificate indicated in tmnxSecNotifFile is not yet valid.

         [EFFECT] The indicated certificate is not usable until the 'notBefore'
         time is reached. If the certificate is specified in a CA-profile, then
         the operational state of the CA-profile (i.e.,
         tmnxPkiCAProfileOperState) remains down until the 'notBefore' time is
         reached.

         [RECOVERY] Replace tmnxSecNotifFile with a certificate file that is
         still valid, or wait until the 'notBefore' time specified in the
         certificate is reached for the system to recover itself."
    REFERENCE
        "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
         Certificate Revocation List (CRL) Profile', IETF, May 2008."
    ::= { tmnxSecurityNotifications 49 }

tmnxPkiCRLNotYetValid            NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifFile
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxPkiCRLNotYetValid notification is generated when the
         CRL (Certificate Revocation List) indicated in tmnxSecNotifFile is not
         yet valid.

         [EFFECT] The CRL is not usable until the 'thisUpdate' time is reached.
         Unless tmnxPkiCAProfRevokeChk is configured to 'crlOptional (2)', the
         operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState)
         remains down until the 'thisUpdate' time is reached.

         [RECOVERY] Replace tmnxSecNotifFile with a CRL that is still valid, or
         wait until the 'thisUpdate' time specified in the CRL is reached for
         the system to recover itself."
    REFERENCE
        "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
         Certificate Revocation List (CRL) Profile', IETF, May 2008."
    ::= { tmnxSecurityNotifications 50 }

tmnxLiUserCliLoginMaxAttempts    NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxLiUserCliLoginMaxAttempts notification is generated when
         a Lawful Interception user attempting to open a CLI session failed to
         authenticate for more than a maximum allowed number of times in a
         period of tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to open a CLI session.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to open a CLI session.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 51 }

tmnxLiUserSshLoginMaxAttempts    NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxLiUserSshLoginMaxAttempts notification is generated when
         a Lawful Interception user attempting to connect via SSH failed to
         authenticate for more than a maximum allowed number of times in a
         period of tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to connect via SSH.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to connect via SSH.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 52 }

tmnxLiUserFtpLoginMaxAttempts    NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxLiUserFtpLoginMaxAttempts notification is generated when
         a Lawful Interception user attempting to connect via FTP failed to
         authenticate for more than a maximum allowed number of times in a
         period of tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to connect via FTP.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to connect via FTP.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 53 }

tmnxAppPkiCertVerificationFailed NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifClientAppName,
        tmnxSecNotifCert,
        tmnxSecNotifFailureReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxAppPkiCertVerificationFailed notification is generated
         when an attempt to verify the certificate fails for a non-IPsec
         application.

         [EFFECT] Fail to establish a secured connection with the remote
         entity.

         [RECOVERY] Make sure the certificate specified in tmnxSecNotifCert is
         a valid certificate and an appropriate trust anchor is configured."
    ::= { tmnxSecurityNotifications 54 }

tmnxUserNetconfLoginMaxAttempts  NOTIFICATION-TYPE
    OBJECTS     {
        tmnxSecNotifyUserName,
        tmnxSecNotifyAddrType,
        tmnxSecNotifyAddr,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsLockoutPeriod
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tmnxUserNetconfLoginMaxAttempts notification is generated
         when a user attempting to connect via netconf failed to authenticate
         for more than a maximum allowed number of times in a period of
         tmnxPasswordAttemptsTime minutes.

         The value of the object tmnxPasswordAttemptsCount indicates the
         maximum number of unsuccessful login attempts allowed.

         The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
         the number of minutes the user is locked out.

         The value of the object tmnxSecNotifyUserName indicates the name of
         the user attempting to connect via netconf.

         The value of the object tmnxSecNotifyAddrType indicates the type of
         the IP address stored in the object tmnxSecNotifyAddr.

         The value of the object tmnxSecNotifyAddr indicates the IP address of
         the user attempting to connect via netconf.

         [EFFECT] The user is locked out for a period of
         tmnxPasswordAttemptsLockoutPeriod minutes. The netconf session is
         terminated.

         [RECOVERY] No recovery action is required."
    ::= { tmnxSecurityNotifications 55 }

END
