Network Working Group E. Nechamkin Request for Comments: 4682 Broadcom Corp. Category: Standards Track J-F. Mule CableLabs December 2006
Network Working Group E. Nechamkin Request for Comments: 4682 Broadcom Corp. Category: Standards Track J-F. Mule CableLabs December 2006
Multimedia Terminal Adapter (MTA) Management Information Base for PacketCable- and IPCablecom-Compliant Devices
PacketCable和IPCablecom兼容设备的多媒体终端适配器(MTA)管理信息库
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2006).
版权所有(C)IETF信托基金(2006年)。
Abstract
摘要
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a basic set of managed objects for Simple Network Management Protocol (SNMP)-based management of PacketCable-and IPCablecom-compliant Multimedia Terminal Adapter devices.
此备忘录定义了管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。特别是,它为基于简单网络管理协议(SNMP)的PacketCable和IPCablecom兼容多媒体终端适配器设备管理定义了一组基本的托管对象。
Table of Contents
目录
1. The Internet-Standard Management Framework ......................2 2. Terminology .....................................................2 3. Introduction ....................................................4 3.1. Structure of the MTA MIB ...................................5 3.2. pktcMtaDevBase .............................................5 3.3. pktcMtaDevServer ...........................................6 3.4. pktcMtaDevSecurity .........................................6 3.5. Relationship between MIB Objects in the MTA MIB ............7 3.6. Secure Software Download ...................................8 3.7. X.509 Certificates Dependencies ............................8 4. Definitions .....................................................9 5. Acknowledgements ...............................................52 6. Security Considerations ........................................52 7. IANA Considerations ............................................55 8. Normative References ...........................................55 9. Informative References .........................................57
1. The Internet-Standard Management Framework ......................2 2. Terminology .....................................................2 3. Introduction ....................................................4 3.1. Structure of the MTA MIB ...................................5 3.2. pktcMtaDevBase .............................................5 3.3. pktcMtaDevServer ...........................................6 3.4. pktcMtaDevSecurity .........................................6 3.5. Relationship between MIB Objects in the MTA MIB ............7 3.6. Secure Software Download ...................................8 3.7. X.509 Certificates Dependencies ............................8 4. Definitions .....................................................9 5. Acknowledgements ...............................................52 6. Security Considerations ........................................52 7. IANA Considerations ............................................55 8. Normative References ...........................................55 9. Informative References .........................................57
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL", when used in the guidelines in this memo, are to be interpreted as described in RFC 2119 [RFC2119].
本备忘录指南中使用的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”应按照RFC 2119[RFC2119]中的说明进行解释。
The terms "MIB module" and "information module" are used interchangeably in this memo. As used here, both terms refer to any of the three types of information modules defined in Section 3 of RFC 2578 [RFC2578].
术语“MIB模块”和“信息模块”在本备忘录中互换使用。此处使用的两个术语均指RFC 2578[RFC2578]第3节中定义的三种信息模块中的任何一种。
Some of the terms used in this memo are defined below. Some additional terms are also defined in the PacketCable MTA Device Provisioning Specification [PKT-SP-PROV] and the PacketCable Security Specification [PKT-SP-SEC].
本备忘录中使用的一些术语定义如下。PacketCable MTA设备配置规范[PKT-SP-PROV]和PacketCable安全规范[PKT-SP-SEC]中还定义了一些附加术语。
DOCSIS The CableLabs(R) Certified(TM) Cable Modem project, also known as DOCSIS(R) (Data over Cable Service Interface Specification), defines interface requirements for cable modems involved in high-speed data distribution over cable television system networks. DOCSIS also refers to the ITU-T J.112 recommendation, Annex B, for cable modem systems [ITU-T-J112].
DOCSIS CableLabs(R)认证(TM)电缆调制解调器项目,也称为DOCSIS(R)(有线数据服务接口规范),定义了有线电视系统网络高速数据分发中涉及的电缆调制解调器的接口要求。DOCSIS还参考了针对电缆调制解调器系统的ITU-T J.112建议,附录B[ITU-T-J112]。
Cable Modem A Cable Modem (CM) acts as a data transport agent used to transfer call management and voice data packets over a DOCSIS-compliant cable system.
电缆调制解调器电缆调制解调器(CM)充当数据传输代理,用于通过符合DOCSIS标准的电缆系统传输呼叫管理和语音数据包。
Multimedia Terminal Adapter A Multimedia Terminal Adapter (MTA) is a PacketCable- or IPCablecom-compliant device providing telephony services over a cable or hybrid
多媒体终端适配器多媒体终端适配器(MTA)是一种与PacketCable或IPCablecom兼容的设备,通过电缆或混合电缆提供电话服务
system used to deliver video signals to a community. It contains an interface to endpoints, a network interface, CODECs, and all signaling and encapsulation functions required for Voice over IP transport, call signaling, and Quality of Service signaling. An MTA can be an embedded or a standalone device. An Embedded MTA (E-MTA) is an MTA device containing an embedded DOCSIS Cable Modem. A Standalone MTA (S-MTA) is an MTA device separated from the DOCSIS cable modem by non-DOCSIS Message Access Control (MAC) interface (e.g., Ethernet, USB).
用于向社区传送视频信号的系统。它包含端点接口、网络接口、编解码器以及IP语音传输、呼叫信令和服务质量信令所需的所有信令和封装功能。MTA可以是嵌入式设备,也可以是独立设备。嵌入式MTA(E-MTA)是包含嵌入式DOCSIS电缆调制解调器的MTA设备。独立MTA(S-MTA)是通过非DOCSIS消息访问控制(MAC)接口(如以太网、USB)与DOCSIS电缆调制解调器分离的MTA设备。
Endpoint An endpoint or MTA endpoint is a standard RJ-11 telephony physical port located on the MTA and used for attaching the telephone device to the MTA.
端点端点端点或MTA端点是位于MTA上的标准RJ-11电话物理端口,用于将电话设备连接到MTA。
X.509 Certificate A X.509 certificate is an Internet X.509 Public Key Infrastructure certificate developed as part of the ITU-T X.500 Directory recommendations. It is defined in RFC 3280 [RFC3280] and RFC 4630 [RFC4630].
X.509证书X.509证书是作为ITU-T X.500目录建议的一部分开发的Internet X.509公钥基础设施证书。它在RFC 3280[RFC3280]和RFC 4630[RFC4630]中定义。
Voice over IP Voice over IP (VoIP) is a technology providing the means to transfer digitized packets with voice information over IP networks.
IP语音IP语音(VoIP)是一种通过IP网络传输带有语音信息的数字化数据包的技术。
Public Key Certificate A Public Key Certificate (also known as a Digital Certificate) is a binding between an entity's public key and one or more attributes relating to its identity.
公钥证书公钥证书(也称为数字证书)是实体公钥和与其身份相关的一个或多个属性之间的绑定。
DHCP The Dynamic Host Configuration Protocol (DHCP) is defined by RFC 2131 [RFC2131]. In addition, commonly used DHCP options are defined in RFC 2132 [RFC2132]. Additional DHCP options used by PacketCable and IPCablecom MTAs can be found in the CableLabs Client Configuration DHCP specifications, RFC 3495 [RFC3495] and RFC 3594 [RFC3594].
动态主机配置协议(DHCP)由RFC 2131[RFC2131]定义。此外,RFC 2132[RFC2132]中定义了常用的DHCP选项。PacketCable和IPCablecom MTA使用的其他DHCP选项可在CableLabs客户端配置DHCP规范、RFC 3495[RFC3495]和RFC 3594[RFC3594]中找到。
TFTP The Trivial File Transfer Protocol (TFTP) is defined by RFC 1350 [RFC1350].
普通文件传输协议(TFTP)由RFC1350[RFC1350]定义。
HTTP The Hypertext Transfer Protocol (HTTP/1.1) is defined by RFC 2616 [RFC2616].
HTTP超文本传输协议(HTTP/1.1)由RFC22616[RFC2616]定义。
Call Management Server A Call Management Server (CMS) is an element of the PacketCable network infrastructure that controls audio connections between MTAs.
呼叫管理服务器呼叫管理服务器(CMS)是PacketCable网络基础设施的一个元素,用于控制MTA之间的音频连接。
CODEC, COder-DECoder A Coder-DECoder is a hardware or software component used in audio/video systems to convert an analog signal to digital, and then (possibly) to compress it so that lower bandwidth telecommunications channels can be used. The signal is decompressed and converted (decoded) back to analog output by a compatible CODEC at the receiving end.
编解码器,编码器-解码器编解码器是音频/视频系统中使用的硬件或软件组件,用于将模拟信号转换为数字信号,然后(可能)对其进行压缩,以便使用较低带宽的电信信道。接收端的兼容编解码器将信号解压缩并转换(解码)回模拟输出。
Operations Systems Support An Operations Systems Support system (OSS) is a system of back office software components used for fault, configuration, accounting, performance, and security management working in interaction with each other and providing the operations support in deployed PacketCable systems.
操作系统支持操作系统支持系统(OSS)是一个用于故障、配置、记帐、性能和安全管理的后台软件组件系统,它们相互作用,在部署的PacketCable系统中提供操作支持。
Key Distribution Center A Key Distribution Center (KDC) is an element of the OSS systems functioning as a Kerberos Security Server, providing mutual authentication of the various components of the PacketCable system (e.g., mutual authentication between an MTA and a CMS, or between an MTA and the Provisioning Server).
密钥分发中心密钥分发中心(KDC)是作为Kerberos安全服务器运行的OSS系统的一个元素,为PacketCable系统的各个组件提供相互身份验证(例如,MTA和CMS之间或MTA和供应服务器之间的相互身份验证)。
Security Association A Security Association (SA) is a one-way relationship between a sender and a receiver offering security services on the communication flow.
安全关联安全关联(SA)是在通信流上提供安全服务的发送方和接收方之间的单向关系。
This MIB module provides a set of objects required for the management of PacketCable, ETSI, and ITU-T IPCablecom compliant MTA devices. The MTA MIB module is intended to supersede various MTA MIB modules from which it is partly derived:
此MIB模块提供了管理PacketCable、ETSI和ITU-T IPCablecom兼容MTA设备所需的一组对象。MTA MIB模块旨在取代其部分派生的各种MTA MIB模块:
- The PacketCable 1.0 MTA MIB Specification [PKT-SP-MIB-MTA].
- PacketCable 1.0 MTA MIB规范[PKT-SP-MIB-MTA]。
- The ITU-T IPCablecom MTA MIB requirements [ITU-T-J168].
- ITU-T IPCablecom MTA MIB要求[ITU-T-J168]。
- The ETSI MTA MIB [ETSITS101909-8]. The ETSI MTA MIB requirements also refer to various signal characteristics defined in [EN300001], Chapter 3, titled 'Ringing Signal Characteristics', and [EN300659-1].
- ETSI MTA MIB[ETSITS01909-8]。ETSI MTA MIB要求还参考了[EN300001]第3章“振铃信号特性”和[EN300659-1]中定义的各种信号特性。
Several normative and informative references are used to help define MTA MIB objects. As a convention, wherever PacketCable and IPCablecom requirements are equivalent, the PacketCable reference is used in the object REFERENCE clause. IPCablecom-compliant MTA devices MUST use the equivalent IPCablecom references.
一些规范性和信息性参考文件用于帮助定义MTA MIB对象。按照惯例,只要PacketCable和IPCablecom要求是等效的,就在object reference子句中使用PacketCable引用。符合IPCablecom的MTA设备必须使用等效的IPCablecom引用。
The MTA MIB module is identified by pktcIetfMtaMib and is structured in three object groups:
MTA MIB模块由pktcIetfMtaMib标识,分为三个对象组:
- pktcMtaDevBase defines the management information pertinent to the MTA device itself.
- pktcMtaDevBase定义与MTA设备本身相关的管理信息。
- pktcMtaDevServer defines the management information pertinent to the provisioning back office servers.
- pktcMtaDevServer定义与资源调配后台服务器相关的管理信息。
- pktcMtaDevSecurity defines the management information pertinent to the PacketCable and IPCablecom security mechanisms.
- pktcMtaDevSecurity定义与PacketCable和IPCablecom安全机制相关的管理信息。
The first two object groups, pktcMtaDevBase and pktcMtaDevServer, contain only scalar information objects describing the corresponding characteristics of the MTA device and back office servers.
前两个对象组pktcMtaDevBase和pktcMtaDevServer仅包含描述MTA设备和后台服务器的相应特征的标量信息对象。
The third group, pktcMtaDevSecurity, contains two tables controlling the logical associations between KDC realms and Application Servers (CMS and Provisioning Server). The rows in the various tables of the MTA MIB module can be created automatically (e.g., by the device according to the current state information), or they can be created by the management station, depending on the operational situation. The tables defined in the MTA MIB module may have a mixture of both types of rows.
第三个组pktcMtaDevSecurity包含两个表,控制KDC领域和应用程序服务器(CMS和供应服务器)之间的逻辑关联。MTA MIB模块各表中的行可以自动创建(例如,由设备根据当前状态信息创建),也可以由管理站根据操作情况创建。MTA MIB模块中定义的表可能混合了这两种类型的行。
This object group contains the management information related to the MTA device itself. It also contains some objects used to control the MTA state. Some highlights are as follows:
此对象组包含与MTA设备本身相关的管理信息。它还包含一些用于控制MTA状态的对象。一些亮点如下:
- pktcMtaDevSerialNumber. This object contains the MTA Serial Number.
- pktcMtaDevSerialNumber。此对象包含MTA序列号。
- pktcMtaDevEndPntCount. This object contains the number of endpoints present in the managed MTA.
- pktcMtaDevEndPntCount。此对象包含托管MTA中存在的终结点数。
- pktcMtaDevProvisioningState. This object contains the information describing the completion state of the MTA initialization process.
- pktcMtaDevProvisioningState。此对象包含描述MTA初始化过程完成状态的信息。
- pktcMtaDevEnabled. This object controls the administrative state of the MTA endpoints and allows operators to enable or disable telephony services on the device.
- pktcmta已被删除。此对象控制MTA端点的管理状态,并允许操作员在设备上启用或禁用电话服务。
- pktcMtaDevResetNow. This object is used to instruct the MTA to reset.
- pktcMtaDevResetNow。此对象用于指示MTA重置。
This object group contains the management information describing the back office servers and the parameters related to the communication timers. It also includes some objects controlling the initial MTA interaction with the Provisioning Server.
此对象组包含描述后台服务器的管理信息以及与通信计时器相关的参数。它还包括一些控制与供应服务器的初始MTA交互的对象。
Some highlights are as follows:
一些亮点如下:
- pktcMtaDevServerDhcp1. This object contains the IP address of the primary DHCP server designated for the MTA provisioning.
- pktcMtaDevServerDhcp1。此对象包含为MTA设置指定的主DHCP服务器的IP地址。
- pktcMtaDevServerDhcp2. This object contains the IP address of the secondary DHCP server designated for the MTA provisioning.
- pktcMtaDevServerDhcp2。此对象包含为MTA设置指定的辅助DHCP服务器的IP地址。
- pktcMtaDevServerDns1. This object contains the IP address of the primary DNS used by the managed MTA to resolve the Fully Qualified Domain Name (FQDN) and IP addresses.
- pktcMtaDevServerDns1。此对象包含托管MTA用于解析完全限定域名(FQDN)和IP地址的主DNS的IP地址。
- pktcMtaDevServerDns2. This object contains the IP address of the secondary DNS used by the managed MTA to resolve the FQDN and IP addresses.
- pktcMtaDevServerDns2。此对象包含托管MTA用于解析FQDN和IP地址的辅助DNS的IP地址。
- pktcMtaDevConfigFile. This object contains the name of the provisioning configuration file the managed MTA must download from the Provisioning Server.
- pktcMtaDevConfigFile。此对象包含托管MTA必须从设置服务器下载的设置配置文件的名称。
- pktcMtaDevProvConfigHash. This object contains the hash value of the MTA configuration file calculated over its content. When the managed MTA downloads the file, it authenticates the configuration file using the hash value provided in this object.
- pktcMtaDevProvConfigHash。此对象包含MTA配置文件在其内容上计算的哈希值。托管MTA下载文件时,将使用此对象中提供的哈希值对配置文件进行身份验证。
This object group contains the management information describing the security-related characteristics of the managed MTA. It contains two tables describing logical dependencies and parameters necessary to establish Security Associations between the MTA and other Application Servers (back office components and CMSes). The CMS table (pktcMtaDevCmsTable) and the realm table (pktcMtaDevRealmTable) are used for managing the MTA signaling security. The realm table defines the CMS domains. The CMS table defines the CMS within the domains. Each MTA endpoint is associated with one CMS at any given time.
此对象组包含描述托管MTA的安全相关特征的管理信息。它包含两个表,描述在MTA和其他应用程序服务器(后台组件和CMSE)之间建立安全关联所需的逻辑依赖关系和参数。CMS表(pktcMtaDevCmsTable)和领域表(pktcMtaDevRealmTable)用于管理MTA信令安全性。领域表定义了CMS域。CMS表定义了域内的CMS。每个MTA端点在任何给定时间都与一个CMS关联。
The two tables in this object group are as follows:
此对象组中的两个表如下所示:
- pktcMtaDevRealmTable. This table is used in conjunction with any Application Server that communicates securely with the managed MTA (CMS or Provisioning Server).
- pktcMtaDevRealmTable。此表与任何与托管MTA(CMS或资源调配服务器)安全通信的应用程序服务器一起使用。
- pktcMtaDevCmsTable. This table contains the parameters describing the SA establishment between the MTA and CMSes.
- pktcMtaDevCmsTable。此表包含描述MTA和CMSE之间SA建立的参数。
This section clarifies the relationship between various MTA MIB objects with respect to the role they play in the process of establishing Security Associations.
本节将阐明各种MTA MIB对象之间的关系,以及它们在建立安全关联过程中所起的作用。
The process of Security Association establishment between an MTA and Application Servers is described in the PacketCable Security Specification [PKT-SP-SEC]. In particular, an MTA communicates with 2 types of back office Application Servers: Call Management Servers and Provisioning Servers.
在MTA和应用程序服务器之间建立安全关联的过程在PacketCable安全规范[PKT-SP-SEC]中进行了描述。特别是,MTA与两种类型的后台应用程序服务器通信:呼叫管理服务器和资源调配服务器。
The SA establishment process consists of two steps:
SA建立过程包括两个步骤:
a. Authentication Server Exchange (AS-exchange). This step provides mutual authentication between the parties; i.e., between an MTA and an Authentication Server. The process of AS-exchange is defined by a number of parameters grouped per each realm. These parameters are gathered in the Realm Table (pktcMtaDevRealmTable). The Realm Table is indexed by the Index Counter and contains conceptual column with the Kerberos realm name.
a. 身份验证服务器交换(作为交换)。该步骤提供双方之间的相互认证;i、 例如,在MTA和身份验证服务器之间。AS交换过程由每个领域分组的许多参数定义。这些参数收集在领域表(pktcMtaDevRealmTable)中。领域表由索引计数器索引,并包含具有Kerberos领域名称的概念列。
b. Application server exchange (AP-exchange). This step allows for the establishment of Security Associations between authenticated parties. The CMS table (pktcMtaDevCmsTable) contains the parameters for the AP-exchange process between an MTA and a CMS. The CMS table is indexed by the Index Counter and contains the CMS FQDN (the conceptual column pktcMtaDevCmsFqdn). Each row contains the Kerberos realm name associated with each CMS FQDN. This allows for each CMS to exist in a different Kerberos realm.
b. 应用服务器交换(AP交换)。此步骤允许在经过身份验证的各方之间建立安全关联。CMS表(pktcMtaDevCmsTable)包含MTA和CMS之间AP交换过程的参数。CMS表由索引计数器编制索引,并包含CMS FQDN(概念列pktcMtaDevCmsFqdn)。每行包含与每个CMS FQDN关联的Kerberos领域名称。这允许每个CMS存在于不同的Kerberos领域中。
The MTA MIB module also contains a group of scalar MIB objects in the server group (pktcMtaDevServer). These objects define various parameters for the AP-exchange process between an MTA and the Provisioning Server. These objects are:
MTA MIB模块还在服务器组(pktcMtaDevServer)中包含一组标量MIB对象。这些对象为MTA和配置服务器之间的AP交换过程定义各种参数。这些对象是:
- pktcMtaDevProvUnsolicitedKeyMaxTimeout,
- pktcMtaDevProvUnsolicitedKeyMaxTimeout,
- pktcMtaDevProvUnsolicitedKeyNomTimeout,
- pktcMtaDevProvUnsolicitedKeyNomTimeout,
- pktcMtaDevProvUnsolicitedKeyMaxRetries, and
- pktcMtaDevProvUnsolicitedKeyMaxRetries,以及
- pktcMtaDevProvSolicitedKeyTimeout.
- pktcMtaDevProvSolicitedKeyTimeout。
E-MTAs are embedded with DOCSIS 1.1 cable modems. E-MTAs have their software upgraded by the Cable Modem according to the DOCSIS requirements.
E-MTA嵌入DOCSIS 1.1电缆调制解调器。E-MTA根据DOCSIS要求通过电缆调制解调器升级其软件。
Although E-MTAs have their software upgraded by the Cable Modem according to the DOCSIS requirements, S-MTAs implement a specific mechanism for Secure Software Download. This provides a means to verify the code upgrade using Code Verification Certificates and is modeled after the DOCSIS mechanism implemented in Cable Modems. This is the reason why the MTA MIB and the S-MTA compliance modules also rely on two MIB object groups:
虽然E-MTA根据DOCSIS要求通过电缆调制解调器升级其软件,但S-MTA实施了特定的安全软件下载机制。这提供了一种使用代码验证证书验证代码升级的方法,并模仿在电缆调制解调器中实现的DOCSIS机制。这就是MTA MIB和S-MTA compliance模块也依赖于两个MIB对象组的原因:
- docsBpi2CodeDownloadGroup, defined in the IETF BPI Plus MIB module (DOCS-IETF-BPI2-MIB [RFC4131]).
- docsBpi2CodeDownloadGroup,在IETF BPI Plus MIB模块(DOCS-IETF-BPI2-MIB[RFC4131])中定义。
- docsDevSoftwareGroupV2, defined in the IETF Cable Devicev2 MIB module (DOCS-CABLE-DEVICE-MIB [RFC4639]).
- docsDevSoftwareGroupV2,在IETF电缆设备v2 MIB模块(DOCS-Cable-DEVICE-MIB[RFC4639])中定义。
As specified in the PacketCable Security Specification [PKT-SP-SEC], E-MTAs must use the authentication mechanism based on the X.509 Public Key Infrastructure Certificates, as defined in RFC 3280 [RFC3280] and RFC 4630 [RFC4630].
根据PacketCable安全规范[PKT-SP-SEC]的规定,电子MTA必须使用基于X.509公钥基础设施证书的身份验证机制,如RFC 3280[RFC3280]和RFC 4630[RFC4630]中所定义。
The value of the pktcMtaDevRealmOrgName MIB object should contain the X.509 organization name attribute of the Telephony Service Provider certificate (OrganizationName). X.509 attributes are defined using UTF-8 string encoding [RFC3629, RFC3280, and RFC4630].
PKTCMTADEVREAMORGNAME MIB对象的值应包含电话服务提供商证书(OrganizationName)的X.509 organization name属性。使用UTF-8字符串编码[RFC3629、RFC3280和RFC4630]定义X.509属性。
Note that UTF-8 encoded characters can be encoded as sequences of 1 to 6 octets, assuming that code points as high as 0x7ffffffff might be used ([RFC3629]). Subsequent versions of Unicode and ISO 10646 have limited the upper bound to 0x10ffff ([RFC3629]). Consequently, the current version of UTF-8, defined in RFC 3629, does not require more than four octets to encode a valid code point.
请注意,UTF-8编码字符可以编码为1到6个八位字节的序列,假设可能使用高达0x7FFFFFF的代码点([RFC3629])。Unicode和ISO10646的后续版本将上限限制为0x10ffff([RFC3629])。因此,RFC3629中定义的UTF-8的当前版本不需要超过四个八位字节来编码有效的码点。
The MIB module below makes references and citations to [RFC868], [RFC3280], [RFC4630], and [RFC3617].
下面的MIB模块引用了[RFC868]、[RFC3280]、[RFC4630]和[RFC3617]。
PKTC-IETF-MTA-MIB DEFINITIONS ::= BEGIN
PKTC-IETF-MTA-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32, Counter32, NOTIFICATION-TYPE, mib-2 FROM SNMPv2-SMI -- [RFC2578] TEXTUAL-CONVENTION, RowStatus, TruthValue FROM SNMPv2-TC -- [RFC2579] OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] InetAddressType, InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] sysDescr FROM SNMPv2-MIB -- [RFC3418] SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- [RFC3411] docsDevSoftwareGroupV2 FROM DOCS-CABLE-DEVICE-MIB -- [RFC4639] DocsX509ASN1DEREncodedCertificate, docsBpi2CodeDownloadGroup FROM DOCS-IETF-BPI2-MIB -- [RFC4131] LongUtf8String FROM SYSAPPL-MIB -- [RFC2287] ifPhysAddress FROM IF-MIB; -- [RFC2863]
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Unsigned32, Counter32, NOTIFICATION-TYPE, mib-2 FROM SNMPv2-SMI -- [RFC2578] TEXTUAL-CONVENTION, RowStatus, TruthValue FROM SNMPv2-TC -- [RFC2579] OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] InetAddressType, InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] sysDescr FROM SNMPv2-MIB -- [RFC3418] SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- [RFC3411] docsDevSoftwareGroupV2 FROM DOCS-CABLE-DEVICE-MIB -- [RFC4639] DocsX509ASN1DEREncodedCertificate, docsBpi2CodeDownloadGroup FROM DOCS-IETF-BPI2-MIB -- [RFC4131] LongUtf8String FROM SYSAPPL-MIB -- [RFC2287] ifPhysAddress FROM IF-MIB; -- [RFC2863]
pktcIetfMtaMib MODULE-IDENTITY LAST-UPDATED "200609180000Z" -- September 18, 2006 ORGANIZATION "IETF IP over Cable Data Network Working Group" CONTACT-INFO "Eugene Nechamkin Broadcom Corporation, 200-13711 International Place,
pktcIetfMtaMib模块标识最新更新“200609180000Z”-2006年9月18日组织“IETF有线数据网络IP工作组”联系方式“Eugene Nechamkin Broadcom Corporation,国际广场200-13711号,
Richmond, BC, V6V 2Z8 CANADA Phone: +1 604 233 8500 Email: enechamkin@broadcom.com
里士满,BC,V6V 2Z8加拿大电话:+1 604 233 8500电子邮件:enechamkin@broadcom.com
Jean-Francois Mule Cable Television Laboratories, Inc. 858 Coal Creek Circle Louisville, CO 80027-9750 U.S.A. Phone: +1 303 661 9100 Email: jf.mule@cablelabs.com
Jean-Francois Mule有线电视实验室,公司地址:美国科罗拉多州路易斯维尔市煤溪圈858号,邮编:80027-9750电话:+1 303 661 9100电子邮件:jf。mule@cablelabs.com
IETF IPCDN Working Group General Discussion: ipcdn@ietf.org Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn Co-Chair: Jean-Francois Mule, jf.mule@cablelabs.com Co-Chair: Richard Woundy, Richard_Woundy@cable.comcast.com"
IETF IPCDN Working Group General Discussion: ipcdn@ietf.org Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn Co-Chair: Jean-Francois Mule, jf.mule@cablelabs.com Co-Chair: Richard Woundy, Richard_Woundy@cable.comcast.com"
DESCRIPTION "This MIB module defines the basic management object for the Multimedia Terminal Adapter devices compliant with PacketCable and IPCablecom requirements.
DESCRIPTION“此MIB模块为符合PacketCable和IPCablecom要求的多媒体终端适配器设备定义基本管理对象。
Copyright (C) The IETF Trust (2006). This version of this MIB module is part of RFC 4682; see the RFC itself for full legal notices."
版权所有(C)IETF信托基金(2006年)。此版本的MIB模块是RFC 4682的一部分;有关完整的法律通知,请参见RFC本身。”
REVISION "200609180000Z" -- September 18, 2006
修订版“200609180000Z”-2006年9月18日
DESCRIPTION "Initial version, published as RFC 4682."
说明“初始版本,发布为RFC 4682。”
::= { mib-2 140 }
::= { mib-2 140 }
-- Textual Conventions
--文本约定
PktcMtaDevProvEncryptAlg ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This textual convention defines various types of the encryption algorithms used for the encryption of the MTA configuration file. The description of the encryption algorithm for each enumerated value is as follows:
PktcMtaDevProvEncryptAlg ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This textual convention defines various types of the encryption algorithms used for the encryption of the MTA configuration file. The description of the encryption algorithm for each enumerated value is as follows:
'none(0)' no encryption is used, 'des64CbcMode(1)' DES 64-bit key in CBC mode,
“无(0)”未使用加密,“des64CbcMode(1)”在CBC模式下使用DES64位密钥,
't3Des192CbcMode(2)' 3DES 192-bit key in CBC mode, 'aes128CbcMode(3)' AES 128-bit key in CBC mode, 'aes256CbcMode(4)' AES 256-bit key in CBC mode." SYNTAX INTEGER { none (0), des64CbcMode (1), t3Des192CbcMode (2), aes128CbcMode (3), aes256CbcMode (4) }
't3Des192CbcMode(2)' 3DES 192-bit key in CBC mode, 'aes128CbcMode(3)' AES 128-bit key in CBC mode, 'aes256CbcMode(4)' AES 256-bit key in CBC mode." SYNTAX INTEGER { none (0), des64CbcMode (1), t3Des192CbcMode (2), aes128CbcMode (3), aes256CbcMode (4) }
--================================================================= -- The MTA MIB module only supports a single Provisioning Server. --=================================================================
--================================================================= -- The MTA MIB module only supports a single Provisioning Server. --=================================================================
pktcMtaNotification OBJECT IDENTIFIER ::= { pktcIetfMtaMib 0 } pktcMtaMibObjects OBJECT IDENTIFIER ::= { pktcIetfMtaMib 1 } pktcMtaDevBase OBJECT IDENTIFIER ::= { pktcMtaMibObjects 1 } pktcMtaDevServer OBJECT IDENTIFIER ::= { pktcMtaMibObjects 2 } pktcMtaDevSecurity OBJECT IDENTIFIER ::= { pktcMtaMibObjects 3 } pktcMtaDevErrors OBJECT IDENTIFIER ::= { pktcMtaMibObjects 4 } pktcMtaConformance OBJECT IDENTIFIER ::= { pktcIetfMtaMib 2 }
pktcMtaNotification OBJECT IDENTIFIER ::= { pktcIetfMtaMib 0 } pktcMtaMibObjects OBJECT IDENTIFIER ::= { pktcIetfMtaMib 1 } pktcMtaDevBase OBJECT IDENTIFIER ::= { pktcMtaMibObjects 1 } pktcMtaDevServer OBJECT IDENTIFIER ::= { pktcMtaMibObjects 2 } pktcMtaDevSecurity OBJECT IDENTIFIER ::= { pktcMtaMibObjects 3 } pktcMtaDevErrors OBJECT IDENTIFIER ::= { pktcMtaMibObjects 4 } pktcMtaConformance OBJECT IDENTIFIER ::= { pktcIetfMtaMib 2 }
-- -- The following pktcMtaDevBase group describes the base MTA objects --
----以下pktcMtaDevBase组描述了基本MTA对象--
pktcMtaDevResetNow OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION " This object controls the MTA software reset. Reading this object always returns 'false'. Setting this object to 'true' causes the device to reset immediately and the following actions to occur: 1. All connections (if present) are flushed locally. 2. All current actions such as ringing immediately terminate. 3. Requests for signaling notifications, such as notification based on digit map recognition, are flushed. 4. All endpoints are disabled. 5. The provisioning flow is started at step MTA-1. If a value is written into an instance of pktcMtaDevResetNow, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE
pktcMtaDevResetNow对象类型语法TruthValue MAX-ACCESS读写状态当前描述“此对象控制MTA软件重置。读取此对象始终返回“false”。将此对象设置为“true”会导致设备立即重置并执行以下操作:1.所有连接(如果存在)本地刷新。2.所有当前操作(如振铃)立即终止。3.刷新信号通知请求(如基于数字地图识别的通知)。4.禁用所有终结点。5.在步骤MTA-1启动设置流。如果将值写入pktcMtaDevResetNow的实例,则代理必须在MTA重新初始化或重新启动时不保留提供的值。“参考
" PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 1 }
" PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 1 }
pktcMtaDevSerialNumber OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object specifies the manufacturer's serial number of this MTA. The value of this object MUST be identical to the value specified in DHCP option 43, sub-option 4. The list of sub-options for DHCP option 43 are defined in the PacketCable MTA Device Provisioning Specification." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 2 }
pktcMtaDevSerialNumber OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object specifies the manufacturer's serial number of this MTA. The value of this object MUST be identical to the value specified in DHCP option 43, sub-option 4. The list of sub-options for DHCP option 43 are defined in the PacketCable MTA Device Provisioning Specification." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 2 }
pktcMtaDevSwCurrentVers OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object identifies the software version currently operating in the MTA. The MTA MUST return a string descriptive of the current software load. This object should use the syntax defined by the individual vendor to identify the software version. The data presented in this object MUST be identical to the software version information contained in the 'sysDescr' MIB object of the MTA. The value of this object MUST be identical to the value specified in DHCP option 43, sub-option 6. The list of sub-options for DHCP option 43 are defined in the PacketCable MTA Device Provisioning Specification." REFERENCE " PacketCable MTA Device Provisioning Specification."
pktcMtaDevSwCurrentVers对象类型语法SNMPAdministring MAX-ACCESS只读状态当前说明“此对象标识当前在MTA中运行的软件版本。MTA必须返回描述当前软件加载的字符串。此对象应使用单个供应商定义的语法来标识软件版本。此对象中显示的数据必须与MTA的“sysDescr”MIB对象中包含的软件版本信息相同。此对象的值必须与DHCP选项43子选项6中指定的值相同。DHCP选项43的子选项列表在PacketCable MTA设备配置规范中定义。“参考”PacketCable MTA设备配置规范
::= { pktcMtaDevBase 3 }
::= { pktcMtaDevBase 3 }
pktcMtaDevFQDN OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Fully Qualified Domain Name for this MTA. The MTA FQDN is used to uniquely identify the device to the PacketCable back office elements."
pktcMtaDevFQDN对象类型语法SnmpAdminString MAX-ACCESS只读状态当前描述“此对象包含此MTA的完全限定域名。MTA FQDN用于唯一地将设备标识到PacketCable后台元素。”
::= { pktcMtaDevBase 4 }
::= { pktcMtaDevBase 4 }
pktcMtaDevEndPntCount OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the number of physical endpoints for this MTA." ::= { pktcMtaDevBase 5 }
pktcMtaDevEndPntCount OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the number of physical endpoints for this MTA." ::= { pktcMtaDevBase 5 }
pktcMtaDevEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the MTA Admin Status of this device. If this object is set to 'true', the MTA is administratively enabled, and the MTA MUST be able to interact with the PacketCable entities, such as CMS, Provisioning Server, KDC, and other MTAs and MGs on all PacketCable interfaces. If this object is set to 'false', the MTA is administratively disabled, and the MTA MUST perform the following actions for all endpoints: - Shut down all media sessions, if present. - Shut down Network Control Signaling (NCS) signaling by following the Restart in Progress procedures in the PacketCable NCS specification. The MTA must execute all actions required to enable or disable the telephony services for all endpoints immediately upon receipt of an SNMP SET operation.
pktcMtaDevEnabled对象类型语法TruthValue MAX-ACCESS读写状态当前说明“此对象包含此设备的MTA管理员状态。如果此对象设置为“true”,则MTA将以管理方式启用,并且MTA必须能够在所有PacketCable接口上与PacketCable实体(如CMS、配置服务器、KDC以及其他MTA和MG)交互。如果此对象设置为“false”,MTA将被管理禁用,MTA必须对所有终结点执行以下操作:-关闭所有媒体会话(如果存在)。-按照PacketCable NCS规范中的重新启动过程关闭网络控制信令(NCS)信令。MTA必须在收到SNMP集操作后立即执行为所有端点启用或禁用电话服务所需的所有操作。
Additionally, the MTA MUST maintain the SNMP Interface for management and also the SNMP Key management interface. Also, the MTA MUST NOT continue Kerberized key management with CMSes until this object is set to 'true'. Note: MTAs MUST renew the CMS Kerberos tickets according to the PacketCable Security or IPCablecom Specification. If a value is written into an instance of pktcMtaDevEnabled, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification; PacketCable Network-Based Call Signaling Protocol
Additionally, the MTA MUST maintain the SNMP Interface for management and also the SNMP Key management interface. Also, the MTA MUST NOT continue Kerberized key management with CMSes until this object is set to 'true'. Note: MTAs MUST renew the CMS Kerberos tickets according to the PacketCable Security or IPCablecom Specification. If a value is written into an instance of pktcMtaDevEnabled, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification; PacketCable Network-Based Call Signaling Protocol
Specification." ::= { pktcMtaDevBase 6 }
Specification." ::= { pktcMtaDevBase 6 }
pktcMtaDevTypeIdentifier OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object provides the MTA device type identifier. The value of this object must be a copy of the DHCP option 60 value exchanged between the MTA and the DHCP server. The DHCP option 60 value contains an ASCII-encoded string identifying capabilities of the MTA as defined in the PacketCable MTA Device Provisioning Specification." REFERENCE " RFC 2132, DHCP Options and BOOTP Vendor Extensions; PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 7 }
pktcMtaDevTypeIdentifier OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object provides the MTA device type identifier. The value of this object must be a copy of the DHCP option 60 value exchanged between the MTA and the DHCP server. The DHCP option 60 value contains an ASCII-encoded string identifying capabilities of the MTA as defined in the PacketCable MTA Device Provisioning Specification." REFERENCE " RFC 2132, DHCP Options and BOOTP Vendor Extensions; PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 7 }
pktcMtaDevProvisioningState OBJECT-TYPE SYNTAX INTEGER { pass (1), inProgress (2), failConfigFileError (3), passWithWarnings (4), passWithIncompleteParsing (5), failureInternalError (6), failureOtherReason (7) } MAX-ACCESS read-only STATUS current DESCRIPTION " This object indicates the completion state of the MTA device provisioning process.
pktcMtaDevProvisioningState OBJECT-TYPE SYNTAX INTEGER { pass (1), inProgress (2), failConfigFileError (3), passWithWarnings (4), passWithIncompleteParsing (5), failureInternalError (6), failureOtherReason (7) } MAX-ACCESS read-only STATUS current DESCRIPTION " This object indicates the completion state of the MTA device provisioning process.
pass: If the configuration file could be parsed successfully and the MTA is able to reflect the same in its MIB, the MTA MUST return the value 'pass'.
通过:如果可以成功解析配置文件,并且MTA能够在其MIB中反映相同的内容,则MTA必须返回值“通过”。
inProgress: If the MTA is in the process of being provisioned, the MTA MUST return the value 'inProgress'.
inProgress:如果MTA正在进行设置,MTA必须返回值“inProgress”。
failConfigFileError: If the configuration file was in error due to incorrect values in the mandatory parameters, the MTA MUST reject the configuration file, and the MTA MUST return the value
failConfigFileError:如果由于强制参数中的值不正确而导致配置文件出错,MTA必须拒绝该配置文件,并且MTA必须返回该值
'failConfigFileError'.
“failConfigFileError”。
passWithWarnings: If the configuration file had proper values for all the mandatory parameters but has errors in any of the optional parameters (this includes any vendor-specific Object Identifiers (OIDs) that are incorrect or not known to the MTA), the MTA MUST return the value 'passWithWarnings'.
passWithWarnings:如果配置文件中所有必需参数的值都正确,但任何可选参数中都有错误(这包括MTA不正确或不知道的任何供应商特定对象标识符(OID)),MTA必须返回值“passWithWarnings”。
passWithIncompleteParsing: If the configuration file is valid but the MTA cannot reflect the same in its configuration (for example, too many entries caused memory exhaustion), it must accept the CMS configuration entries related, and the MTA MUST return the value 'passWithIncompleteParsing'.
passWithUncompleteParsing:如果配置文件有效,但MTA无法在其配置中反映相同的内容(例如,太多条目导致内存耗尽),则它必须接受相关的CMS配置条目,并且MTA必须返回值“passWithUncompleteParsing”。
failureInternalError: If the configuration file cannot be parsed due to an Internal error, the MTA MUST return the value 'failureInternalError'.
failureInternalError:如果由于内部错误而无法分析配置文件,MTA必须返回值“failureInternalError”。
failureOtherReason: If the MTA cannot accept the configuration file for any other reason than the ones stated above, the MTA MUST return the value 'failureOtherReason'.
failureOtherReason:如果MTA因上述原因以外的任何其他原因无法接受配置文件,则MTA必须返回值“failureOtherReason”。
When a final SNMP INFORM is sent as part of Step 25 of the MTA Provisioning process, this parameter is also included in the final INFORM message." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 8 }
When a final SNMP INFORM is sent as part of Step 25 of the MTA Provisioning process, this parameter is also included in the final INFORM message." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevBase 8 }
pktcMtaDevHttpAccess OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION " This object indicates whether the HTTP protocol is supported for the MTA configuration file transfer." ::= { pktcMtaDevBase 9 }
pktcMtaDevHttpAccess OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION " This object indicates whether the HTTP protocol is supported for the MTA configuration file transfer." ::= { pktcMtaDevBase 9 }
pktcMtaDevProvisioningTimer OBJECT-TYPE SYNTAX Unsigned32 (0..30) UNITS "minutes" MAX-ACCESS read-write STATUS current
pktcMtaDevProvisioningTimer对象类型语法未签名32(0..30)单位“分钟”最大访问读写状态当前
DESCRIPTION " This object defines the time interval for the provisioning flow to complete. The MTA MUST finish all provisioning operations starting from the moment when an MTA receives its DHCP ACK and ending at the moment when the MTA downloads its configuration file (e.g., MTA5 to MTA23) within the period of time set by this object. Failure to comply with this condition constitutes a provisioning flow failure. If the object is set to 0, the MTA MUST ignore the provisioning timer condition. If a value is written into an instance of pktcMtaDevProvisioningTimer, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification." DEFVAL {10} ::= {pktcMtaDevBase 10}
DESCRIPTION " This object defines the time interval for the provisioning flow to complete. The MTA MUST finish all provisioning operations starting from the moment when an MTA receives its DHCP ACK and ending at the moment when the MTA downloads its configuration file (e.g., MTA5 to MTA23) within the period of time set by this object. Failure to comply with this condition constitutes a provisioning flow failure. If the object is set to 0, the MTA MUST ignore the provisioning timer condition. If a value is written into an instance of pktcMtaDevProvisioningTimer, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification." DEFVAL {10} ::= {pktcMtaDevBase 10}
pktcMtaDevProvisioningCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times the provisioning cycle has looped through step MTA-1." ::= {pktcMtaDevBase 11}
pktcMtaDevProvisioningCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times the provisioning cycle has looped through step MTA-1." ::= {pktcMtaDevBase 11}
pktcMtaDevErrorOidsTable OBJECT-TYPE SYNTAX SEQUENCE OF PktcMtaDevErrorOidsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This table contains the list of configuration errors or warnings the MTA encountered when parsing the configuration file it received from the Provisioning Server. For each error, an entry is created in this table, containing the configuration parameters the MTA rejected and the associated reason (e.g., wrong or unknown OID, inappropriate object values). If the MTA did not report a provisioning state of 'pass(1)' in the pktcMtaDevProvisioningState object, this table MUST be populated for each error or warning instance. Even if different parameters share the same error type (e.g., all realm name configuration parameters are invalid), all observed errors or warnings must be reported as different instances. Errors are placed into the table in no particular order. The table MUST be cleared each time
PKTCMTADERROIDSTABLE PKTCMTADERROIDSCENTRY MAX-ACCESS的对象类型语法序列不可访问状态当前说明“此表包含MTA在分析从设置服务器接收的配置文件时遇到的配置错误或警告列表。对于每个错误,将在此表中创建一个条目,其中包含MTA拒绝的配置参数和相关原因(例如,错误或未知OID、不适当的对象值)。如果MTA未在pktcMtaDevProvisioningState对象中报告设置状态“pass(1)”,则必须为每个错误或警告实例填充此表。即使不同的参数共享相同的错误类型(例如,所有领域名称配置参数无效),所有观察到的错误或警告都必须作为不同的实例报告。错误不按特定顺序放入表中。每次都必须清理桌子
the MTA reboots." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= {pktcMtaDevBase 12 }
the MTA reboots." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= {pktcMtaDevBase 12 }
pktcMtaDevErrorOidsEntry OBJECT-TYPE SYNTAX PktcMtaDevErrorOidsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This entry contains the necessary information the MTA MUST attempt to provide in case of configuration file errors or warnings." INDEX { pktcMtaDevErrorOidIndex } ::= {pktcMtaDevErrorOidsTable 1}
pktcMtaDevErrorOidsEntry OBJECT-TYPE SYNTAX PktcMtaDevErrorOidsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This entry contains the necessary information the MTA MUST attempt to provide in case of configuration file errors or warnings." INDEX { pktcMtaDevErrorOidIndex } ::= {pktcMtaDevErrorOidsTable 1}
PktcMtaDevErrorOidsEntry ::= SEQUENCE { pktcMtaDevErrorOidIndex Unsigned32, pktcMtaDevErrorOid SnmpAdminString, pktcMtaDevErrorValue SnmpAdminString, pktcMtaDevErrorReason SnmpAdminString }
PktcMtaDevErrorOidsEntry ::= SEQUENCE { pktcMtaDevErrorOidIndex Unsigned32, pktcMtaDevErrorOid SnmpAdminString, pktcMtaDevErrorValue SnmpAdminString, pktcMtaDevErrorReason SnmpAdminString }
pktcMtaDevErrorOidIndex OBJECT-TYPE SYNTAX Unsigned32 (1..1024) MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object is the index of the MTA configuration error table. It is an integer value that starts at value '1' and is incremented for each encountered configuration file error or warning.
PKTCMTADeverroidIndex对象类型语法Unsigned32(1..1024)MAX-ACCESS不可访问状态当前描述“此对象是MTA配置错误表的索引。它是一个从值“1”开始的整数值,对于遇到的每个配置文件错误或警告都会递增。
The maximum number of errors or warnings that can be recorded in the pktcMtaDevErrorOidsTable is set to 1024 as a configuration file is usually validated by operators before deployment. Given the possible number of configuration parameter assignments in the MTA configuration file, 1024 is perceived as a sufficient limit even with future extensions.
PKTCMTADeverroidTable中可记录的最大错误或警告数设置为1024,因为配置文件通常在部署前由操作员验证。考虑到MTA配置文件中可能分配的配置参数数量,1024被认为是一个足够的限制,即使将来有扩展名。
If the number of the errors in the configuration file exceeds 1024, all errors beyond the 1024th one MUST be ignored and not be reflected in the pktcMtaDevErrorOidsTable."
如果配置文件中的错误数超过1024,则必须忽略第1024个错误以外的所有错误,并且不能反映在PKTCMTADeverroidTable中。”
::= {pktcMtaDevErrorOidsEntry 1}
::= {pktcMtaDevErrorOidsEntry 1}
pktcMtaDevErrorOid OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains a human readable representation (character string) of the OID corresponding to the configuration file parameter that caused the particular error. For example, if the value of the pktcMtaDevEnabled object in the configuration file caused an error, then this object instance will contain the human-readable string of '1.3.6.1.2.1.140.1.1.6.0'. If the MTA generated an error because it was not able to recognize a particular OID, then this object instance would contain an empty value (zero-length string). For example, if the value of an OID in the configuration file was interpreted by the MTA as being 1.2.3.4.5, and if the MTA was not able to recognize this OID as a valid one, this object instance will contain a zero-length string.
PKTCMTADeverroid对象类型语法SNMPAdministring MAX-ACCESS只读状态当前描述“此对象包含人类可读的表示形式(字符串)对应于导致特定错误的配置文件参数的OID的。例如,如果配置文件中pktcMtaDevEnabled对象的值导致错误,则此对象实例将包含人类可读的字符串“1.3.6.1.2.1.140.1.1.6.0”。如果MTA由于无法识别特定OID,则此对象实例将包含空值(零长度字符串)。例如,如果MTA将配置文件中OID的值解释为1.2.3.4.5,并且如果MTA无法将此OID识别为有效OID,则此对象实例将包含零长度字符串。
If the number of errors in the configuration file exceeds 1024, then for all subsequent errors, the pktcMtaDevErrorOid of the table's 1024th entry MUST contain a human-readable representation of the pktcMtaDevErrorsTooManyErrors object; i.e., the string '1.3.6.1.2.1.140.1.1.4.1.0'. Note that the syntax of this object is SnmpAdminString instead of OBJECT IDENTIFIER because the object value may not be a valid OID due to human or configuration tool encoding errors."
如果配置文件中的错误数超过1024,则对于所有后续错误,表的1024项的PKTCMTADeverroId必须包含PKTCMTADeverrorToomanyErrors对象的可读表示形式;i、 例如,字符串“1.3.6.1.2.1.140.1.1.4.1.0”。请注意,此对象的语法为snmpadmin而不是对象标识符,因为由于人工或配置工具编码错误,对象值可能不是有效的OID。”
::= {pktcMtaDevErrorOidsEntry 2}
::= {pktcMtaDevErrorOidsEntry 2}
pktcMtaDevErrorValue OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the value of the OID corresponding to the configuration file parameter that caused the error. If the MTA cannot recognize the OID of the configuration parameter causing the error, then this object instance contains the OID itself as interpreted by the MTA in human-readable representation. If the MTA can recognize the OID but generate an error due to a wrong value of the parameter, then the object
pktcMtaDevErrorValue对象类型语法SNMPAdministring MAX-ACCESS只读状态当前说明“此对象包含与导致错误的配置文件参数相对应的OID值。如果MTA无法识别导致错误的配置参数的OID,则此对象实例包含由MTA以人类可读的表示形式解释的OID本身。如果MTA可以识别OID,但由于参数值错误而生成错误,则对象
instance contains the erroneous value of the parameter as read from the configuration file. In both cases, the value of this object must be represented in human-readable form as a character string. For example, if the value of the pktcMtaDevEnabled object in the configuration file was 3 (invalid value), then the pktcMtaDevErrorValue object instance will contain the human-readable (string) representation of value '3'. Similarly, if the OID in the configuration file has been interpreted by the MTA as being 1.2.3.4.5 and the MTA cannot recognize this OID as a valid one, then this pktcMtaDevErrorValue object instance will contain human readable (string) representation of value '1.2.3.4.5'.
实例包含从配置文件读取的错误参数值。在这两种情况下,此对象的值必须以人类可读的形式表示为字符串。例如,如果配置文件中pktcMtaDevEnabled对象的值为3(无效值),则pktcMtaDevErrorValue对象实例将包含值“3”的可读(字符串)表示形式。类似地,如果MTA已将配置文件中的OID解释为1.2.3.4.5,并且MTA无法将此OID识别为有效OID,则此pktcMtaDevErrorValue对象实例将包含值“1.2.3.4.5”的人类可读(字符串)表示形式。
If the number of errors in the configuration file exceeds 1024, then for all subsequent errors, the pktcMtaDevErrorValue of the table's 1024th entry MUST contain a human-readable representation of the pktcMtaDevErrorsTooManyErrors object; i.e., the string '1.3.6.1.2.1.140.1.1.4.1.0'."
如果配置文件中的错误数超过1024,则对于所有后续错误,表的1024项的pktcMtaDevErrorValue必须包含PKTCMTADeverrorToomanyErrors对象的可读表示形式;i、 例如,字符串“1.3.6.1.2.1.140.1.1.4.1.0”
::= {pktcMtaDevErrorOidsEntry 3}
::= {pktcMtaDevErrorOidsEntry 3}
pktcMtaDevErrorReason OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object indicates the reason for the error or warning, as per the MTA's interpretation, in human-readable form. For example: 'VALUE NOT IN RANGE', 'VALUE DOES NOT MATCH TYPE', 'UNSUPPORTED VALUE', 'LAST 4 BITS MUST BE SET TO ZERO', 'OUT OF MEMORY - CANNOT STORE'. This object may also contain vendor specific errors for private vendor OIDs and any proprietary error codes or messages that can help diagnose configuration errors.
pktcMtaDevErrorReason对象类型语法SNMPAdministring MAX-ACCESS只读状态当前说明“根据MTA的解释,此对象以人类可读的形式指示错误或警告的原因。例如:“值不在范围内”、“值与类型不匹配”、“不支持的值”、“最后4位必须设置为零”、“内存不足-无法存储”。此对象还可能包含专用供应商OID的供应商特定错误以及有助于诊断配置错误的任何专有错误代码或消息。
If the number of errors in the configuration file exceeds 1024, then for all subsequent errors, the pktcMtaDevErrorReason of the table's 1024th entry MUST contain a human-readable string indicating the reason for an error; for example, 'Too many errors in the configuration file'." ::= {pktcMtaDevErrorOidsEntry 4}
If the number of errors in the configuration file exceeds 1024, then for all subsequent errors, the pktcMtaDevErrorReason of the table's 1024th entry MUST contain a human-readable string indicating the reason for an error; for example, 'Too many errors in the configuration file'." ::= {pktcMtaDevErrorOidsEntry 4}
-- -- The following group describes server access and parameters used
----以下组描述了服务器访问和使用的参数
-- for the initial MTA provisioning and bootstrapping phases. --
--用于初始MTA设置和引导阶段--
pktcMtaDevDhcpServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet address type for the PacketCable DHCP servers specified in MTA MIB." DEFVAL { ipv4 } ::= { pktcMtaDevServer 1}
pktcMtaDevDhcpServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet address type for the PacketCable DHCP servers specified in MTA MIB." DEFVAL { ipv4 } ::= { pktcMtaDevServer 1}
pktcMtaDevServerDhcp1 OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet Address of the primary DHCP server the MTA uses during provisioning. The type of this address is determined by the value of the pktcMtaDevDhcpServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the primary DHCP server. It is provided by the CM to the MTA via the DHCP option code 122, sub-option 1, as defined in RFC 3495.
pktcMtaDevServerDhcp1对象类型语法InetAddress MAX-ACCESS只读状态当前描述“此对象包含MTA在设置期间使用的主DHCP服务器的Internet地址。此地址的类型由pktcMtaDevDhcpServerAddressType对象的值确定。当后者的值为“ipv4(1)”时,此对象包含主DHCP服务器的IP地址。它由CM通过DHCP选项代码122,子选项1提供给MTA,如RFC 3495中所定义。
The behavior of this object when the value of pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If this object is of value 0.0.0.0, the MTA MUST stop all provisioning attempts, as well as all other activities. If this object is of value 255.255.255.255, it means that there was no preference given for the primary DHCP server, and, the MTA must follow the logic of RFC2131, and the value of DHCP option 122, sub-option 2, must be ignored." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 2131, Dynamic Host Configuration Protocol; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 2 }
The behavior of this object when the value of pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If this object is of value 0.0.0.0, the MTA MUST stop all provisioning attempts, as well as all other activities. If this object is of value 255.255.255.255, it means that there was no preference given for the primary DHCP server, and, the MTA must follow the logic of RFC2131, and the value of DHCP option 122, sub-option 2, must be ignored." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 2131, Dynamic Host Configuration Protocol; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 2 }
pktcMtaDevServerDhcp2 OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only
pktcMtaDevServerDhcp2对象类型语法InetAddress MAX-ACCESS只读
STATUS current DESCRIPTION " This object contains the Internet Address of the secondary DHCP server the MTA uses during provisioning. The type of this address is determined by the value of the pktcMtaDevDhcpServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the secondary DHCP server. It is provided by the CM to the MTA via the DHCP option code 122, sub-option 2, as defined in RFC 3495.
STATUS current DESCRIPTION“此对象包含MTA在设置期间使用的辅助DHCP服务器的Internet地址。此地址的类型由pktcMtaDevDhcpServerAddressType对象的值确定。当后者的值为“ipv4(1)”时,此对象包含辅助DHCP服务器的IP地址。它由CM通过DHCP选项代码122,子选项2提供给MTA,如RFC 3495中所定义。
The behavior of this object when the value of pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If there was no secondary DHCP server provided in DHCP Option 122, sub-option 2, this object must return the value 0.0.0.0." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 3 }
The behavior of this object when the value of pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If there was no secondary DHCP server provided in DHCP Option 122, sub-option 2, this object must return the value 0.0.0.0." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 3 }
pktcMtaDevDnsServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet address type for the PacketCable DNS servers specified in MTA MIB." DEFVAL { ipv4 } ::= { pktcMtaDevServer 4}
pktcMtaDevDnsServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet address type for the PacketCable DNS servers specified in MTA MIB." DEFVAL { ipv4 } ::= { pktcMtaDevServer 4}
pktcMtaDevServerDns1 OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the IP Address of the primary DNS server to be used by the MTA. The type of this address is determined by the value of the pktcMtaDevDnsServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the primary DNS server. As defined in RFC 2132, PacketCable-compliant MTAs receive the IP addresses of the DNS Servers in DHCP option 6. The behavior of this object when the value of pktcMtaDevDnsServerAddressType is other than 'ipv4(1)'
pktcMtaDevServerDns1对象类型语法InetAddress MAX-ACCESS读写状态当前描述“此对象包含MTA要使用的主DNS服务器的IP地址。此地址的类型由pktcMtaDevDnsServerAddressType对象的值确定。当后者的值为“ipv4(1)”时,此对象包含主DNS服务器的IP地址。如RFC 2132中所定义,符合PacketCable的MTA在DHCP选项6中接收DNS服务器的IP地址。当pktcMtaDevDnsServerAddressType的值不是“ipv4(1)”时,此对象的行为
is not presently specified, but it may be specified in future versions of this MIB module. If a value is written into an instance of pktcMtaDevServerDns1, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 2132, DHCP Options and BOOTP Vendor Extensions." ::= { pktcMtaDevServer 5 }
is not presently specified, but it may be specified in future versions of this MIB module. If a value is written into an instance of pktcMtaDevServerDns1, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 2132, DHCP Options and BOOTP Vendor Extensions." ::= { pktcMtaDevServer 5 }
pktcMtaDevServerDns2 OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the IP Address of the secondary DNS server to be used by the MTA. The type of this address is determined by the value of the pktcMtaDevDnsServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the secondary DNS server. As defined in RFC 2132, PacketCable-compliant MTAs receive the IP addresses of the DNS Servers in DHCP option 6. The behavior of this object when the value of pktcMtaDevDnsServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If a value is written into an instance of pktcMtaDevServerDns2, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 2132, DHCP Options and BOOTP Vendor Extensions." ::= { pktcMtaDevServer 6 }
pktcMtaDevServerDns2 OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the IP Address of the secondary DNS server to be used by the MTA. The type of this address is determined by the value of the pktcMtaDevDnsServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the secondary DNS server. As defined in RFC 2132, PacketCable-compliant MTAs receive the IP addresses of the DNS Servers in DHCP option 6. The behavior of this object when the value of pktcMtaDevDnsServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If a value is written into an instance of pktcMtaDevServerDns2, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 2132, DHCP Options and BOOTP Vendor Extensions." ::= { pktcMtaDevServer 6 }
pktcMtaDevTimeServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet address type for the PacketCable Time servers specified in MTA MIB." DEFVAL { ipv4 } ::= { pktcMtaDevServer 7}
pktcMtaDevTimeServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the Internet address type for the PacketCable Time servers specified in MTA MIB." DEFVAL { ipv4 } ::= { pktcMtaDevServer 7}
pktcMtaDevTimeServer OBJECT-TYPE SYNTAX InetAddress
pktcMtaDevTimeServer对象类型语法InetAddress
MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the Internet Address of the Time Server used by an S-MTA for Time Synchronization. The type of this address is determined by the value of the pktcMtaDevTimeServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the Time Server used for Time Synchronization. In the case of an S-MTA, this object must be populated with a value other than 0.0.0.0 as obtained from DHCP option 4. The protocol by which the time of day MUST be retrieved is defined in RFC 868. In the case of an E-MTA, this object must contain a value of 0.0.0.0 if the address type is 'ipv4(1)' since an E-MTA does not use the Time Protocol for time synchronization (an E-MTA uses the time retrieved by the DOCSIS cable modem). The behavior of this object when the value of pktcMtaDevTimeServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If a value is written into an instance of pktcMtaDevTimeServer, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " RFC 868, Time Protocol; RFC 2131, Dynamic Host Configuration Protocol; RFC 2132, DHCP Options and BOOTP Vendor Extensions." ::= { pktcMtaDevServer 8}
MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the Internet Address of the Time Server used by an S-MTA for Time Synchronization. The type of this address is determined by the value of the pktcMtaDevTimeServerAddressType object. When the latter has the value 'ipv4(1)', this object contains the IP address of the Time Server used for Time Synchronization. In the case of an S-MTA, this object must be populated with a value other than 0.0.0.0 as obtained from DHCP option 4. The protocol by which the time of day MUST be retrieved is defined in RFC 868. In the case of an E-MTA, this object must contain a value of 0.0.0.0 if the address type is 'ipv4(1)' since an E-MTA does not use the Time Protocol for time synchronization (an E-MTA uses the time retrieved by the DOCSIS cable modem). The behavior of this object when the value of pktcMtaDevTimeServerAddressType is other than 'ipv4(1)' is not presently specified, but it may be specified in future versions of this MIB module. If a value is written into an instance of pktcMtaDevTimeServer, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " RFC 868, Time Protocol; RFC 2131, Dynamic Host Configuration Protocol; RFC 2132, DHCP Options and BOOTP Vendor Extensions." ::= { pktcMtaDevServer 8}
pktcMtaDevConfigFile OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the MTA device configuration file information, including the access method, the server name, and the configuration file name. The value of this object is the Uniform Resource Locator (URL) of the configuration file for TFTP or HTTP download. If this object value is a TFTP URL, it must be formatted as defined in RFC 3617. If this object value is an HTTP URL, it must be formatted as defined in RFC 2616. If the MTA SNMP Enrollment mechanism is used, then the MTA must download the file provided by the Provisioning Server
pktcMtaDevConfigFile对象类型语法SNMPAdministring MAX-ACCESS读写状态当前描述“此对象指定MTA设备配置文件信息,包括访问方法、服务器名称和配置文件名。此对象的值为统一资源定位器(URL)TFTP或HTTP下载的配置文件。如果此对象值是TFTP URL,则必须按照RFC 3617中的定义进行格式设置。如果此对象值是HTTP URL,则必须按照RFC 2616中的定义进行格式设置。如果使用MTA SNMP注册机制,则MTA必须下载设置服务器提供的文件
during provisioning via an SNMP SET on this object. If the MTA SNMP Enrollment mechanism is not used, this object MUST contain the URL value corresponding to the 'siaddr' and 'file' fields received in the DHCP ACK to locate the configuration file: the 'siaddr' and 'file' fields represent the host and file of the TFTP URL, respectively. In this case, the MTA MUST return an 'inconsistentValue' error in response to SNMP SET operations. The MTA MUST return a zero-length string if the server address (host part of the URL) is unknown. If a value is written into an instance of pktcMtaDevConfigFile, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3617, URI Scheme for TFTP; RFC 2616, HTTP 1.1" ::= { pktcMtaDevServer 9 }
during provisioning via an SNMP SET on this object. If the MTA SNMP Enrollment mechanism is not used, this object MUST contain the URL value corresponding to the 'siaddr' and 'file' fields received in the DHCP ACK to locate the configuration file: the 'siaddr' and 'file' fields represent the host and file of the TFTP URL, respectively. In this case, the MTA MUST return an 'inconsistentValue' error in response to SNMP SET operations. The MTA MUST return a zero-length string if the server address (host part of the URL) is unknown. If a value is written into an instance of pktcMtaDevConfigFile, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3617, URI Scheme for TFTP; RFC 2616, HTTP 1.1" ::= { pktcMtaDevServer 9 }
pktcMtaDevSnmpEntity OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the FQDN of the SNMP entity of the Provisioning Server. When the MTA SNMP Enrollment Mechanism is used, this object represents the server that the MTA communicates with, that it receives the configuration file URL from, and that it sends the enrollment notification to. The SNMP entity is also the destination entity for all the provisioning notifications. It may be used for post-provisioning SNMP operations. During the provisioning phase, this SNMP entity FQDN is supplied to the MTA via DHCP option 122, sub-option 3, as defined in RFC 3495. The MTA must resolve the FQDN value before its very first network interaction with the SNMP entity during the provisioning phase."
pktcMtaDevSnmpEntity对象类型语法SNMPAdministring MAX-ACCESS只读状态当前说明“此对象包含配置服务器的SNMP实体的FQDN。使用MTA SNMP注册机制时,此对象表示MTA与之通信、从中接收配置文件URL以及向其发送注册通知的服务器。SNMP实体也是所有设置通知的目标实体。它可用于配置后SNMP操作。在配置阶段,此SNMP实体FQDN通过DHCP选项122、子选项3提供给MTA,如RFC 3495中所定义。MTA必须先解析FQDN值,然后才能在配置阶段与SNMP实体进行第一次网络交互。”
REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 10 }
REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 10 }
pktcMtaDevProvConfigHash OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-write STATUS current
pktcMtaDevProvConfigHash对象类型语法八位字节字符串(大小(20))最大访问读写状态当前
DESCRIPTION " This object contains the hash value of the contents of the configuration file. The authentication algorithm is Secure Hashing Algorithm 1 (SHA-1), and the length is 160 bits. The hash calculation MUST follow the requirements defined in the PacketCable Security Specification. When the MTA SNMP Enrollment mechanism is used, this hash value is calculated and sent to the MTA prior to sending the config file. This object value is then provided by the Provisioning server via an SNMP SET operation. When the MTA SNMP Enrollment mechanism is not in use, the hash value is provided in the configuration file itself, and it is also calculated by the MTA. This object value MUST represent the hash value calculated by the MTA. When the MTA SNMP Enrollment mechanism is not in use, the MTA must reject all SNMP SET operations on this object and return an 'inconsistentValue' error. If a value is written into an instance of pktcMtaDevProvConfigHash, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification." ::= { pktcMtaDevServer 11 }
DESCRIPTION " This object contains the hash value of the contents of the configuration file. The authentication algorithm is Secure Hashing Algorithm 1 (SHA-1), and the length is 160 bits. The hash calculation MUST follow the requirements defined in the PacketCable Security Specification. When the MTA SNMP Enrollment mechanism is used, this hash value is calculated and sent to the MTA prior to sending the config file. This object value is then provided by the Provisioning server via an SNMP SET operation. When the MTA SNMP Enrollment mechanism is not in use, the hash value is provided in the configuration file itself, and it is also calculated by the MTA. This object value MUST represent the hash value calculated by the MTA. When the MTA SNMP Enrollment mechanism is not in use, the MTA must reject all SNMP SET operations on this object and return an 'inconsistentValue' error. If a value is written into an instance of pktcMtaDevProvConfigHash, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification." ::= { pktcMtaDevServer 11 }
pktcMtaDevProvConfigKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE(32)) MAX-ACCESS read-write STATUS current DESCRIPTION " This object contains the key used to encrypt/decrypt the configuration file when secure SNMPv3 provisioning is used. The value of this object is provided along with the configuration file information (pktcMtaDevConfigFile) and hash (pktcMtaDevProvConfigHash) by the Provisioning Server via SNMP SET once the configuration file has been created, as defined by the PacketCable Security specification.
pktcMtaDevProvConfigKey对象类型语法八位字节字符串(大小(32))MAX-ACCESS读写状态当前描述“此对象包含在使用安全SNMPv3设置时用于加密/解密配置文件的密钥。此对象的值随配置文件信息(pktcMtaDevConfigFile)一起提供。”一旦SNMP规范(通过PKTcrosh)创建了配置文件(通过PKTcrosh)并将其设置为安全性。
The privacy algorithm is defined by the pktcMtaDevProvConfigEncryptAlg MIB object. The MTA requirements related to the privacy algorithm are defined in the PacketCable Security Specification.
隐私算法由pktcMtaDevProvConfigEncryptAlg MIB对象定义。与隐私算法相关的MTA要求在PacketCable安全规范中定义。
If this object is set at any other provisioning step than that allowed by the PacketCable MTA Device
如果在PacketCable MTA设备允许的任何其他设置步骤中设置此对象
Provisioning Specification, the MTA SHOULD return an 'inconsistentValue' error. This object must not be used in non secure provisioning mode. In non-secure provisioning modes, the MTA SHOULD return an 'inconsistentValue' in response to SNMP SET operations, and the MTA SHOULD return a zero-length string in response to SNMP GET operations. If a value is written into an instance of pktcMtaDevProvConfigKey, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification." ::= { pktcMtaDevServer 12 }
Provisioning Specification, the MTA SHOULD return an 'inconsistentValue' error. This object must not be used in non secure provisioning mode. In non-secure provisioning modes, the MTA SHOULD return an 'inconsistentValue' in response to SNMP SET operations, and the MTA SHOULD return a zero-length string in response to SNMP GET operations. If a value is written into an instance of pktcMtaDevProvConfigKey, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification." ::= { pktcMtaDevServer 12 }
pktcMtaDevProvConfigEncryptAlg OBJECT-TYPE SYNTAX PktcMtaDevProvEncryptAlg MAX-ACCESS read-write STATUS current DESCRIPTION " This object defines the encryption algorithm used for privacy protection of the MTA Configuration File content." DEFVAL { des64CbcMode } ::= { pktcMtaDevServer 13 }
pktcMtaDevProvConfigEncryptAlg OBJECT-TYPE SYNTAX PktcMtaDevProvEncryptAlg MAX-ACCESS read-write STATUS current DESCRIPTION " This object defines the encryption algorithm used for privacy protection of the MTA Configuration File content." DEFVAL { des64CbcMode } ::= { pktcMtaDevServer 13 }
pktcMtaDevProvSolicitedKeyTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..180) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION " This object defines a Kerberos Key Management timer on the MTA. It is the time period during which the MTA saves the nonce and Server Kerberos Principal Identifier to match an AP Request and its associated AP Reply response from the Provisioning Server. After the timeout has been exceeded, the client discards this (nonce, Server Kerberos Principal Identifier) pair, after which it will no longer accept a matching AP Reply. This timer only applies when the Provisioning Server initiated key management for SNMPv3 (with a Wake Up message). If this object is set to a zero value, the MTA MUST return an 'inconsistentValue' in response to SNMP SET operations. This object should not be used in non-secure provisioning modes. In non-secure provisioning modes, the MTA MUST return an 'inconsistentValue' in response to SNMP SET operations, and the MTA MUST return a zero value in
pktcMtaDevProvSolicitedKeyTimeout对象类型语法Unsigned32(0..180)单位“秒”最大访问读写状态当前说明“此对象在MTA上定义Kerberos密钥管理计时器。这是MTA保存nonce和服务器Kerberos主体标识符以匹配AP请求及其来自调配服务器的关联AP回复响应的时间段。超过超时后,客户端将丢弃此(nonce,Server Kerberos主体标识符)对,之后将不再接受匹配的AP应答。此计时器仅在配置服务器启动SNMPv3的密钥管理(带有唤醒消息)时适用。如果此对象设置为零值,MTA必须返回“不一致值”以响应SNMP设置操作。此对象不应在非安全设置模式下使用。在非安全配置模式下,MTA必须返回“不一致值”以响应SNMP集操作,MTA必须在中返回零值
response to SNMP GET operations. If a value is written into an instance of pktcMtaDevProvSolicitedKeyTimeout, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." DEFVAL { 3 } ::= { pktcMtaDevServer 14 }
response to SNMP GET operations. If a value is written into an instance of pktcMtaDevProvSolicitedKeyTimeout, the agent MUST NOT retain the supplied value across MTA re-initializations or reboots." DEFVAL { 3 } ::= { pktcMtaDevServer 14 }
--================================================================= -- -- Unsolicited key updates are retransmitted according to an -- exponential back-off mechanism using two timers and a maximum -- retry counter for AS replies. -- The initial retransmission timer value is the nominal timer -- value (pktcMtaDevProvUnsolicitedKeyNomTimeout). The -- retransmissions occur with an exponentially increasing interval -- that caps at the maximum timeout value -- (pktcMtaDevProvUnsolicitedKeyMaxTimeout). -- Retransmissions stop when the maximum retry counter is reached -- (pktcMtaDevProvUnsolicitedKeyMaxRetries). -- For example, with values of 3 seconds for the nominal -- timer, 100 seconds for the maximum timeout, and 8 retries max, -- and with an exponential value of 2, this results in -- retransmission intervals will be 3 s, 6 s, 12 s, 24 s, 48 s, -- 96 s, 100 s, and 100 s; -- retransmissions then stop because the maximum number of -- retries (8) has been reached. -- --================================================================= -- -- Timeouts for unsolicited key management updates are only -- pertinent before the first SNMPv3 message is sent between the -- MTA and the Provisioning Server and before the configuration -- file is loaded. -- --=================================================================
--================================================================= -- -- Unsolicited key updates are retransmitted according to an -- exponential back-off mechanism using two timers and a maximum -- retry counter for AS replies. -- The initial retransmission timer value is the nominal timer -- value (pktcMtaDevProvUnsolicitedKeyNomTimeout). The -- retransmissions occur with an exponentially increasing interval -- that caps at the maximum timeout value -- (pktcMtaDevProvUnsolicitedKeyMaxTimeout). -- Retransmissions stop when the maximum retry counter is reached -- (pktcMtaDevProvUnsolicitedKeyMaxRetries). -- For example, with values of 3 seconds for the nominal -- timer, 100 seconds for the maximum timeout, and 8 retries max, -- and with an exponential value of 2, this results in -- retransmission intervals will be 3 s, 6 s, 12 s, 24 s, 48 s, -- 96 s, 100 s, and 100 s; -- retransmissions then stop because the maximum number of -- retries (8) has been reached. -- --================================================================= -- -- Timeouts for unsolicited key management updates are only -- pertinent before the first SNMPv3 message is sent between the -- MTA and the Provisioning Server and before the configuration -- file is loaded. -- --=================================================================
pktcMtaDevProvUnsolicitedKeyMaxTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..600) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION " This object defines the timeout value that applies to an MTA-initiated AP-REQ/REP key management exchange with the Provisioning Server in SNMPv3 provisioning. It is the maximum timeout value, and it may not be exceeded in the exponential back-off algorithm. If the DHCP option
pktcMtaDevProvUnsolicitedKeyMaxTimeout对象类型语法Unsigned32(0..600)单位“秒”最大访问只读状态当前说明“此对象定义应用于MTA启动的AP-REQ/REP密钥管理交换的超时值,该交换与SNMPv3配置中的配置服务器进行。它是最大超时值,在指数退避算法中不能超过。如果选择DHCP选项
code 122, sub-option 5, is provided to the MTA, it overwrites this value. In non-secure provisioning modes, the MTA MUST return a zero value in response to SNMP GET operations." REFERENCE " PacketCable Security Specification." DEFVAL {600} ::= { pktcMtaDevServer 15 }
code 122, sub-option 5, is provided to the MTA, it overwrites this value. In non-secure provisioning modes, the MTA MUST return a zero value in response to SNMP GET operations." REFERENCE " PacketCable Security Specification." DEFVAL {600} ::= { pktcMtaDevServer 15 }
pktcMtaDevProvUnsolicitedKeyNomTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..600) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION " This object defines the starting value of the timeout for the AP-REQ/REP Backoff and Retry mechanism with exponential timeout in SNMPv3 provisioning. If the DHCP option code 122, sub-option 5, is provided the MTA, it overwrites this value. In non-secure provisioning modes, the MTA MUST return a zero value in response to SNMP GET operations." REFERENCE " PacketCable Security Specification." DEFVAL {3} ::= { pktcMtaDevServer 16}
pktcMtaDevProvUnsolicitedKeyNomTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..600) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION " This object defines the starting value of the timeout for the AP-REQ/REP Backoff and Retry mechanism with exponential timeout in SNMPv3 provisioning. If the DHCP option code 122, sub-option 5, is provided the MTA, it overwrites this value. In non-secure provisioning modes, the MTA MUST return a zero value in response to SNMP GET operations." REFERENCE " PacketCable Security Specification." DEFVAL {3} ::= { pktcMtaDevServer 16}
pktcMtaDevProvUnsolicitedKeyMaxRetries OBJECT-TYPE SYNTAX Unsigned32 (0..32) MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains a retry counter that applies to an MTA-initiated AP-REQ/REP key management exchange with the Provisioning Server in secure SNMPv3 provisioning. It is the maximum number of retries before the MTA stops attempting to establish a Security Association with Provisioning Server. If the DHCP option code 122, sub-option 5, is provided to the MTA, it overwrites this value. If this object is set to a zero value, the MTA MUST return an 'inconsistentValue' in response to SNMP SET operations. In non-secure provisioning modes, the MTA MUST return a zero value in response to SNMP GET operations." REFERENCE
pktcMtaDevProvUnsolicitedKeyMaxRetries对象类型语法Unsigned32(0..32)MAX-ACCESS只读状态当前说明“此对象包含一个重试计数器,该计数器应用于MTA启动的AP-REQ/REP密钥管理交换,该交换与安全SNMPv3配置中的配置服务器进行。它是MTA停止尝试与设置服务器建立安全关联之前的最大重试次数。如果向MTA提供DHCP选项代码122子选项5,则会覆盖此值。如果此对象设置为零值,MTA必须返回“不一致值”以响应SNMP设置操作。在非安全设置模式下,MTA必须返回零值以响应SNMP GET操作。“参考
" PacketCable Security Specification." DEFVAL {8} ::= { pktcMtaDevServer 17 }
" PacketCable Security Specification." DEFVAL {8} ::= { pktcMtaDevServer 17 }
pktcMtaDevProvKerbRealmName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the name of the associated provisioning Kerberos realm acquired during the MTA4 provisioning step (DHCP Ack) for SNMPv3 provisioning. The uppercase ASCII representation of the associated Kerberos realm name MUST be used by both the Manager (SNMP entity) and the MTA. The Kerberos realm name for the Provisioning Server is supplied to the MTA via DHCP option code 122, sub-option 6, as defined in RFC 3495. In secure SNMP provisioning mode, the value of the Kerberos realm name for the Provisioning Server supplied in the MTA configuration file must match the value supplied in the DHCP option code 122, sub-option 6. Otherwise, the value of this object must contain the value supplied in DHCP Option 122, sub-option 6." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 18 }
pktcMtaDevProvKerbRealmName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the name of the associated provisioning Kerberos realm acquired during the MTA4 provisioning step (DHCP Ack) for SNMPv3 provisioning. The uppercase ASCII representation of the associated Kerberos realm name MUST be used by both the Manager (SNMP entity) and the MTA. The Kerberos realm name for the Provisioning Server is supplied to the MTA via DHCP option code 122, sub-option 6, as defined in RFC 3495. In secure SNMP provisioning mode, the value of the Kerberos realm name for the Provisioning Server supplied in the MTA configuration file must match the value supplied in the DHCP option code 122, sub-option 6. Otherwise, the value of this object must contain the value supplied in DHCP Option 122, sub-option 6." REFERENCE " PacketCable MTA Device Provisioning Specification; RFC 3495, DHCP Option for CableLabs Client Configuration." ::= { pktcMtaDevServer 18 }
pktcMtaDevProvState OBJECT-TYPE SYNTAX INTEGER { operational (1), waitingForSnmpSetInfo (2), waitingForTftpAddrResponse (3), waitingForConfigFile (4) } MAX-ACCESS read-only STATUS current DESCRIPTION " This object defines the MTA provisioning state. If the state is:
pktcMtaDevProvState OBJECT-TYPE SYNTAX INTEGER { operational (1), waitingForSnmpSetInfo (2), waitingForTftpAddrResponse (3), waitingForConfigFile (4) } MAX-ACCESS read-only STATUS current DESCRIPTION " This object defines the MTA provisioning state. If the state is:
'operational(1)', the device has completed the loading and processing of the initialization parameters.
“操作(1)”,设备已完成初始化参数的加载和处理。
'waitingForSnmpSetInfo(2)', the device is waiting on its configuration file download access information. Note that this state is only reported when the MTA
“waitingForSnmpSetInfo(2)”,设备正在等待其配置文件下载访问信息。请注意,此状态仅在MTA
SNMP enrollment mechanism is used.
使用SNMP注册机制。
'waitingForTftpAddrResponse(3)', the device has sent a DNS request to resolve the server providing the configuration file, and it is awaiting for a response. Note that this state is only reported when the MTA SNMP enrollment mechanism is used.
“waitingForTftpAddrResponse(3)”,设备已发送DNS请求以解析提供配置文件的服务器,并且正在等待响应。请注意,此状态仅在使用MTA SNMP注册机制时报告。
'waitingForConfigFile(4)', the device has sent a request via TFTP or HTTP for the download of its configuration file, and it is awaiting for a response or the file download is in progress." REFERENCE " PacketCable MTA Device Provisioning Specification, PacketCable Security Specification." ::= { pktcMtaDevServer 19 }
'waitingForConfigFile(4)', the device has sent a request via TFTP or HTTP for the download of its configuration file, and it is awaiting for a response or the file download is in progress." REFERENCE " PacketCable MTA Device Provisioning Specification, PacketCable Security Specification." ::= { pktcMtaDevServer 19 }
-- -- The following object group describes the security objects. --
----以下对象组描述了安全对象--
pktcMtaDevManufacturerCertificate OBJECT-TYPE SYNTAX DocsX509ASN1DEREncodedCertificate MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the MTA Manufacturer Certificate. The object value must be the ASN.1 DER encoding of the MTA manufacturer's X.509 public key certificate. The MTA Manufacturer Certificate is issued to each MTA manufacturer and is installed into each MTA at the time of manufacture or with a secure code download. The specific requirements related to this certificate are defined in the PacketCable or IPCablecom Security specifications." REFERENCE " PacketCable Security Specification."
PKTCMTADEVManufactureCertificate对象类型语法DocsX509ASN1DEREncodedCertificate MAX-ACCESS只读状态当前说明“此对象包含MTA制造商证书。对象值必须是MTA制造商的X.509公钥证书的ASN.1 DER编码。MTA制造商证书颁发给每个MTA制造商,并在制造时安装到每个MTA中,或下载安全代码。与本证书相关的具体要求在PacketCable或IPCablecom安全规范中定义。“参考”PacketCable安全规范
::= {pktcMtaDevSecurity 1}
::= {pktcMtaDevSecurity 1}
pktcMtaDevCertificate OBJECT-TYPE SYNTAX DocsX509ASN1DEREncodedCertificate MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the MTA Device Certificate. The object value must be the ASN.1 DER encoding of the MTA's X.509 public-key certificate issued by the manufacturer and installed into the MTA at the time of
pktcMtaDevCertificate对象类型语法DocsX509ASN1DEREncodedCertificate MAX-ACCESS只读状态当前描述“此对象包含MTA设备证书。对象值必须是制造商颁发的MTA X.509公钥证书的ASN.1 DER编码,并在安装时安装到MTA中。”
manufacture or with a secure code download. This certificate contains the MTA MAC address. The specific requirements related to this certificate are defined in the PacketCable or IPCablecom Security specifications." REFERENCE " PacketCable Security Specification." ::= { pktcMtaDevSecurity 2 }
manufacture or with a secure code download. This certificate contains the MTA MAC address. The specific requirements related to this certificate are defined in the PacketCable or IPCablecom Security specifications." REFERENCE " PacketCable Security Specification." ::= { pktcMtaDevSecurity 2 }
pktcMtaDevCorrelationId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains a correlation ID, an arbitrary value generated by the MTA that will be exchanged as part of the device capability data to the Provisioning Application. This random value is used as an identifier to correlate related events in the MTA provisioning sequence. This value is intended for use only during the MTA initialization and configuration file download." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevSecurity 3 }
pktcMtaDevCorrelationId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains a correlation ID, an arbitrary value generated by the MTA that will be exchanged as part of the device capability data to the Provisioning Application. This random value is used as an identifier to correlate related events in the MTA provisioning sequence. This value is intended for use only during the MTA initialization and configuration file download." REFERENCE " PacketCable MTA Device Provisioning Specification." ::= { pktcMtaDevSecurity 3 }
pktcMtaDevTelephonyRootCertificate OBJECT-TYPE SYNTAX DocsX509ASN1DEREncodedCertificate MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the telephony Service Provider Root certificate. The object value is the ASN.1 DER encoding of the IP Telephony Service Provider Root X.509 public key certificate. This certification is stored in the MTA non-volatile memory and can be updated with a secure code download. This certificate is used to validate the initial AS Reply received by the MTA from the Key Distribution Center (KDC) during the MTA initialization. The specific requirements related to this certificate are defined in the PacketCable or IPCablecom Security specifications." REFERENCE " PacketCable Security Specification." ::= { pktcMtaDevSecurity 4 }
pktcMtaDevTelephonyRootCertificate OBJECT-TYPE SYNTAX DocsX509ASN1DEREncodedCertificate MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the telephony Service Provider Root certificate. The object value is the ASN.1 DER encoding of the IP Telephony Service Provider Root X.509 public key certificate. This certification is stored in the MTA non-volatile memory and can be updated with a secure code download. This certificate is used to validate the initial AS Reply received by the MTA from the Key Distribution Center (KDC) during the MTA initialization. The specific requirements related to this certificate are defined in the PacketCable or IPCablecom Security specifications." REFERENCE " PacketCable Security Specification." ::= { pktcMtaDevSecurity 4 }
--================================================================= -- -- Informative Procedures for Setting up Security Associations --
--================================================================= -- -- Informative Procedures for Setting up Security Associations --
-- A Security Association may be set up either via configuration or -- via NCS signaling. -- -- I. Security association setup via configuration. -- -- The realm must be configured first. Associated with the realm -- is a KDC. The realm table (pktcMtaDevRealmTable) indicates -- information about the realm (e.g., name, organization name) and -- parameters associated with KDC communications (e.g., grace -- periods, AS Request/AS Reply adaptive back-off parameters). -- -- Once the realm is established, one or more CMS(es) may be -- defined in the realm. Associated with each CMS -- entry in the pktcMtaDevCmsTable is an explicit reference -- to a Realm via the realm name (pktcMtaDevCmsKerbRealmName), -- the FQDN of the CMS, and parameters associated with IPSec -- key management with the CMS (e.g., clock skew, AP Request/ -- AP Reply adaptive back-off parameters). -- -- II. Security association setup via NCS signaling. -- -- The procedure of establishing the Security Associations -- for NCS signaling is described in the PacketCable Security -- specification. -- It involves the analysis of the pktcNcsEndPntConfigTable row -- for the corresponding endpoint number and the correlation of -- the CMS FQDN from this row with the CMS Table and -- consequently, with the Realm Table. Both of these tables -- are defined below. The pktcNcsEndPntConfigTable is defined in -- the IP over Cable Data Network (IPCDN) -- NCS Signaling MIB [NCSSIGMIB]. -- -- III. When the MTA receives wake-up or re-key messages from a -- CMS, it performs key management based on the corresponding -- entry in the CMS table. If the matching CMS entry does not -- exist, it must ignore the wake-up or re-key messages. -- --================================================================= --================================================================= -- -- pktcMtaDevRealmTable -- -- The pktcMtaDevRealmTable shows the KDC realms. The table is -- indexed with pktcMtaDevRealmIndex. The Realm Table contains the -- pktcMtaDevRealmName in conjunction with any server that needs -- a Security Association with the MTA. Uppercase must be used -- to compare the pktcMtaDevRealmName content. --
-- A Security Association may be set up either via configuration or -- via NCS signaling. -- -- I. Security association setup via configuration. -- -- The realm must be configured first. Associated with the realm -- is a KDC. The realm table (pktcMtaDevRealmTable) indicates -- information about the realm (e.g., name, organization name) and -- parameters associated with KDC communications (e.g., grace -- periods, AS Request/AS Reply adaptive back-off parameters). -- -- Once the realm is established, one or more CMS(es) may be -- defined in the realm. Associated with each CMS -- entry in the pktcMtaDevCmsTable is an explicit reference -- to a Realm via the realm name (pktcMtaDevCmsKerbRealmName), -- the FQDN of the CMS, and parameters associated with IPSec -- key management with the CMS (e.g., clock skew, AP Request/ -- AP Reply adaptive back-off parameters). -- -- II. Security association setup via NCS signaling. -- -- The procedure of establishing the Security Associations -- for NCS signaling is described in the PacketCable Security -- specification. -- It involves the analysis of the pktcNcsEndPntConfigTable row -- for the corresponding endpoint number and the correlation of -- the CMS FQDN from this row with the CMS Table and -- consequently, with the Realm Table. Both of these tables -- are defined below. The pktcNcsEndPntConfigTable is defined in -- the IP over Cable Data Network (IPCDN) -- NCS Signaling MIB [NCSSIGMIB]. -- -- III. When the MTA receives wake-up or re-key messages from a -- CMS, it performs key management based on the corresponding -- entry in the CMS table. If the matching CMS entry does not -- exist, it must ignore the wake-up or re-key messages. -- --================================================================= --================================================================= -- -- pktcMtaDevRealmTable -- -- The pktcMtaDevRealmTable shows the KDC realms. The table is -- indexed with pktcMtaDevRealmIndex. The Realm Table contains the -- pktcMtaDevRealmName in conjunction with any server that needs -- a Security Association with the MTA. Uppercase must be used -- to compare the pktcMtaDevRealmName content. --
--=================================================================
--=================================================================
pktcMtaDevRealmAvailSlot OBJECT-TYPE SYNTAX Unsigned32 (0..64) MAX-ACCESS read-only STATUS current DESCRIPTION " This object contains the index number of the first available entry in the realm table (pktcMtaDevRealmTable). If all the entries in the realm table have been assigned, this object contains the value of zero. A management station should create new entries in the realm table, using the following procedure:
pktcMtaDevRealmAvailSlot对象类型语法Unsigned32(0..64)MAX-ACCESS只读状态当前描述“此对象包含领域表(pktcMtaDevRealmTable)中第一个可用项的索引号”。如果已分配领域表中的所有条目,则此对象包含的值为零。管理工作站应使用以下过程在领域表中创建新条目:
First, issue a management protocol retrieval operation to determine the value of the first available index in the realm table (pktcMtaDevRealmAvailSlot).
首先,发出管理协议检索操作,以确定领域表(pktcMtaDevRealmAvailSlot)中第一个可用索引的值。
Second, issue a management protocol SET operation to create an instance of the pktcMtaDevRealmStatus object by setting its value to 'createAndWait(5)'.
其次,通过将pktcMtaDevRealmStatus对象的值设置为“createAndWait(5)”,发出管理协议集操作以创建pktcMtaDevRealmStatus对象的实例。
Third, if the SET operation succeeded, continue modifying the object instances corresponding to the newly created conceptual row, without fear of collision with other management stations. When all necessary conceptual columns of the row are properly populated (via SET operations or default values), the management station may SET the pktcMtaDevRealmStatus object to 'active(1)'." ::= { pktcMtaDevSecurity 5 }
Third, if the SET operation succeeded, continue modifying the object instances corresponding to the newly created conceptual row, without fear of collision with other management stations. When all necessary conceptual columns of the row are properly populated (via SET operations or default values), the management station may SET the pktcMtaDevRealmStatus object to 'active(1)'." ::= { pktcMtaDevSecurity 5 }
pktcMtaDevRealmTable OBJECT-TYPE SYNTAX SEQUENCE OF PktcMtaDevRealmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object contains the realm table. The CMS table (pktcMtaDevCmsTable) and the realm table (pktcMtaDevRealmTable) are used for managing the MTA-CMS Security Associations. The realm table defines the Kerberos realms for the Application Servers (CMSes and the Provisioning Server)." ::= { pktcMtaDevSecurity 6 }
pktcMtaDevRealmTable OBJECT-TYPE SYNTAX SEQUENCE OF PktcMtaDevRealmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object contains the realm table. The CMS table (pktcMtaDevCmsTable) and the realm table (pktcMtaDevRealmTable) are used for managing the MTA-CMS Security Associations. The realm table defines the Kerberos realms for the Application Servers (CMSes and the Provisioning Server)." ::= { pktcMtaDevSecurity 6 }
pktcMtaDevRealmEntry OBJECT-TYPE SYNTAX PktcMtaDevRealmEntry MAX-ACCESS not-accessible STATUS current
pktcMtaDevRealmEntry对象类型语法pktcMtaDevRealmEntry MAX-ACCESS不可访问状态当前
DESCRIPTION " This table entry object lists the MTA security parameters for a single Kerberos realm. The conceptual rows MUST NOT persist across MTA reboots." INDEX { pktcMtaDevRealmIndex } ::= { pktcMtaDevRealmTable 1 }
DESCRIPTION " This table entry object lists the MTA security parameters for a single Kerberos realm. The conceptual rows MUST NOT persist across MTA reboots." INDEX { pktcMtaDevRealmIndex } ::= { pktcMtaDevRealmTable 1 }
PktcMtaDevRealmEntry ::= SEQUENCE { pktcMtaDevRealmIndex Unsigned32, pktcMtaDevRealmName SnmpAdminString, pktcMtaDevRealmPkinitGracePeriod Unsigned32, pktcMtaDevRealmTgsGracePeriod Unsigned32, pktcMtaDevRealmOrgName LongUtf8String, pktcMtaDevRealmUnsolicitedKeyMaxTimeout Unsigned32, pktcMtaDevRealmUnsolicitedKeyNomTimeout Unsigned32, pktcMtaDevRealmUnsolicitedKeyMaxRetries Unsigned32, pktcMtaDevRealmStatus RowStatus }
PktcMtaDevRealmEntry ::= SEQUENCE { pktcMtaDevRealmIndex Unsigned32, pktcMtaDevRealmName SnmpAdminString, pktcMtaDevRealmPkinitGracePeriod Unsigned32, pktcMtaDevRealmTgsGracePeriod Unsigned32, pktcMtaDevRealmOrgName LongUtf8String, pktcMtaDevRealmUnsolicitedKeyMaxTimeout Unsigned32, pktcMtaDevRealmUnsolicitedKeyNomTimeout Unsigned32, pktcMtaDevRealmUnsolicitedKeyMaxRetries Unsigned32, pktcMtaDevRealmStatus RowStatus }
pktcMtaDevRealmIndex OBJECT-TYPE SYNTAX Unsigned32 (1..64) MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object defines the realm table index." ::= { pktcMtaDevRealmEntry 1}
pktcMtaDevRealmIndex OBJECT-TYPE SYNTAX Unsigned32 (1..64) MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object defines the realm table index." ::= { pktcMtaDevRealmEntry 1}
pktcMtaDevRealmName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION " This object identifies the Kerberos realm name in all capitals. The MTA MUST prohibit the instantiation of any two rows with identical Kerberos realm names. The MTA MUST also verify that any search operation involving Kerberos realm names is done using the uppercase ASCII representation of the characters." ::= { pktcMtaDevRealmEntry 2 }
pktcMtaDevRealmName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION " This object identifies the Kerberos realm name in all capitals. The MTA MUST prohibit the instantiation of any two rows with identical Kerberos realm names. The MTA MUST also verify that any search operation involving Kerberos realm names is done using the uppercase ASCII representation of the characters." ::= { pktcMtaDevRealmEntry 2 }
pktcMtaDevRealmPkinitGracePeriod OBJECT-TYPE SYNTAX Unsigned32 (15..600) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the PKINIT Grace Period. For the purpose of key management with Application Servers (CMSes
pktcMtaDevRealmPkinitGracePeriod对象类型语法Unsigned32(15..600)单位“分钟”MAX-ACCESS read create STATUS current DESCRIPTION“此对象包含PKINIT宽限期。用于应用程序服务器(CMSE)的密钥管理
or the Provisioning Server), the MTA must utilize the PKINIT exchange to obtain Application Server tickets. The MTA may utilize the PKINIT exchange to obtain Ticket Granting Tickets (TGTs), which are then used to obtain Application Server tickets in a TGS exchange. The PKINIT exchange occurs according to the current Ticket Expiration Time (TicketEXP) and on the PKINIT Grace Period (PKINITGP). The MTA MUST initiate the PKINIT exchange at the time: TicketEXP - PKINITGP." REFERENCE " PacketCable Security Specification." DEFVAL { 15 } ::= { pktcMtaDevRealmEntry 3 }
or the Provisioning Server), the MTA must utilize the PKINIT exchange to obtain Application Server tickets. The MTA may utilize the PKINIT exchange to obtain Ticket Granting Tickets (TGTs), which are then used to obtain Application Server tickets in a TGS exchange. The PKINIT exchange occurs according to the current Ticket Expiration Time (TicketEXP) and on the PKINIT Grace Period (PKINITGP). The MTA MUST initiate the PKINIT exchange at the time: TicketEXP - PKINITGP." REFERENCE " PacketCable Security Specification." DEFVAL { 15 } ::= { pktcMtaDevRealmEntry 3 }
pktcMtaDevRealmTgsGracePeriod OBJECT-TYPE SYNTAX Unsigned32 (1..600) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the Ticket Granting Server Grace Period (TGSGP). The Ticket Granting Server (TGS) Request/Reply exchange may be performed by the MTA on demand whenever an Application Server ticket is needed to establish security parameters. If the MTA possesses a ticket that corresponds to the Provisioning Server or a CMS that currently exists in the CMS table, the MTA MUST initiate the TGS Request/Reply exchange at the time: TicketEXP - TGSGP." REFERENCE " PacketCable Security Specification." DEFVAL { 10 } ::= { pktcMtaDevRealmEntry 4 }
pktcMtaDevRealmTgsGracePeriod OBJECT-TYPE SYNTAX Unsigned32 (1..600) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the Ticket Granting Server Grace Period (TGSGP). The Ticket Granting Server (TGS) Request/Reply exchange may be performed by the MTA on demand whenever an Application Server ticket is needed to establish security parameters. If the MTA possesses a ticket that corresponds to the Provisioning Server or a CMS that currently exists in the CMS table, the MTA MUST initiate the TGS Request/Reply exchange at the time: TicketEXP - TGSGP." REFERENCE " PacketCable Security Specification." DEFVAL { 10 } ::= { pktcMtaDevRealmEntry 4 }
pktcMtaDevRealmOrgName OBJECT-TYPE SYNTAX LongUtf8String MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the X.500 organization name attribute as defined in the subject name of the service provider certificate." REFERENCE " PacketCable Security Specification; RFCs 3280 and 4630, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile" ::= { pktcMtaDevRealmEntry 5 }
pktcMtaDevRealmOrgName OBJECT-TYPE SYNTAX LongUtf8String MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the X.500 organization name attribute as defined in the subject name of the service provider certificate." REFERENCE " PacketCable Security Specification; RFCs 3280 and 4630, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile" ::= { pktcMtaDevRealmEntry 5 }
pktcMtaDevRealmUnsolicitedKeyMaxTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the maximum time the MTA will attempt to perform the exponential back-off algorithm. This timer only applies when the MTA initiated key management. If the DHCP option code 122, sub-option 4, is provided to the MTA, it overwrites this value.
PKTCMTADEVREALMUNLOCKEYMAXTEOUT对象类型语法Unsigned32(1..600)单位“秒”最大读取创建状态当前说明“此对象指定MTA尝试执行指数退避算法的最长时间。此计时器仅在MTA启动密钥管理时适用。如果向MTA提供DHCP选项代码122子选项4,则会覆盖此值。
Unsolicited key updates are retransmitted according to an exponential back-off mechanism using two timers and a maximum retry counter for AS replies. The initial retransmission timer value is the nominal timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The retransmissions occur with an exponentially increasing interval that caps at the maximum timeout value (pktcMtaDevRealmUnsolicitedKeyMaxTimeout). Retransmissions stop when the maximum retry counter is reached (pktcMatDevRealmUnsolicitedMaxRetries).
根据指数退避机制,使用两个计时器和AS应答的最大重试计数器,重新传输未经请求的密钥更新。初始重传计时器值为标称计时器值(pktcmtadevrealmunrequestedkeynomtimeout)。重新传输的时间间隔呈指数增长,以最大超时值(pktcmtadevrealmunrequestedkeymaxtimeout)为上限。当达到最大重试计数器(PKTCMATDEVREALMUNRequestedMaxRetries)时,重新传输停止。
For example, with values of 3 seconds for the nominal timer, 20 seconds for the maximum timeout, and 5 retries max, retransmission intervals will be 3 s, 6 s, 12 s, 20 s, and 20 s, and retransmissions then stop because the maximum number of retries has been reached." REFERENCE " PacketCable Security Specification." DEFVAL { 100 } ::= { pktcMtaDevRealmEntry 6 }
For example, with values of 3 seconds for the nominal timer, 20 seconds for the maximum timeout, and 5 retries max, retransmission intervals will be 3 s, 6 s, 12 s, 20 s, and 20 s, and retransmissions then stop because the maximum number of retries has been reached." REFERENCE " PacketCable Security Specification." DEFVAL { 100 } ::= { pktcMtaDevRealmEntry 6 }
pktcMtaDevRealmUnsolicitedKeyNomTimeout OBJECT-TYPE SYNTAX Unsigned32 (100..600000) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the initial timeout value for the AS-REQ/AS-REP exponential back-off and retry mechanism. If the DHCP option code 122, sub-option 4, is provided to the MTA, it overwrites this value. This value should account for the average roundtrip time between the MTA and the KDC, as well as the processing delay on the KDC.
PKTCMTADEVREALMUNLocatedKeynomTimeout对象类型语法Unsigned32(100..600000)单位“毫秒”最大读取创建状态当前说明“此对象指定AS-REQ/AS-REP指数退避和重试机制的初始超时值。如果向MTA提供DHCP选项代码122子选项4,则会覆盖此值。此值应考虑MTA和KDC之间的平均往返时间,以及KDC上的处理延迟。
Unsolicited key updates are retransmitted according to an exponential back-off mechanism using two timers and a maximum retry counter for AS replies. The initial retransmission timer value is the nominal timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The retransmissions occur with an exponentially increasing interval that caps at the maximum timeout value (pktcMtaDevRealmUnsolicitedKeyMaxTimeout). Retransmissions stop when the maximum retry counter is reached (pktcMatDevRealmUnsolicitedMaxRetries).
根据指数退避机制,使用两个计时器和AS应答的最大重试计数器,重新传输未经请求的密钥更新。初始重传计时器值为标称计时器值(pktcmtadevrealmunrequestedkeynomtimeout)。重新传输的时间间隔呈指数增长,以最大超时值(pktcmtadevrealmunrequestedkeymaxtimeout)为上限。当达到最大重试计数器(PKTCMATDEVREALMUNRequestedMaxRetries)时,重新传输停止。
For example, with values of 3 seconds for the nominal timer, 20 seconds for the maximum timeout, and 5 retries max, in retransmission intervals will be 3 s, 6 s, 12 s, 20 s, and 20 s; retransmissions then stop because the maximum number of retries has been reached." REFERENCE " PacketCable Security Specification." DEFVAL { 3000 } ::= { pktcMtaDevRealmEntry 7 }
For example, with values of 3 seconds for the nominal timer, 20 seconds for the maximum timeout, and 5 retries max, in retransmission intervals will be 3 s, 6 s, 12 s, 20 s, and 20 s; retransmissions then stop because the maximum number of retries has been reached." REFERENCE " PacketCable Security Specification." DEFVAL { 3000 } ::= { pktcMtaDevRealmEntry 7 }
pktcMtaDevRealmUnsolicitedKeyMaxRetries OBJECT-TYPE SYNTAX Unsigned32 (0..1024) MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the maximum number of retries the MTA attempts to obtain a ticket from the KDC.
PKTCMTADEVREALMUNLocatedKeyMaxRetries对象类型语法Unsigned32(0..1024)MAX-ACCESS read create STATUS current DESCRIPTION“此对象指定MTA尝试从KDC获取票证的最大重试次数。
Unsolicited key updates are retransmitted according to an exponential back-off mechanism using two timers and a maximum retry counter for AS replies. The initial retransmission timer value is the nominal timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The retransmissions occur with an exponentially increasing interval that caps at the maximum timeout value (pktcMtaDevRealmUnsolicitedKeyMaxTimeout). Retransmissions stop when the maximum retry counter is reached (pktcMatDevRealmUnsolicitedMaxRetries).
根据指数退避机制,使用两个计时器和AS应答的最大重试计数器,重新传输未经请求的密钥更新。初始重传计时器值为标称计时器值(pktcmtadevrealmunrequestedkeynomtimeout)。重新传输的时间间隔呈指数增长,以最大超时值(pktcmtadevrealmunrequestedkeymaxtimeout)为上限。当达到最大重试计数器(PKTCMATDEVREALMUNRequestedMaxRetries)时,重新传输停止。
For example, with values of 3 seconds for the nominal timer, 20 seconds for the maximum timeout, and 5 retries max, retransmission intervals will be 3 s, 6 s, 12 s, 20 s, and 20 s; retransmissions then stop because the maximum number of retries has been reached." REFERENCE " PacketCable Security Specification." DEFVAL { 5 }
例如,标称计时器的值为3秒,最大超时值为20秒,最大重试次数为5次,重传间隔为3秒、6秒、12秒、20秒和20秒;由于已达到最大重试次数,因此重新传输停止。“参考”PacketCable安全规范。“定义{5}”
::= { pktcMtaDevRealmEntry 8 }
::= { pktcMtaDevRealmEntry 8 }
pktcMtaDevRealmStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines the row status of this realm in the realm table (pktcMtaDevRealmTable).
pktcMtaDevRealmStatus对象类型语法RowStatus MAX-ACCESS read create STATUS current DESCRIPTION“此对象在领域表(pktcMtaDevRealmTable)中定义此领域的行状态。
An entry in this table is not qualified for activation until the object instances of all corresponding columns have been initialized, either by default values, or via explicit SET operations. Until all object instances in this row are initialized, the status value for this realm must be 'notReady(3)'. In particular, two columnar objects must be explicitly SET: the realm name (pktcMtaDevRealmName) and the organization name (pktcMtaDevRealmOrgName). Once these 2 objects have been set and the row status is SET to 'active(1)', the MTA MUST NOT allow any modification of these 2 object values. The value of this object has no effect on whether other columnar objects in this row can be modified." ::= { pktcMtaDevRealmEntry 9 }
An entry in this table is not qualified for activation until the object instances of all corresponding columns have been initialized, either by default values, or via explicit SET operations. Until all object instances in this row are initialized, the status value for this realm must be 'notReady(3)'. In particular, two columnar objects must be explicitly SET: the realm name (pktcMtaDevRealmName) and the organization name (pktcMtaDevRealmOrgName). Once these 2 objects have been set and the row status is SET to 'active(1)', the MTA MUST NOT allow any modification of these 2 object values. The value of this object has no effect on whether other columnar objects in this row can be modified." ::= { pktcMtaDevRealmEntry 9 }
--================================================================= -- -- The CMS table, pktcMtaDevCmsTable -- -- The CMS table and the realm table (pktcMtaDevRealmTable) are used -- for managing the MTA signaling security. The CMS table defines -- the CMSes the MTA is allowed to communicate with and contains -- the parameters describing the SA establishment between the MTA -- and a CMS. -- The CMS table is indexed by pktcMtaDevCmsIndex. The table -- contains the CMS FQDN (pktcMtaDevCmsFQDN) and the associated -- Kerberos realm name (pktcMtaDevCmsKerbRealmName) so that the MTA -- can find the corresponding Kerberos realm name in the -- pktcMtaDevRealmTable. -- --=================================================================
--================================================================= -- -- The CMS table, pktcMtaDevCmsTable -- -- The CMS table and the realm table (pktcMtaDevRealmTable) are used -- for managing the MTA signaling security. The CMS table defines -- the CMSes the MTA is allowed to communicate with and contains -- the parameters describing the SA establishment between the MTA -- and a CMS. -- The CMS table is indexed by pktcMtaDevCmsIndex. The table -- contains the CMS FQDN (pktcMtaDevCmsFQDN) and the associated -- Kerberos realm name (pktcMtaDevCmsKerbRealmName) so that the MTA -- can find the corresponding Kerberos realm name in the -- pktcMtaDevRealmTable. -- --=================================================================
pktcMtaDevCmsAvailSlot OBJECT-TYPE SYNTAX Unsigned32 (0..128) MAX-ACCESS read-only STATUS current DESCRIPTION
PKTCMTADevcmAvailSlot对象类型语法Unsigned32(0..128)MAX-ACCESS只读状态当前说明
" This object contains the index number of the first available entry in the CMS table (pktcMtaDevCmsTable). If all the entries in the CMS table have been assigned, this object contains the value of zero. A management station should create new entries in the CMS table, using the following procedure:
“此对象包含CMS表(pktcMtaDevCmsTable)中第一个可用条目的索引号。如果已分配CMS表中的所有条目,则此对象包含零值。管理站应使用以下步骤在CMS表中创建新条目:
First, issue a management protocol retrieval operation to determine the value of the first available index in the CMS table (pktcMtaDevCmsAvailSlot).
首先,发出管理协议检索操作,以确定CMS表中第一个可用索引的值(pktcMtaDevCmsAvailSlot)。
Second, issue a management protocol SET operation to create an instance of the pktcMtaDevCmsStatus object by setting its value to 'createAndWait(5)'.
其次,通过将PKTCMTADEVCMSTATUS对象的值设置为“createAndWait(5)”,发出管理协议集操作以创建PKTCMTADEVCMSTATUS对象的实例。
Third, if the SET operation succeeded, continue modifying the object instances corresponding to the newly created conceptual row, without fear of collision with other management stations. When all necessary conceptual columns of the row are properly populated (via SET operations or default values), the management station may SET the pktcMtaDevCmsStatus object to 'active(1)'." ::= { pktcMtaDevSecurity 7 }
Third, if the SET operation succeeded, continue modifying the object instances corresponding to the newly created conceptual row, without fear of collision with other management stations. When all necessary conceptual columns of the row are properly populated (via SET operations or default values), the management station may SET the pktcMtaDevCmsStatus object to 'active(1)'." ::= { pktcMtaDevSecurity 7 }
pktcMtaDevCmsTable OBJECT-TYPE SYNTAX SEQUENCE OF PktcMtaDevCmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object defines the CMS table. The CMS table (pktcMtaDevCmsTable) and the realm table (pktcMtaDevRealmTable) are used for managing security between the MTA and CMSes. Each CMS table entry defines a CMS the managed MTA is allowed to communicate with and contains security parameters for key management with that CMS." ::= { pktcMtaDevSecurity 8 }
pktcMtaDevCmsTable OBJECT-TYPE SYNTAX SEQUENCE OF PktcMtaDevCmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object defines the CMS table. The CMS table (pktcMtaDevCmsTable) and the realm table (pktcMtaDevRealmTable) are used for managing security between the MTA and CMSes. Each CMS table entry defines a CMS the managed MTA is allowed to communicate with and contains security parameters for key management with that CMS." ::= { pktcMtaDevSecurity 8 }
pktcMtaDevCmsEntry OBJECT-TYPE SYNTAX PktcMtaDevCmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This table entry object lists the MTA key management parameters used when establishing Security Associations with a CMS. The conceptual rows MUST NOT persist across MTA reboots." INDEX { pktcMtaDevCmsIndex }
PKTCMTADEVCMENTRY对象类型语法PKTCMTADEVCMENTRY MAX-ACCESS不可访问状态当前描述“此表条目对象列出了在与CMS建立安全关联时使用的MTA密钥管理参数。概念行不能在MTA重新启动期间保留。”索引{PKTCMTADEVCMINDEX}
::= { pktcMtaDevCmsTable 1 }
::= { pktcMtaDevCmsTable 1 }
PktcMtaDevCmsEntry ::= SEQUENCE { pktcMtaDevCmsIndex Unsigned32, pktcMtaDevCmsFqdn SnmpAdminString, pktcMtaDevCmsKerbRealmName SnmpAdminString, pktcMtaDevCmsMaxClockSkew Unsigned32, pktcMtaDevCmsSolicitedKeyTimeout Unsigned32, pktcMtaDevCmsUnsolicitedKeyMaxTimeout Unsigned32, pktcMtaDevCmsUnsolicitedKeyNomTimeout Unsigned32, pktcMtaDevCmsUnsolicitedKeyMaxRetries Unsigned32, pktcMtaDevCmsIpsecCtrl TruthValue, pktcMtaDevCmsStatus RowStatus }
PktcMtaDevCmsEntry ::= SEQUENCE { pktcMtaDevCmsIndex Unsigned32, pktcMtaDevCmsFqdn SnmpAdminString, pktcMtaDevCmsKerbRealmName SnmpAdminString, pktcMtaDevCmsMaxClockSkew Unsigned32, pktcMtaDevCmsSolicitedKeyTimeout Unsigned32, pktcMtaDevCmsUnsolicitedKeyMaxTimeout Unsigned32, pktcMtaDevCmsUnsolicitedKeyNomTimeout Unsigned32, pktcMtaDevCmsUnsolicitedKeyMaxRetries Unsigned32, pktcMtaDevCmsIpsecCtrl TruthValue, pktcMtaDevCmsStatus RowStatus }
pktcMtaDevCmsIndex OBJECT-TYPE SYNTAX Unsigned32 (1..128) MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object defines the CMS table index." ::= { pktcMtaDevCmsEntry 1 }
pktcMtaDevCmsIndex OBJECT-TYPE SYNTAX Unsigned32 (1..128) MAX-ACCESS not-accessible STATUS current DESCRIPTION " This object defines the CMS table index." ::= { pktcMtaDevCmsEntry 1 }
pktcMtaDevCmsFqdn OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the CMS FQDN. The MTA must prohibit the instantiation of any two rows with identical FQDNs. The MTA must also verify that any search and/or comparison operation involving a CMS FQDN is case insensitive. The MTA must resolve the CMS FQDN as required by the corresponding PacketCable Specifications." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification; PacketCable Network-Based Call Signaling Protocol Specification." ::= { pktcMtaDevCmsEntry 2 }
pktcMtaDevCmsFqdn OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the CMS FQDN. The MTA must prohibit the instantiation of any two rows with identical FQDNs. The MTA must also verify that any search and/or comparison operation involving a CMS FQDN is case insensitive. The MTA must resolve the CMS FQDN as required by the corresponding PacketCable Specifications." REFERENCE " PacketCable MTA Device Provisioning Specification; PacketCable Security Specification; PacketCable Network-Based Call Signaling Protocol Specification." ::= { pktcMtaDevCmsEntry 2 }
pktcMtaDevCmsKerbRealmName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION " This object identifies the Kerberos realm name in uppercase characters associated with the CMS defined in this
pktcMtaDevCmsKerbRealmName对象类型语法SnmpAdminString(大小(1..255))MAX-ACCESS read create STATUS current DESCRIPTION“此对象以大写字符标识与此
conceptual row. The object value is a reference point to the corresponding Kerberos realm name in the realm table (pktcMtaDevRealmTable)." ::= { pktcMtaDevCmsEntry 3 }
conceptual row. The object value is a reference point to the corresponding Kerberos realm name in the realm table (pktcMtaDevRealmTable)." ::= { pktcMtaDevCmsEntry 3 }
pktcMtaDevCmsMaxClockSkew OBJECT-TYPE SYNTAX Unsigned32 (1..1800) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the maximum allowable clock skew between the MTA and the CMS defined in this row." DEFVAL { 300 } ::= { pktcMtaDevCmsEntry 4 }
pktcMtaDevCmsMaxClockSkew OBJECT-TYPE SYNTAX Unsigned32 (1..1800) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object specifies the maximum allowable clock skew between the MTA and the CMS defined in this row." DEFVAL { 300 } ::= { pktcMtaDevCmsEntry 4 }
pktcMtaDevCmsSolicitedKeyTimeout OBJECT-TYPE SYNTAX Unsigned32 (100..30000) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines a Kerberos Key Management timer on the MTA. It is the time period during which the MTA saves the nonce and Server Kerberos Principal Identifier to match an AP Request and its associated AP Reply response from the CMS. This timer only applies when the CMS initiated key management (with a Wake Up message or a Rekey message)." REFERENCE " PacketCable Security Specification." DEFVAL { 1000 } ::= { pktcMtaDevCmsEntry 5 }
pktcMtaDevCmsSolicitedKeyTimeout OBJECT-TYPE SYNTAX Unsigned32 (100..30000) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines a Kerberos Key Management timer on the MTA. It is the time period during which the MTA saves the nonce and Server Kerberos Principal Identifier to match an AP Request and its associated AP Reply response from the CMS. This timer only applies when the CMS initiated key management (with a Wake Up message or a Rekey message)." REFERENCE " PacketCable Security Specification." DEFVAL { 1000 } ::= { pktcMtaDevCmsEntry 5 }
--================================================================= -- -- Unsolicited key updates are retransmitted according to an -- exponential back-off mechanism using two timers and a maximum -- retry counter for AS replies. -- The initial retransmission timer value is the nominal timer -- value (pktcMtaDevCmsUnsolicitedKeyNomTimeout). The -- retransmissions occur with an exponentially increasing interval -- that caps at the maximum timeout value -- (pktcMtaDevCmsUnsolicitedKeyMaxTimeout). -- Retransmissions stop when the maximum retry counter is reached -- (pktcMatDevCmsUnsolicitedMaxRetries). -- For example, with values of 3 seconds for the nominal -- timer, 20 seconds for the maximum timeout, and 5 retries max, -- retransmission intervals will be 3 s, 6 s, 12 s,
--================================================================= -- -- Unsolicited key updates are retransmitted according to an -- exponential back-off mechanism using two timers and a maximum -- retry counter for AS replies. -- The initial retransmission timer value is the nominal timer -- value (pktcMtaDevCmsUnsolicitedKeyNomTimeout). The -- retransmissions occur with an exponentially increasing interval -- that caps at the maximum timeout value -- (pktcMtaDevCmsUnsolicitedKeyMaxTimeout). -- Retransmissions stop when the maximum retry counter is reached -- (pktcMatDevCmsUnsolicitedMaxRetries). -- For example, with values of 3 seconds for the nominal -- timer, 20 seconds for the maximum timeout, and 5 retries max, -- retransmission intervals will be 3 s, 6 s, 12 s,
-- 20 s, and 20 s; retransmissions then stop due to the -- maximum number of retries reached. -- --=================================================================
-- 20 s, and 20 s; retransmissions then stop due to the -- maximum number of retries reached. -- --=================================================================
pktcMtaDevCmsUnsolicitedKeyMaxTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines the timeout value that only applies to an MTA-initiated key management exchange. It is the maximum timeout, and it may not be exceeded in the exponential back-off algorithm." REFERENCE " PacketCable Security Specification." DEFVAL { 600 } ::= { pktcMtaDevCmsEntry 6 }
pktcMtaDevCmsUnsolicitedKeyMaxTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines the timeout value that only applies to an MTA-initiated key management exchange. It is the maximum timeout, and it may not be exceeded in the exponential back-off algorithm." REFERENCE " PacketCable Security Specification." DEFVAL { 600 } ::= { pktcMtaDevCmsEntry 6 }
pktcMtaDevCmsUnsolicitedKeyNomTimeout OBJECT-TYPE SYNTAX Unsigned32 (100..30000) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines the starting value of the timeout for an MTA-initiated key management. It should account for the average roundtrip time between the MTA and the CMS and the processing time on the CMS." REFERENCE " PacketCable Security Specification." DEFVAL { 500 } ::= { pktcMtaDevCmsEntry 7 }
pktcMtaDevCmsUnsolicitedKeyNomTimeout OBJECT-TYPE SYNTAX Unsigned32 (100..30000) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines the starting value of the timeout for an MTA-initiated key management. It should account for the average roundtrip time between the MTA and the CMS and the processing time on the CMS." REFERENCE " PacketCable Security Specification." DEFVAL { 500 } ::= { pktcMtaDevCmsEntry 7 }
pktcMtaDevCmsUnsolicitedKeyMaxRetries OBJECT-TYPE SYNTAX Unsigned32 (0..1024) MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the maximum number of retries before the MTA stops attempting to establish a Security Association with the CMS." REFERENCE " PacketCable Security Specification." DEFVAL { 5 } ::= { pktcMtaDevCmsEntry 8 }
pktcMtaDevCmsUnsolicitedKeyMaxRetries OBJECT-TYPE SYNTAX Unsigned32 (0..1024) MAX-ACCESS read-create STATUS current DESCRIPTION " This object contains the maximum number of retries before the MTA stops attempting to establish a Security Association with the CMS." REFERENCE " PacketCable Security Specification." DEFVAL { 5 } ::= { pktcMtaDevCmsEntry 8 }
pktcMtaDevCmsIpsecCtrl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION " This object specifies the MTA IPSec control flag. If the object value is 'true', the MTA must use Kerberos Key Management and IPsec to communicate with this CMS. If it is 'false', IPSec Signaling Security and Kerberos key management are disabled for this specific CMS." DEFVAL { true } ::= { pktcMtaDevCmsEntry 9 }
pktcMtaDevCmsIpsecCtrl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION " This object specifies the MTA IPSec control flag. If the object value is 'true', the MTA must use Kerberos Key Management and IPsec to communicate with this CMS. If it is 'false', IPSec Signaling Security and Kerberos key management are disabled for this specific CMS." DEFVAL { true } ::= { pktcMtaDevCmsEntry 9 }
pktcMtaDevCmsStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " This object defines the row status associated with this particular CMS in the CMS table (pktcMtaDevCmsTable).
PKTCMTADEVCMSTATUS对象类型语法RowStatus MAX-ACCESS read create STATUS current DESCRIPTION“此对象在CMS表(pktcMtaDevCmsTable)中定义与此特定CMS关联的行状态。
An entry in this table is not qualified for activation until the object instances of all corresponding columns have been initialized, either by default values or via explicit SET operations. Until all object instances in this row are initialized, the status value for this realm must be 'notReady(3)'. In particular, two columnar objects must be SET: the CMS FQDN (pktcMtaDevCmsFqdn) and the Kerberos realm name (pktcMtaDevCmsKerbRealmName). Once these 2 objects have been set and the row status is SET to 'active(1)', the MTA MUST NOT allow any modification of these 2 object values.
在默认值或通过显式集合操作初始化所有对应列的对象实例之前,此表中的条目不符合激活条件。在初始化此行中的所有对象实例之前,此领域的状态值必须为“notReady(3)”。特别是,必须设置两个列对象:CMS FQDN(pktcMtaDevCmsFqdn)和Kerberos领域名称(pktcMtaDevCmsKerbRealmName)。设置这两个对象并将行状态设置为“活动(1)”后,MTA不得允许对这两个对象值进行任何修改。
The value of this object has no effect on whether other columnar objects in this row can be modified." ::= { pktcMtaDevCmsEntry 10 }
The value of this object has no effect on whether other columnar objects in this row can be modified." ::= { pktcMtaDevCmsEntry 10 }
pktcMtaDevResetKrbTickets OBJECT-TYPE SYNTAX BITS { invalidateProvOnReboot (0), invalidateAllCmsOnReboot (1) } MAX-ACCESS read-write STATUS current DESCRIPTION " This object defines a Kerberos Ticket Control Mask that instructs the MTA to invalidate the specific Application
pktcMtaDevResetKrbTickets OBJECT-TYPE SYNTAX BITS { invalidateProvOnReboot (0), invalidateAllCmsOnReboot (1) } MAX-ACCESS read-write STATUS current DESCRIPTION " This object defines a Kerberos Ticket Control Mask that instructs the MTA to invalidate the specific Application
Server Kerberos ticket(s) that are stored locally in the MTA NVRAM (non-volatile or persistent memory). If the MTA does not store Kerberos tickets in NVRAM, it MUST ignore setting of this object and MUST report a BITS value of zero when the object is read. If the MTA supports Kerberos tickets storage in NVRAM, the object value is encoded as follows: - Setting the invalidateProvOnReboot bit (bit 0) to 1 means that the MTA MUST invalidate the Kerberos Application Ticket(s) for the Provisioning Application at the next MTA reboot if secure SNMP provisioning mode is used. In non-secure provisioning modes, the MTA MUST return an 'inconsistentValue' in response to SNMP SET operations with a bit 0 set to 1. - Setting the invalidateAllCmsOnReboot bit (bit 1) to 1 means that the MTA MUST invalidate the Kerberos Application Ticket(s) for all CMSes currently assigned to the MTA endpoints. If a value is written into an instance of pktcMtaDevResetKrbTickets, the agent MUST retain the supplied value across an MTA re-initialization or reboot." REFERENCE "PacketCable Security Specification." DEFVAL { { } } ::= { pktcMtaDevSecurity 9 }
Server Kerberos ticket(s) that are stored locally in the MTA NVRAM (non-volatile or persistent memory). If the MTA does not store Kerberos tickets in NVRAM, it MUST ignore setting of this object and MUST report a BITS value of zero when the object is read. If the MTA supports Kerberos tickets storage in NVRAM, the object value is encoded as follows: - Setting the invalidateProvOnReboot bit (bit 0) to 1 means that the MTA MUST invalidate the Kerberos Application Ticket(s) for the Provisioning Application at the next MTA reboot if secure SNMP provisioning mode is used. In non-secure provisioning modes, the MTA MUST return an 'inconsistentValue' in response to SNMP SET operations with a bit 0 set to 1. - Setting the invalidateAllCmsOnReboot bit (bit 1) to 1 means that the MTA MUST invalidate the Kerberos Application Ticket(s) for all CMSes currently assigned to the MTA endpoints. If a value is written into an instance of pktcMtaDevResetKrbTickets, the agent MUST retain the supplied value across an MTA re-initialization or reboot." REFERENCE "PacketCable Security Specification." DEFVAL { { } } ::= { pktcMtaDevSecurity 9 }
-- -- The following group, pktcMtaDevErrors, defines an OID -- corresponding to error conditions encountered during the MTA -- provisioning. --
-- -- The following group, pktcMtaDevErrors, defines an OID -- corresponding to error conditions encountered during the MTA -- provisioning. --
pktcMtaDevErrorsTooManyErrors OBJECT-IDENTITY STATUS current DESCRIPTION "This object defines the OID corresponding to the error condition when too many errors are encountered in the MTA configuration file during provisioning." ::= { pktcMtaDevErrors 1 }
pktcMtaDevErrorsTooManyErrors OBJECT-IDENTITY STATUS current DESCRIPTION "This object defines the OID corresponding to the error condition when too many errors are encountered in the MTA configuration file during provisioning." ::= { pktcMtaDevErrors 1 }
pktcMtaDevProvisioningEnrollment NOTIFICATION-TYPE OBJECTS { sysDescr, pktcMtaDevSwCurrentVers, pktcMtaDevTypeIdentifier, ifPhysAddress, pktcMtaDevCorrelationId
pktcmtadevprovisioningrolling通知类型对象{sysDescr,pktcMtaDevSwCurrentVers,pktcMtaDevTypeIdentifier,ifPhysAddress,pktcMtaDevCorrelationId
} STATUS current DESCRIPTION " This INFORM notification is issued by the MTA to initiate the PacketCable provisioning process when the MTA SNMP enrollment mechanism is used. It contains the system description, the current software version, the MTA device type identifier, the MTA MAC address (obtained in the MTA ifTable in the ifPhysAddress object that corresponds to the ifIndex 1), and a correlation ID." ::= { pktcMtaNotification 1 }
} STATUS current DESCRIPTION " This INFORM notification is issued by the MTA to initiate the PacketCable provisioning process when the MTA SNMP enrollment mechanism is used. It contains the system description, the current software version, the MTA device type identifier, the MTA MAC address (obtained in the MTA ifTable in the ifPhysAddress object that corresponds to the ifIndex 1), and a correlation ID." ::= { pktcMtaNotification 1 }
pktcMtaDevProvisioningStatus NOTIFICATION-TYPE OBJECTS { ifPhysAddress, pktcMtaDevCorrelationId, pktcMtaDevProvisioningState } STATUS current DESCRIPTION " This INFORM notification may be issued by the MTA to confirm the completion of the PacketCable provisioning process, and to report its provisioning completion status. It contains the MTA MAC address (obtained in the MTA ifTable in the ifPhysAddress object that corresponds to the ifIndex 1), a correlation ID and the MTA provisioning state as defined in pktcMtaDevProvisioningState." ::= { pktcMtaNotification 2 }
pktcMtaDevProvisioningStatus NOTIFICATION-TYPE OBJECTS { ifPhysAddress, pktcMtaDevCorrelationId, pktcMtaDevProvisioningState } STATUS current DESCRIPTION " This INFORM notification may be issued by the MTA to confirm the completion of the PacketCable provisioning process, and to report its provisioning completion status. It contains the MTA MAC address (obtained in the MTA ifTable in the ifPhysAddress object that corresponds to the ifIndex 1), a correlation ID and the MTA provisioning state as defined in pktcMtaDevProvisioningState." ::= { pktcMtaNotification 2 }
-- -- Compliance Statements --
----合规声明--
pktcMtaCompliances OBJECT IDENTIFIER ::= { pktcMtaConformance 1 } pktcMtaGroups OBJECT IDENTIFIER ::= { pktcMtaConformance 2 }
pktcMtaCompliances OBJECT IDENTIFIER ::= { pktcMtaConformance 1 } pktcMtaGroups OBJECT IDENTIFIER ::= { pktcMtaConformance 2 }
pktcMtaBasicCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " The compliance statement for MTA devices that implement PacketCable or IPCablecom requirements.
pktcMtaBasicCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION“实现PacketCable或IPCablecom要求的MTA设备的符合性声明。
This compliance statement applies to MTA implementations that support PacketCable 1.0 or IPCablecom requirements, which are not IPv6-capable at the time of this
本合规性声明适用于支持PacketCable 1.0或IPCablecom要求的MTA实施,这些要求在本报告发布时不支持IPv6
RFC publication."
RFC出版物。”
MODULE -- Unconditionally mandatory groups for MTAs
模块--MTA的无条件强制组
MANDATORY-GROUPS { pktcMtaGroup, pktcMtaNotificationGroup }
MANDATORY-GROUPS { pktcMtaGroup, pktcMtaNotificationGroup }
OBJECT pktcMtaDevDhcpServerAddressType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION " Support for address types other than 'ipv4(1)' is not presently specified and therefore is not required. It may be defined in future versions of this MIB module."
对象pktcMtaDevDhcpServerAddressType语法InetAddressType{ipv4(1)}说明“当前未指定对“ipv4(1)”以外的地址类型的支持,因此不是必需的。此MIB模块的未来版本中可能会定义它。”
OBJECT pktcMtaDevDnsServerAddressType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION " Support for address types other than 'ipv4(1)' is not presently specified and therefore is not required. It may be defined in future versions of this MIB module."
对象pktcMtaDevDnsServerAddressType语法InetAddressType{ipv4(1)}说明“当前未指定对“ipv4(1)”以外的地址类型的支持,因此不是必需的。它可能在该MIB模块的未来版本中定义。”
OBJECT pktcMtaDevTimeServerAddressType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION " Support for address types other than 'ipv4(1)' is not presently specified and therefore is not required. It may be defined in future versions of this MIB module."
对象pktcMtaDevTimeServerAddressType语法InetAddressType{ipv4(1)}说明“当前未指定对“ipv4(1)”以外的地址类型的支持,因此不是必需的。它可能在该MIB模块的未来版本中定义。”
OBJECT pktcMtaDevServerDhcp1 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDhcp1语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他地址类型支持。”
OBJECT pktcMtaDevServerDhcp2 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDhcp2语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他地址类型支持。”
OBJECT pktcMtaDevServerDns1
对象pktcMtaDevServerDns1
SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
语法InetAddress(大小(4))说明“一个实现只需要支持IPv4地址。其他地址类型支持可能在该MIB模块的未来版本中定义。”
OBJECT pktcMtaDevServerDns2 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDns2语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他支持的地址类型。”
OBJECT pktcMtaDevTimeServer SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevTimeServer语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他地址类型支持。”
OBJECT pktcMtaDevProvConfigEncryptAlg SYNTAX PktcMtaDevProvEncryptAlg DESCRIPTION "An implementation is only required to support values of none(0) and des64Cbcmode(1). An IV of zero is used to encrypt in des64Cbcmode, and the length of pktcMtaDevProvConfigKey is 64 bits, as defined in the PacketCable Security specification. Other encryption types may be defined in future versions of this MIB module."
对象pktcMtaDevProvConfigEncryptAlg语法PktcMtaDevProvEncryptAlg说明“实现仅需要支持none(0)和des64Cbcmode(1)的值。在des64Cbcmode中使用零的IV进行加密,pktcMtaDevProvConfigKey的长度为64位,如PacketCable安全规范中所定义。此MIB模块的未来版本中可能会定义其他加密类型。”
OBJECT pktcMtaDevRealmOrgName SYNTAX LongUtf8String (SIZE (1..384)) DESCRIPTION "The Organization Name field in X.509 certificates can contain up to 64 UTF-8 encoded characters, as defined in RFCs 3280 and 4630. Therefore, compliant devices are only required to support Organization Name values of up to 64 UTF-8 encoded characters. Given that RFCs 3280 and 4630 define the UTF-8 encoding, compliant devices must support a maximum size of 384 octets for pktcMtaDevRealmOrgName. The calculation of 384 octets comes from the RFC 3629 UTF-8 encoding definition whereby the UTF-8 encoded characters are encoded as sequences of 1 to 6 octets, assuming that code points as high as 0x7ffffffff might be used. Subsequent versions of Unicode and ISO 10646 have limited the upper bound to 0x10ffff.
对象pktcMtaDevRealmOrgName语法LongUtf8String(大小(1..384))说明“X.509证书中的组织名称字段最多可包含64个UTF-8编码字符,如RFCs 3280和4630中所定义。因此,兼容设备只需要支持多达64个UTF-8编码字符的组织名称值。鉴于RFC 3280和4630定义了UTF-8编码,兼容设备必须支持pktcMtaDevRealmOrgName的最大大小为384个八位字节。384个八位字节的计算来自RFC 3629 UTF-8编码定义,其中UTF-8编码字符编码为1到6个八位字节的序列,假设可能使用高达0x7FFFFFF的码点。Unicode和ISO10646的后续版本将上限限制为0x10ffff。
Consequently, the current version of UTF-8, defined in RFC 3629, does not require more than four octets to encode a valid code point."
因此,RFC 3629中定义的UTF-8的当前版本不需要超过四个八位字节来编码有效的代码点。”
::= { pktcMtaCompliances 1 }
::= { pktcMtaCompliances 1 }
pktcMtaGroup OBJECT-GROUP OBJECTS { pktcMtaDevResetNow, pktcMtaDevSerialNumber, pktcMtaDevSwCurrentVers, pktcMtaDevFQDN, pktcMtaDevEndPntCount, pktcMtaDevEnabled, pktcMtaDevProvisioningCounter, pktcMtaDevErrorOid, pktcMtaDevErrorValue, pktcMtaDevErrorReason, pktcMtaDevTypeIdentifier, pktcMtaDevProvisioningState, pktcMtaDevHttpAccess, pktcMtaDevCertificate, pktcMtaDevCorrelationId, pktcMtaDevManufacturerCertificate, pktcMtaDevDhcpServerAddressType, pktcMtaDevDnsServerAddressType, pktcMtaDevTimeServerAddressType, pktcMtaDevProvConfigEncryptAlg, pktcMtaDevServerDhcp1, pktcMtaDevServerDhcp2, pktcMtaDevServerDns1, pktcMtaDevServerDns2, pktcMtaDevTimeServer, pktcMtaDevConfigFile, pktcMtaDevSnmpEntity, pktcMtaDevRealmPkinitGracePeriod, pktcMtaDevRealmTgsGracePeriod, pktcMtaDevRealmAvailSlot, pktcMtaDevRealmName, pktcMtaDevRealmOrgName, pktcMtaDevRealmUnsolicitedKeyMaxTimeout, pktcMtaDevRealmUnsolicitedKeyNomTimeout, pktcMtaDevRealmUnsolicitedKeyMaxRetries, pktcMtaDevRealmStatus, pktcMtaDevCmsAvailSlot, pktcMtaDevCmsFqdn, pktcMtaDevCmsKerbRealmName, pktcMtaDevCmsUnsolicitedKeyMaxTimeout,
PKTCMTAGOUP对象组对象{pktcMtaDevResetNow、pktcMtaDevSerialNumber、pktcMtaDevSwCurrentVers、PKTCMTADEVQDN、pktcMtaDevEndPntCount、pktcMtaDevEnabled、PKTCMTADEVOVERROID、PKTCMTADEVERROVALUE、pktcMtaDevErrorReason、pktcMtaDevTypeIdentifier、PKTCMTADEVROVINGSTATE、PKTCMTADEVEROVERROVICESS,PKTCMTADEVManufactureCertificate、pktcMtaDevDhcpServerAddressType、pktcMtaDevDnsServerAddressType、pktcMtaDevTimeServerAddressType、PKTCMTADEVPROVConfication、pktcMtaDevServerDhcp1、pktcMtaDevServerDhcp2、pktcMtaDevServerDns1、pktcMtaDevServerDns2、pktcMtaDevTimeServer、pktcMtaDevConfigFile、PKTCMTADEVServerPentity、PKTCMTADEVEREALKInitGraceEROID、PKTCMTADEVREALMTGSGREACEPERIOD、pktcMtaDevRealmAvailSlot、PKTCMTADEVREALMORNAGAME、PKTCMTADEVREALMUNCELSECTED KEYMAXTEOUT、PKTCMTADEVREALMUNCELSECTED KEYMAXTEOUT、PKTCMTADEVERALMSTATUS、PKTCMTADEVCMAVALILSLOT、pktcMtaDevCmsFqdn、PKTCMTADEVCERBEALMBREALMNAME、PKTCMTADEVCMSUNCELMSUNLOCITEdKeyMaxTimeout,
pktcMtaDevCmsUnsolicitedKeyNomTimeout, pktcMtaDevCmsUnsolicitedKeyMaxRetries, pktcMtaDevCmsSolicitedKeyTimeout, pktcMtaDevCmsMaxClockSkew, pktcMtaDevCmsIpsecCtrl, pktcMtaDevCmsStatus, pktcMtaDevResetKrbTickets, pktcMtaDevProvUnsolicitedKeyMaxTimeout, pktcMtaDevProvUnsolicitedKeyNomTimeout, pktcMtaDevProvUnsolicitedKeyMaxRetries, pktcMtaDevProvKerbRealmName, pktcMtaDevProvSolicitedKeyTimeout, pktcMtaDevProvConfigHash, pktcMtaDevProvConfigKey, pktcMtaDevProvState, pktcMtaDevProvisioningTimer, pktcMtaDevTelephonyRootCertificate } STATUS current DESCRIPTION " A collection of objects for managing PacketCable or IPCablecom MTA implementations." ::= { pktcMtaGroups 1 }
pktcMtaDevCmsUnsolicitedKeyNomTimeout, pktcMtaDevCmsUnsolicitedKeyMaxRetries, pktcMtaDevCmsSolicitedKeyTimeout, pktcMtaDevCmsMaxClockSkew, pktcMtaDevCmsIpsecCtrl, pktcMtaDevCmsStatus, pktcMtaDevResetKrbTickets, pktcMtaDevProvUnsolicitedKeyMaxTimeout, pktcMtaDevProvUnsolicitedKeyNomTimeout, pktcMtaDevProvUnsolicitedKeyMaxRetries, pktcMtaDevProvKerbRealmName, pktcMtaDevProvSolicitedKeyTimeout, pktcMtaDevProvConfigHash, pktcMtaDevProvConfigKey, pktcMtaDevProvState, pktcMtaDevProvisioningTimer, pktcMtaDevTelephonyRootCertificate } STATUS current DESCRIPTION " A collection of objects for managing PacketCable or IPCablecom MTA implementations." ::= { pktcMtaGroups 1 }
pktcMtaNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { pktcMtaDevProvisioningStatus, pktcMtaDevProvisioningEnrollment } STATUS current DESCRIPTION " A collection of notifications dealing with the change of MTA provisioning status." ::= { pktcMtaGroups 2 }
pktcMtaNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { pktcMtaDevProvisioningStatus, pktcMtaDevProvisioningEnrollment } STATUS current DESCRIPTION " A collection of notifications dealing with the change of MTA provisioning status." ::= { pktcMtaGroups 2 }
pktcMtaBasicSmtaCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " The compliance statement for S-MTA devices that implement PacketCable or IPCablecom requirements.
PKTCMTABASICSMTA COMPLIANCE MODULE-COMPLIANCE STATUS current DESCRIPTION“实现PacketCable或IPCablecom要求的S-MTA设备的符合性声明。
This compliance statement applies to S-MTA implementations that support PacketCable or IPCablecom requirements, which are not IPv6-capable at the time of this RFC publication."
本合规性声明适用于支持PacketCable或IPCablecom要求的S-MTA实施,这些要求在本RFC发布时不支持IPv6。”
MODULE -- Unconditionally Mandatory Groups for S-MTA devices MANDATORY-GROUPS {
模块--S-MTA设备的无条件强制组强制组{
pktcMtaGroup, pktcMtaNotificationGroup }
pktcMtaGroup,pktcMtaNotificationGroup}
OBJECT pktcMtaDevDhcpServerAddressType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION " Support for address types other than 'ipv4(1)' is not presently specified and therefore is not required. It may be defined in future versions of this MIB module."
对象pktcMtaDevDhcpServerAddressType语法InetAddressType{ipv4(1)}说明“当前未指定对“ipv4(1)”以外的地址类型的支持,因此不是必需的。此MIB模块的未来版本中可能会定义它。”
OBJECT pktcMtaDevDnsServerAddressType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION " Support for address types other than 'ipv4(1)' is not presently specified and therefore is not required. It may be defined in future versions of this MIB module."
对象pktcMtaDevDnsServerAddressType语法InetAddressType{ipv4(1)}说明“当前未指定对“ipv4(1)”以外的地址类型的支持,因此不是必需的。它可能在该MIB模块的未来版本中定义。”
OBJECT pktcMtaDevTimeServerAddressType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION " Support for address types other than 'ipv4(1)' is not presently specified and therefore is not required. It may be defined in future versions of this MIB module."
对象pktcMtaDevTimeServerAddressType语法InetAddressType{ipv4(1)}说明“当前未指定对“ipv4(1)”以外的地址类型的支持,因此不是必需的。它可能在该MIB模块的未来版本中定义。”
OBJECT pktcMtaDevServerDhcp1 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDhcp1语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他地址类型支持。”
OBJECT pktcMtaDevServerDhcp2 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDhcp2语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他地址类型支持。”
OBJECT pktcMtaDevServerDns1 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDns1语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他支持的地址类型。”
OBJECT pktcMtaDevServerDns2 SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevServerDns2语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他支持的地址类型。”
OBJECT pktcMtaDevTimeServer SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. Other address types support may be defined in future versions of this MIB module."
对象pktcMtaDevTimeServer语法InetAddress(大小(4))说明“仅需要一个实现来支持IPv4地址。此MIB模块的未来版本中可能会定义其他地址类型支持。”
OBJECT pktcMtaDevProvConfigEncryptAlg SYNTAX PktcMtaDevProvEncryptAlg DESCRIPTION "An implementation is only required to support values of none(0) and des64Cbcmode(1). An IV of zero is used to encrypt in des64Cbcmode, and the length of pktcMtaDevProvConfigKey is 64 bits, as defined in the PacketCable Security specification. Other encryption types may be defined in future versions of this MIB module."
对象pktcMtaDevProvConfigEncryptAlg语法PktcMtaDevProvEncryptAlg说明“实现仅需要支持none(0)和des64Cbcmode(1)的值。在des64Cbcmode中使用零的IV进行加密,pktcMtaDevProvConfigKey的长度为64位,如PacketCable安全规范中所定义。此MIB模块的未来版本中可能会定义其他加密类型。”
OBJECT pktcMtaDevRealmOrgName SYNTAX LongUtf8String (SIZE (1..384)) DESCRIPTION "The Organization Name field in X.509 certificates can contain up to 64 UTF-8 encoded characters, as defined in RFCs 3280 and 4630. Therefore, compliant devices are only required to support Organization Name values of up to 64 UTF-8 encoded characters. Given that RFCs 3280 and 4630 define the UTF-8 encoding, compliant devices must support a maximum size of 384 octets for pktcMtaDevRealmOrgName. The calculation of 384 octets comes from the RFC 3629 UTF-8 encoding definition whereby the UTF-8 encoded characters are encoded as sequences of 1 to 6 octets, assuming that code points as high as 0x7ffffffff might be used. Subsequent versions of Unicode and ISO 10646 have limited the upper bound to 0x10ffff. Consequently, the current version of UTF-8, defined in RFC 3629 does not require more than four octets to encode a valid code point." MODULE DOCS-CABLE-DEVICE-MIB MANDATORY-GROUPS {
对象pktcMtaDevRealmOrgName语法LongUtf8String(大小(1..384))说明“X.509证书中的组织名称字段最多可包含64个UTF-8编码字符,如RFCs 3280和4630中所定义。因此,兼容设备只需要支持多达64个UTF-8编码字符的组织名称值。鉴于RFC 3280和4630定义了UTF-8编码,兼容设备必须支持pktcMtaDevRealmOrgName的最大大小为384个八位字节。384个八位字节的计算来自RFC 3629 UTF-8编码定义,其中UTF-8编码字符编码为1到6个八位字节的序列,假设可能使用高达0x7FFFFFF的码点。Unicode和ISO10646的后续版本将上限限制为0x10ffff。因此,RFC 3629中定义的UTF-8的当前版本不需要超过四个八位字节来编码一个有效的代码点。“模块DOCS-CABLE-DEVICE-MIB-MANDATORY-GROUPS{
docsDevSoftwareGroupV2 }
docsDevSoftwareGroupV2}
MODULE DOCS-IETF-BPI2-MIB MANDATORY-GROUPS { docsBpi2CodeDownloadGroup }
MODULE DOCS-IETF-BPI2-MIB MANDATORY-GROUPS { docsBpi2CodeDownloadGroup }
::= { pktcMtaCompliances 2 }
::= { pktcMtaCompliances 2 }
END
终止
The current editors would like to thank the members of the IETF IPCDN working group and the CableLabs PacketCable Provisioning and OSS focus team for their comments and suggestions. In particular, we wish to express our gratitude for the contributions made by the following individuals (in no particular order): Angela Lyda,Sumanth Channabasappa, Matt A. Osman, Klaus Hermanns, Paul Duffy, Rick Vetter, Sasha Medvinsky, Roy Spitzer, Itay Sherman, Satish Kumar and Eric Rosenfeld. Finally, special thanks to our area director Bert Wijnen, Rich Woundy, Randy Presuhn, Mike Heard, and Dave Thaler.
当前的编辑要感谢IETF IPCDN工作组和CableLabs PacketCable Provisioning and OSS focus团队的成员提出的意见和建议。特别是,我们要对以下个人所做的贡献表示感谢(无特定顺序):安吉拉·利达、苏曼斯·钱纳巴萨帕、马特·A·奥斯曼、克劳斯·赫尔曼、保罗·达菲、里克·维特、萨沙·梅文斯基、罗伊·斯皮策、伊泰·谢尔曼、萨蒂什·库马尔和埃里克·罗森菲尔德。最后,特别感谢我们的区域总监伯特·维恩、里奇·沃迪、兰迪·普雷森、迈克·赫德和戴夫·泰勒。
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. Improper manipulation of the objects defined in this MIB may result in random behavior of MTA devices and may result in service disruption. These are the tables and objects and their sensitivity/vulnerability:
此MIB模块中定义了许多管理对象,其MAX-ACCESS子句为read-write和/或read-create。在某些网络环境中,此类对象可能被视为敏感或易受攻击。在没有适当保护的非安全环境中支持SET操作可能会对网络操作产生负面影响。对此MIB中定义的对象的不当操作可能会导致MTA设备的随机行为,并可能导致服务中断。以下是表和对象及其敏感度/漏洞:
- The following objects, if SET maliciously, would cause the MTA device to reset and/or stop its service:
- 如果恶意设置以下对象,将导致MTA设备重置和/或停止其服务:
pktcMtaDevResetNow. pktcMtaDevEnabled.
pktcMtaDevResetNow。pktcmta已被删除。
- All writable objects in the pktcMtaDevServer group and some in the pktcMtaDevRealmTable share the potential, if SET maliciously, to prevent the MTA from provisioning properly. Thus, they are considered very sensitive for service delivery. The objects in question are:
- pktcMtaDevServer组中的所有可写对象以及pktcMtaDevRealmTable中的一些可写对象都有可能(如果恶意设置)阻止MTA正确设置。因此,他们被认为对提供服务非常敏感。有关对象包括:
pktcMtaDevProvisioningTimer, pktcMtaDevDhcpServerAddressType, pktcMtaDevDnsServerAddressType, pktcMtaDevTimeServerAddressType, pktcMtaDevProvConfigEncryptAlg, pktcMtaDevServerDns1, pktcMtaDevServerDns2, pktcMtaDevTimeServer, pktcMtaDevConfigFile, pktcMtaDevProvConfigHash, pktcMtaDevProvConfigKey, pktcMtaDevProvSolicitedKeyTimeout, pktcMtaDevRealmName, pktcMtaDevRealmOrgName, pktcMtaDevRealmUnsolicitedKeyMaxTimeout, pktcMtaDevRealmUnsolicitedKeyNomTimeout, pktcMtaDevRealmUnsolicitedKeyMaxRetries, and pktcMtaDevRealmStatus.
pktcMtaDevProvisioningTimer、pktcMtaDevDhcpServerAddressType、PKTCMTADEVDServerAddressType、pktcMtaDevTimeServerAddressType、PKTCMTADEVPROVConfigencyPTALG、pktcMtaDevServerDns1、pktcMtaDevServerDns2、pktcMtaDevTimeServer、pktcMtaDevConfigFile、PKTCMTADEVROVConfighash、PKTCMTADEVROVConfigKey、PKTCMTADEVROVSOLICITEDKEYOUT、,pktcMtaDevRealmName、pktcMtaDevRealmOrgName、PKTCMTADEVREALMUNLOCKEYMAXTEOUT、PKTCMTADEVREALMUNLOCKEYNOMTEOUT、PKTCMTADEVREALMUNLOCKEYMAXTERIES和pktcMtaDevRealmStatus。
Certain of the above objects have additional specific vulnerabilities:
上述某些对象具有其他特定漏洞:
o pktcMtaDevServerDns1 and pktcMtaDevServerDns2, if SET maliciously, could prevent the MTA from being authenticated and consequently from getting telephony services.
o 如果恶意设置pktcMtaDevServerDns1和pktcMtaDevServerDns2,可能会阻止MTA进行身份验证,从而阻止其获得电话服务。
o pktcMtaDevRealmStatus, if SET maliciously, could cause the whole row of the table to be deleted, which may prevent MTA from getting telephony services.
o 如果恶意设置pktcMtaDevRealmStatus,可能会导致删除表的整行,这可能会阻止MTA获得电话服务。
- All writable objects in the pktcMtaDevCmsTable table share the potential, if SET maliciously, to disrupt the telephony service by altering which Call Management Server the MTA must send signaling registration to; in particular:
- pktcMtaDevCmsTable表中的所有可写对象都有可能(如果恶意设置)通过更改MTA必须向哪个呼叫管理服务器发送信令注册而中断电话服务;特别地:
pktcMtaDevCmsFqdn, pktcMtaDevCmsKerbRealmName, pktcMtaDevCmsMaxClockSkew, pktcMtaDevCmsSolicitedKeyTimeout, pktcMtaDevCmsUnsolicitedKeyMaxTimeout, pktcMtaDevCmsUnsolicitedKeyNomTimeout, pktcMtaDevCmsUnsolicitedKeyMaxRetries (this object, if set to a zero value '0', may prevent the MTA from retrying its attempt to establish a Security Association with the CMS), and pktcMtaDevCmsStatus.
pktcMtaDevCmsFqdn、pktcMtaDevCmsKerbRealmName、pktcmtadevcmaxclockskew、pktcmtadevcmsolicitedkeytimeout、pktcmtadevcmunsolicitedkeymaxtimeout、pktcmtadevcmunsolicitedkeynomtimeout、pktcmtadevcmunsolicitedkeymaxretries(如果将此对象设置为零值“0”,可能会阻止MTA重试与CMS建立安全关联的尝试)和PKTCMTADevcmStatus。
- Some writable objects in the pktcMtaDevRealmTable table will not have an immediate effect on service, if SET maliciously. However, they may impact the service performance and cause avalanche attacks on provisioning and Kerberos KDC servers, especially after massive device reboots occur. The objects in question are as follows:
- 如果恶意设置pktcMtaDevRealmTable表中的某些可写对象,则不会立即影响服务。但是,它们可能会影响服务性能,并对资源调配和Kerberos KDC服务器造成雪崩攻击,特别是在发生大规模设备重新启动之后。有关对象如下:
pktcMtaDevResetKrbTickets: This object, if set to 'true', will cause the MTA to request a new Kerberos ticket at reboot.
pktcMtaDevResetKrbTickets:如果此对象设置为“true”,将导致MTA在重新启动时请求新的Kerberos票证。
pktcMtaDevRealmPkinitGracePeriod, pktcMtaDevRealmTgsGracePeriod: These 2 objects, if set to short time periods, will cause the MTA to renew its tickets more frequently.
pktcMtaDevRealmPkinitGracePeriod、pktcMtaDevRealmTgsGracePeriod:如果将这两个对象设置为短时间段,将导致MTA更频繁地续订其票证。
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. Some of these objects may contain information that may be sensitive from a business or customer perspective. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP.
在某些网络环境中,此MIB模块中的某些可读对象(即具有MAX-ACCESS而非not ACCESS的对象)可能被视为敏感或易受攻击。其中一些对象可能包含从业务或客户角度看可能敏感的信息。因此,在通过SNMP通过网络发送这些对象时,控制甚至获取和/或通知对这些对象的访问,甚至可能加密这些对象的值,这一点非常重要。
These are the tables and objects and their sensitivity and vulnerability:
这些是表和对象及其敏感度和漏洞:
- Some readable objects in the pktcMtaDevBase, pktcMtaDevServer, and pktcMtaDevSecurity groups share the potential, if read maliciously, to facilitate Denial-of-Service (DoS) attacks against provisioning or Kerberos servers. The object in question are as follows:
- pktcMtaDevBase、pktcMtaDevServer和pktcMtaDevSecurity组中的某些可读对象如果被恶意读取,可能会导致针对设置或Kerberos服务器的拒绝服务(DoS)攻击。有关目标如下:
pktcMtaDevServerDhcp1, pktcMtaDevServerDhcp2, and pktcMtaDevSnmpEntity. The values of these objects may be used to launch DoS attacks on the Telephony Service Provider DHCP or Provisioning servers.
pktcMtaDevServerDhcp1、pktcMtaDevServerDhcp2和pktcMtaDevSnmpEntity。这些对象的值可用于对电话服务提供商DHCP或配置服务器发起DoS攻击。
pktcMtaDevProvKerbRealmName, pktcMtaDevManufacturerCertificate, pktcMtaDevCertificate and pktcMtaDevTelephonyRootCertificate. The values of these objects may be used by attackers to launch DoS attacks against Kerberos servers.
PKTCMTADevprovkerbrealName、PKTCMTADevManufactureCertificate、pktcMtaDevCertificate和pktcMtaDevTelephonyRootCertificate。这些对象的值可能被攻击者用来对Kerberos服务器发起DoS攻击。
- One additional readable object may expose some security threats: pktcMtaDevFQDN. This object may include sensitive information about the domain name, and potentially, the domain topology.
- 另外一个可读对象可能会暴露一些安全威胁:pktcMtaDevFQDN。此对象可能包括有关域名的敏感信息,可能还包括域拓扑。
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is
SNMPv3之前的SNMP版本未包含足够的安全性。即使网络本身是安全的(例如通过使用IPSec),也无法控制安全网络上的用户
allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
允许访问和获取/设置(读取/更改/创建/删除)此MIB模块中的对象。
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see Section 8 in [RFC3410]), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
建议实施者考虑SNMPv3框架提供的安全特性(参见[RCFC1010]中的第8节),包括对SNMPv3加密机制的完全支持(用于身份验证和隐私)。
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商应负责确保授予访问此MIB模块实例权限的SNMP实体已正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)访问对象。
The MIB module defined in this document uses the following IANA-assigned OBJECT IDENTIFIER values, recorded in the SMI Numbers registry:
本文档中定义的MIB模块使用以下IANA分配的对象标识符值,记录在SMI编号注册表中:
Descriptor OBJECT IDENTIFIER value ---------- ----------------------- pktcIetfMtaMib { mib-2 140 }
Descriptor OBJECT IDENTIFIER value ---------- ----------------------- pktcIetfMtaMib { mib-2 140 }
[RFC868] Postel, J. and K. Harrenstien, "Time Protocol", STD 26, RFC 868, May 1983.
[RFC868]Postel,J.和K.Harrenstien,“时间协议”,STD 26,RFC 868,1983年5月。
[RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, RFC 1350, July 1992.
[RFC1350]Sollins,K.,“TFTP协议(修订版2)”,STD 33,RFC 1350,1992年7月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[RFC2131]Droms,R.,“动态主机配置协议”,RFC21311997年3月。
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.
[RFC2132]Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。
[RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level Managed Objects for Applications", RFC 2287, February 1998.
[RFC2287]Krupczak,C.和J.Saperia,“应用程序系统级托管对象的定义”,RFC 2287,1998年2月。
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder J., Case, J. Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2578]McCloghrie,K.,Perkins,D.,Schoenwaeld J.,Case,J.Rose,M.和S.Waldbusser,“管理信息结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J. Case, J. Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2579]McCloghrie,K.,Perkins,D.,Schoenwaeld,J.Case,J.Rose,M.和S.Waldbusser,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2580]McCloghrie,K.,Perkins,D.,Schoenwaeld J.,Case,J.,Rose,M.和S.Waldbusser,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC2616]菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.,和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC 2616,1999年6月。
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000.
[RFC2863]McCloghrie,K.和F.Kastenholz,“接口组MIB”,RFC 28632000年6月。
[RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.
[RFC3280]Housley,R.,Polk,W.,Ford,W.,和D.Solo,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)概要”,RFC 32802002年4月。
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
[RFC3418] Presuhn, R., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002.
[RFC3418]Presohn,R.,“简单网络管理协议(SNMP)的管理信息库(MIB)”,STD 62,RFC 3418,2002年12月。
[RFC3495] Beser, B. and P. Duffy, "Dynamic Host Configuration Protocol (DHCP) Option for CableLabs Client Configuration", RFC 3495, March 2003.
[RFC3495]Beser,B.和P.Duffy,“CableLabs客户端配置的动态主机配置协议(DHCP)选项”,RFC 3495,2003年3月。
[RFC3594] Duffy, P., "PacketCable Security Ticket Control Sub-Option for the DHCP CableLabs Client Configuration (CCC) Option", RFC 3594, September 2003.
[RFC3594]Duffy,P.,“DHCP CableLabs客户端配置(CCC)选项的PacketCable安全票证控制子选项”,RFC 3594,2003年9月。
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005.
[RFC4001]Daniele,M.,Haberman,B.,Routhier,S.,和J.Schoenwaeld,“互联网网络地址的文本约定”,RFC 4001,2005年2月。
[RFC4131] Green, S., Ozawa, K., Cardona, E., and A. Katsnelson, "Management Information Base for Data Over Cable Service Interface Specification (DOCSIS) Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus", RFC 4131, September 2005.
[RFC4131]Green,S.,Ozawa,K.,Cardona,E.,和A.Katsnelson,“电缆数据服务接口规范(DOCSIS)电缆调制解调器和基线隐私Plus电缆调制解调器终端系统的管理信息库”,RFC 41312005年9月。
[RFC4630] Housley, R. and S. Santesson, "Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4630, August 2006.
[RFC4630]Housley,R.和S.Santesson,“更新Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中的DirectoryString处理”,RFC 4630,2006年8月。
[RFC4639] Woundy, R. and K. Marez, "Cable Device Management Information Base for Data-Over-Cable Service Interface Specification (DOCSIS) Compliant Cable Modems and Cable Modem Termination Systems", RFC 4639, December 2006.
[RFC4639]Woundy,R.和K.Marez,“电缆数据服务接口规范(DOCSIS)兼容电缆调制解调器和电缆调制解调器终端系统的电缆设备管理信息库”,RFC 4639,2006年12月。
[PKT-SP-PROV] Packetcable MTA Device Provisioning Specification, Issued, PKT-SP-PROV-I11-050812, August 2005. http://www.packetcable.com/specifications/ http://www.cablelabs.com/specifications/archives/
[PKT-SP-PROV] Packetcable MTA Device Provisioning Specification, Issued, PKT-SP-PROV-I11-050812, August 2005. http://www.packetcable.com/specifications/ http://www.cablelabs.com/specifications/archives/
[PKT-SP-SEC] PacketCable Security Specification, Issued, PKT-SP- SEC-I12-050812, August 2005. http://www.packetcable.com/specifications/ http://www.cablelabs.com/specifications/archives/
[PKT-SP-SEC] PacketCable Security Specification, Issued, PKT-SP- SEC-I12-050812, August 2005. http://www.packetcable.com/specifications/ http://www.cablelabs.com/specifications/archives/
[ITU-T-J112] Transmission Systems for Interactive Cable Television Services, Annex B, J.112, ITU-T, March, 1998.
[ITU-T-J112]交互式有线电视服务的传输系统,附件B,J.112,ITU-T,1998年3月。
[ITU-T-J168] IPCablecom Multimedia Terminal Adapter (MTA) MIB requirements, J.168, ITU-T, March, 2001.
[ITU-T-J168]IPCablecom多媒体终端适配器(MTA)MIB要求,J.168,ITU-T,2001年3月。
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。
[RFC3617] Lear, E., "Uniform Resource Identifier (URI) Scheme and Applicability Statement for the Trivial File Transfer Protocol (TFTP)", RFC 3617, October 2003.
[RFC3617]李尔,E.“普通文件传输协议(TFTP)的统一资源标识符(URI)方案和适用性声明”,RFC3617,2003年10月。
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.
[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。
[PKT-SP-MIB-MTA] Packetcable MTA MIB Specification, Issued, PKT-SP- MIB-MTA-I10-050812, August 2005. http://www.packetcable.com/specifications/ http://www.cablelabs.com/specifications/archives/
[PKT-SP-MIB-MTA] Packetcable MTA MIB Specification, Issued, PKT-SP- MIB-MTA-I10-050812, August 2005. http://www.packetcable.com/specifications/ http://www.cablelabs.com/specifications/archives/
[ETSITS101909-8] ETSI TS 101 909-8: "Access and Terminals (AT); Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 8: Media Terminal Adaptor (MTA) Management Information Base (MIB)".
[ETSITS101909-8]ETSI TS 101 909-8:“接入和终端(AT);公共电信网络的数字宽带电缆接入;IP多媒体时间关键业务;第8部分:媒体终端适配器(MTA)管理信息库(MIB)”。
[EN300001] EN 300 001 V1.5.1 (1998-10):"European Standard (Telecommunications series) Attachments to Public Switched Telephone Network (PSTN); General technical requirements for equipment connected to an analogue subscriber interface in the PSTN".
[EN300001]EN 300 001 V1.5.1(1998-10):“公共交换电话网(PSTN)的欧洲标准(电信系列)附件;连接到PSTN中模拟用户接口的设备的一般技术要求”。
[EN300659-1] EN 300 659-1: "Public Switched Telephone Network (PSTN); Subscriber line protocol over the local loop for display (and related) services; Part 1: On hook data transmission".
[EN300659-1]EN 300 659-1:“公共交换电话网(PSTN).显示(及相关)业务本地环路上的用户线协议.第1部分:挂机数据传输”。
[NCSSIGMIB] Beacham G., Kumar S., Channabasappa S., "Network Control Signaling (NCS) Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs)", Work in Progress, June 2006.
[NCSSIGMIB]Beacham G.,Kumar S.,Channabasappa S.,“用于PacketCable和IPCablecom多媒体终端适配器(MTA)的网络控制信令(NCS)信令MIB”,正在进行的工作,2006年6月。
Authors' Addresses
作者地址
Eugene Nechamkin Broadcom Corporation, 200 - 13711 International Place Richmond, BC, V6V 2Z8 CANADA
Eugene Nechamkin Broadcom公司,加拿大不列颠哥伦比亚省里士满国际广场200-13711号,邮编:V6V 2Z8
Phone: +1 604 233 8500 EMail: enechamkin@broadcom.com
Phone: +1 604 233 8500 EMail: enechamkin@broadcom.com
Jean-Francois Mule Cable Television Laboratories, Inc. 858 Coal Creek Circle Louisville, Colorado 80027-9750 U.S.A.
Jean-Francois Mule有线电视实验室有限公司,美国科罗拉多州路易斯维尔市煤溪圈858号,邮编80027-9750。
Phone: +1 303 661 9100 EMail: jf.mule@cablelabs.com
Phone: +1 303 661 9100 EMail: jf.mule@cablelabs.com
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2006).
版权所有(C)IETF信托基金(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST, AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。