-- Network Working Group F. Kastenholz
-- Request for Comments: 1472 FTP Software, Inc.
-- June 1993
--
--
-- The Definitions of Managed Objects for
-- the Security Protocols of
-- the Point-to-Point Protocol
--PPP-SEC-MIB DEFINITIONS::=BEGINIMPORTSCounterFROM RFC1155-SMI
OBJECT-TYPE
FROM RFC-1212
ppp
FROM PPP-LCP-MIB;pppSecurity OBJECTIDENTIFIER::={ ppp 2}pppSecurityProtocols OBJECTIDENTIFIER::={ pppSecurity 1}-- The following uniquely identify the various protocols-- used by PPP security. These OBJECT IDENTIFIERS are-- used in the pppSecurityConfigProtocol and-- pppSecuritySecretsProtocol objects to identify to which-- protocols the table entries apply.pppSecurityPapProtocol OBJECTIDENTIFIER::={ pppSecurityProtocols 1}pppSecurityChapMD5Protocol OBJECTIDENTIFIER::={ pppSecurityProtocols 2}
-- PPP Security Group-- Implementation of this group is optional.-- This table allows the network manager to configure-- which security protocols are to be used on which-- link and in what order of preference each is to be triedpppSecurityConfigTable OBJECT-TYPESYNTAXSEQUENCEOF PppSecurityConfigEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Table containing the configuration and
preference parameters for PPP Security."::={ pppSecurity 2}pppSecurityConfigEntry OBJECT-TYPESYNTAX PppSecurityConfigEntry
ACCESSnot-accessibleSTATUSmandatory
DESCRIPTION"Security configuration information for a
particular PPP link."INDEX{ pppSecurityConfigLink,
pppSecurityConfigPreference }::={ pppSecurityConfigTable 1}
PppSecurityConfigEntry ::=SEQUENCE{
pppSecurityConfigLink
INTEGER,
pppSecurityConfigPreference
INTEGER,
pppSecurityConfigProtocol
OBJECTIDENTIFIER,
pppSecurityConfigStatus
INTEGER}pppSecurityConfigLink OBJECT-TYPESYNTAXINTEGER(0..2147483647)
ACCESSread-writeSTATUSmandatoryDESCRIPTION"The value of ifIndex that identifies the entry
in the interface table that is associated with
the local PPP entity's link for which this
particular security algorithm shall be
attempted. A value of 0 indicates the default
algorithm - i.e., this entry applies to all
links for which explicit entries in the table
do not exist."::={ pppSecurityConfigEntry 1}pppSecurityConfigPreference OBJECT-TYPESYNTAXINTEGER(0..2147483647)ACCESSread-writeSTATUSmandatoryDESCRIPTION"The relative preference of the security
protocol identified by
pppSecurityConfigProtocol. Security protocols
with lower values of
pppSecurityConfigPreference are tried before
protocols with higher values of
pppSecurityConfigPreference."::={ pppSecurityConfigEntry 2}pppSecurityConfigProtocol OBJECT-TYPESYNTAXOBJECTIDENTIFIERACCESSread-writeSTATUSmandatoryDESCRIPTION"Identifies the security protocol to be
attempted on the link identified by
pppSecurityConfigLink at the preference level
identified by pppSecurityConfigPreference. "::={ pppSecurityConfigEntry 3}pppSecurityConfigStatus OBJECT-TYPESYNTAXINTEGER{
invalid(1),valid(2)}ACCESSread-writeSTATUSmandatoryDESCRIPTION"Setting this object to the value invalid(1)
has the effect of invalidating the
corresponding entry in the
pppSecurityConfigTable. It is an
implementation-specific matter as to whether
the agent removes an invalidated entry from the
table. Accordingly, management stations must
be prepared to receive tabular information from
agents that corresponds to entries not
currently in use. Proper interpretation of
such entries requires examination of the
relevant pppSecurityConfigStatus object."DEFVAL{ valid }
::={ pppSecurityConfigEntry 4}-- This table contains all of the ID/Secret pair information.pppSecuritySecretsTable OBJECT-TYPESYNTAXSEQUENCEOF PppSecuritySecretsEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Table containing the identities and secrets
used by the PPP authentication protocols. As
this table contains secret information, it is
expected that access to this table be limited
to those SNMP Party-Pairs for which a privacy
protocol is in use for all SNMP messages that
the parties exchange. This table contains both
the ID and secret pair(s) that the local PPP
entity will advertise to the remote entity and
the pair(s) that the local entity will expect
from the remote entity. This table allows for
multiple id/secret password pairs to be
specified for a particular link by using the
pppSecuritySecretsIdIndex object."::={ pppSecurity 3}pppSecuritySecretsEntry OBJECT-TYPESYNTAX PppSecuritySecretsEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Secret information."INDEX{ pppSecuritySecretsLink,
pppSecuritySecretsIdIndex }::={ pppSecuritySecretsTable 1}
PppSecuritySecretsEntry ::=SEQUENCE{
pppSecuritySecretsLink
INTEGER,
pppSecuritySecretsIdIndex
INTEGER,
pppSecuritySecretsDirection
INTEGER,
pppSecuritySecretsProtocol
OBJECTIDENTIFIER,
pppSecuritySecretsIdentity
OCTETSTRING,
pppSecuritySecretsSecret
OCTETSTRING,
pppSecuritySecretsStatus
INTEGER}pppSecuritySecretsLink OBJECT-TYPESYNTAXINTEGER(0..2147483647)ACCESSread-onlySTATUSmandatoryDESCRIPTION"The link to which this ID/Secret pair applies.
By convention, if the value of this object is 0
then the ID/Secret pair applies to all links."::={ pppSecuritySecretsEntry 1}
pppSecuritySecretsIdIndex OBJECT-TYPESYNTAXINTEGER(0..2147483647)ACCESSread-onlySTATUSmandatoryDESCRIPTION"A unique value for each ID/Secret pair that
has been defined for use on this link. This
allows multiple ID/Secret pairs to be defined
for each link. How the local entity selects
which pair to use is a local implementation
decision."::={ pppSecuritySecretsEntry 2}pppSecuritySecretsDirection OBJECT-TYPESYNTAXINTEGER{local-to-remote(1),
remote-to-local(2)}ACCESSread-writeSTATUSmandatoryDESCRIPTION"This object defines the direction in which a
particular ID/Secret pair is valid. If this
object is local-to-remote then the local PPP
entity will use the ID/Secret pair when
attempting to authenticate the local PPP entity
to the remote PPP entity. If this object is
remote-to-local then the local PPP entity will
expect the ID/Secret pair to be used by the
remote PPP entity when the remote PPP entity
attempts to authenticate itself to the local
PPP entity."::={ pppSecuritySecretsEntry 3}pppSecuritySecretsProtocol OBJECT-TYPESYNTAXOBJECTIDENTIFIER
ACCESSread-writeSTATUSmandatoryDESCRIPTION"The security protocol (e.g. CHAP or PAP) to
which this ID/Secret pair applies."::={ pppSecuritySecretsEntry 4}pppSecuritySecretsIdentity OBJECT-TYPESYNTAXOCTETSTRING(SIZE(0..255))ACCESSread-writeSTATUSmandatoryDESCRIPTION"The Identity of the ID/Secret pair. The
actual format, semantics, and use of
pppSecuritySecretsIdentity depends on the
actual security protocol used. For example, if
pppSecuritySecretsProtocol is
pppSecurityPapProtocol then this object will
contain a PAP Peer-ID. If
pppSecuritySecretsProtocol is
pppSecurityChapMD5Protocol then this object
would contain the CHAP NAME parameter."::={ pppSecuritySecretsEntry 5}pppSecuritySecretsSecret OBJECT-TYPESYNTAXOCTETSTRING(SIZE(0..255))ACCESSread-writeSTATUSmandatoryDESCRIPTION"The secret of the ID/Secret pair. The actual
format, semantics, and use of
pppSecuritySecretsSecret depends on the actual
security protocol used. For example, if
pppSecuritySecretsProtocol is
pppSecurityPapProtocol then this object will
contain a PAP Password. If
pppSecuritySecretsProtocol is
pppSecurityChapMD5Protocol then this object
would contain the CHAP MD5 Secret."::={ pppSecuritySecretsEntry 6}pppSecuritySecretsStatus OBJECT-TYPESYNTAXINTEGER{invalid(1),valid(2)}ACCESSread-writeSTATUSmandatoryDESCRIPTION"Setting this object to the value invalid(1)
has the effect of invalidating the
corresponding entry in the
pppSecuritySecretsTable. It is an
implementation-specific matter as to whether
the agent removes an invalidated entry from the
table. Accordingly, management stations must
be prepared to receive tabular information from
agents that corresponds to entries not
currently in use. Proper interpretation of
such entries requires examination of the
relevant pppSecuritySecretsStatus object."DEFVAL{ valid }::={ pppSecuritySecretsEntry 7}END