Security MIB (ap-security.mib)
The following table describes the SNMP GET query names for the Security MIB (ap-security.mib).
The apSecurityMIBObjects object has the OID 1.3.6.1.4.1.9148.3.9.1.
| SNMP GET Query Name | Object ID: 1.3.6.1.4.1.9148.3.9.1 + | Description |
|---|---|---|
| apSecurityOCSRIpAddress | .5 | OCSR server IP Address |
| apSecurityOCSRHostname | .6 | OCSR server hostname |
The apSecurityTacacsTable object has the OID 1.3.6.1.4.1.9148.3.9.1.4, and the apSecurityTacacsEntry object has the 1.3.6.1.4.1.9148.3.9.1.4.1.
| SNMP GET Query Name | Object ID: 1.3.6.1.4.1.9148.3.9.1.4.1+ | Description |
|---|---|---|
| apSecurityTacacsCliCommands | .3 | Number of CLI commands sent for TACACS+ accounting |
| apSecurityTacacsSuccessAuthentication | .4 | Number of successful TACACS+ authentication requests |
| apSecurityTacacsFailureAuthentication | .5 | Number of failed TACACS+ authentication requests |
| apSecurityTacacsSuccessAuthorization | .6 | Number of successful TACACS+ authorization requests |
| apSecurityTacacsFailureAuthorization | .7 | Number of failed TACACS+ authorization requests |
apSecurityCertificateTable
This table, found in the ap-security.mib, provides information about installed security certificates and their expiration. It conveys the same information displayed in the show security certificates command.
| MIB Object | Object ID: 1.3.6.1.4.1.9148.3.9.1.10 + | Description |
|---|---|---|
| apSecurityCertificateEntry | .1 | The certificate entry. |
| apSecurityCertificateConfigId | .1.1 | The internal configuration ID of the certificate. |
| apSecurityCertificateIndex | .1.2 | The internal index of the certificate. Combined with configuration ID is the unique ID of a certificate. |
| apSecurityCertificateRecordName | .1.3 | The SBC's configuration record name for the certificate. |
| apSecurityCertificateCertSubject | .1.4 | The security certificate subject. |
| apSecurityCertificateCertStart | .1.5 | The start time and date of the security certificate. |
| apSecurityCertificateCertExpire | .1.6 | The expiration time and date of the security certificate. |
| apSecurityCertificateCertIssuer | .1.7 | The issuer of the security certificate. |
| apSecurityCertificateCertIsCA | .1.8 | Boolean value indicating if the certificate is a CA certificate. |
To fully identify an object you may need to access, you may need to consider two additional values that extend after the OIDs listed in the table above. To fully understand this detail, consider that the apSecurityCertificateTable has two indices:
- apSecurityCertificateConfigId (1.3.6.1.4.1.9148.3.9.1.10.1.1)
- apSecurityCertificateIndex (1.3.6.1.4.1.9148.3.9.1.10.1.2)
The combination of these two uniquely identify a certificate. Any instance of the tabular objects of this table, however, would have two additional numbers included the end of its OID.
Take the example of apSecurityCertificateCertSubject (1.3.6.1.4.1.9148.3.9.1.10.1.4). A possible OID of an instance could be 1.3.6.1.4.1.9148.3.9.1.10.1.4.18.3. In this example:
- 1.3.6.1.4.1.9148.3.9.1.10.1.4 is apSecurityCertificateCertSubject
- 18 would be the apSecurityCertificateConfigId value
- 3 would be the apSecurityCertificateIndex value
apSecurityCMPServerMIBObjects
This table, found in the ap-security.mib, provides information about installed security certificates and their expiration. It conveys the same information displayed in the show security certificates cmp stats and show security certificates cmp errors commands.
Applicable objects include:
- apSecurityCmpServerMIBObjects
- apSecurityCmpServerTable - A read-only table to hold the
CMP Server names.
- apSecurityCmpServerEntry
- apCMPServerIndex - An integer for the sole purpose of indexing the CMP Server entry.
- apCMPServerName - The CMP Server name
- apSecurityCmpServerAddressTable - A read-only table to hold the CMP Server
addresses
- ApSecurityCmpServerAddressEntry
- apCMPServerAddressIndex - An integer for the sole purpose of indexing the CMP Server Address entry
- apCMPServerAddressType - A read-only, InetAddressType field identifying the CMP Server address family (IPv4 or IPv6).
- apCMPServerAddress - The CMP Server Address
- apSecurityCmpServerStatsTable - The table of CMP server
statistics
- apSecurityCmpServerStatsEntry
- apCMPServerStatsIndex - The CMP Server Index
- apCMPServerStatsType - CMP Server Stats type
- apCMPServerStatsCount - The CMP Server Statistics for the specified server and type
- apSecurityCmpServerTable - A read-only table to hold the
CMP Server names.
This table lists and describes the fields within ApSecurityCmpRealmMIBObjects.
| MIB Object | Object ID: 1.3.6.1.4.1.9148.3.9.1.16.3.1.2.+ | Description |
|---|---|---|
| tcpConnectionEst | 1 | TCP Connection Established |
| tlsConnectedEst | 2 | TLS Connection Established |
| initializationRequestSent | 3 | Initialization Request Sent |
| initializationResponseRcvd | 4 | Initialization Response Recv |
| certificateConfirmationSent | 5 | Certificate Confirmation Sent |
| certificateConfirmationAckRcvd | 6 | Certificate Confirmation Acknowledgement Rcvd |
| irTransactionTimeout | 7 | Initialisation Request Timeout |
| pollingRequestSent | 8 | Polling Request Sent |
| pollingResponseRcvd | 9 | Polling Response Rcvd |
| keyUpdateRequestSent | 10 | Key Update Request Sent |
| keyUpdateResponseRcvd | 11 | Key Update Response Rcvd |
| kurTransactionTimeout | 12 | Key Update Request Timeout |
| pKIStatusAccepted | 13 | PKI Status: Accepted |
| pKIStatusGrantedWithMods | 14 | PKI Status: Granted with Mods |
| pKIStatusRejection | 15 | PKI Status: Rejection |
| pKIStatusWaiting | 16 | PKI Status: Waiting |
| pKIStatusRevocationWarning | 17 | PKI Status: Revocation Warning |
| pKIStatusRevocationNotification | 18 | PKI Status: Revocation Notification |
| pKIStatusKeyUpdateWarning | 19 | PKI Status: Key Update Warning |
| tCPConnectionFailure | 20 | TCP Connection Failure |
| tLSConnectionFailure | 21 | TLS Connection Failure |
| cMPTransactionTimeout | 22 | CMP Transaction Timeout |
| badAlgorithm | 23 | Bad Algorithm |
| badMessageCheck | 24 | Bad Message Check |
| badRequest | 25 | Bad Request |
| badTime | 26 | Bad Time |
| badCertId | 27 | Bad Certificate ID |
| badDataFormat | 28 | Bad Data Format |
| wrongAuthority | 29 | Wrong Authority |
| incorrectData | 30 | Incorrect Data |
| missingTimestamp | 31 | Missing Timestamp |
| badPOP | 32 | Bad POP |
| certRevoked | 33 | Certificate Revoked |
| certConfirmed | 34 | Certificate Confirmed |
| wrongIntegrity | 35 | Wrong Integrity |
| badRecipientNonce | 36 | Bad Recipient Nonce |
| timeNotAvailable | 37 | Time Not Available |
| unacceptedPolicy | 38 | Unaccepted Policy |
| unacceptedExtension | 39 | Unaccepted Extension |
| addInfoNotAvailable | 40 | Additional Info Not Available |
| badSenderNonce | 41 | Bad Sender Nonce |
| badCertTemplate | 42 | Bad Certificate Template |
| signerNotTrusted | 43 | Signer Not Trusted |
| transactionIDInUse | 44 | Transaction ID In Use |
| unsupportedVersion | 45 | Unsupported Version |
| notAuthorized | 46 | Not Authorized |
| systemUnavailable | 47 | System Unavailable |
| systemFailure | 48 | System Failure |
| duplicateCertReq | 49 | Duplicate Certificate Request |
apSecurityCmpRealmMIBObjects
This table, found in the ap-security.mib, provides information about installed security certificates and their expiration. It conveys the same information displayed in the show security cmp statistics and show security cmp errors commands.
Applicable objects include:
- apSecurityCmpRealmMIBObjects
- apSecurityCmpRealmTable - A read-only table to hold the CMP
realm names.
- apSecurityCmpRealmEntry
- apCMPRealmIndex - An integer for the sole purpose of indexing the CMP realm entry.
- apCMPRealmName - The CMP realm name
- apSecurityCmpRealmStatsTable - The table of CMP realm
statistics
- apSecurityCmpRealmStatsEntry
- apCMPServerRealmIndex - The CMP realm Index
- apCMPRealmStatsType - CMP realm Stats type
- apCMPRealmStatsCount - The CMP realm statistics for the specified server and type
- apSecurityCmpRealmTable - A read-only table to hold the CMP
realm names.
This table lists and describes the fields within ApSecurityCmpRealmMIBObjects.
| MIB Object | Object ID: 1.3.6.1.4.1.9148.3.9.1.17.2.1.2.+ | Description |
|---|---|---|
| totalTcpConnectionEst | 1 | TCP Connection Established |
| totalTlsConnectedEst | 2 | TLS Connection Established |
| totalInitializationRequestSent | 3 | Initialization Request Sent |
| totalInitializationResponseRcvd | 4 | Initialization Response Recv |
| totalCertificateConfirmationSent | 5 | Certificate Confirmation Sent |
| totalCertificateConfirmationAckRcvd | 6 | Certificate Confirmation Acknowledgement Rcvd |
| totalIrTransactionTimeout | 7 | Initialisation Request Timeout |
| totalPollingRequestSent | 8 | Polling Request Sent |
| totalPollingResponseRcvd | 9 | Polling Response Rcvd |
| totalKeyUpdateRequestSent | 10 | Key Update Request Sent |
| totalKeyUpdateResponseRcvd | 11 | Key Update Response Rcvd |
| totalKurTransactionTimeout | 12 | Key Update Request Timeout |
| totalPKIStatusAccepted | 13 | PKI Status: Accepted |
| totalPKIStatusGrantedWithMods | 14 | PKI Status: Granted with Mods |
| totalPKIStatusRejection | 15 | PKI Status: Rejection |
| totalPKIStatusWaiting | 16 | PKI Status: Waiting |
| totalPKIStatusRevocationWarning | 17 | PKI Status: Revocation Warning |
| totalPKIStatusRevocationNotification | 18 | PKI Status: Revocation Notification |
| totalPKIStatusKeyUpdateWarning | 19 | PKI Status: Key Update Warning |
| totalTCPConnectionFailure | 20 | TCP Connection Failure |
| totalTLSConnectionFailure | 21 | TLS Connection Failure |
| totalCMPTransactionTimeout | 22 | CMP Transaction Timeout |
| totalBadAlgorithm | 23 | Bad Algorithm |
| totalBadMessageCheck | 24 | Bad Message Check |
| totalBadRequest | 25 | Bad Request |
| totalBadTime | 26 | Bad Time |
| totalBadCertId | 27 | Bad Certificate ID |
| totalBadDataFormat | 28 | Bad Data Format |
| totalWrongAuthority | 29 | Wrong Authority |
| totalIncorrectData | 30 | Incorrect Data |
| totalMissingTimestamp | 31 | Missing Timestamp |
| totalBadPOP | 32 | Bad POP |
| totalCertRevoked | 33 | Certificate Revoked |
| totalCertConfirmed | 34 | Certificate Confirmed |
| totalWrongIntegrity | 35 | Wrong Integrity |
| totalBadRecipientNonce | 36 | Bad Recipient Nonce |
| totalTimeNotAvailable | 37 | Time Not Available |
| totalUnacceptedPolicy | 38 | Unaccepted Policy |
| totalUnacceptedExtension | 39 | Unaccepted Extension |
| totalAddInfoNotAvailable | 40 | Additional Info Not Available |
| totalBadSenderNonce | 41 | Bad Sender Nonce |
| totalBadCertTemplate | 42 | Bad Certificate Template |
| totalSignerNotTrusted | 43 | Signer Not Trusted |
| totalTransactionIDInUse | 44 | Transaction ID In Use |
| totalUnsupportedVersion | 45 | Unsupported Version |
| totalNotAuthorized | 46 | Not Authorized |
| totalSystemUnavailable | 47 | System Unavailable |
| totalSystemFailure | 48 | System Failure |
| totalDuplicateCertReq | 49 | Duplicate Certificate Request |
apSecurityCmpMessageFailureCause
This table, found in the ap-security.mib, details the potential values of the apSecurityCmpMessageFailureCause data object, used in the trap notification sent from the system.
When the system fails to enroll or renew a certificate using CMP, it sends the apSecurityCmpCertificateEnrollmentFailureNotification trap notification. In addition to source and destination detail, this trap includes an apSecurityCmpMessageFailureCause. Potential cause values are listed in the table below.
The MIB objects presented in this trap are documented in the apSecurity Traps (ap-security.mib) topic in this MIB Guide.
| MIB Object | Object ID: 1.3.6.1.4.1.9148.3.9.2.46 + | Description |
|---|---|---|
| tCPConnectionFailure | 1 | TCP Connection Failure |
| tLSConnectionFailure | 2 | TLS Connection Failure |
| cmpIRTransTimedout | 3 | Initialization Request Timeout |
| cmpKURTimedout | 4 | Key Update Request Timeout |
| badAlgorithm | 5 | Bad Algorithm |
| badMessageCheck | 6 | Bad Message Check |
| badRequest | 7 | Bad Request |
| badTime | 8 | Bad Time |
| badCertId | 9 | Bad Certificate ID |
| badDataFormat | 10 | Bad Data Format |
| wrongAuthority | 11 | Wrong Authority |
| incorrectData | 12 | Incorrect Data |
| missingTimestamp | 13 | Missing Timestamp |
| badPOP | 14 | Bad POP |
| certRevoked | 15 | Certificate Revoked |
| certConfirmed | 16 | Certificate Confirmed |
| wrongIntegrity | 17 | Wrong Integrity |
| badRecipientNonce | 18 | Bad Recipient Nonce |
| timeNotAvailable | 19 | Time Not Available |
| unacceptedPolicy | 20 | Unaccepted Policy |
| unacceptedExtension | 21 | Unaccepted Extension |
| addInfoNotAvailable | 22 | Additional Info Not Available |
| badSenderNonce | 23 | Bad Sender Nonce |
| badCertTemplate | 24 | Bad Certificate Template |
| signerNotTrusted | 25 | Signer Not Trusted |
| transactionIDInUse | 26 | Transaction ID In Use |
| unsupportedVersion | 27 | Unsupported Version |
| notAuthorized | 28 | Not Authorized |
| systemUnavailable | 29 | System Unavailable |
| systemFailure | 30 | System Failure |
| duplicateCertReq | 31 | Duplicate Certificate Request |