Security MIB (ap-security.mib)
The following table describes the SNMP GET query names for the Security MIB (ap-security.mib).
The apSecurityMIBObjects object has the OID 1.3.6.1.4.1.9148.3.9.1.
| SNMP GET Query Name | Object ID: 1.3.6.1.4.1.9148.3.9.1 + | Description |
|---|---|---|
| apSecurityOCSRIpAddress | .5 | OCSR server IP Address |
| apSecurityOCSRHostname | .6 | OCSR server hostname |
| apSecurityTscfStatsObjects | .14 | TSCF Statistical Objects |
The apSecurityTacacsTable object has the OID 1.3.6.1.4.1.9148.3.9.1.4, and the apSecurityTacacsEntry object has the 1.3.6.1.4.1.9148.3.9.1.4.1.
| SNMP GET Query Name | Object ID: 1.3.6.1.4.1.9148.3.9.1.4.1+ | Description |
|---|---|---|
| apSecurityTacacsCliCommands | .3 | Number of CLI commands sent for TACACS+ accounting |
| apSecurityTacacsSuccessAuthentication | .4 | Number of successful TACACS+ authentication requests |
| apSecurityTacacsFailureAuthentication | .5 | Number of failed TACACS+ authentication requests |
| apSecurityTacacsSuccessAuthorization | .6 | Number of successful TACACS+ authorization requests |
| apSecurityTacacsFailureAuthorization | .7 | Number of failed TACACS+ authorization requests |
The apSecurityTscfStatsObjects object has the OID 1.3.6.1.4.1.9148.3.9.1.14.
| SNMP GET Query Name | Object ID: 1.3.6.1.4.1.9148.3.9.1.14 + | SYNTAX | Description |
|---|---|---|---|
| apTscfActiveTunnels | .1 | Counter32 | Number of active tunnels |
| apTscfEstablishedTunnels | .2 | Counter32 | Number of established tunnels |
| apTscfFinishedTunnels | .3 | Counter32 | Number of finished tunnels |
| apTscfReleasedTunnels | .4 | Counter32 | Number of released tunnels |
| apTscfMaxActiveTunnels | .5 | Counter32 | Maximum number of active tunnels |
| apTscfConfReqReceived | .6 | Counter32 | Number of config requests received |
| apTscfConfReqNagleReceived | .7 | Counter32 | Number of config requests with nagle received |
| apTscfConfRespSent | .8 | Counter32 | Number of config responses sent |
| apTscfConfRelReqReceived | .9 | Counter32 | Number of config release requests received |
| apTscfConfRelRespSent | .10 | Counter32 | Number of config release responses sent |
| apTscfCSResponseSent | .11 | Counter32 | Number of client service responses sent |
| apTscfCSREnableDDT | .12 | Counter32 | Number of Dynamic Datagram Tunnel enable client service responses received |
| apTscfCSRDisableDDT | .13 | Counter32 | Number of Dynamic Datagram Tunnel disable client service responses received |
| apTscfCSREnableRedundancy | .14 | Counter32 | Number of redundancy enable client service request received |
| apTscfCSRDisableRedundancy | .15 | Counter32 | Number of redundancy disable client service request received |
| apTscfKAReceived | .16 | Counter32 | Number of keep alive messages received |
| apTscfKARespSent | .17 | Counter32 | Number of keep alive responses sent |
| apTscfKASent | .18 | Counter32 | Number of keep alive messages sent |
| apTscfKARespRcvd | .19 | Counter32 | Number of keep alive responses received |
| apTscfCMReTx | .20 | Counter32 | Number of control message retransmissions |
| apTscfFailureMalformed | .21 | Counter32 | Number of failed tunnels due to malformed requests |
| apTscfFailureUnkownMsg | .22 | Counter32 | Number of unknown control messages |
| apTscfFailureClientAssignedIP | .23 | Counter32 | Number of failed tunnels due to client assigned internal IP addresses |
| apTscfFailureCannotProvisionIP | .24 | Counter32 | Number of failed tunnels due to internal IP that cannot be provisioned |
| apTscfFailureAlreadyProvisionedIP | .25 | Counter32 | Number of failed tunnels due to internal IP that are already provisioned |
| apTscfFailureGeneralProvisionIP | .26 | Counter32 | Number of failed tunnels due to general IP error |
| apTscfFailureClientAssignedIPMask | .27 | Counter32 | Number of failed tunnels due to internal IP mask assigned by client |
| apTscfFailureCannotProvisionIPMask | .28 | Counter32 | Number of failed tunnels due to IP masks that cannot be provisioned |
| apTscfFailureAlreadyProvisionedIPmask | .29 | Counter32 | Number of failed tunnels due to internal IP masks already provisioned |
| apTscfFailureGeneralProvisionIPMask | .30 | Counter32 | Number of failed tunnels due to General IP mask error |
| apTscfFailureClientAssignedSIPServer | .31 | Counter32 | Number of failed tunnels due to client assigned SIP server addresses |
| apTscfFailureCannotProvisionSIPServer | .32 | Counter32 | Number of failed tunnels due to not being able to provision SIP server addresses |
| apTscfFailureAlreadyProvisionedSIPServer | .33 | Counter32 | Number of failed tunnels due to SIP server address already provisioned |
| apTscfFailureGeneralProvisionSIPServer | .34 | Counter32 | Number of failed tunnels due to SIP server general address errors |
| apTscfFailureClientAsignedKA | .35 | Counter32 | Number of failed tunnels due to client assigned keep alive value |
| apTscfFailureCannotProvisionKA | .36 | Counter32 | Number of failed tunnels not being able to provision keep alive value |
| apTscfFailureAlreadyProvisionedKA | .37 | Counter32 | Number of failed tunnels due to keep alive value already provisioned |
| apTscfFailureGeneralProvisionKA | .38 | Counter32 | Number of failed tunnels due to keep alive value error |
| apTscfFailureNonExistentTunnelId | .39 | Counter32 | Number of failed tunnels due to nonexisting tunnel ID |
| apTscfFailureOutOfResources | .40 | Counter32 | Number of failed tunnels due to out of resources |
| apTscfFailureInternalIPExhausted | .41 | Counter32 | Number of failed tunnels due to tunnel ID exhaustion |
| apTscfFailureNonNullIPAddr | .42 | Counter32 | Number of failed tunnels due to non null IP address |
| apTscfFailureNonNullIpMask | .43 | Counter32 | Number of failed tunnels due to non null IP mask |
| apTscfFailureNonNullSipServer | .44 | Counter32 | Number of failed tunnels due to non null SIP server |
| apTscfFailureNonNullKeepAlive | .45 | Counter32 | Number of failed tunnels due to non zero keep alive |
| apTscfFailureNoListeningFd | .46 | Counter32 | Number of failed tunnels due to a missing (listening socket?) file descriptor |
| apTscfFailureServerFailure | .47 | Counter32 | Number of failed tunnels due to server failure |
| apTscfFailureRedundancyNotEnabled | .48 | Counter32 | Number of failed tunnels due to redundancy not being enabled on server |
| apTscfFailureRedundancyExceedsLimit | .49 | Counter32 | Number of failed tunnels due to redundancy factor limit being exceeded on server |
| apTscfFailureTunnelIdExhausted | .50 | Counter32 | Number of failed tunnels due to tunnel ID exhausted on server |
| apTscfFailureTimerFailure | .51 | Counter32 | Number of failed tunnels due to timer failure on server |
| apTscfFailureDDTNotEnabled | .52 | Counter32 | Number of failed tunnels due to Dynamic Datagram Tunnel not being enabled on server |
| apTscfFailureDDTWrongTransport | .53 | Counter32 | Number of failed tunnels due to Dynamic Datagram Tunnel request wrong transport on server |
| apTscfFailureDDTDatagramOnly | .54 | Counter32 | Number of failed tunnels due to Dynamic Datagram Tunnel only for datagram transports on server |
| apTscfFailureDDTInconsistantTransport | .55 | Counter32 | Number of failed tunnels due to inconsistent transport for Dynamic Datagram Tunnel on server |
| apTscfFailureUnkownServiceRequest | .56 | Counter32 | Number of failed tunnels due to unknown service type requested on server |
| apTscfFailureTunnelEstablished | .57 | Counter32 | Number of failed tunnels due to incorrect control messages for established tunnels on server |
| apTscfFailureAddrPoolUnavilable | .58 | Counter32 | Number of failed tunnels due to unavailable address pools on server |
| apTscfFailureListenFdUnavailable | .59 | Counter32 | Number of failed tunnels due to a unavailable (listening socket?) file descriptor on server |
| apTscfFailureVersionNotSupported | .60 | Counter32 | Number of failed tunnels due to version not being supported |
| apTscfFailureLicenseExceeded | .61 | Counter32 | Number of failed tunnels due to exceeding the TSCF license/entitled limit |
| apTscfFailureNoTunnelForPkt | .62 | Counter32 | Number of packets dropped due to being sent to an unused TSCF IP address |
| apTscfWrongSeqNum | .63 | Counter32 | Number of control messages with wrong sequence number |
| apTscfConDrop | .64 | Counter32 | Number of config request drop due to license limit (Inter-client communications?) |
| apTscfIntfConDrop | .65 | Counter32 | Number of config requests dropped due to per interface limit |
| apTscfStatsAllocs | .66 | Counter32 | Number of stats memory allocation |
| apTscfStatsFrees | .67 | Counter32 | Number of stats memory frees |
| apTscfStatsMemFails | .68 | Counter32 | Number of stats memory allocation failures |
| apTscfSwitchToActive | .69 | Counter32 | Number of times the system switched to an active system |
| apTscfSwitchToStandBy | .70 | Counter32 | Number of times the system switched to a stand-by system |
| apTscfGetDTLSCtxSent | .71 | Counter32 | Number of get Datagram Transport Layer Security context request sent |
| apTscfGetDTLSCtxSuccess | .72 | Counter32 | Number of successful Get Datagram Transport Layer Security context request |
| apTscfGetDTLSCtxFailed | .73 | Counter32 | Number of failed Get Datagram Transport Layer Security context requests |
| apTscfSetDTLSCtxSent | .74 | Counter32 | Number of Set Datagram Transport Layer Security context request sent |
| apTscfSetDTLSCtxSuccess | .75 | Counter32 | Number of successful Datagram Transport Layer Security context requests |
| apTscfSetDTLSCtxFailed | .76 | Counter32 | Number of failed set Datagram Transport Layer Security context requests |
| apTscfFdTableSize | .77 | Gauge32 | The number of entries in the File Descriptor Table |
| apTscfAddressTableSize | .78 | Gauge32 | The number of entries in the Address Table |
| apTscfTunnelTableSize | .79 | Gauge32 | The number of entries in the Tunnel Table |
| apTscfActiveTunnelTableSize | .80 | Gauge32 | The number of entries in the Active Tunnel Table |
| apTscfFlowIdTableSize | .81 | Gauge32 | The number of entries in the Flow Table |
| apTscfLicenseTunnelCount | .82 | Gauge32 | Number of licensed/entitled tunnels |
| apTscfSpecificAddressCount | .83 | Counter32 | Number of requests for a specific IP address |
| apTscfTunnelTimeoutCount | .84 | Counter32 | Total number of timed out tunnels |
| apTscfTunneledPacketDrop | .85 | Counter32 | Total number of tunneled packet dropped |
| apTscfUnTunneledPacketDrop | .86 | Counter32 | Total number of untunneled packet dropped |
| apTscfCsrReceived | .87 | Counter32 | Total number of client service requests received |
| apTscfTypeInnerIPDestDrop | .88 | Counter32 | Number of packets dropped due to inner IP destination match with address pool |
apSecurityCertificateTable
This table, found in the ap-security.mib, provides information about installed security certificates and their expiration. It conveys the same information displayed in the show security certificates command.
| MIB Object | Object ID: 1.3.6.1.4.1.9148.3.9.1.10 + | Description |
|---|---|---|
| apSecurityCertificateEntry | .1 | The certificate entry. |
| apSecurityCertificateConfigId | .1.1 | The internal configuration ID of the certificate. |
| apSecurityCertificateIndex | .1.2 |
The internal index of the certificate. Combined with configuration ID is the unique ID of a certificate. |
| apSecurityCertificateRecordName | .1.3 | The SBC's configuration record name for the certificate. |
| apSecurityCertificateCertSubject | .1.4 | The security certificate subject. |
| apSecurityCertificateCertStart | .1.5 | The start time and date of the security certificate. |
| apSecurityCertificateCertExpire | .1.6 | The expiration time and date of the security certificate. |
| apSecurityCertificateCertIssuer | .1.7 | The issuer of the security certificate. |
| apSecurityCertificateCertIsCA | .1.8 | Boolean value indicating if the certificate is a CA certificate. |