INTERNET-DRAFT October 1999 Definitions of Managed Objects for Open Provisioning Standard In Loop Access Environment October 6, 1999 Ray Jamp ANDA Networks, Inc. Email: rjamp@andanets.com Dan Palevich ANDA Networks, Inc. Email: dpalevich@andanets.com Yu-Jen Hsiao ANDA Networks, Inc. Email: yjhsiao@andanets.com Howard Hui ANDA Networks, Inc. Email: hhui@andanets.com Expires April 6, 2000 Status of this Memo This document is an Internet-Draft and is in full conformance with All provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as a "work in progress". The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. To view the entire list of current Internet-Drafts, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). This document specifies an Open Provisioning Standard (OPS) that allows for flow through provisioning in the loop access environment. Discussion and suggestions are welcome. Distribution of this memo is limited. Copyright Notice Copyright (C) Anda Networks Inc. (1999). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes objects used for Flow Through Provisioning from a network management system at the Network Operation Center (NOC) of carriers or service providers. This memo specifies a MIB module in a manner that is both compliant to the SNMPv2 SMI, and semantically identical to the peer SNMPv1 definitions. Table of Contents 1. Introduction .............................................. 3 2. The SNMP Management Framework ............................. 3 2.1 Object Definitions ....................................... 3 3. Overview .................................................. 3 3.1 Scope of MIB ............................................. 3 3.2 Flow Through Provisioning Architecture ................... 4 3.3 OPEN PROVISIONING STANDARD (OPS) ......................... 5 3.4 Voice Service Flow Through Provisioning .................. 6 3.5 Data Service Flow Through Provisioning ................... 6 3.6 Dynamic Software and Configuration Download .............. 6 3.6.1 Dynamic Software Upgrade ............................... 7 3.6.2 Dynamic Configuration Upgrade .......................... 7 4. Definitions ............................................... 8 5. Security Considerations ................................... 34 6. References ................................................ 34 7. Authors' Addresses ........................................ 36 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes objects used for Flow Through Provisioning from a network management system at the Network Operation Center (NOC) of carriers or service providers. 2. The SNMP Management Framework The SNMP Management Framework presently consists of three major components: the SMI, described in RFC 1902 [1], the MIB-II, STD 17, RFC 1213, and the protocol, RFC 1157 and/or RFC 1905. Textual conventions are defined in RFC 1903, and conformance statements are defined in RFC 1904. The Framework permits new objects to be defined for the purpose of experimentation and evaluation. This memo specifies a MIB module that is compliant to the SNMPv2 SMI. A semantically identical MIB conforming to the SNMPv1 SMI can be produced through the appropriate translation. 2.1 Object Definitions The Management Information Base (MIB) is a virtual information database. Managed objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. Managed Objects are accessed using SNMP protocol. Each object type is named by an administratively assigned name, the OBJECT IDENTIFIER. The object type and an object instance uniquely identify a specific instantiation of the object. A textual string, the descriptor, is usually used to refer to the object type. 3. Overview 3.1 Scope of MIB The Open Provisioning Standard (OPS) MIB defines managed objects for flow though provisioning and management functions. This document defines two groups of management objects of a next-generation customer premise equipment (NG-CPE). The first group of objects is of a general configuration nature and the second group is similar to the Analog Line Termination objects of a GR303 Remote Terminal as defined in the GR303 Core document[16]. A NG-CPE that implements the OPS MIBs is an OPS compliant NG-CPE. Examples of CPE are integrated access device (IAD), digital loop carriers (DLC) and digital cross-connects (DACS). This MIB will be extended at a later time to handle flow through provisioning and management of DLC and DACS. For the rest of the document, the discussion will be focused on OPS compliant IADs. Additional standard MIBs may be required to complete the functions of an OPS compliant IAD that provides integrated voice and data services: o DS0/DS0 Bundle (RFC 2494) o T1/E1 (RFC 2495) o T3/E3 (RFC 2496) o SONET/SDH (RFC 2558) o Frame Relay (RFC 1604) o PPP (RFC 1471, 1472, 1473, 1474) o ATM (RFC 2514, 2515) o Ethernet (RFC 2665) o TCP/IP, UDP (RFC 1213/STD 0017, RFC 2011, 2012, 2013) o Classical IP over ATM (RFC 2320) o ADSL (RFC 2662) Network management system at the Network Operation Center (NOC) performs flow through provisioning and management of OPS-IAD through an OPS-compliant Multi-service Access Concentrator (MAS) such as Universal Access Platform (UAP) 2000 by Anda Networks [17]. Flow through provisioning and management commands that arrive at an OPS-compliant MAS come in many variety of formats. For example, the commands could be in Translation Language 1 (TL1), Common Management Information Protocol (CMIP), Hyper Text Transport Protocol (HTTP), or SNMP. One of the major functions of an OPS-compliant MAS is to translate provisioning commands in those formats into OPS SNMP messages before those commands are flowed through to the OPS-IADs. For clarity, the SNMP messages arrive at OPS-MAS are sometimes termed MOPS SNMP messages and SNMP messages generated by OPS-MAS for provisioning and management of IADs are termed IOPS SNMP messages, even though there are standard SNMP messages. 3.2 Flow Through Provisioning Architecture Fig. 1 depicts a configuration of MAS in a local loop access network. On the subscriber side, the next-generation OPS complaint integrated access device (OPS-IAD) is either directly connected to MAS through copper pairs using technologies such as T1, HDSL or other xDSL, or indirectly connected through a loop access network. The loop access network shown in the Fig. 1 consists of DSLAMs and ATM switches. On the network side, the MAS connects to a PSTN class 5 switch using GR303 protocol for the voice traffic and connects to ATM/Frame Relay networks for the data traffic. The MAS directly Interpolates with circuit based GR303 switch and packet based data switches. It provides inter-workings with a variety of data and/or voice IADs. . . . . . . . . . . Circuit . . Network . +-----------+ . . | Network | . \ | / . +--------| Operation | . \ | / . | | Center | . +--------+ . | +-----------+ . | GR303 |-------------+ / . | Switch | . / . +--------+ . . . . . . . . . / . . . . . . . . . | . . . . . / . | . \ | / . | . \ | / . | . +--------+ Data . | . | ATM | Network . | . | Switch | (Backbone) . | . +--------+ . | . ./. . . . . . . . . . . . | / | / +--------------+ | MAS | +--------------+ | | | . . . | . . . . . . . . . | . | Data . +---------+ . +--------+ Network. | OPS-IAD | . | ATM | (Loop . +---------+ . | Switch | Access). . +--------+ . . | \ . . . | \ . . | \ . . +-------+ +-------+ . . | DSLAM |...| DSLAM | . . +-------+ +-------+ . . . | . \ . . . . . . . . . | \ | \ +---------+ +---------+ | OPS-IAD |...| OPS-IAD | +---------+ +---------+ Fig.1 Flow Through Provisioning Architecture 3.3 OPEN PROVISIONING STANDARD (OPS) There are two views that the network manager at the NOC sees through MAS and all the attached OPS-IADs. The first view regards the voice services coming from the GR303 PSTN switch. In this view, OPS-IAD implements the Analog Line Termination objects in the GR303 managed object definition. The messages coming off the GR303 switch are CMIP messages. Since the messages between MAS and OPS-IAD are SNMP messages, software in the MAS functions as a mediation device between the CMIP messages and SNMP messages and does the translation between them. The second view is a SNMP view and this manages data and voice Services view. Network manager at the NOC uses either in-band channel through the ATM network or out-band channel through Internet to access the SNMP agent in the MAS. In the SNMP terminology, SNMP agent in the MAS functions as a proxy for the OPS-IAD SNMP agents. 3.4 Voice Service Flow Through Provisioning A network manager at the NOC manages the MAS and all attached OPS-IAD through the GR303 PSTN Class 5 switch. The Class 5 switch and MAS communicate through the EOC channel using OSI CMIP as defined in GR303 Core document[16]. The provisioning commands from the Class 5 switch will be executed either directly or indirectly by the MAS. For those commands that operate on objects that reside on MAS such as configuring the number of DS1 channels between GR303 switch and MAS will be executed within MAS. For those commands that operate on objects that reside on the OPS-IAD (such as phone line ringing cadence), the CMIP message will be translated into an IOPS SNMP message, and sent to the appropriate OPS-IAD. The OPS-IAD processes the IOPS SNMP message and sends the response back to MAS, which translates the IOPS SNMP response back to a CMIP response and sends it back to the class 5 switch through the EOC channel. 3.5 Data Service Flow Through Provisioning The network manager at the NOC uses either in-band channel through ATM network or out-of-band channel through Internet to access the SNMP agent in the MAS. The MAS SNMP agent represents all the SNMP managed objects residing on the MAS, as well as the SNMP objects residing in the OPS-IAD. Provisioning commands such as configuring the ATM VPI/VCI cross connection or the traffic parameters at the MAS will be executed within the MAS. For commands that operate on objects that reside on the OPS-IAD (such as the Ethernet interface local to the IAD), these SNMP messages in the form of MOPS SNMP messages are sent to the MAS first. The MAS will then translate the MOPS SNMP message into an IOPS SNMP message, and forward it to the appropriate OPS-IAD. The OPS-IAD executes the IOPS SNMP messages and sends the responses back to MAS. The MAS in turn will translate the IOPS SNMP responses back to MOPS SNMP responses and send them back to the network manager at the NOC. Notice that we use MOPS SNMP and IOPS SNMP to distinguish between the SNMP message arriving at the MAS and OPS-IAD, although they are standard SNMP messages. 3.6 Dynamic Software and Configuration Download This MIB provides for the capability for network manager to initiate software upgrade and configuration change remotely on a IAD by having it download a new software image or configuration file from a specified server, and then rebooting itself to run the new software or reconfigure it to run with the new configuration. 3.6.1 Dynamic Software Upgrade Before starting the actual upgrade, information of the server on which the software image or configuration file resides has to be set up first. This information could either be specified by the network manager, through setting of iOpsIADServerIP, iOpsIADServerType, iOpsIADServerLoginName, and iOpsIADServerPasswd attributes, or be manually configured on the IAD. Next, the filename of the software image is specified in iOpsIADSoftwareUpgradeFileName. Actual download is initiated by setting iOpsIADDownloadSoftware to download(1), and specifying whether the IAD should just save the file or reboot the device after saving the file, by setting iOpsIADSaveSoftware to save(1) or saveAndReboot(2). Please note that both iOpsIADDownloadSoftware and iOpsIADSaveSoftware attributes have to be in the same SET PDU. Network manager could monitor for the status of a download by polling for the value of iOpsIADDownloadSoftware, and/or listening to the softwareDownloadCompleteNotification trap. If iOpsIADSaveSoftware is set to save, network manager could initiate the software upgrade at a later time by first setting iOpsIADSoftwareFileName with the software file the IAD should boot up with. This file has to already exist locally in the IAD or else the request will be rejected. Next, network manager sets iOpsIADResetIAD to the value coldReboot(5) to reboot the IAD. If iOpsIADSaveSoftware is set to saveAndReboot, IAD will reboot with the new software if: - file transfer is successfully completed AND - the file is not corrupted. Agent MUST update iOpsIADSoftwareFileName with iOpsIADSoftwareUpgradeFileName before reconfiguring. If the IAD does not support multiple software images, then the save options of iOpsIADSaveSoftware is not applicable. If the IAD experience a reboot while downloading, it will load the previous image and, after re-initialization, continue to attempt loading the image specified in iOpsIADSoftwareUpgradeFileName. 3.6.2 Dynamic Configuration Upgrade Before starting the actual upgrade, information of the server on which the software image or configuration file resides has to be set up first. This information could either be specified by the network manager, through setting of iOpsIADServerIP, iOpsIADServerType, iOpsIADServerLoginName, and iOpsIADServerPasswd attributes, or be manually configured on the IAD. Next, the filename of the configuration file is specified in iOpsIADConfigUpgradeFileName. Actual download is initiated by setting iOpsIADUpDownloadConfiguration to download(1), and specifying whether the IAD should just save the file or reconfigure the device immediately after saving the file, by setting iOpsIADSaveConfiguration to save(2) or saveAndReconfigure(3). Please note that both iOpsIADUpDownloadConfiguration and iOpsIADSaveConfiguration attributes have to be in the same SET PDU. Network manager could monitor for the status of a download by polling for the value of iOpsIADUpDownloadConfiguration, and/or listening to the configUpDownloadCompleteNotification trap. If iOpsIADSaveConfiguration is set to save, network manager could initiate the configuration update at a later time by first setting iOpsIADConfigFileName with the configuration file the IAD should configure to. This file has to already exist locally in the IAD or else the request will be rejected. Next, network manager sets iOpsIADReConfigIAD to the value reConfig(2) to have IAD load the new configuration. If iOpsIADSaveConfiguration is set to saveAndReconfigure, IAD will load the new configuration if: - file transfer is successfully completed AND - the file is not corrupted. Agent MUST update iOpsIADConfigFileName with iOpsIADConfigUpgradeFileName before reconfiguring. If the IAD does not support multiple configuration files, then the save option of iOpsIADSaveConfiguration is not applicable. If the IAD experience a reboot while downloading, it will load the previous configuration and, after re-initialization, continue to attempt loading the file specified in iOpsIADConfigUpgradeFileName. Network manager could also initiate an upload of a configuration file from an IAD to a server, by setting iOpsIADConfigUpgradeFileName to the desired filename and iOpsIADUpDownloadConfiguration to upload(2). Again, network manager can monitor for the status of an upload by polling for the value of iOpsIADUpDownloadConfiguration, and/or listening to the configUpDownloadCompleteNotification trap. 4. Definitions This section describes the SNMP MIB objects that all OPS compliant CPE shall implement. All provisioning commands to the OPS-CPE will be SNMP messages manipulating MIB objects defined in this section. iOpsIADConfig is a group of Managed Objects that support the configuration of the IAD, including the public IP address settings, management channel setup, etc.. iOpsIADVoiceService is a group of Managed Objects that support the phone services at the IAD. OPS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, experimental, Integer32, Unsigned32, Gauge32 FROM SNMPv2-SMI DisplayString, RowStatus, DateAndTime, MacAddress, TEXTUAL-CONVENTION, TruthValue, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InterfaceIndex FROM IF-MIB; opsMIB MODULE-IDENTITY LAST-UPDATED "9910060000Z" ORGANIZATION "ANDA Networks, Inc." CONTACT-INFO " Ray Jamp Postal: ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 Tel: +1 408-990-4900 Fax: +1 408-990-4901 E-mail: rjamp@andanets.com Dan Palevich Postal: ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 Tel: +1 408-990-4900 Fax: +1 408-990-4901 E-mail: dpalevich@andanets.com Yu-Jen Hsiao Postal: ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 Tel: +1 408-990-4900 Fax: +1 408-990-4901 E-mail: yjhsiao@andanets.com Howard Hui Postal: ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 Tel: +1 408-990-4900 Fax: +1 408-990-4901 E-mail: hhui@andanets.com" DESCRIPTION "This is the MIB module for OPS-compliant CPE for managing configurations of the CPE system and its voice services." REVISION "9910060000Z" DESCRIPTION "Published as draft-ietf-mib" ::= { experimental XX } -- ********************************************************************* -- -- The Open Provisioning Standard (OPS) MIB defines managed objects for -- flow though provisioning and management functions. This document -- defines two groups of management objects of a next-generation -- customer premise equipment (NG-CPE). The first group of objects -- is of a general configuration nature and the second group is similar -- to the Analog Line Termination objects of a GR303 Remote Terminal -- as defined in the GR303 Core document. A NG-CPE that implements -- the OPS MIBs is an OPS compliant NG-CPE. -- -- Network management system at the Network Operation Center (NOC) -- performs flow through provisioning and management of OPS-IAD -- through an OPS-compliant Multi-service Access Concentrator (MAS). -- -- ********************************************************************* opsMIBObjects OBJECT IDENTIFIER ::= { opsMIB 1 } iadOPS OBJECT IDENTIFIER ::= { opsMIBObjects 1 } iOpsIADConfig OBJECT IDENTIFIER ::= { iadOPS 1 } iOpsIADVoiceService OBJECT IDENTIFIER ::= { iadOPS 2 } dlcOPS OBJECT IDENTIFIER ::= { opsMIBObjects 2 } dacOPS OBJECT IDENTIFIER ::= { opsMIBObjects 3 } -- ********************************************************************* -- The OPS IAD Configuration Group -- ********************************************************************* iOpsIADIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION " The index of the interface that the IAD uses to communicate with the Multi-service Access Concentrator (MAS)." ::= { iOpsIADConfig 1 } iOpsIADManufacturerName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Name and contact information of the manufacturer" ::= { iOpsIADConfig 2 } iOpsIADSerialNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the IAD" ::= { iOpsIADConfig 3 } iOpsIADCLEICode OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Common Language Equipment Identifier Code" ::= { iOpsIADConfig 4 } iOpsIADAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), test(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This identifies the desired administrative status of the IAD. " DEFVAL { up } ::= { iOpsIADConfig 5 } iOpsIADOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), testing(3), unknown(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Operating status of the IAD" ::= { iOpsIADConfig 6 } iOpsIADAlarmStatus OBJECT-TYPE SYNTAX INTEGER { noAlarm(1), minorAlarm(2), majorAlarm(3), criticalAlarm(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Highest alarm level present in the IAD." ::= { iOpsIADConfig 7 } iOpsIADOperStatusLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The valus of the MIB II's sysUpTime object at the time this IAD entered its current operating status state. If the current state was entered prior to the last re-initialization of the agent, then this object contains a zero value." ::= { iOpsIADConfig 8 } iOpsIADResetIAD OBJECT-TYPE SYNTAX INTEGER { none(1), warmReboot(2), coldReboot(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Reboot the IAD. IAD will boot up running the software as specified in iOpsIADSoftwareFileName. It is highly recommended that there be a bootstrap software that the IAD can default to in the unlikely scenario that iOpsIADSoftwareFileName is invalid. This is an action attribute and it is meaningless to read this value." ::= { iOpsIADConfig 9 } iOpsIADSoftwareFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "File Name of the software that IAD should boot from. If IAD does not support multiple software images, then this object becomes read-only and is similar to iOpsIADSoftwareUpgradeFileName (except for path information). Agent should reject a SET on this object if the file does not exist." ::= { iOpsIADConfig 10 } iOpsIADSoftwareUpgradeFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "File Name, including the full path whenever applicable, of the software image to download; information of the ftp server to download from must already be known." ::= { iOpsIADConfig 11 } iOpsIADDownloadSoftware OBJECT-TYPE SYNTAX INTEGER (1..3) MAX-ACCESS read-write STATUS current DESCRIPTION "When used in a SET PDU, a value of 2 initiates the file transfer of the software image, as specified in iOpsIADSoftwareUpgradeFileName, from the server which IP address is specified by iOpsIADServerIP. When initiating a download, both this and iOpsIADSaveSoftware attributes must be present in the same SET PDU. TFTP must be supported. However, other methods of file transfer may be used and is specified in iOpsIADServerType. If the IAD is unable to complete the file transfer for any reason, it must remain capable of accepting new software downloads. When used in a GET, GET-NEXT or GET-BULK PDU, the value will contain the status of the file download. SET 1: none 2: download the software from server GET 1: download complete 2: download failed 3: download in progress" ::= { iOpsIADConfig 12 } iOpsIADSaveSoftware OBJECT-TYPE SYNTAX INTEGER { save(1), saveAndReboot(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " Save downloaded software with option of re-booting. If save option is specified, IAD will not reboot after the file transfer is completed. In order for the IAD to come up with the new software next time it reboots, network manager should set iOpsIADSoftwareFileName to the downloaded file name. If saveAndReboot option is specified, IAD will reboot with the new software if: - file transfer is successfully completed AND - the file is not corrupted. Agent MUST update iOpsIADSoftwareFileName with iOpsIADSoftwareUpgradeFileName before the reboot. When initiating a download, both this and iOpsIADDownloadSoftware attributes must be present in the same SET PDU. If the IAD does not support multiple software images, then only saveAndReboot option can be supported. This is an action attribute and it is meaningless to read this value. " ::= { iOpsIADConfig 13 } iOpsIADSoftwareVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Version number of the current running software" ::= { iOpsIADConfig 14 } iOpsIADReConfigIAD OBJECT-TYPE SYNTAX INTEGER { none(1), reConfig(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Change the configuration of the IAD according to the configuration file as specified in iOpsIADConfigFileName." ::= { iOpsIADConfig 15 } iOpsIADConfigFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Name of the configuration file that IAD should load from. If IAD does not support multiple configuration files, then this object becomes read-only and is similar to iOpsIADConfigUpgradeFileName (except for path information). Agent should reject a SET on this object if the file does not exist." ::= { iOpsIADConfig 16 } iOpsIADConfigUpgradeFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Name, including the full path whenever applicable, of the configuration file to download; information of the server to download from must already be known." ::= { iOpsIADConfig 17 } iOpsIADUpDownloadConfiguration OBJECT-TYPE SYNTAX INTEGER (1..4) MAX-ACCESS read-write STATUS current DESCRIPTION "When used in a SET PDU, a value of 2 initiates the file transfer of the configuration file, as specified in iOpsIADConfigUpgradeFileName, from the server which IP address is specified by iOpsIADServerIP; a value of 3 initiates a file transfer of the configuration file, as specified in iOpsIADConfigUpgradeFileName, to the server which IP address is specified by iOpsIADServerIP. When initiating a download, both this and iOpsIADSaveConfiguration attributes must be present in the same SET PDU. TFTP must be supported. However, other methods of file transfer may be used and is specified in iOpsIADServerType. If the IAD is unable to complete the file transfer for any reason, it must remain capable of accepting new configuration downloads. When used in a GET, GET-NEXT or GET-BULK PDU, the value will contain the status of the file up/download. SET 1: none 2: download the configuration script from server 3: upload the configuration script to the server GET 1: up/down load complete 2: up/down load failed 3: download in progress 4: upload in progress" ::= { iOpsIADConfig 18 } iOpsIADSaveConfiguration OBJECT-TYPE SYNTAX INTEGER { none(1), save(2), saveAndReconfigure(3) } MAX-ACCESS read-write STATUS current DESCRIPTION " Save configuration with option of re-configuring. If save option is specified, IAD will not reconfigure after the file transfer is completed. In order for IAD to load the new configuration at a later time, network manager should set iOpsIADConfigFileName to the downloaded file name, and then set iOpsIADReConfigIAD to reConfig(2). If saveAndReconfigure option is specified, IAD will load the new configuration if: - file transfer is successfully completed AND - the file is not corrupted. Agent MUST update iOpsIADConfigFileName with iOpsIADConfigUpgradeFileName before reconfiguring. When initiating a download, both this and iOpsIADUpDownloadConfiguration attributes must be present in the same SET PDU. If the IAD does not support multiple software images, then only saveAndReboot option can be supported. This is an action attribute and it is meaningless to read this value." ::= { iOpsIADConfig 19 } iOpsIADVersionConfig OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Version of Configuration" ::= { iOpsIADConfig 20 } iOpsIADMgmtChType OBJECT-TYPE SYNTAX INTEGER { andaFDL(1), ds0(2), fr-dlci(3), atmVPIVCI(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Management channel type" ::= { iOpsIADConfig 21 } iOpsIADMgmtChNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION " Management channel/VC number used for in-band management. For management channel type DS0, this value is the DS0 number. For ATM, the most significant 16-bit word is the VPI, and the least significant 16-bit word is the VCI. For frame relay, this value is the DLCI." ::= { iOpsIADConfig 22 } iOpsIADMgmtChBandwidth OBJECT-TYPE SYNTAX Gauge32 UNITS "Kbps" MAX-ACCESS read-write STATUS current DESCRIPTION "Bandwidth that is allocated for management channel." ::= { iOpsIADConfig 23 } iOpsIADMgmtChInactivityTimer OBJECT-TYPE SYNTAX INTEGER (1..1000) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Amount of time of inactivity allowed on a management channel before the link is declared down. MAS should poll IAD on a keep-alive timer." DEFVAL { 60 } ::= { iOpsIADConfig 24 } iOpsIADDataService OBJECT-TYPE SYNTAX INTEGER { frameRelay(1), atm(2), ppp(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Data service offered by the IAD. 1: Frame Relay 2: ATM 3: PPP" ::= { iOpsIADConfig 25 } iOpsIADDateAndTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-write STATUS current DESCRIPTION "Date and time at the IAD" ::= { iOpsIADConfig 26 } iOpsIADMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "MAC Address" ::= { iOpsIADConfig 27 } iOpsIADPublicIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP Address of the IAD." ::= { iOpsIADConfig 28 } iOpsIADSubnetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Subnet Mask" ::= { iOpsIADConfig 29 } iOpsIADGateway OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Gateway IP address" ::= { iOpsIADConfig 30 } iOpsIADDHCPIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP server IP address" ::= { iOpsIADConfig 31 } iOpsIADServerIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION " IP address of server for configuration and software downloads." ::= { iOpsIADConfig 32 } iOpsIADServerType OBJECT-TYPE SYNTAX INTEGER { tftpServer(1), ftpServer(2), otherServer(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of server for configuration and software downloads." DEFVAL { tftpServer } ::= { iOpsIADConfig 33 } iOpsIADServerLoginName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Login Name to the Server" ::= { iOpsIADConfig 34 } iOpsIADServerPasswd OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..1024)) MAX-ACCESS read-write STATUS current DESCRIPTION "Password, may be encrypted. Sets only, cannot be read." ::= { iOpsIADConfig 35 } iOpsIADMasPublicKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..1024)) MAX-ACCESS read-write STATUS current DESCRIPTION "Public key of the MAS which, when combined with the private key stored at the IAD, can be used to encrypt and decrypt the community name in an SNMP PDU. " ::= { iOpsIADConfig 36 } iOpsIADManagementPasswd OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Password assigned to an IAD to be used by a directly connected management station to login to th IAD. Sets only, cannot be read." ::= { iOpsIADConfig 37 } -- ********************************************************************* -- The OPS Voice Service Table -- ********************************************************************* iOpsIADVlNumber OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "number of voice lines on the IAD." ::= { iOpsIADVoiceService 1 } iOpsIADVlTable OBJECT-TYPE SYNTAX SEQUENCE OF IOpsIADVlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " A list of voice line entries. The number of entries is given by the value of iOpsIADVlNumber." ::= { iOpsIADVoiceService 2 } iOpsIADVlEntry OBJECT-TYPE SYNTAX IOpsIADVlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " An entry containing the objects pertaining to a voice line uniquely identified by iOpsIADVlIndex" INDEX { iOpsIADVlIndex } ::= { iOpsIADVlTable 1 } IOpsIADVlEntry ::= SEQUENCE { iOpsIADVlIndex INTEGER, iOpsIADVlDS1IfIndex InterfaceIndex, iOpsIADVlDS0Index INTEGER, iOpsIADVlOperStatus INTEGER, iOpsIADVlSecondaryServiceState INTEGER, iOpsIADVlAdminStatus INTEGER, iOpsIADVlOperStatusLastChange TimeStamp, iOpsIADVlLoopbackTestResult INTEGER, iOpsIADVlNumberOfWires INTEGER, iOpsIADVlSignalFunctionCode INTEGER, iOpsIADVlRobbedBitMode INTEGER, iOpsIADVlCallReferenceValue INTEGER, iOpsIADVlRingingCadence INTEGER, IOpsIADVlVoiceProtocolType INTEGER, iOpsIADVlPhoneNumber DisplayString, iOpsIADVlTransmitImpedance INTEGER, iOpsIADVlReceiveImpedance INTEGER, iOpsIADVlTransmitLoss INTEGER, iOpsIADVlReceiveLoss INTEGER, iOpsIADVlPayloadType INTEGER, iOpsIADVlEchoCancellation TruthValue, iOpsIADVlEchoDelay INTEGER, iOpsIADVlSilenceSuppression TruthValue, iOpsIADVlGenerateTestTone TruthValue, iOpsIADVlRowStatus RowStatus } iOpsIADVlIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "index of the voice line" ::= { iOpsIADVlEntry 1 } iOpsIADVlDS1IfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-create STATUS current DESCRIPTION " Associated DS1 interface index, 0 if no DS1 local to this IAD" ::= { iOpsIADVlEntry 2 } iOpsIADVlDS0Index OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "DS0 index within the DS1, or index of individual POTS line" ::= { iOpsIADVlEntry 3 } iOpsIADVlOperStatus OBJECT-TYPE SYNTAX INTEGER { up-InService(1), down-OutOfService(2), testing(3), unknown(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Operating status of the voice line. up-InService - line is in service down-OutOfService - line is out of service testing - line is currently undergoing a test unknown - status of the line cannot be determined " ::= { iOpsIADVlEntry 4 } iOpsIADVlSecondaryServiceState OBJECT-TYPE SYNTAX INTEGER { none(1), manual-OOS(2), switch-OOS(3), los-OOS(4), oof-OOS(5), maintenance-OOS(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the alarm present on the voice line." ::= { iOpsIADVlEntry 5 } iOpsIADVlAdminStatus OBJECT-TYPE SYNTAX INTEGER { up-restore(1), down-remove(2), test-loopback(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This identifies the desired administrative status of the voice line. up-restore - activate or restore the voice service down-remove - deactivate or remove the voice service test-loopback - initiate loopback test on the voice line; test result can be monitored by polling iOpsIADVlLoopbackTestResult If this object is set to test-loopback while the voice line is in test-loopback admin status, a loopback test will be invoked again on the voice line, provided that the test result is not inProgress; if a previous test is still running, no action will be taken." DEFVAL { up-restore } ::= { iOpsIADVlEntry 6 } iOpsIADVlOperStatusLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The valus of the MIB II's sysUpTime object at the time this voice line entered its current operating status state. If the current state was entered prior to the last re-initialization of the agent, then this object contains a zero value." ::= { iOpsIADVlEntry 7 } iOpsIADVlLoopbackTestResult OBJECT-TYPE SYNTAX INTEGER { no-Test(1), test-inProgress(2), test-Pass(3), test-Fail-OffHook(4), test-Fail-Bell(5), test-Fail-Others(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Results of the loopback test." ::= { iOpsIADVlEntry 8 } iOpsIADVlNumberOfWires OBJECT-TYPE SYNTAX INTEGER { wires2(1), wires4(2), wires6(3), wires8(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Number of wires" ::= { iOpsIADVlEntry 9 } iOpsIADVlSignalFunctionCode OBJECT-TYPE SYNTAX INTEGER { fxsLoopStart(1), fxsGroundStart(2), fxsWinkStart(3), fxoLoopStart(4), fxoGroundStart(5), fxoWinkStart(6), eAndM2-2(7), eAndM2-4(8), eAndM4-2(9), eAndM4-4(10) } MAX-ACCESS read-create STATUS current DESCRIPTION "Generic Signal Function code for the voice line." DEFVAL { fxsLoopStart } ::= { iOpsIADVlEntry 10 } iOpsIADVlRobbedBitMode OBJECT-TYPE SYNTAX INTEGER { inactive(1), clearChannel(2), abcd(3), ab(4), a(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "Robbed Bit Signal mode for the voice line." DEFVAL { abcd } ::= { iOpsIADVlEntry 11 } iOpsIADVlCallReferenceValue OBJECT-TYPE SYNTAX INTEGER (1..2048) MAX-ACCESS read-create STATUS current DESCRIPTION "Call Reference Value (CRV)" ::= { iOpsIADVlEntry 12 } iOpsIADVlRingingCadence OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Need to be specified" ::= { iOpsIADVlEntry 13 } iOpsIADVlVoiceProtocolType OBJECT-TYPE SYNTAX INTEGER { ds0(1), voATM-AAL1(2), voATM-AAL2(3), voIP(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Voice protocol type" ::= { iOpsIADVlEntry 14 } iOpsIADVlPhoneNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "phone number of the voice line" ::= { iOpsIADVlEntry 15 } iOpsIADVlTransmitImpedance OBJECT-TYPE SYNTAX INTEGER { none(1), ohm-50(2), ohm-600(3), ohm-900(4), ohm-1200(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "Transmit Impedance" DEFVAL { none } ::= { iOpsIADVlEntry 16 } iOpsIADVlReceiveImpedance OBJECT-TYPE SYNTAX INTEGER { none(1), ohm-50(2), ohm-600(3), ohm-900(4), ohm-1200(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "Receive Impedance" DEFVAL { none } ::= { iOpsIADVlEntry 17 } iOpsIADVlTransmitLoss OBJECT-TYPE SYNTAX INTEGER (0..20) UNITS "db" MAX-ACCESS read-create STATUS current DESCRIPTION "Transmit Loss" DEFVAL { 0 } ::= { iOpsIADVlEntry 18 } iOpsIADVlReceiveLoss OBJECT-TYPE SYNTAX INTEGER (0..20) UNITS "db" MAX-ACCESS read-create STATUS current DESCRIPTION "Receive Loss" DEFVAL { 0 } ::= { iOpsIADVlEntry 19 } iOpsIADVlPayloadType OBJECT-TYPE SYNTAX INTEGER { pcm-u-law(1), pcm-a-law(2), g711(3), g726(4), g728(5), g723-1-5-6K(6), g723-1-6-4K(7), g729(8), g729-A(9) } MAX-ACCESS read-create STATUS current DESCRIPTION "Payload type" DEFVAL { pcm-u-law } ::= { iOpsIADVlEntry 20 } iOpsIADVlEchoCancellation OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Whether Echo Cancellation is on or not." DEFVAL { false } ::= { iOpsIADVlEntry 21 } iOpsIADVlEchoDelay OBJECT-TYPE SYNTAX INTEGER (0..120) UNITS "ms" MAX-ACCESS read-create STATUS current DESCRIPTION "Echo Delay in milliseconds" DEFVAL { 0 } ::= { iOpsIADVlEntry 22 } iOpsIADVlSilenceSuppression OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Whether Silence suppression is on or not." DEFVAL { false } ::= { iOpsIADVlEntry 23 } iOpsIADVlGenerateTestTone OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Whether Test tone generation is on or not." DEFVAL { false } ::= { iOpsIADVlEntry 24 } iOpsIADVlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this entry in the iOpsIADVlTable. This variable is used to create new voice line for the IAD. To create and activate the voice line, this object should be set to 'createAndGo'. To create the voice line in an inactive admin state, this object should be set to 'createAndWait'. The voice line can later on be activated by setting this object to 'active'. " ::= { iOpsIADVlEntry 25 } -- ********************************************************************* -- IAD notification -- ********************************************************************* iadNotificationPrefix OBJECT IDENTIFIER ::= { opsMIB 2 } iadNotifications OBJECT IDENTIFIER ::= { iadNotificationPrefix 0 } iadOperStatusChange NOTIFICATION-TYPE OBJECTS { iOpsIADOperStatus, iOpsIADOperStatusLastChange } STATUS current DESCRIPTION "This notification is sent when the IAD status changes. The following information is returned: iOpsIADOperStatus - The new operational status of IAD iOpsIADOperStatusLastChange " ::= { iadNotifications 1 } softwareDownloadComplete NOTIFICATION-TYPE OBJECTS { iOpsIADDownloadSoftware } STATUS current DESCRIPTION "This notification is sent after the software image download by an IAD is complete or has failed. The following information is returned: iOpsIADDownloadSoftware - status of the download, could be download complete(1) or download failed(2). " ::= { iadNotifications 2 } configUpDownloadComplete NOTIFICATION-TYPE OBJECTS { iOpsIADUpDownloadConfiguration } STATUS current DESCRIPTION "This notification is sent after the configuration file upload or download by an IAD is complete or has failed. The following information is returned: iOpsIADUpDownloadConfiguration -> status of the upload or download, could be up/download complete(1) or up/download failed(2). " ::= { iadNotifications 3 } iadVoiceLineOperStatusChange NOTIFICATION-TYPE OBJECTS { iOpsIADVlOperStatus, iOpsIADVlOperStatusLastChange } STATUS current DESCRIPTION "This notification is sent when the IAD voice line status changes. The following information is returned: iOpsIADVlOperStatus - The new operational status of IAD voice line. iOpsIADVlOperStatusLastChange " ::= { iadNotifications 4 } voiceLineLoopbackTestComplete NOTIFICATION-TYPE OBJECTS { iOpsIADVlLoopbackTestResult } STATUS current DESCRIPTION "This notification is sent after a loopback test on a voice line is complete or has failed. The following information is returned: iOpsIADVlLoopbackTestResult - result of the test " ::= { iadNotifications 5 } -- Conformance Information opsMIBConformance OBJECT IDENTIFIER ::= { opsMIB 3 } opsMIBGroups OBJECT IDENTIFIER ::= { opsMIBConformance 1 } opsMIBCompliances OBJECT IDENTIFIER ::= { opsMIBConformance 2 } -- Compliance Statements opsMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement OPS MIB." MODULE -- this module MANDATORY-GROUPS { iOpsIADConfigGroup, iOpsIADVoiceServiceGroup } GROUP iOpsIADSecurityConfigGroup DESCRIPTION "Support for public key encription or IAD login from external sites is optional." OBJECT iOpsIADSoftwareFileName SYNTAX DisplayString (SIZE(0..255)) MIN-ACCESS read-only DESCRIPTION "Write access not required if the IAD does not support multiple software images." OBJECT iOpsIADSaveSoftware SYNTAX INTEGER { saveAndReboot(2) } DESCRIPTION "Only saveAndReboot need be supported if the IAD does not support multiple software images." OBJECT iOpsIADConfigFileName SYNTAX DisplayString (SIZE(0..255)) MIN-ACCESS read-only DESCRIPTION "Write access not required if the IAD does not support multiple configuration files." OBJECT iOpsIADSaveConfiguration SYNTAX INTEGER { saveAndReconfigure(3) } DESCRIPTION "Only saveAndReconfigure need be supported if the IAD does not support multiple configuration files." OBJECT iOpsIADMgmtChBandwidth SYNTAX INTEGER MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADMgmtChInactivityTimer SYNTAX INTEGER (1..1000) MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADDateAndTime SYNTAX DateAndTime MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADPublicIPAddress SYNTAX IpAddress MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADSubnetMask SYNTAX IpAddress MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADGateway SYNTAX IpAddress MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADDHCPIP SYNTAX IpAddress MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT iOpsIADServerType SYNTAX INTEGER { tftpServer(1) } DESCRIPTION "TFTP service from the NOC server is required. Other kinds of service are optional." OBJECT iOpsIADVlRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required, and only three of the six enumerated values for the RowStatus textual convention need be supported." ::= { opsMIBCompliances 1 } -- Units of Conformance iOpsIADConfigGroup OBJECT-GROUP OBJECTS { iOpsIADIfIndex, iOpsIADSerialNumber, iOpsIADCLEICode, iOpsIADAdminStatus, iOpsIADOperStatus, iOpsIADAlarmStatus, iOpsIADOperStatusLastChange, iOpsIADResetIAD, iOpsIADSoftwareFileName, iOpsIADSoftwareUpgradeFileName, iOpsIADDownloadSoftware, iOpsIADSaveSoftware, iOpsIADSoftwareVersion, iOpsIADReConfigIAD, iOpsIADConfigFileName, iOpsIADConfigUpgradeFileName, iOpsIADUpDownloadConfiguration, iOpsIADSaveConfiguration, iOpsIADVersionConfig, iOpsIADMgmtChType, iOpsIADMgmtChNumber, iOpsIADMgmtChBandwidth, iOpsIADMgmtChInactivityTimer, iOpsIADDataService, iOpsIADMacAddress, iOpsIADPublicIPAddress, iOpsIADSubnetMask, iOpsIADGateway, iOpsIADDHCPIP, iOpsIADServerIP, iOpsIADServerType, iOpsIADServerLoginName, iOpsIADServerPasswd } STATUS current DESCRIPTION "A collection of objects that support the configuration of the IAD." ::= { opsMIBGroups 1 } iOpsIADSecurityConfigGroup OBJECT-GROUP OBJECTS { iOpsIADMasPublicKey, iOpsIADManagementPasswd } STATUS current DESCRIPTION "A collection of objects pertaining to security." ::= { opsMIBGroups 2 } iOpsIADVoiceServiceGroup OBJECT-GROUP OBJECTS { iOpsIADVlNumber, iOpsIADVlDS1IfIndex, iOpsIADVlDS0Index, iOpsIADVlOperStatus, iOpsIADVlSecondaryServiceState, iOpsIADVlAdminStatus, iOpsIADVlLoopbackTestResult , iOpsIADVlNumberOfWires, iOpsIADVlSignalFunctionCode, iOpsIADVlRobbedBitMode, iOpsIADVlCallReferenceValue, iOpsIADVlRingingCadence, iOpsIADVlVoiceProtocolType, iOpsIADVlPhoneNumber, iOpsIADVlTransmitImpedance, iOpsIADVlReceiveImpedance, iOpsIADVlTransmitLoss, iOpsIADVlReceiveLoss, iOpsIADVlPayloadType, iOpsIADVlEchoCancellation, iOpsIADVlEchoDelay, iOpsIADVlSilenceSuppression, iOpsIADVlGenerateTestTone, iOpsIADVlRowStatus } STATUS current DESCRIPTION "A collection of objects that support the phone services at the IAD." ::= { opsMIBGroups 3 } END 5. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. There are a number of managed objects in this MIB that may be service affecting if not SET properly. These are: o iOpsIADResetIAD o iOpsIADSoftwareUpgradeFileName o iOpsIADDownloadSoftware o iOpsIADSaveSoftware o iOpsIADReConfigIAD o iOpsIADConfigUpgradeFileName o iOpsIADUpDownloadConfiguration o iOpsIADSaveConfiguration It is thus important to control access to these objects. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2274 [12] and the View-based Access Control Model RFC 2275 [15] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 6. References [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2271, Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998 [2] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, Performance Systems International, Hughes LAN Systems, May 1990 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, Performance Systems International, Hughes LAN Systems, March 1991 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991 [5] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [6] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [7] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2274, IBM T. J. Watson Research, January 1998. [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, January 1998 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., Cisco Systems, Inc., January 1998 [16] GR-303-CORE Issue 2, "Integrated Digital Loop Carrier System Generic Requirements, Objectives, and Interface", December 1998 [17] ANDA UAP 2000 User Guide #600001 7. Authors' Addresses Ray Jamp ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 USA Email: rjamp@andanets.com Phone: +1-408-990-4900 Dan Palevich ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 USA Email: dpalevich@andanets.com Phone: +1-408-990-4900 Yu-Jen Hsiao ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 USA Email: yjhsiao@andanets.com Phone: +1-408-990-4900 Howard Hui ANDA Networks, Inc. 2921 Copper Road Santa Clara, CA 95051 USA Email: hhui@andanets.com Phone: +1-408-990-4900 Expires April 6, 2000