PPP-SEC-MIB DEFINITIONS ::= BEGIN

IMPORTS

     Counter

          FROM RFC1155-SMI

     OBJECT-TYPE

          FROM RFC-1212

     ppp

          FROM PPP-LCP-MIB;

     pppSecurity OBJECT IDENTIFIER ::= { ppp 2 }

     pppSecurityProtocols OBJECT IDENTIFIER ::= { pppSecurity 1 }

-- The following uniquely identify the various protocols

-- used by PPP security. These OBJECT IDENTIFIERS are

-- used in the pppSecurityConfigProtocol and

-- pppSecuritySecretsProtocol objects to identify to which

-- protocols the table entries apply.

     pppSecurityPapProtocol OBJECT IDENTIFIER ::=

               { pppSecurityProtocols 1 }

     pppSecurityChapMD5Protocol OBJECT IDENTIFIER ::=

               { pppSecurityProtocols 2 }

-- PPP Security Group

-- Implementation of this group is optional.

-- This table allows the network manager to configure

-- which security protocols are to be used on which

-- link and in what order of preference each is to be tried

pppSecurityConfigTable   OBJECT-TYPE

     SYNTAX    SEQUENCE OF PppSecurityConfigEntry

     ACCESS    not-accessible

     STATUS    mandatory

     DESCRIPTION

               "Table containing the configuration and

               preference parameters for PPP Security."

     ::= { pppSecurity 2 }

pppSecurityConfigEntry   OBJECT-TYPE

     SYNTAX    PppSecurityConfigEntry

     ACCESS    not-accessible

     STATUS    mandatory

     DESCRIPTION

               "Security configuration information for a

               particular PPP link."

     INDEX     { pppSecurityConfigLink,

               pppSecurityConfigPreference }

     ::= { pppSecurityConfigTable 1 }

PppSecurityConfigEntry ::= SEQUENCE {

     pppSecurityConfigLink

          INTEGER,

     pppSecurityConfigPreference

          INTEGER,

     pppSecurityConfigProtocol

          OBJECT IDENTIFIER,

     pppSecurityConfigStatus

          INTEGER

     }

pppSecurityConfigLink   OBJECT-TYPE

     SYNTAX    INTEGER(0..2147483647)

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "The value of ifIndex that identifies the entry

               in the interface table that is associated with

               the local PPP entity's link for which this

               particular security algorithm shall be

               attempted. A value of 0 indicates the default

               algorithm - i.e., this entry applies to all

               links for which explicit entries in the table

               do not exist."

     ::= { pppSecurityConfigEntry 1 }

pppSecurityConfigPreference   OBJECT-TYPE

     SYNTAX    INTEGER(0..2147483647)

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "The relative preference of the security

               protocol identified by

               pppSecurityConfigProtocol. Security protocols

               with lower values of

               pppSecurityConfigPreference are tried before

               protocols with higher values of

               pppSecurityConfigPreference."

     ::= { pppSecurityConfigEntry 2 }

pppSecurityConfigProtocol   OBJECT-TYPE

     SYNTAX    OBJECT IDENTIFIER

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "Identifies the security protocol to be

               attempted on the link identified by

               pppSecurityConfigLink at the preference level

               identified by pppSecurityConfigPreference. "

     ::= { pppSecurityConfigEntry 3 }

pppSecurityConfigStatus   OBJECT-TYPE

     SYNTAX    INTEGER  {

               invalid(1),

               valid(2)

          }

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "Setting this object to the value invalid(1)

               has the effect of invalidating the

               corresponding entry in the

               pppSecurityConfigTable. It is an

               implementation-specific matter as to whether

               the agent removes an invalidated entry from the

               table.  Accordingly, management stations must

               be prepared to receive tabular information from

               agents that corresponds to entries not

               currently in use.  Proper interpretation of

               such entries requires examination of the

               relevant pppSecurityConfigStatus object."

     DEFVAL    { valid }

     ::= { pppSecurityConfigEntry 4 }

-- This table contains all of the ID/Secret pair information.

pppSecuritySecretsTable   OBJECT-TYPE

     SYNTAX    SEQUENCE OF PppSecuritySecretsEntry

     ACCESS    not-accessible

     STATUS    mandatory

     DESCRIPTION

               "Table containing the identities and secrets

               used by the PPP authentication protocols.  As

               this table contains secret information, it is

               expected that access to this table be limited

               to those SNMP Party-Pairs for which a privacy

               protocol is in use for all SNMP messages that

               the parties exchange.  This table contains both

               the ID and secret pair(s) that the local PPP

               entity will advertise to the remote entity and

               the pair(s) that the local entity will expect

               from the remote entity.  This table allows for

               multiple id/secret password pairs to be

               specified for a particular link by using the

               pppSecuritySecretsIdIndex object."

     ::= { pppSecurity 3 }

pppSecuritySecretsEntry   OBJECT-TYPE

     SYNTAX    PppSecuritySecretsEntry

     ACCESS    not-accessible

     STATUS    mandatory

     DESCRIPTION

               "Secret information."

     INDEX     { pppSecuritySecretsLink,

               pppSecuritySecretsIdIndex }

     ::= { pppSecuritySecretsTable 1 }

PppSecuritySecretsEntry ::= SEQUENCE {

     pppSecuritySecretsLink

          INTEGER,

     pppSecuritySecretsIdIndex

          INTEGER,

     pppSecuritySecretsDirection

          INTEGER,

     pppSecuritySecretsProtocol

          OBJECT IDENTIFIER,

     pppSecuritySecretsIdentity

          OCTET STRING,

     pppSecuritySecretsSecret

          OCTET STRING,

     pppSecuritySecretsStatus

          INTEGER

}

pppSecuritySecretsLink   OBJECT-TYPE

     SYNTAX    INTEGER(0..2147483647)

     ACCESS    read-only

     STATUS    mandatory

     DESCRIPTION

               "The link to which this ID/Secret pair applies.

               By convention, if the value of this object is 0

               then the ID/Secret pair applies to all links."

     ::= { pppSecuritySecretsEntry 1 }

pppSecuritySecretsIdIndex   OBJECT-TYPE

     SYNTAX    INTEGER(0..2147483647)

     ACCESS    read-only

     STATUS    mandatory

     DESCRIPTION

               "A unique value for each ID/Secret pair that

               has been defined for use on this link.  This

               allows multiple ID/Secret pairs to be defined

               for each link.  How the local entity selects

               which pair to use is a local implementation

               decision."

     ::= { pppSecuritySecretsEntry 2 }

pppSecuritySecretsDirection   OBJECT-TYPE

     SYNTAX    INTEGER  {

               local-to-remote(1),

               remote-to-local(2)

          }

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "This object defines the direction in which a

               particular ID/Secret pair is valid.  If this

               object is local-to-remote then the local PPP

               entity will use the ID/Secret pair when

               attempting to authenticate the local PPP entity

               to the remote PPP entity.  If this object is

               remote-to-local then the local PPP entity will

               expect the ID/Secret pair to be used by the

               remote PPP entity when the remote PPP entity

               attempts to authenticate itself to the local

               PPP entity."

     ::= { pppSecuritySecretsEntry 3 }

pppSecuritySecretsProtocol   OBJECT-TYPE

     SYNTAX    OBJECT IDENTIFIER

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "The security protocol (e.g. CHAP or PAP) to

               which this ID/Secret pair applies."

     ::= { pppSecuritySecretsEntry 4 }

pppSecuritySecretsIdentity   OBJECT-TYPE

     SYNTAX    OCTET STRING (SIZE(0..255))

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "The Identity of the ID/Secret pair.  The

               actual format, semantics, and use of

               pppSecuritySecretsIdentity depends on the

               actual security protocol used.  For example, if

               pppSecuritySecretsProtocol is

               pppSecurityPapProtocol then this object will

               contain a PAP Peer-ID. If

               pppSecuritySecretsProtocol is

               pppSecurityChapMD5Protocol then this object

               would contain the CHAP NAME parameter."

     ::= { pppSecuritySecretsEntry 5 }

pppSecuritySecretsSecret   OBJECT-TYPE

     SYNTAX    OCTET STRING (SIZE(0..255))

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "The secret of the ID/Secret pair.  The actual

               format, semantics, and use of

               pppSecuritySecretsSecret depends on the actual

               security protocol used.  For example, if

               pppSecuritySecretsProtocol is

               pppSecurityPapProtocol then this object will

               contain a PAP Password. If

               pppSecuritySecretsProtocol is

               pppSecurityChapMD5Protocol then this object

               would contain the CHAP MD5 Secret."

     ::= { pppSecuritySecretsEntry 6 }

pppSecuritySecretsStatus   OBJECT-TYPE

     SYNTAX    INTEGER  {

               invalid(1),

               valid(2)

          }

     ACCESS    read-write

     STATUS    mandatory

     DESCRIPTION

               "Setting this object to the value invalid(1)

               has the effect of invalidating the

               corresponding entry in the

               pppSecuritySecretsTable. It is an

               implementation-specific matter as to whether

               the agent removes an invalidated entry from the

               table.  Accordingly, management stations must

               be prepared to receive tabular information from

               agents that corresponds to entries not

               currently in use.  Proper interpretation of

               such entries requires examination of the

               relevant pppSecuritySecretsStatus object."

     DEFVAL    { valid }

     ::= { pppSecuritySecretsEntry 7 }

END