TIMETRA-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32,
    Counter32, IpAddress, Counter64, Gauge32, Integer32,
    NOTIFICATION-TYPE
        FROM SNMPv2-SMI

    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF

    TEXTUAL-CONVENTION, RowStatus, DisplayString,
    TruthValue, TimeStamp, DateAndTime, MacAddress
        FROM SNMPv2-TC

    timetraSRMIBModules, tmnxSRObjs, tmnxSRNotifyPrefix,
    tmnxSRConfs
        FROM TIMETRA-GLOBAL-MIB

    TItemDescription, TNamedItem, TNamedItemOrEmpty,
    TmnxPortID, IpAddressPrefixLength,
    TTcpUdpPort, TIpProtocol, TmnxAdminState, TmnxOperState,
    TDSCPNameOrEmpty, TIpOption, TmnxVRtrIDOrZero, TmnxActionType,
    TCpmProtPolicyID, TCIRRate, TPIRRate, TPIRRateOrZero,
    TmnxServId, Dot1PPriority, Dot1PPriorityMask,
    ServiceAccessPoint, TOperator,
    TBurstSize, InterfaceIndex
        FROM TIMETRA-TC-MIB

    TItemMatch, TFilterLogId, TEntryId
        FROM TIMETRA-FILTER-MIB

    tmnxCpmFlashHwIndex, tmnxCpmFlashOperStatus
        FROM TIMETRA-CHASSIS-MIB

    InetAddressIPv6, InetAddressPrefixLength, InetAddressType,
    InetAddress
        FROM INET-ADDRESS-MIB

    Dot1agCfmMDLevel
        FROM IEEE8021-CFM-MIB

    InterfaceIndexOrZero
        FROM IF-MIB

    vRtrID, vRtrIfIndex
        FROM TIMETRA-VRTR-MIB

    svcId
        FROM TIMETRA-SERV-MIB

    sapPortId, sapEncapValue
        FROM TIMETRA-SAP-MIB

    sdpBindId
        FROM TIMETRA-SDP-MIB

    tmnxPortPortID
        FROM TIMETRA-PORT-MIB
    ;

timetraSecurityMIBModule  MODULE-IDENTITY
        LAST-UPDATED "201102010000Z"
        ORGANIZATION "Alcatel-Lucent"
        CONTACT-INFO
            "Alcatel-Lucent SROS Support
             Web: http://support.alcatel-lucent.com"
        DESCRIPTION
            "This document is the SNMP MIB module to manage and provision
             Security features on Alcatel-Lucent SROS systems.

             Copyright 2003-2014 Alcatel-Lucent. All rights reserved.
             Reproduction of this document is authorized on the condition that
             the foregoing copyright notice is included.

             This SNMP MIB module (Specification) embodies Alcatel-Lucent's
             proprietary intellectual property.  Alcatel-Lucent retains
             all title and ownership in the Specification, including any
             revisions.

             Alcatel-Lucent grants all interested parties a non-exclusive
             license to use and distribute an unmodified copy of this
             Specification in connection with management of Alcatel-Lucent
             products, and without fee, provided this copyright notice and
             license appear on all copies.

             This Specification is supplied 'as is', and Alcatel-Lucent
             makes no warranty, either express or implied, as to the use,
             operation, condition, or performance of the Specification."

--
--  Revision History
--
        REVISION        "1111010000Z"
        DESCRIPTION     "Rev 10.0               1 Nov 2011 00:00
                         10.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "1102010000Z"
        DESCRIPTION     "Rev 9.0                1 Feb 2011 00:00
                         9.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0902280000Z"
        DESCRIPTION     "Rev 7.0                28 Feb 2009 00:00
                         7.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0807010000Z"
        DESCRIPTION     "Rev 6.1                01 Jul 2008 00:00
                         6.1 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0801010000Z"
        DESCRIPTION     "Rev 6.0                01 Jan 2008 00:00
                         6.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0701010000Z"
        DESCRIPTION     "Rev 5.0                01 Jan 2007 00:00
                         5.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0602280000Z"
        DESCRIPTION     "Rev 4.0                28 Feb 2006 00:00
                         4.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0508310000Z"
        DESCRIPTION     "Rev 3.0                31 Aug 2005 00:00
                         3.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0501240000Z"
        DESCRIPTION     "Rev 2.1                24 Jan 2005 00:00
                         2.1 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0401150000Z"
        DESCRIPTION     "Rev 2.0                15 Jan 2004 00:00
                         2.0 release of the TIMETRA-SECURITY-MIB."

        REVISION        "0308150000Z"
        DESCRIPTION     "Rev 1.2                15 Aug 2003 00:00
                         1.2 release of the TIMETRA-SECURITY-MIB."

        REVISION        "200301270000Z"
        DESCRIPTION     "Rev 0.1                27 Jan 2003 00:00
                         Initial version of the TIMETRA-SECURITY-MIB."

        ::= { timetraSRMIBModules 22 }

tmnxSecurityObjects         OBJECT IDENTIFIER ::= { tmnxSRObjs 22 }
tmnxSecurityNotifyPrefix    OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 22 }
    tmnxSecurityNotifications   OBJECT IDENTIFIER ::= { tmnxSecurityNotifyPrefix 0 }
tmnxSecurityConformance     OBJECT IDENTIFIER ::= { tmnxSRConfs 22 }

--
-- Textual Conventions
--
TProfileAction ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Action to take be taken as a result of matching a profile.
            deny (1) - matching commands are denied access.
            allow(2) - matching commands are allowed access. if the
            none (3) - no action is taken giving way to other
                       profile matching to happen."
    SYNTAX INTEGER { deny(1), allow(2), none(3) }

TmnxMafAction ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Action to take be taken as a result of matching the configured
         criteria in a Management Access Filter.
            none   (0) - no action specified, follow default behavior.
            permit (1) - packets matching the configured criteria are
                         permitted.
            deny   (2) - packets matching the configured criteria are
                         denied and an ICMP host unreachable message
                         is issued.
            denyHostUnreachable (3) - packets matching the configured criteria
                                      are denied and no ICMP host unreachable
                                      message is issued."
    SYNTAX INTEGER {
               none                (0),
               permit              (1),
               deny                (2),
               denyHostUnreachable (3)
           }

TCpmFilterQueueId ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TCpmFilterQueueId is an integer value that identifies a CPM queue.
         The value '0' is used if there is no queue defined"
    SYNTAX Unsigned32 (0|33..2000)

TCpmFilterActionOrDefault ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TCpmFilterActionOrDefault data type is an enumerated integer
         that describes the values used to specify the action to take on the
         traffic when the filter entry matches.
         drop    (1)  packets matching the filter entry are dropped
         forward (2)  packets matching the filter entry are forwarded
         queue   (3)  packets matching the filter are sent to queue
                      tCpmFilterQueueId
         default (4)  the disposition of packets matching the filter is
                      determined by the default-action of the filter"
    SYNTAX INTEGER {
               drop    (1),
               forward (2),
               queue   (3),
               default (4)
           }

IPv6FlowLabel ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The flow identifier or Flow Label in an IPv6
         packet header that may be used to discriminate
         traffic flows.  (RFC3595).
         The value -1 indicates 'no flowLabel' "
    SYNTAX Integer32 (-1|0..1048575)

TmnxKeyChainKeyDirection ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainKeyDirection data type is an enumerated integer that
         indicates the tcp-stream direction to apply the keychain on."
    SYNTAX INTEGER {
               send           (1),
               receive        (2),
               send-receive   (3)
            }

TmnxKeyChainKeyAlgorithm ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainKeyAlgorithm data type is an enumerated integer that
         indicates the encryption algorithm to be used by the key defined
         in the keychain."
    SYNTAX INTEGER {
               nullKeyAlgo     (0),
               aes128Cmac96    (1),
               hmacSha196      (2)
            }

TmnxKeyChainTcpOptionNum ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxKeyChainTcpOptionNum data type is an enumerated integer that
         indicates the TCP option number to be used in the TCP header."
    SYNTAX INTEGER {
               value253              (1),
               value254              (2),
               all                   (3)
            }

TmnxMafType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TmnxMafType data type is an enumerated integer that describes
         the type of packets a filter applies to."
    SYNTAX  INTEGER {
                ipv4 (1),
                ipv6 (2),
                mac  (3)
                }

TmnxCpmPacketRateLimit ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate limit expressed in packets per second.

        The value -1 means unlimited rate."
    SYNTAX      Integer32 (-1 | 1..65535)

TmnxCpmPacketPolRateLimit ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate limit expressed in packets per second for CPU protection
        policy parameters.

        The value -1 means unlimited rate."
    SYNTAX      Integer32 (-1 | 1..65534)

TmnxCpmPktPolRateLimitInclZero ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate limit expressed in packets per second for CPU protection
         policy parameters.

         The value zero means a limit of zero packets per second. 

         The value -1 means unlimited rate."
    SYNTAX      Integer32 (-1..65534)

TmnxCpmPacketRate ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A packet rate expressed in packets per second."
    SYNTAX      Gauge32 (0..4294967295)

TmnxCpmProtEthCfmOpCode ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The Opcode field within an Ethernet Connectivity Fault Management PDU
         has this range."
    REFERENCE
        "ITU-T Y.1731 Specification, 02/2008"
    SYNTAX      Unsigned32 (0..255)

TmnxMafMacFltrFrameType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The type of the frame for which this mac filter match criteria is
        defined."
    SYNTAX       INTEGER {
                    e802dot3(0),
                    e802dot2LLC(1),
                    e802dot2SNAP(2),
                    ethernetII(3),
                    e802dot1ag(4)
                 }

TmnxCpmMacFltrFrameType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The type of the frame for which this mac filter match criteria is
        defined."
    SYNTAX       INTEGER {
                    none(-1),  
                    e802dot2LLC(1),
                    ethernetII(3),
                    e802dot1ag(4)
                 }

TmnxSecRadiusServAlgorithm ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TmnxSecRadiusServAlgorithm data type is an enumerated integer that
         indicates the algorithm used to access the list of configured RADIUS
         servers:
         - direct      (1): The first server will be used as primary server for
                            all requests, the second as secondary and so on.
         - round-robin (2): The first server will be used as primary server for
                            the first request, the second server as primary for
                            the second request, and so on. If the router gets
                            to the end of the list, it starts again with the
                            first server."
    SYNTAX INTEGER {
        direct      (1),
        round-robin (2)
    }

--
-- User Profile Table
--
tmnxUserProfileTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the user profiles for access to the commands
         in the command line interface."
    ::= { tmnxSecurityObjects 1 }

tmnxUserProfileEntry OBJECT-TYPE
    SYNTAX      TmnxUserProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single user profile."
    INDEX { tmnxUserProfile }
    ::= { tmnxUserProfileTable 1 }

TmnxUserProfileEntry ::= SEQUENCE {
    tmnxUserProfile               TNamedItem,
    tmnxUserProfileRowStatus      RowStatus,
    tmnxUserProfileDefaultAction  TProfileAction,
    tmnxUserProfileLi             TruthValue
}

tmnxUserProfile  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The name of the profile is the index to the table."
    ::= { tmnxUserProfileEntry 1 }

tmnxUserProfileRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Row Status for the user profile. The deletion of this row has
         an action of removing the dependent rows in the
         tmnxUserProfileTable. "
    ::= { tmnxUserProfileEntry 2 }

tmnxUserProfileDefaultAction  OBJECT-TYPE
    SYNTAX      TProfileAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The action to be given to the user profile in case if none of
         the entries match the command."
    DEFVAL { deny }
    ::= { tmnxUserProfileEntry 3 }

tmnxUserProfileLi   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserProfileLi specifies whether or this profile
         can be assigned to a user to support Lawful Intercept (LI)
         operations.  This object can only be modified from the SNMPv3 'li' 
         context."
    DEFVAL { false }
    ::= { tmnxUserProfileEntry 4 }

--
-- User Profile Match Table
--
tmnxUserProfileMatchTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserProfileMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table which stores multiple entries per user profile to
         define specific action to be taken in case if the command
         matches the entry."
    ::= { tmnxSecurityObjects 2 }

tmnxUserProfileMatchEntry OBJECT-TYPE
    SYNTAX      TmnxUserProfileMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single user profile."
    INDEX { tmnxUserProfile, tmnxUserProfileMatchId }
    ::= { tmnxUserProfileMatchTable 1 }

TmnxUserProfileMatchEntry ::= SEQUENCE {
    tmnxUserProfileMatchId          Unsigned32,
    tmnxUserProfileMatchRowStatus   RowStatus,
    tmnxUserProfileMatchDescription TItemDescription,
    tmnxUserProfileMatchAction      TProfileAction,
    tmnxUserProfileMatchString      DisplayString }

tmnxUserProfileMatchId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Secondary index for the table"
    ::= { tmnxUserProfileMatchEntry 1 }

tmnxUserProfileMatchRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Row Status for the user profile match."
    ::= { tmnxUserProfileMatchEntry 2 }

tmnxUserProfileMatchDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "User-provided description for the match entry."
    DEFVAL { ''H }
    ::= { tmnxUserProfileMatchEntry 3 }

tmnxUserProfileMatchAction  OBJECT-TYPE
    SYNTAX      TProfileAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Action to be used in case if a command matches this entry."
    ::= { tmnxUserProfileMatchEntry 4 }

tmnxUserProfileMatchString  OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Match string to be used for this entry."
    ::= { tmnxUserProfileMatchEntry 5 }

--
-- User Table
--
tmnxUserTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserTable contains configuration information for the
         system users."
    ::= { tmnxSecurityObjects  3 }

tmnxUserEntry  OBJECT-TYPE
    SYNTAX      TmnxUserEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserEntry is an entry (conceptual row) in the tmnxUserEntry.
         Each entry represents the configuration for a system user.
         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxUserRowStatus."
    INDEX  { IMPLIED tmnxUserName }
    ::= { tmnxUserTable 1 }

TmnxUserEntry ::= SEQUENCE {
    tmnxUserName                        TNamedItem,
    tmnxUserRowStatus                   RowStatus,
    tmnxUserPassword                    OCTET STRING,
    tmnxUserPasswordEncrypted           TruthValue,
    tmnxUserAccess                      BITS,
    tmnxUserHomeDirectory               OCTET STRING,
    tmnxUserRestrictedToHome            TruthValue,
    tmnxUserConsoleLoginExecFile        OCTET STRING,
    tmnxUserConsoleCannotChangePswd     TruthValue,
    tmnxUserConsoleNewPswdAtLogin       TruthValue,
    tmnxUserConsoleMemberProfile1       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile2       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile3       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile4       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile5       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile6       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile7       TNamedItemOrEmpty,
    tmnxUserConsoleMemberProfile8       TNamedItemOrEmpty,
    tmnxUserAttemptedLogins             Counter32,
    tmnxUserSuccessfulLogins            Counter32,
    tmnxUserPasswordChanged             TimeStamp
}

tmnxUserName  OBJECT-TYPE
    SYNTAX      TNamedItem (SIZE(1..16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserName specifies the name for a system user.
         This name must be unique amongst the table entries."
    ::= { tmnxUserEntry 1 }

tmnxUserRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxUserRowStatus controls the creation and deletion of
         rows in the table.

         To create a row in the tmnxUserTable, set tmnxUserRowStatus
         to createAndGo(4). All objects will take on default values and
         the agent will change tmnxUserRowStatus to active(1).

         To delete a row in the tmnxUserTable, set tmnxUserRowStatus
         to delete(6)."
    ::= { tmnxUserEntry 2 }

tmnxUserPassword  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..129))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPassword specifies the password used to
         authenticate the user for console and FTP access.

         tmnxUserPassword and tmnxUserPasswordEncrypted, which indicates
         whether or not the password string is encrypted, must be set
         together in the same SNMP request PDU or else the set request
         will fail with an inconsistentValue error.

         The value of tmnxUserPassword cannot be more than 20 characters
         when the value of tmnxUserPasswordEncrypted is 'false'."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 3 }

tmnxUserPasswordEncrypted  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserPasswordEncrypted is 'true', the
         password specified by tmnxUserPassword is in the encrypted
         form.

         When the value of tmnxUserPasswordEncrypted is 'false', the
         password specified by tmnxUserPassword is in plain text.

         tmnxUserPassword and tmnxUserPasswordEncrypted, which indicates
         whether or not the password string is encrypted, must be set
         together in the same SNMP request PDU or else the set request
         will fail with an inconsistentValue error."
    DEFVAL { true }
    ::= { tmnxUserEntry 4 }

tmnxUserAccess  OBJECT-TYPE
    SYNTAX      BITS {
                    console(0),
                    ftp    (1),
                    snmp   (2),
                    li     (3)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserAccess specifies the type of access the
         the user is permitted. To allow the user access to the console,
         FTP or SNMP, set the corresponding bit in tmnxUserAccess. Reset
         the bit to deny the access.

         'li' access allows this user to access CLI commands in the
         Lawful Intercept (LI) context.  The 'li' bit can only be modified
         from the SNMPv3 'li' context."
    DEFVAL { { } }
    ::= { tmnxUserEntry 5 }

tmnxUserHomeDirectory  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..200))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserHomeDirectory specifies the local home
         directory for the user for console and FTP access."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 6 }

tmnxUserRestrictedToHome  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserRestrictedToHome is 'true', the user
         is not allowed to navigate to directories above his home
         directory for file access.

         When the value of tmnxUserRestrictedToHome is 'false', the user
         is allowed access to directories above his home directory."
    DEFVAL { false }
    ::= { tmnxUserEntry 7 }

tmnxUserConsoleLoginExecFile  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..200))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleLoginExecFile specifies the file
         that should be executed whenever the user successfully logs in
         to a console session."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 8 }

tmnxUserConsoleCannotChangePswd  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserConsoleCannotChangePswd is 'true',
         the user does not have the privilege to change the password
         for console and FTP login.

         When the value of tmnxUserConsoleCannotChangePswd is 'false',
         the user has the privilege to change the password for console
         and FTP login."
    DEFVAL { false }
    ::= { tmnxUserEntry 9 }

tmnxUserConsoleNewPswdAtLogin  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxUserConsoleNewPswdAtLogin is 'true', the
         will be forced to change his password at the next console or
         FTP login.

         When the value of tmnxUserConsoleNewPswdAtLogin is 'false', the
         will not be forced to change his password at the next console
         or FTP login."
    DEFVAL { false }
    ::= { tmnxUserEntry 10 }

tmnxUserConsoleMemberProfile1  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile1 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 11 }

tmnxUserConsoleMemberProfile2  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile2 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 12 }

tmnxUserConsoleMemberProfile3  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile3 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 13 }

tmnxUserConsoleMemberProfile4  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile4 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 14 }

tmnxUserConsoleMemberProfile5  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile5 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 15 }

tmnxUserConsoleMemberProfile6  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile6 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 16 }

tmnxUserConsoleMemberProfile7  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile7 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 17 }

tmnxUserConsoleMemberProfile8  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserConsoleMemberProfile8 specifies a user
         profile that the user has access to. This profile must be
         a valid row entry in tmnxUserProfileTable.

         Each user can access a maximum of 8 user profiles. The value
         of the n-th user profile can be set only if all previous user
         profiles (1 through (n-1)) are non-empty strings. The order of
         the user profiles is important. The first user profile has
         highest precedence, followed by the second and so on."
    DEFVAL { ''h }
    ::= { tmnxUserEntry 18 }

tmnxUserAttemptedLogins  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserAttemptedLogins indicates the number of
         times the user has attempted to login irrespective of whether
         the login succeeded or failed."
    ::= { tmnxUserEntry 19 }

tmnxUserSuccessfulLogins  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserSuccessfulLogins indicates the number of
         times the user has successfully logged in."
    ::= { tmnxUserEntry 20 }

tmnxUserPasswordChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserPasswordChanged indicates the value of
         sysUpTime when the login password was last changed."
    ::= { tmnxUserEntry 21 }

--
--  System Management Access Filter Objects section
--
tmnxMafObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 4 }

--
--  Alcatel-Lucent SROS series MANAGEMENT ACCESS FILTER OBJECTS
--

--
-- tmnxMafTable (obsoleted and replaced by tmnxGenMafTable)
--
tmnxMafTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxMafEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "This table has been replaced with tmnxGenMafTable. The new table
         allows to define both IPv4 and IPv6 MAFs.

         The tmnxMafTable has an entry for each Management Access Filter
         (MAF) configured on the system.  Management Access Filters are
         used to restrict management of this Alcatel-Lucent SROS device by
         other nodes outside either specific (sub)networks or through
         designated ports.  By default no Management Access Filters are
         defined and this table will be empty."
::= { tmnxMafObjs 1 }

tmnxMafEntry OBJECT-TYPE
    SYNTAX      TmnxMafEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "Each row entry contains information about a Management Access
         Filter (MAF)."
    INDEX { tmnxMafName }
    ::= { tmnxMafTable 1 }

TmnxMafEntry ::= SEQUENCE {
    tmnxMafName          TNamedItem,
    tmnxMafRowStatus     RowStatus,
    tmnxMafDefaultAction TmnxMafAction,
    tmnxMafAdminState    TmnxAdminState
}

tmnxMafName  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafName specifies the Management Access Filter
         (MAF) represented by this row in the tmnxMafTable."
    ::= { tmnxMafEntry 1 }

tmnxMafRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The tmnxMafRowStatus object is used to create and delete rows in
         the tmnxMafTable.  The values supported during a set operation are
         createAndGo(4), createAndWait(5) and destroy(6)."
    ::= { tmnxMafEntry 2 }

tmnxMafDefaultAction  OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafDefaultAction specifies the default action
         for management access in the absence of a specific management
         access filter entry match.  The default action is applied
         to a packet that does not satisfy any match criteria in any of
         the management access filter match entries.  Before a MAF can be
         active, a default action must have been specified."
    DEFVAL { none }
    ::= { tmnxMafEntry 3 }

tmnxMafAdminState  OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafAdminState specifies the administrative state
         for this management access filter.  A value of 'outOfService'
         disables this filter which results in permitting all traffic."
    DEFVAL { inService }
    ::= { tmnxMafEntry 4 }

--
-- IPv4 MAF entries (obsoleted, replaced by tmnxIPMafMatchTable)
--
tmnxMafMatchTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "This tables has been replaced with the table tmnxIPMafMatchTable
         which allows for both IPv4 and IPv6 MAF entries.

         The tmnxMafMatchTable contains filter match criteria associated
         with Management Access Filters (MAFs) configured on the system."
::= { tmnxMafObjs 2 }

tmnxMafMatchEntry OBJECT-TYPE
    SYNTAX      TmnxMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "Each row entry contains information about a management access filter
         entry associated with a specific Management Access Filter (MAF).
         The filter criter is applied in order according to the value of
         tmnxMafMatchIndex.  The match algorithm is exited upon the first
         match found and then the action specified is executed.  For this
         reason, entries must be sequenced from most to least explicit.
         An entry where tmnxMafMatchAction has a value of 'none' is not
         active."
    INDEX { tmnxMafName,
            tmnxMafMatchIndex }
    ::= { tmnxMafMatchTable 1 }

TmnxMafMatchEntry ::= SEQUENCE {
    tmnxMafMatchIndex           Unsigned32,
    tmnxMafMatchRowStatus       RowStatus,
    tmnxMafMatchLastChanged     TimeStamp,
    tmnxMafMatchAction          TmnxMafAction,
    tmnxMafMatchDescription     TItemDescription,
    tmnxMafMatchSrcIpAddr       IpAddress,
    tmnxMafMatchSrcIpMask       IpAddressPrefixLength,
    tmnxMafMatchSrcPortType     INTEGER,
    tmnxMafMatchSrcPortId       TmnxPortID,
    tmnxMafMatchDestPort        TTcpUdpPort,
    tmnxMafMatchDestPortMask    Unsigned32,
    tmnxMafMatchProtocol        TIpProtocol,
    tmnxMafMatchCount           Counter64,
    tmnxMafMatchRouter          TNamedItemOrEmpty,
    tmnxMafMatchLog             TruthValue
}

tmnxMafMatchIndex  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchIndex specifies the Management Access Filter
         Entry (MAFE) represented by this row in the tmnxMafMatchTable.  It
         is associated to a specific Management Access Filter by the value
         of tmnxMafName index."
    ::= { tmnxMafMatchEntry 1 }

tmnxMafMatchRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The tmnxMafMatchRowStatus object is used to create and delete rows in
         the tmnxMafMatchTable.  The values supported during a set operation
         are createAndGo(4), createAndWait(5) and destroy(6)."
    ::= { tmnxMafMatchEntry 2 }

tmnxMafMatchLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchLastChanged is the timestamp of last
         change to this row in tmnxMafMatchTable."
    ::= { tmnxMafMatchEntry 3 }

tmnxMafMatchAction  OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchAction specifies the action to be taken
         when a packet matches the selection criteria configured in this
         management access filter entry.  Before a filter entry can be active,
         tmnxMafMatchAction must be assigned some value other than 'none'."
    DEFVAL { none }
    ::= { tmnxMafMatchEntry 4 }

tmnxMafMatchDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchDescription is a user provided description
         string for this Management Access Filter Entry.  It can consist of
         any printable, seven-bit ASCII characters up to 80 characters in
         length."
    DEFVAL { ''H }
    ::= { tmnxMafMatchEntry 5 }

tmnxMafMatchSrcIpAddr  OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchSrcIpAddr specifies IP address used with
         the value of tmnxMafMatchSrcIpMask to indicate a source IP address
         range to be used as the match criteria for this Management Access
         Filter Entry."
    DEFVAL { '00000000'H }      -- 0.0.0.0
    ::= { tmnxMafMatchEntry 6 }

tmnxMafMatchSrcIpMask  OBJECT-TYPE
    SYNTAX      IpAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchSrcIpMask specifies the number of bits
         to match of the source Ip Address."
    DEFVAL { 0 }
    ::= { tmnxMafMatchEntry 7 }

tmnxMafMatchSrcPortType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    any  (1),
                    cpm  (2),
                    port (3),
                    lag  (4)
                }
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchSrcPortType is used to restrict ingress
         management packets to either the configured management Ethernet
         port or any other logical port (LAG, port, or channel) on the
         device.  By default, management traffic is accepted on any interface."
    DEFVAL { any }
    ::= { tmnxMafMatchEntry 8 }

tmnxMafMatchSrcPortId  OBJECT-TYPE
    SYNTAX      TmnxPortID
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "When tmnxMafMatchSrcPortType has a value of 'port' or 'lag' the
         value of tmnxMafMatchSrcPortId specifies the port used to restrict
         ingress management packets.  A value of zero indicated that this
         object is not initialized."
    DEFVAL { 0 }
    ::= { tmnxMafMatchEntry 9 }

tmnxMafMatchDestPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchDestPort specifies a TCP or UDP port
         number to be used as a match criteria in this Management Access
         Filter Entry.  A value of zero indicates that this object is
         not initialized."
    DEFVAL { 0 }
    ::= { tmnxMafMatchEntry 10 }

tmnxMafMatchDestPortMask  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|1..65535)
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchDestPortMask specifies a mask to be used
         when the value of tmnxMafMatchDestPort is not equal to zero.
         The mask allows a range of TCP or UDP port values to be
         specified for the match criteria in this Management Access Filter
         Entry.  A value of 65535, 0xFFFF, is used to indicate that
         this object is not initialized."
    DEFVAL { 'FFFF'h }
    ::= { tmnxMafMatchEntry 11 }

tmnxMafMatchProtocol  OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchProtocol specifies an IP protocol type
         to be used in the match criteria for this Management Access Filter
         Entry.  Some well-know protocol numbers are TCP (6), and UDP (7).
         The value of -1 is used to indicate that this object is not
         initialized."
    DEFVAL { -1 }
    ::= { tmnxMafMatchEntry 12 }

tmnxMafMatchCount  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchCount indicates the number of times
         a management packet has matched this filter entry."
    ::= { tmnxMafMatchEntry 13 }

tmnxMafMatchRouter  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxMafMatchRouter specifies a router (VPRN) name or
         a service-id, expressed as an ASCII numeric string, to be used in
         the match criteria for the Management Access Filter Entry.  The
         empty string value ''H is used to indicate that this object is not
         initialized."
    DEFVAL { ''H }  -- empty string
    ::= { tmnxMafMatchEntry 14 }

tmnxMafMatchLog  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "When the value of tmnxMafMatchLog is 'true', entry match logging
         is enabled."
    DEFVAL { false }
    ::= { tmnxMafMatchEntry 15 }

--
-- tmnxGenMafTable (replaces by tmnxMafTable)
--
tmnxGenMafTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxGenMafTableLastChanged indicates
         the timestamp of the last change to the tmnxGenMafTable.
         A value of 0 indicates that no changes were made to this table
         since the system was last initialized."
::= { tmnxMafObjs 3 }

tmnxGenMafTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxGenMafEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table replaces the tmnxMafTable. It allows to define both
         IPv4 and IPv6 MAFs.

         The tmnxGenMafTable has an entry for each Management Access Filter
         (MAF) configured on the system (IPv4 and IPv6).

         Management Access Filters are used to restrict management of this
         Alcatel-Lucent SROS device by other nodes outside either specific
         (sub)networks or through designated ports.

         By default a single IPv4 and a single IPv6 Management Access Filter
         is created by the system. No additional filters can be defined by the
         operator.

         When a filter is deleted, the system will re-create it with all
         default settings."
::= { tmnxMafObjs 4 }

tmnxGenMafEntry  OBJECT-TYPE
    SYNTAX      TmnxGenMafEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry contains information about a IPv4 or IPv6
         Management Access Filter (MAF)."
    INDEX { tmnxGenMafType,
            tmnxGenMafName }
    ::= { tmnxGenMafTable 1 }

TmnxGenMafEntry ::= SEQUENCE {
    tmnxGenMafType          TmnxMafType,
    tmnxGenMafName          TNamedItem,
    tmnxGenMafLastModified  TimeStamp,
    tmnxGenMafRowStatus     RowStatus,
    tmnxGenMafAdminState    TmnxAdminState,
    tmnxGenMafDefaultAction TmnxMafAction
}

tmnxGenMafType  OBJECT-TYPE
    SYNTAX      TmnxMafType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafType specifies the type of packets, destined
         for CPM, this management access filter applies to."
    ::= { tmnxGenMafEntry 1 }

tmnxGenMafName  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafName specifies the Management Access Filter
         (MAF) represented by this row in the tmnxGenMafTable."
    ::= { tmnxGenMafEntry 2 }

tmnxGenMafLastModified  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxGenMafLastModified object indicates the timestamp of the
         last change to this row. A value of zero indicates that this row was
         not modified since the system was last initialized."
    ::= { tmnxGenMafEntry 3 }

tmnxGenMafRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxGenMafRowStatus object is used to create and delete rows in
         the tmnxGenMafTable.  The values supported during a set operation are   
         - active(1)
         - createAndGo(4),
         - createAndWait(5) which is treated in the same way as createAndGo(4)
         - destroy(6)."
    ::= { tmnxGenMafEntry 4 }

tmnxGenMafAdminState  OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafAdminState specifies the administrative state
         for this management access filter.  A value of 'outOfService'
         disables this filter which results in permitting all traffic."
    DEFVAL { inService }
    ::= { tmnxGenMafEntry 5 }

tmnxGenMafDefaultAction  OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxGenMafDefaultAction specifies the default action
         for management access in the absence of a specific management
         access filter entry match.  The default action is applied
         to a packet that does not satisfy any match criteria in any of
         the management access filter match entries. Before a MAF can be
         active, a default action must have been specified.
         The value denyHostUnreachable is not allowed for Mac Maf filters."
    DEFVAL { none }
    ::= { tmnxGenMafEntry 6 }

--
-- IPvx MAF entries (replaces tmnxMafMatchTable)
--
tmnxMafIPMatchTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxMafIPMatchTableLastChanged indicates
         the timestamp of the last change to the tmnxIPMafMatchTable.
         A value of 0 indicates that no changes were made to this table
         since the system was last initialized."
::= { tmnxMafObjs 5 }

tmnxIPMafMatchTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table replaces the tmnxMafMatchTable. It allows to define both
         IPv4 and IPv6 MAF IP entries.

         The tmnxIPMafMatchTable contains ipvx filter match criteria
         associated with Management Access Filters (MAFs) configured on the
         system."
::= { tmnxMafObjs 6 }

tmnxIPMafMatchEntry OBJECT-TYPE
    SYNTAX      TmnxIPMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry contains information about a management access filter
         entry associated with a specific Management Access Filter (MAF).

         The filter criter is applied in order according to the value of
         tmnxIPMafMatchIndex.

         The match algorithm is exited upon the first
         match found and then the action specified is executed.  For this
         reason, entries must be sequenced from most to least explicit.

         An entry where tmnxIPMafMatchAction has a value of 'none' is not
         active.
         
         Rows can only be created for tmnxGenMafType's:
         - ipv4 (1), and.
         - ipv6 (2).
         For mac Maf filters a dedicated table is provided
         (tmnxMacMafMatchTable). "
    INDEX { tmnxGenMafType,
            tmnxGenMafName,
            tmnxIPMafMatchIndex }
    ::= { tmnxIPMafMatchTable 1 }

TmnxIPMafMatchEntry ::= SEQUENCE {
    tmnxIPMafMatchIndex         Unsigned32,
    tmnxIPMafMatchRowStatus     RowStatus,
    tmnxIPMafMatchLastChanged   TimeStamp,
    tmnxIPMafMatchAction        TmnxMafAction,
    tmnxIPMafMatchDescription   TItemDescription,
    tmnxIPMafMatchSrcIpAddrType InetAddressType,
    tmnxIPMafMatchSrcIpAddr     InetAddress,
    tmnxIPMafMatchSrcIpMask     InetAddressPrefixLength,
    tmnxIPMafMatchSrcPortType   INTEGER,
    tmnxIPMafMatchSrcPortId     TmnxPortID,
    tmnxIPMafMatchDestPort      TTcpUdpPort,
    tmnxIPMafMatchDestPortMask  Unsigned32,
    tmnxIPMafMatchProtNxtHdr    TIpProtocol,
    tmnxIPMafMatchCount         Counter64,
    tmnxIPMafMatchRouter        TNamedItemOrEmpty,
    tmnxIPMafMatchFlowLabel     IPv6FlowLabel,
    tmnxIPMafMatchLog           TruthValue,
    tmnxIPMafMatchL4SrcPort      TTcpUdpPort,
    tmnxIPMafMatchL4SrcPortMask  Unsigned32,
    tmnxIPMafMatchFragment           TItemMatch
}

tmnxIPMafMatchIndex  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchIndex specifies the Management Access
         Filter Entry (MAFE) represented by this row in the
         tmnxIPMafMatchTable.

         It is associated to a specific Management Access Filter by the value
         of tmnxGenMafName index."
    ::= { tmnxIPMafMatchEntry 1 }

tmnxIPMafMatchRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPMafMatchRowStatus object is used to create and delete rows
         in the tmnxIPMafMatchTable.  Following values are supported:
         - active(1)
         - createAndGo(4),
         - createAndWait(5) which is treated in the same way as createAndGo(4)
         - destroy(6)."
    ::= { tmnxIPMafMatchEntry 2 }

tmnxIPMafMatchLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchLastChanged is the timestamp of last
         change to this row in tmnxIPMafMatchTable."
    ::= { tmnxIPMafMatchEntry 3 }

tmnxIPMafMatchAction  OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchAction specifies the action to be taken
         when a packet matches the selection criteria configured in this
         management access filter entry.  Before a filter entry can be active,
         tmnxIPMafMatchAction must be assigned some value other than 'none'.
         The value denyHostUnreachable is not allowed."
    DEFVAL { none }
    ::= { tmnxIPMafMatchEntry 4 }

tmnxIPMafMatchDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchDescription is a user provided description
         string for this Management Access Filter Entry.  It can consist of
         any printable, seven-bit ASCII characters up to 80 characters in
         length."
    DEFVAL { ''H }
    ::= { tmnxIPMafMatchEntry 5 }

tmnxIPMafMatchSrcIpAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcIpAddrType specifies the type of
         IP address stored in the object tmnxIPMafMatchSrcIpAddr.

         If the value of tmnxGenMafType indicates 'ipv4' the only allowed
         values for this object are 'unknown' or 'ipv4'.

         If the value of tmnxGenMafType indicates 'ipv6' the only allowed
         values for this object are 'unknown' or 'ipv6'."
    DEFVAL { unknown }
    ::= { tmnxIPMafMatchEntry 6 }

tmnxIPMafMatchSrcIpAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE(0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcIpAddr specifies IP address used with
         the value of tmnxIPMafMatchSrcIpMask to indicate a source IP address
         range to be used as the match criteria for this Management Access
         Filter Entry."
    DEFVAL { ''H }
    ::= { tmnxIPMafMatchEntry 7 }

tmnxIPMafMatchSrcIpMask  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcIpMask specifies the number of bits
         to match of the source Ip Address."
    DEFVAL { 0 }
    ::= { tmnxIPMafMatchEntry 8 }

tmnxIPMafMatchSrcPortType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    any  (1),
                    cpm  (2),
                    port (3),
                    lag  (4)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchSrcPortType is used to restrict ingress
         management packets to either the configured management Ethernet
         port or any other logical port (LAG, port, or channel) on the
         device.  By default, management traffic is accepted on any interface.
         
         Reading the value of tmnxIPMafMatchSrcPortType when it is different
         from 'any' will cause it to be recalculated based on the value of 
         tmnxIPMafMatchSrcPortId."
    DEFVAL { any }
    ::= { tmnxIPMafMatchEntry 9 }

tmnxIPMafMatchSrcPortId  OBJECT-TYPE
    SYNTAX      TmnxPortID
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When tmnxIPMafMatchSrcPortType is set to 'any' then the value of
         tmnxIPMafMatchSrcPortId will be forced to 503316480 (INVALID_PORT).
         
         When tmnxIPMafMatchSrcPortType is set to 'port' or 'lag' then the
         value of tmnxIPMafMatchSrcPortId specifies the port used to restrict
         ingress management packets.
         
         When tmnxIPMafMatchSrcPortType is set to 'cpm' then the value of
         tmnxIPMafMatchSrcPortId will be forced to 503316480 (INVALID_PORT)."
    DEFVAL { 0 }
    ::= { tmnxIPMafMatchEntry 10 }

tmnxIPMafMatchDestPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchDestPort specifies a TCP or UDP port
         number to be used as a match criteria in this Management Access
         Filter Entry.  A value of zero indicates that this object is
         not initialized."
    DEFVAL { 0 }
    ::= { tmnxIPMafMatchEntry 11 }

tmnxIPMafMatchDestPortMask  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|1..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchDestPortMask specifies a mask to be used
         when the value of tmnxIPMafMatchDestPort is not equal to zero.
         The mask allows a range of TCP or UDP port values to be
         specified for the match criteria in this Management Access Filter
         Entry.  A value of 65535, 0xFFFF, is used to indicate that
         this object is not initialized."
    DEFVAL { 'FFFF'h }
    ::= { tmnxIPMafMatchEntry 12 }

tmnxIPMafMatchProtNxtHdr  OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchProtNxtHdr specifies
         for IPv4 MAF the IP protocol field, and for IPv6 the next header
         type to be used in the match criteria for this Management Access
         Filter Entry.

         Some well-know protocol numbers are TCP (6), and UDP (7).
         The value of -1 is used to indicate that this object is not
         initialized.
         The value of -2 is used to indicate udp/tcp protocol matching "
    DEFVAL { -1 }
    ::= { tmnxIPMafMatchEntry 13 }

tmnxIPMafMatchCount  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchCount indicates the number of times
         a management packet has matched this filter entry."
    ::= { tmnxIPMafMatchEntry 14 }

tmnxIPMafMatchRouter  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchRouter specifies a router (VPRN) name or
         a service-id, expressed as an ASCII numeric string, to be used in
         the match criteria for the Management Access Filter Entry.  The
         empty string value ''H is used to indicate that this object is not
         initialized."
    DEFVAL { ''H }  -- empty string
    ::= { tmnxIPMafMatchEntry 15 }

tmnxIPMafMatchFlowLabel  OBJECT-TYPE
    SYNTAX      IPv6FlowLabel
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchFlowLabel specifies the flow label
         to be matched. When the value is '-1', no flow label matching
         occurs.
         This object is only meaningfull in case of an IPv6 MAF entry.
         The value is ignored in IPv4 MAF entries."
    DEFVAL { -1 }
    ::= { tmnxIPMafMatchEntry 16 }

tmnxIPMafMatchLog  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxIPMafMatchLog is 'true', entry match logging
         is enabled."
    DEFVAL { false }
    ::= { tmnxIPMafMatchEntry 17 }

tmnxIPMafMatchL4SrcPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchL4SrcPort specifies a TCP or UDP port
         number to be used as a match criteria in this Management Access
         Filter Entry.  A value of zero indicates that this object is
         not initialized."
    DEFVAL { 0 }
    ::= { tmnxIPMafMatchEntry 18 }

tmnxIPMafMatchL4SrcPortMask  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|1..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPMafMatchL4SrcPortMask specifies a mask to be used
         when the value of tmnxIPMafMatchL4SrcPort is not equal to zero.
         The mask allows a range of TCP or UDP port values to be
         specified for the match criteria in this Management Access Filter
         Entry.  A value of 65535, 0xFFFF, is used to indicate that
         this object is not initialized."
    DEFVAL { 'FFFF'h }
    ::= { tmnxIPMafMatchEntry 19 }

tmnxIPMafMatchFragment  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When the value of tmnxIPMafMatchFragment is 'true', entry match fragmentation
         is enabled."
    DEFVAL { off }
    ::= { tmnxIPMafMatchEntry 20 }

 
--
-- Mac MAF entries
--
tmnxMafMacMatchTableLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxMafMacMatchTableLastChanged indicates
         the timestamp of the last change to the tmnxMacMafMatchTable.
         A value of 0 indicates that no changes were made to this table
         since the system was last initialized."
::= { tmnxMafObjs 7 }

tmnxMacMafMatchTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxMacMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table allows to define Mac Maf filter entries.

         The tmnxMacMafMatchTable contains Mac filter match criteria
         associated with Management Access Filters (MAFs) configured on the
         system."
::= { tmnxMafObjs 8 }

tmnxMacMafMatchEntry OBJECT-TYPE
    SYNTAX      TmnxMacMafMatchEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry contains information about a management access filter
         entry associated with a specific Mac Management Access Filter (MAF).

         The filter criter is applied in order according to the value of
         tmnxMacMafMatchIndex.

         The match algorithm is exited upon the first
         match found and then the action specified is executed.  For this
         reason, entries must be sequenced from most to least explicit.

         An entry where tmnxMacMafMatchAction has a value of 'none' is not
         active."
    INDEX { tmnxGenMafName,
            tmnxMacMafMatchIndex }
    ::= { tmnxMacMafMatchTable 1 }

TmnxMacMafMatchEntry ::= SEQUENCE {
    tmnxMacMafMatchIndex             Unsigned32,
    tmnxMacMafMatchRowStatus         RowStatus,
    tmnxMacMafMatchLastChanged       TimeStamp,
    tmnxMacMafMatchAction            TmnxMafAction,
    tmnxMacMafMatchDescription       TItemDescription,
    tmnxMacMafMatchLog               TruthValue,
    tmnxMacMafMatchFrameType         TmnxMafMacFltrFrameType,
    tmnxMacMafMatchSvcId             TmnxServId,
    tmnxMacMafMatchDot1pValue        Dot1PPriority,
    tmnxMacMafMatchDot1pMask         Dot1PPriorityMask,
    tmnxMacMafMatchDsap              ServiceAccessPoint,
    tmnxMacMafMatchDsapMask          ServiceAccessPoint,
    tmnxMacMafMatchSrcMAC            MacAddress,
    tmnxMacMafMatchSrcMACMask        MacAddress,
    tmnxMacMafMatchDstMAC            MacAddress,
    tmnxMacMafMatchDstMACMask        MacAddress,
    tmnxMacMafMatchEtherType         INTEGER,
    tmnxMacMafMatchSnapOui           INTEGER,
    tmnxMacMafMatchSnapPid           INTEGER,
    tmnxMacMafMatchSsap              ServiceAccessPoint,
    tmnxMacMafMatchSsapMask          ServiceAccessPoint,
    tmnxMacMafMatchCfmOpCodeOper     TOperator,
    tmnxMacMafMatchCfmOpCodeValue1   Unsigned32,
    tmnxMacMafMatchCfmOpCodeValue2   Unsigned32,
    tmnxMacMafMatchCount             Counter64
}

tmnxMacMafMatchIndex  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..9999)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchIndex specifies the Management Access
         Filter Entry (MAFE) represented by this row in the
         tmnxMacMafMatchTable.

         It is associated to a specific Management Access Filter by the value
         of tmnxGenMafType and tmnxGenMafName."
    ::= { tmnxMacMafMatchEntry 1 }
tmnxMacMafMatchRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxMacMafMatchRowStatus object is used to create and delete rows
         in the tmnxMacMafMatchTable.  The values supported are
         - active(1)
         - createAndGo(4),
         - createAndWait(5) which is treated in the same way as createAndGo(4)
         - destroy(6)."
    ::= { tmnxMacMafMatchEntry 2 }

tmnxMacMafMatchLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchLastChanged indicates the timestamp of
         the last change to this row in tmnxMacMafMatchTable."
    ::= { tmnxMacMafMatchEntry 3 }

tmnxMacMafMatchAction  OBJECT-TYPE
    SYNTAX      TmnxMafAction
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchAction specifies the action to be taken
         when a packet matches the selection criteria configured in this
         management access filter entry.  Before a filter entry can be active,
         tmnxMacMafMatchAction must be assigned some value other than 'none'.
         The value denyHostUnreachable is not allowed for this object."
    DEFVAL { none }
    ::= { tmnxMacMafMatchEntry 4 }

tmnxMacMafMatchDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchDescription specifies a user provided
         description string for this Management Access Filter Entry.
         It can consist of any printable, seven-bit ASCII characters up to 80
         characters in length."
    DEFVAL { ''H }
    ::= { tmnxMacMafMatchEntry 5 }

tmnxMacMafMatchLog  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchLog specifies whether or not
        logging is active for this filter entry."
    DEFVAL { false }
    ::= { tmnxMacMafMatchEntry 6 }

tmnxMacMafMatchFrameType  OBJECT-TYPE
    SYNTAX       TmnxMafMacFltrFrameType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of tmnxMacMafMatchFrameType specifies the type of
         mac frame for which we are defining this match criteria."
    DEFVAL { e802dot3 }
    ::= { tmnxMacMafMatchEntry 7 }

tmnxMacMafMatchSvcId  OBJECT-TYPE
    SYNTAX       TmnxServId
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSvcId specifies the service-id
         in which the packet is to be received for this entry to match.
         A value of 0 indicates: any service."
    DEFVAL { 0 }
    ::= { tmnxMacMafMatchEntry 8 }

tmnxMacMafMatchDot1pValue OBJECT-TYPE
    SYNTAX          Dot1PPriority
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxMacMafMatchDot1pValue specifies
          the IEEE 802.1p priority value for this MAC filter entry.
          Use -1 to disable matching this filter criteria."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 9 }

tmnxMacMafMatchDot1pMask OBJECT-TYPE
    SYNTAX          Dot1PPriorityMask
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxMacMafMatchDot1pMask specifies
          the IEEE 802.1p priority mask value for this policy MAC filter entry.
          Use zero to disable matching, use 7 to match everything."
    DEFVAL { 0 }
    ::= { tmnxMacMafMatchEntry 10 }

tmnxMacMafMatchDsap OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDsap specifies the MAC DSAP
         to match for this MAC filter entry. This object has no
         significance if the object tmnxMacMafMatchFrameType is not set to
         802dot2LLC."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 11 }

tmnxMacMafMatchDsapMask OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDsapMask specifies the
         MAC DSAP mask for this MAC filter entry.
         This object has no significance if the object
         tmnxMacMafMatchFrameType is not set to 802dot2LLC."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 12 }

tmnxMacMafMatchSrcMAC OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSrcMAC specifies
         the source MAC to match for this policy MAC filter entry."
    DEFVAL { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 13 }

tmnxMacMafMatchSrcMACMask OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSrcMACMask specifies
         the source MAC mask value for this policy MAC filter entry.
         The mask is ANDed with the MAC to match tmnxMacMafMatchSrcMAC.
         A zero bit means ignore this bit, do not match. A one bit means
         match this bit with tmnxMacMafMatchSrcMAC.
         Use the value 00-00-00-00-00-00 to disable this filter criteria."
    DEFVAL { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 14 }

tmnxMacMafMatchDstMAC OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDstMAC specifies
         the Destination MAC mask value for this policy MAC filter entry."
    DEFVAL { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 15 }

tmnxMacMafMatchDstMACMask OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchDstMACMask specifies
         the destination MAC mask value for this policy MAC filter entry.
         The mask is ANDed with the MAC to match tmnxMacMafMatchDstMAC.
         A zero bit means ignore this bit, do not match.  a one bit means
         match this bit with tmnxMacMafMatchDstMAC.
         Use the value 00-00-00-00-00-00 to disable this filter criteria."
    DEFVAL { '000000000000'H }
    ::= { tmnxMacMafMatchEntry 16 }

tmnxMacMafMatchEtherType OBJECT-TYPE
    SYNTAX          INTEGER (-1 | 0..65535)
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchEtherType specifies the
         Ethertype for this MAC filter entry. Use -1 to disable matching
         by this criteria. This object has no significance if the object
         tmnxMacMafMatchFrameType is not set to Ethernet_II."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 17 }

tmnxMacMafMatchSnapOui OBJECT-TYPE
    SYNTAX          INTEGER { off(1), zero(2), nonZero(3) }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSnapOui specifies the
         MAC SNAP OUI to match. The values zero(2) and nonZero(3) specify what
         to match. Matching can be disabled by the use of the value off(1).
         This object has no significance if the object
         tmnxMacMafMatchFrameType is not set to 802dot2SNAP."
    DEFVAL { off }
    ::= { tmnxMacMafMatchEntry 18 }

tmnxMacMafMatchSnapPid OBJECT-TYPE
    SYNTAX          INTEGER (-1 | 0..65535)
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSnapPid specifies the
         MAC SNAP PID to match for this MAC filter entry.  use -1 to
         disable matching by this criteria. This object has no significance if
         object tmnxMacMafMatchFrameType is not set to 802dot2SNAP."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 19 }

tmnxMacMafMatchSsap OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSsap specifies the
         the MAC SSAP to match for this MAC filter entry. This object has no
         significance if the object tmnxMacMafMatchFrameType is not set to
         802dot2LLC."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 20 }

tmnxMacMafMatchSsapMask OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchSsapMask specifies the
         MAC SSAP mask for this MAC filter entry. use 0 to disable
         matching by this criteria. This object has no significance if the
         object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
    DEFVAL { -1 }
    ::= { tmnxMacMafMatchEntry 21 }

tmnxMacMafMatchCfmOpCodeOper  OBJECT-TYPE
    SYNTAX       TOperator
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchCfmOpCodeOper specifies which
         type of opcode checking is to be performed.
         If different fron none, more info is provided in the objects
         tmnxMacMafMatchCfmOpCodeValue1 and tmnxMacMafMatchCfmOpCodeValue2.
         This object has significance only if the object tmnxMacMafMatchFrameType
         refers to either ieee802.1ag or Y1731."
    DEFVAL { none }
    ::= { tmnxMacMafMatchEntry 22 }

tmnxMacMafMatchCfmOpCodeValue1  OBJECT-TYPE
    SYNTAX       Unsigned32(0..255)
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchCfmOpCodeValue1 specifies a cfm
         opcode. The value of this object is used as per the
         description for tmnxMacMafMatchCfmOpCodeOper."
    DEFVAL { 0 }
    ::= { tmnxMacMafMatchEntry 23 }

tmnxMacMafMatchCfmOpCodeValue2  OBJECT-TYPE
    SYNTAX       Unsigned32(0..255)
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tmnxMacMafMatchCfmOpCodeValue2 specifies a cfm
         opcode. The value of this object is used as per the
         description for tmnxMacMafMatchCfmOpCodeOper."
    DEFVAL { 0 }
    ::= { tmnxMacMafMatchEntry 24 }

tmnxMacMafMatchCount  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxMacMafMatchCount indicates the number of times
         a management packet has matched this filter entry."
    ::= { tmnxMacMafMatchEntry 25 }


-- System Password Info

tmnxPasswordInfo  OBJECT IDENTIFIER ::= { tmnxSecurityObjects 5 }

tmnxPasswordAging  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..500 | 65535)
    UNITS       "Days"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of days a user password is valid before the user must
         change his password. If the value of tmnxPasswordAging
         is set to '65535', password aging is disabled."
    DEFVAL { 65535 }
    ::= { tmnxPasswordInfo 1 }

tmnxPasswordMinLength  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..8)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The minimum number of characters required in the password."
    DEFVAL { 6 }
    ::= { tmnxPasswordInfo 2 }

tmnxPasswordComplexity  OBJECT-TYPE
    SYNTAX      BITS {
                    alpha-numeric     (0),
                    mixed-case        (1),
                    special-character (2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The complexity requirements for the passwords.
         'alpha-numeric' - at least one numeric character must
         be present in the password.
         'mixed-case' - at least one upper and one lower case
         character must be present in the password.
         'special-character' - at least one non-alphanumeric
         character must be present in the password."
    DEFVAL { { } }
    ::= { tmnxPasswordInfo 3 }

tmnxPasswordAttemptsCount  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..64)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The maximum number of unsuccessful login attempts allowed
         for a user. The value of tmnxPasswordAttemptsCount is used
         with the value of tmnxPasswordAttemptsTime to find out if
         the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod."
    DEFVAL { 3 }
    ::= { tmnxPasswordInfo 4 }

tmnxPasswordAttemptsTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..60)
    UNITS       "Minutes"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This is used in conjunction with tmnxPasswordAttemptsCount
         to find out if the user is to be locked out for
         tmnxPasswordAttemptsLockoutPeriod."
    DEFVAL { 5 }
    ::= { tmnxPasswordInfo 5 }

tmnxPasswordAttemptsLockoutPeriod  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..1440)
    UNITS       "Minutes"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The number of minutes the user is locked out if the threshold
         of unsuccessful login attempts has exceeded."
    DEFVAL { 10 }
    ::= { tmnxPasswordInfo 6 }

tmnxPasswordAuthenOrder1  OBJECT-TYPE
    SYNTAX      INTEGER {
                    none    (0),
                    local   (1),
                    radius  (2),
                    tacplus (3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "The most preferred method to authenticate and authorize a user.
          If this method fails, the next method in the sequence identified by
          tmnxPasswordAuthenOrder2 is used."
    DEFVAL { radius }
    ::= { tmnxPasswordInfo 7 }

tmnxPasswordAuthenOrder2  OBJECT-TYPE
    SYNTAX      INTEGER {
                    none    (0),
                    local   (1),
                    radius  (2),
                    tacplus (3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "The second method to authenticate and authorize a user."
    DEFVAL { tacplus }
    ::= { tmnxPasswordInfo 8 }

tmnxPasswordAuthenOrder3  OBJECT-TYPE
    SYNTAX      INTEGER {
                    none    (0),
                    local   (1),
                    radius  (2),
                    tacplus (3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "The least preferred method to authenticate and authorize a user."
    DEFVAL { local }
    ::= { tmnxPasswordInfo 9 }

tmnxPasswordAuthenExitOnReject  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "If the value of tmnxPasswordAuthenExitOnReject is set to 'true' and
          if one of the AAA methods configured in tmnxPasswordAuthenOrder1,
          tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3 sends a reject,
          then the next method in the order will not be tried. If the value
          of this object is set to 'false' and if one AAA method sends a
          reject, the next AAA method will be attempted. If in this process,
          all the AAA methods are exhausted, it will be considered as a
          reject."
    DEFVAL { false }
    ::= { tmnxPasswordInfo 10 }

tmnxAdminPassword  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..129))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxAdminPassword is used to configure the password which enables
         a user to become a system administrator.

         tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates
         whether or not the password string is encrypted, must be set
         together in the same SNMP request PDU or else the set request
         will fail with an inconsistentValue error.

         The value of tmnxAdminPassword cannot be more than 20 characters
         when the value of tmnxAdminPasswordEncrypted is 'false'."
    DEFVAL { ''h }
    ::= { tmnxPasswordInfo 11 }

tmnxAdminPasswordEncrypted  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxAdminPasswordEncrypted is 'true', the
         password specified by tmnxAdminPassword is in the encrypted
         form.

         When the value of tmnxAdminPasswordEncrypted is 'false', the
         password specified by tmnxAdminPassword is in plain text.

         tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates
         whether or not the password string is encrypted, must be set
         together in the same SNMP request PDU or else the set request
         will fail with an inconsistentValue error."
    DEFVAL { true }
    ::= { tmnxPasswordInfo 12 }

tmnxPasswordHealthCheck  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxPasswordHealthCheck is 'true', the
         Radius servers configured in tmnxRadiusServerTable
         and the 'TacPlus' servers configured in tmnxTacPlusServerTable will be
         periodically monitored. Each server will be contacted
         every 30 seconds. If in this process a server is found to
         be unreachable, or a previously unreachable server starts responding,
         based on the type of the server, a
         TIMETRA-SYSTEM-MIB:radiusServerOperStatusChange or a
         TIMETRA-SYSTEM-MIB:tacplusServerOperStatusChange trap will be sent.

         When the value of tmnxPasswordHealthCheck is 'false', periodic
         monitoring of the Radius and Tacplus servers is disabled."
    DEFVAL { true }
    ::= { tmnxPasswordInfo 13 }

tmnxPasswordHealthCheckInterval  OBJECT-TYPE
    SYNTAX      Unsigned32 (6..1500)
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxPasswordHealthCheckInterval specifies the polling
         interval for Radius servers configured in tmnxRadiusServerTable
         and the 'TacPlus' servers configured in tmnxTacPlusServerTable."
    DEFVAL { 30 }
    ::= { tmnxPasswordInfo 14 }

-- RADIUS Info

tmnxRadiusInfo     OBJECT IDENTIFIER ::= { tmnxSecurityObjects 6 }

tmnxRadiusAdminStatus  OBJECT-TYPE
    SYNTAX      INTEGER {
                    up   (1),
                    down (2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The desired administrative status of the RADIUS protocol operation."
    DEFVAL { up }
    ::= { tmnxRadiusInfo 1 }

tmnxRadiusAccounting  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxRadiusAccounting is set to 'TRUE',
         RADIUS command accounting is enabled."
    DEFVAL { false }
    ::= { tmnxRadiusInfo 2 }

tmnxRadiusAuthorization  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxRadiusAuthorization is set to 'TRUE',
         RADIUS command authorization is enabled."
    DEFVAL { false }
    ::= { tmnxRadiusInfo 3 }

tmnxRadiusRetryAttempts  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of attempts to retry contacting the RADIUS server."
    DEFVAL { 3 }
    ::= { tmnxRadiusInfo 4 }

tmnxRadiusTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..90)
    UNITS       "Seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of seconds to wait before timing out a RADIUS server."
    DEFVAL { 3 }
    ::= { tmnxRadiusInfo 5 }

tmnxRadiusPort  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The UDP port number on which to contact the RADIUS server."
    DEFVAL { 1812 }
    ::= { tmnxRadiusInfo 6 }

tmnxRadiusServerTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxRadiusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusServerEntry has an entry for each RADIUS server.
         The table can have up to a maximum of 5 entries."
    ::= { tmnxRadiusInfo 7 }

tmnxRadiusServerEntry OBJECT-TYPE
    SYNTAX      TmnxRadiusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxRadiusServerEntry is an entry (conceptual row) in the
         tmnxRadiusServerTable. Each entry represents the configuration
         for a RADIUS server.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxRadiusServerRowStatus."
    INDEX {tmnxRadiusServerIndex}
    ::= { tmnxRadiusServerTable 1 }

TmnxRadiusServerEntry ::= SEQUENCE {
    tmnxRadiusServerIndex             Unsigned32,
    tmnxRadiusServerAddress           IpAddress,
    tmnxRadiusServerSecret            OCTET STRING,
    tmnxRadiusServerOperStatus        INTEGER,
    tmnxRadiusServerRowStatus         RowStatus,
    tmnxRadiusServerInetAddressType   InetAddressType,
    tmnxRadiusServerInetAddress       InetAddress
}

tmnxRadiusServerIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..5)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The unique value which identifies a specific radius server."
    ::= { tmnxRadiusServerEntry 1 }

tmnxRadiusServerAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The IP address of the RADIUS server.

         tmnxRadiusServerAddress was made obsolete in 5.0 revision of 
         Alcatel-Lucent SROS series system.  Radius servers are now 
         configured using tmnxRadiusServerInetAddress and 
         tmnxRadiusServerInetAddressType objects."
    ::= { tmnxRadiusServerEntry 2 }

tmnxRadiusServerSecret OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The secret key associated with the RADIUS server. The value returned
         by tmnxRadiusServerSecret is always an empty string.

         The value of tmnxRadiusServerSecret cannot be set to an empty
         string."
    ::= { tmnxRadiusServerEntry 3 }

tmnxRadiusServerOperStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    up   (1),
                    down (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Current status of the RADIUS server."
    ::= { tmnxRadiusServerEntry 4 }

tmnxRadiusServerRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxRadiusServerRowStatus controls the creation and deletion
         of rows in the table.

         To create a row in the tmnxRadiusServerTable,
         set tmnxRadiusServerRowStatus to createAndGo(4). All objects will take
         on default values and the agent will change tmnxRadiusServerRowStatus
         to active(1).

         To delete a row in the tmnxRadiusServerTable, set
         tmnxRadiusServerRowStatus to delete(6)."
    ::= { tmnxRadiusServerEntry 5 }

tmnxRadiusServerInetAddressType      OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusServerInetAddressType specifies the address
         type of tmnxRadiusServerInetAddress address.

         The value of tmnxRadiusServerInetAddressType can be either of
         InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or
         InetAddressType - 'ipv6z'."
    ::= { tmnxRadiusServerEntry 6 }

tmnxRadiusServerInetAddress      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE(0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusServerInetAddress specifies the address of
         the Radius server."
    ::= { tmnxRadiusServerEntry 7 }

tmnxRadiusSourceAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "tmnxRadiusSourceAddress is used to configure the source address of
         the Radius packet. It should be a valid unicast address.

         If this object is configured with the address of the router interface,
         the Radius client uses it while making a request to the server.

         If the address is not configured or is not the address of the one of
         interfaces, the source address is based on the address of the Radius
         server. If the server address is in-band, the client uses the system
         ip address. If it is out-of-band, the source address is the address of
         the management interface.

         tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of
         Alcatel-Lucent SROS series systems.  The source address of the Radius 
         packet can now be set by creating a tmnxSourceIPEntry for Radius 
         application in the tmnxSourceIPTable."
    DEFVAL { '00000000'H }  -- 0.0.0.0
    ::= { tmnxRadiusInfo 8 }

tmnxRadiusConfigured OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxRadiusConfigured is set to 'false', all the
         Radius objects under the tmnxRadiusInfo tree will be set to their
         default values and all the rows in the tmnxRadiusServerTable will be
         removed. The value of this object will be set to 'true' if non-default
         values are set to the Radius objects."
    DEFVAL { false }
    ::= { tmnxRadiusInfo 9 }

tmnxRadiusPEDiscovery  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxRadiusPEDiscovery specifies whether RADIUS provider
         edge discovery is enabled for VPLS services.

         This object was made obsolete in release 5.0."
    DEFVAL { false }
    ::= { tmnxRadiusInfo 10 }

tmnxRadiusPEDiscoveryPassword  OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxRadiusPEDiscoveryPassword is used when contacting the
         RADIUS server for VPLS auto-discovery.

         This object was made obsolete in release 5.0."
    DEFVAL { ''H }
    ::= { tmnxRadiusInfo 11 }

tmnxRadiusPEDiscoveryInterval  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..30)
    UNITS       "minutes"
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxRadiusPEDiscoveryInterval specifies the polling
         interval for Radius PE discovery in minutes.

         This object was made obsolete in release 5.0."
    DEFVAL { 5 }
    ::= { tmnxRadiusInfo 12 }

tmnxRadiusPEForceDiscovery  OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxRadiusPEForceDiscovery is set to 'doAction', the RADIUS
         server is immediately contacted to attempt discovery."
    DEFVAL { notApplicable }
    ::= { tmnxRadiusInfo 13 }

tmnxRadiusPEForceDiscoverySvcId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusPEForceDiscoverySvcId specifies a specific
         service ID to query the RADIUS server about.

         Reading this object returns the value 0."
     DEFVAL { 0 }
     ::= { tmnxRadiusInfo 14 }

tmnxRadiusAccountingPort    OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The UDP port number on which to contact the RADIUS server for
         accounting requests."
    DEFVAL { 1813 }
    ::= { tmnxRadiusInfo 15 }

tmnxRadiusUseTemplate OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusUseTemplate specifies whether
         the RADIUS user template is actively applied to the
         RADIUS user if no VSAs are returned with the auth-accept
         from the RADIUS server. When the value of
         tmnxRadiusUseTemplate is set to 'TRUE', the RADIUS user
         template is actively applied if no VSAs are returned with
         the auth-accept from the RADIUS server."
    DEFVAL { false }
    ::= { tmnxRadiusInfo 16 }

tmnxRadiusAuthAlgorithm OBJECT-TYPE
    SYNTAX      TmnxSecRadiusServAlgorithm
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxRadiusAuthAlgorithm specifies the algorithm used to 
        select a RADIUS server from the list of configured servers 
        (tmnxRadiusServerTable)."
    DEFVAL { direct }
    ::= { tmnxRadiusInfo 17 }

-- TACACS+ info

tmnxTacPlusInfo     OBJECT IDENTIFIER ::= { tmnxSecurityObjects 7 }

tmnxTacPlusAdminStatus  OBJECT-TYPE
    SYNTAX      INTEGER {
                    up   (1),
                    down (2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The desired administrative status of the Tacacs+ protocol operation."
    DEFVAL { up }
    ::= { tmnxTacPlusInfo 1 }

tmnxTacPlusTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..90)
    UNITS       "Seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Number of seconds to wait before timing out a Tacacs+ server."
    DEFVAL { 3 }
    ::= { tmnxTacPlusInfo 2 }

tmnxTacPlusServerTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxTacPlusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxTacPlusServerEntry has an entry for each Tacacs+ server.
         The table can have up to a maximum of 5 entries."
::= { tmnxTacPlusInfo 3 }

tmnxTacPlusServerEntry OBJECT-TYPE
    SYNTAX      TmnxTacPlusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusServerEntry is an entry (conceptual row) in the
         tmnxTacPlusServerTable. Each entry represents the configuration
         for a Tacacs+ server.
         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxTacPlusServerRowStatus."
    INDEX {tmnxTacPlusServerIndex}
    ::= { tmnxTacPlusServerTable 1 }

TmnxTacPlusServerEntry ::= SEQUENCE {
    tmnxTacPlusServerIndex              Unsigned32,
    tmnxTacPlusServerAddress            IpAddress,
    tmnxTacPlusServerSecret             OCTET STRING,
    tmnxTacPlusServerRowStatus          RowStatus,
    tmnxTacPlusServerOperStatus         INTEGER,
    tmnxTacPlusServerInetAddressType    InetAddressType,
    tmnxTacPlusServerInetAddress        InetAddress,
    tmnxTacPlusServerPort               TTcpUdpPort
}

tmnxTacPlusServerIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..5)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The unique value which identifies a specific Tacacs+ server."
    ::= { tmnxTacPlusServerEntry 1 }

tmnxTacPlusServerAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The IP address of the Tacacs+ server.

        tmnxTacPlusServerAddress was made obsolete in 5.0 revision of 
        Alcatel-Lucent SROS series system. Tacacs+ servers are now configured 
        using tmnxTacPlusServerInetAddress and tmnxTacPlusServerInetAddressType
        objects."
    ::= { tmnxTacPlusServerEntry 2 }

tmnxTacPlusServerSecret OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..128))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The secret key associated with the Tacacs+ server. The value returned
         by tmnxTacPlusServerSecret is always an empty string.

         The value of tmnxTacPlusServerSecret cannot be set to an empty
         string."
    ::= { tmnxTacPlusServerEntry 3 }

tmnxTacPlusServerRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusServerRowStatus controls the creation and
         deletion of rows in the table.

         To create a row in the tmnxTacPlusServerTable, set
         tmnxTacPlusServerRowStatus to createAndGo(4). All objects will
         take on default values and the agent will change
         tmnxTacPlusServerRowStatus to active(1).

         To delete a row in the tmnxTacPlusServerTable, set
         tmnxTacPlusServerRowStatus to delete(6)."
    ::= { tmnxTacPlusServerEntry 4 }

tmnxTacPlusServerOperStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    up   (1),
                    down (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusServerOperStatus indicates the operational status
         of the TACACS+ server."
    ::= { tmnxTacPlusServerEntry 5 }

tmnxTacPlusServerInetAddressType      OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusServerInetAddressType specifies the address
         type of tmnxTacPlusServerInetAddress address.

         The value of tmnxTacPlusServerInetAddressType can be either of
         InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or
         InetAddressType - 'ipv6z'."
    ::= { tmnxTacPlusServerEntry 6 }

tmnxTacPlusServerInetAddress      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE(0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusServerInetAddress specifies the address of
         the Tacplus server."
    ::= { tmnxTacPlusServerEntry 7 }

tmnxTacPlusServerPort      OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacPlusServerPort specifies the TCP port on which to
         contact the Tacplus server."
    DEFVAL { 49 }
    ::= { tmnxTacPlusServerEntry 8 }

tmnxTacPlusAccounting  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTacPlusAccounting is set to 'TRUE',
         TACACS+ command accounting is enabled."
    DEFVAL { false }
    ::= { tmnxTacPlusInfo 4 }

tmnxTacPlusAcctRecType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    startStop (1),
                    stopOnly  (2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxTacPlusAcctRecType is used to configure the type of
         accounting record packet that is to be sent to the TACACS+ server.
         The value indicates whether TACACS+ accounting start and stop
         packets be sent or just stop packets be sent. TACACS+ start packet
         is sent whenever the user executes a command. A stop packet is sent
         whenever the command execution is complete.
         The default value for this object is 'stopOnly'."
    DEFVAL { stopOnly }
    ::= { tmnxTacPlusInfo 5 }

tmnxTacPlusAuthorization  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTacPlusAuthorization is set to 'TRUE',
         TACACS+ command authorization is enabled."
    DEFVAL { false }
    ::= { tmnxTacPlusInfo 6 }

tmnxTacPlusSingleConnection  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "When the value of tmnxTacPlusSingleConnection is set to 'TRUE',
         a single connection is established with the TACACS+ server.
         The connection is kept open and is used by all the TELNET/SSH/FTP
         sessions for AAA operations.

         This object is obsoleted in release 8.0."
    DEFVAL { false }
    ::= { tmnxTacPlusInfo 7 }

tmnxTacPlusSourceAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      obsolete
    DESCRIPTION
        "tmnxTacPlusSourceAddress is used to configure the source address of
         the TACACS+ packet. It should be a valid unicast address.

         If this object is configured with the address of the router interface,
         the TACACS+ client uses it while making a request to the server.

         If the address is not configured or is not the address of the one of
         interfaces, the source address is based on the address of the TACACS+
         server. If the server address is in-band, the client uses the system
         ip address as the source address. If it is out-of-band, the source
         address is the address of the management interface.

         tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of
         Alcatel-Lucent SROS series systems. The source address of the TACACS+ 
         packet can now be set by creating a tmnxSourceIPEntry for TACACS+ 
         application in the tmnxSourceIPTable."
    DEFVAL { '00000000'H } -- 0.0.0.0
    ::= { tmnxTacPlusInfo 8 }

tmnxTacPlusConfigured OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTacPlusConfigured is set to 'false', all the
         Tacplus objects under the tmnxTacPlusInfo tree will be set to their
         default values and all the rows in the tmnxTacPlusServerTable will be
         removed. The value of this object will be set to 'true' if non-default
         values are set to the 'TacPlus' objects."
    DEFVAL { false }
    ::= { tmnxTacPlusInfo 9 }

tmnxTacplusUseTemplate  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTacplusUseTemplate specifies whether
         the TACACS+ user template is actively applied to the
         TACACS+ user. When the value of tmnxTacplusUseTemplate
         is set to 'TRUE', the TACACS+ user template is actively
         applied."
    DEFVAL { true }
    ::= { tmnxTacPlusInfo 10 }

-- Server Control

tmnxServerCtlObjs     OBJECT IDENTIFIER ::= { tmnxSecurityObjects 8 }

tmnxEnableServers OBJECT-TYPE
    SYNTAX      BITS {
                      telnet (0),
                      ssh    (1),
                      ftp    (2),
                      telnet6(3)
                  }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxEnableServers is used to enable/disable telnet, SSH, FTP,
         and telnet v6 servers running on the system. By default, at
         system startup, only SSH server will be enabled."
    DEFVAL { { ssh } }
    ::= { tmnxServerCtlObjs 1 }

tmnxTelnetServerOperStatus OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxTelnetServerOperStatus indicates the operational status of
         the telnet server. If the value of this object changes, a generic trap
         TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 2 }

tmnxSSHServerOperStatus OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxSSHServerOperStatus indicates the operational status of the SSH
         server. If the value of this object changes, a generic trap
         TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 3 }

tmnxFTPServerOperStatus OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "tmnxFTPServerOperStatus indicates the operational status of the FTP
         server. If the value of this object changes, a generic trap
         TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
    ::= { tmnxServerCtlObjs 4 }

tmnxTelnet6ServerOperStatus OBJECT-TYPE
    SYNTAX        TmnxOperState
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The value of tmnxTelnet6ServerOperStatus indicates the operational
         status of the IPv6 telnet server. If the value of this object
         changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be
         sent."
    ::= { tmnxServerCtlObjs 5 }

-- CPM Security

tmnxCpmSecurityObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 9 }

tmnxCpmPerPeerQueuing OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxCpmPerPeerQueuing is set to 'true', CPM hardware queuing
         per peer is enabled. This means that when a peering session is
         established, the router will automatically allocate a separate
         CPM hardware queue for that peer.  When tmnxCpmPerPeerQueuing is
         set to 'false', CPM hardware queuing per peer is disabled.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL { false }
    ::= { tmnxCpmSecurityObjs 1 }

tmnxCpmQueuesTotal OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmQueuesTotal indicates the total number of
         CPM hardware queues.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 2 }

tmnxCpmQueuesInUse OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmQueuesInUse indicates the number of CPM
         hardware queues that are in use.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 3 }

tmnxCpmVprnNwExceptions  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmVprnNwExceptions specifies whether the MPLS 
         exception messages are allowed to be received on all VPRN instances.

         When the value of tmnxCpmVprnNwExceptions is set to 'true', the MPLS
         exception messages are allowed to be received on all VPRN instances 
         in the system from all network interfaces.

         When the value of tmnxCpmVprnNwExceptions is set to 'false', the MPLS
         exception messages are not allowed to be received on all VPRN 
         instances in the system from all network interfaces."
    DEFVAL { false }
    ::= { tmnxCpmSecurityObjs 40 }

tmnxCpmNumVprnNwExceptions  OBJECT-TYPE
    SYNTAX      Unsigned32 (10..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmNumVprnNwExceptions specifies the number of MPLS
         exception messages allowed to be received in the time frame
         specified by tmnxCpmVprnNwExceptionsTime."
    DEFVAL { 100 }
    ::= { tmnxCpmSecurityObjs 41 }

tmnxCpmVprnNwExceptionsTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmVprnNwExceptionsTime specifies the time frame in
         seconds that is used to limit the number of MPLS exception messages 
         issued per time frame."
    DEFVAL { 10 }
    ::= { tmnxCpmSecurityObjs 42 }

--
--  CPM Filter Queue
--
tCpmFilterQueueTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmFilterQueueEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmFilterQueueTable has an entry for each CPM filter queue
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 4 }

tCpmFilterQueueEntry  OBJECT-TYPE
    SYNTAX      TCpmFilterQueueEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular CPM Filter Queue. Entries
         are created/deleted  by user. Entries have a presumed
         StorageType of nonVolatile."
    INDEX { tCpmFilterQueueId }
    ::= { tCpmFilterQueueTable 1}

TCpmFilterQueueEntry ::= SEQUENCE {
    tCpmFilterQueueId               TCpmFilterQueueId,
    tCpmFilterQueueRowStatus        RowStatus,
    tCpmFilterQueueLastChanged      TimeStamp,
    tCpmFilterQueueAdminPIR         TPIRRate,
    tCpmFilterQueueAdminCIR         TCIRRate,
    tCpmFilterQueueCBS              TBurstSize,
    tCpmFilterQueueMBS              TBurstSize,
    tCpmFilterQueueReferences       Unsigned32,
    tCpmFilterQueueOperPIR          TPIRRateOrZero,
    tCpmFilterQueueOperCIR          TCIRRate
}

tCpmFilterQueueId  OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId (33..2000)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueId is used to index into the
         tCpmFilterQueueTable. It uniquely identifies a CPM Queue
         as configured on this system."
    ::= { tCpmFilterQueueEntry 1 }

tCpmFilterQueueRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueRowStatus specifies the row status. It
         allows entires to be created or deleted in the tCpmFilterQueueEntry
         table."
    ::= { tCpmFilterQueueEntry 2 }

tCpmFilterQueueLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueLastChanged indicates the timestamp of
         the last change to this row in tCpmFilterQueueTable."
    ::= { tCpmFilterQueueEntry 3 }

tCpmFilterQueueAdminPIR  OBJECT-TYPE
    SYNTAX      TPIRRate
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueAdminPIR specifies the Peak
         Information Rate associated with this queue.

         This object can only be set to 1 or -1, when the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
    DEFVAL { -1 }
    ::= { tCpmFilterQueueEntry 4 }

tCpmFilterQueueAdminCIR  OBJECT-TYPE
    SYNTAX      TCIRRate
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueAdminCIR specifies the Committed
         Information Rate associated with this queue.

         This object cannot be set when the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
    DEFVAL { -1 }
    ::= { tCpmFilterQueueEntry 5 }

tCpmFilterQueueCBS  OBJECT-TYPE
    SYNTAX      TBurstSize
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueCBS specifies the Committed Burst
         Excess associated with this queue.

         This object cannot be set when the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
    DEFVAL { -1 }
    ::= { tCpmFilterQueueEntry 6 }

tCpmFilterQueueMBS  OBJECT-TYPE
    SYNTAX      TBurstSize
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueMBS specifies the Maximum Burst
         Size associated with this queue."
    DEFVAL { -1 }
    ::= { tCpmFilterQueueEntry 7 }

tCpmFilterQueueReferences  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueReferences indicates the count
         of filter entries using this particular queue to forward
         traffic to the main CPU."
    ::= { tCpmFilterQueueEntry 8 }

tCpmFilterQueueOperPIR  OBJECT-TYPE
    SYNTAX      TPIRRateOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueOperPIR indicates the operational value
         of the Peak Information Rate associated with this queue. This value
         can be zero if the queue is not instantiated."
    ::= { tCpmFilterQueueEntry 9 }

tCpmFilterQueueOperCIR  OBJECT-TYPE
    SYNTAX      TCIRRate
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQueueOperCIR indicates the operational
         value of the Committed Information Rate associated with this queue."
    ::= { tCpmFilterQueueEntry 10 }

--
-- CPM Hardware filter objects
--
tmnxCpmHwFilterObjs   OBJECT IDENTIFIER ::= { tmnxCpmSecurityObjs 5 }

tCpmFilterDefaultAction  OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault (1..2)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterDefaultAction specifies the action to
         take for packets that do not match any filter entries.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL { forward }
    ::= { tmnxCpmHwFilterObjs 1 }

tCpmIpFilterAdminState OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterAdminState specifies the administrative
         state of the CPM IPv4 filter.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL { outOfService }
    ::= { tmnxCpmHwFilterObjs 2 }

tCpmIPv6FilterAdminState OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterAdminState specifies the administrative
         state of the CPM IPv6 filter.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL { outOfService }
    ::= { tmnxCpmHwFilterObjs 3 }

tCpmMacFilterAdminState OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFilterAdminState specifies the administrative
         state of the CPM Mac filter.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    DEFVAL { outOfService }
    ::= { tmnxCpmHwFilterObjs 4 }

--
-- CPM IP Filter Table
--
tCpmIpFilterTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIpFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIpFilterTable has an entry for each CPM IPv4 filter entry
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 6 }

tCpmIpFilterEntry OBJECT-TYPE
    SYNTAX      TCpmIpFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular Cpm Filter match entry.
         Every Cpm Filter can have zero or more Cpm Filter match entries.
         A filter entry with no match criteria set will match every
         packet, and the entry action will be taken.
         Entries are created/deleted by user.
         There is no StorageType object, entries have a presumed
         StorageType of nonVolatile."
    INDEX { tCpmIpFilterEntryId }
    ::= { tCpmIpFilterTable 1 }

TCpmIpFilterEntry ::= SEQUENCE {
    tCpmIpFilterEntryId                     TEntryId,
    tCpmIpFilterEntryRowStatus              RowStatus,
    tCpmIpFilterEntryLastChanged            TimeStamp,
    tCpmIpFilterEntryLogId                  TFilterLogId,
    tCpmIpFilterEntryDescription            TItemDescription,
    tCpmIpFilterEntryAction                 TCpmFilterActionOrDefault,
    tCpmIpFilterEntryQueueId                TCpmFilterQueueId,
    tCpmIpFilterEntrySrcIPAddr              IpAddress,
    tCpmIpFilterEntrySrcIPMask              IpAddressPrefixLength,
    tCpmIpFilterEntryDestIPAddr             IpAddress,
    tCpmIpFilterEntryDestIPMask             IpAddressPrefixLength,
    tCpmIpFilterEntryProtocol               TIpProtocol,
    tCpmIpFilterEntrySrcPort                TTcpUdpPort,
    tCpmIpFilterEntrySrcPortMask            Integer32,
    tCpmIpFilterEntryDestPort               TTcpUdpPort,
    tCpmIpFilterEntryDestPortMask           Integer32,
    tCpmIpFilterEntryDSCP                   TDSCPNameOrEmpty,
    tCpmIpFilterEntryFragment               TItemMatch,
    tCpmIpFilterEntryOptionPresent          TItemMatch,
    tCpmIpFilterEntryIPOptionValue          TIpOption,
    tCpmIpFilterEntryIPOptionMask           TIpOption,
    tCpmIpFilterEntryMultipleOption         TItemMatch,
    tCpmIpFilterEntryTcpSyn                 TItemMatch,
    tCpmIpFilterEntryTcpAck                 TItemMatch,
    tCpmIpFilterEntryIcmpCode               Integer32,
    tCpmIpFilterEntryIcmpType               Integer32,
    tCpmIpFilterEntryVRtrId                 TmnxVRtrIDOrZero,
    tCpmIpFilterEntryLogCreated             TruthValue,
    tCpmIpFilterEntrySrcIpPrefixList        TNamedItemOrEmpty,
    tCpmIpFilterEntryDstIpPrefixList        TNamedItemOrEmpty    
}

tCpmIpFilterEntryId  OBJECT-TYPE
    SYNTAX      TEntryId (1..2048)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryId is used to index into the
         tCpmIpFilterTable. It uniquely identifies a CPM filter entry
         as configured on this system."
    ::= { tCpmIpFilterEntry 1 }

tCpmIpFilterEntryRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryRowStatus specifies the row status. It
         allows entries to be created and deleted in the tCpmIpFilterTable."
    ::= { tCpmIpFilterEntry 2 }

tCpmIpFilterEntryLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryLastChanged indicates the timestamp of
         the last change to this row in tCpmIpFilterTable."
    ::= { tCpmIpFilterEntry 3 }

tCpmIpFilterEntryLogId  OBJECT-TYPE
    SYNTAX      TFilterLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryLogId specifies the log in which packets
         matching this entry should be entered. The value zero indicates
         that logging is disabled."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 4 }

tCpmIpFilterEntryDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDescription specifies the user-provided
         string describing this filter."
    DEFVAL { ''H }
    ::= { tCpmIpFilterEntry 5 }

tCpmIpFilterEntryAction  OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryAction specifies the action to take for
         packets that match this filter entry. The value default(4) specifies
         this entry to inherit the behavior defined as the default for the
         filter in tCpmFilterDefaultAction.
         
         The value queue(3) can only be specified if a valid queue id is entered
         in tCpmIpFilterEntryQueueId."
    DEFVAL { drop }
    ::= { tCpmIpFilterEntry 6 }

tCpmIpFilterEntryQueueId  OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryQueueId specifies which queue to put the
         packet in when tCpmIpFilterEntryAction is queue (3).
         
         If the value of tCpmIpFilterEntryAction is different from queue (3)
         tCpmIpFilterEntryQueueId will be forced by the system to 0, and any
         change attempt will be silently discarded."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 7 }

tCpmIpFilterEntrySrcIPAddr  OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcIPAddr specifies the IP address to
         match the source-ip of the packet."
    DEFVAL { '00000000'H }
    ::= { tCpmIpFilterEntry 8 }

tCpmIpFilterEntrySrcIPMask  OBJECT-TYPE
    SYNTAX      IpAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcIPMask specifies the IP Mask value
         for this policy Cpm FilterEntry entry. The mask is ANDed with the IP
         to match the tCpmIpFilterEntrySrcIPAddr."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 9 }

tCpmIpFilterEntryDestIPAddr  OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestIPAddr specifies the IP address
         to match the destination-ip of the packet."
    DEFVAL { '00000000'H }
    ::= { tCpmIpFilterEntry 10 }

tCpmIpFilterEntryDestIPMask  OBJECT-TYPE
    SYNTAX      IpAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestIPMask specifies the IP Mask
         value for this policy Cpm FilterEntry entry. The mask is ANDed
         with the IP to match the tCpmIpFilterEntryDestIPAddr."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 11 }

tCpmIpFilterEntryProtocol  OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryProtocol specifies the IP protocol
         to match. It can be set to -1 to disable matching Cpm protocol. If
         the protocol is changed, the protocol specific parameters are reset.
         For instance, if protocol is changed from TCP to UDP, then the objects
         tCpmIpFilterEntryTcpSyn and tCpmIpFilterEntryTcpAck will be turned
         off."
    DEFVAL { -1 }
    ::= { tCpmIpFilterEntry 12 }

tCpmIpFilterEntrySrcPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcPort specifies the TCP/UDP port to
         match the source-port of the packet."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 13 }

tCpmIpFilterEntrySrcPortMask OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntrySrcPortMask specifies the 16 bit mask
         to be applied when matching tCpmIpFilterEntrySrcPort."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 14 }

tCpmIpFilterEntryDestPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestPort specifies the TCP/UDP port to
         match the destination-port of the packet."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 15 }

tCpmIpFilterEntryDestPortMask OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDestPortMask specifies the 16 bit mask
         to be applied when matching tCpmIpFilterEntryDestPort."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 16 }

tCpmIpFilterEntryDSCP  OBJECT-TYPE
    SYNTAX      TDSCPNameOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryDSCP specifies the DSCP to be
         matched on the packet."
    DEFVAL { ''H }
    ::= { tCpmIpFilterEntry 17 }

tCpmIpFilterEntryFragment OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryFragment specifies whether fragment
         matching is enabled. When enabled, this object matches
         fragmented/unfragmented packets as per the value of the object."
    DEFVAL { off }
    ::= { tCpmIpFilterEntry 18 }

tCpmIpFilterEntryOptionPresent  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryOptionPresent specifies whether IP
         options matching is enabled. When enables, this object matches
         packets if they have options present or not as per the value of
         the object."
    DEFVAL { off }
    ::= { tCpmIpFilterEntry 19 }

tCpmIpFilterEntryIPOptionValue OBJECT-TYPE
    SYNTAX      TIpOption
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIPOptionValue specifies the
         specific IP option to match."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 20 }

tCpmIpFilterEntryIPOptionMask  OBJECT-TYPE
    SYNTAX      TIpOption
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIPOptionMask specifies the mask
         that is ANDed with the ip-option in the packet header before
         being compared to tCpmIpFilterEntryIPOptionValue."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 21 }

tCpmIpFilterEntryMultipleOption  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryMultipleOption specifies whether
         multiple options are to be matched as per the value of the object."
    DEFVAL { off }
    ::= { tCpmIpFilterEntry 22 }

tCpmIpFilterEntryTcpSyn  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryTcpSyn specifies whether a TCP Syn
         packet should match."
    DEFVAL { off }
    ::= { tCpmIpFilterEntry 23 }

tCpmIpFilterEntryTcpAck  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryTcpAck specifies whether a TCP Ack
         packet should match."
    DEFVAL { off }
    ::= { tCpmIpFilterEntry 24 }

tCpmIpFilterEntryIcmpCode  OBJECT-TYPE
    SYNTAX      Integer32 (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIcmpCode specifies the ICMP code
         to be matched. tCpmIpFilterEntryIcmpCode complements the object
         tCpmIpFilterEntryIcmpType. Both of them need to be set to actually
         enable ICMP Code matching. The value -1 means Icmp code matching is
         disabled."
    DEFVAL { -1 }
    ::= { tCpmIpFilterEntry 25 }

tCpmIpFilterEntryIcmpType  OBJECT-TYPE
    SYNTAX      Integer32 (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryIcmpType specifies the ICMP type to
         be matched. The value -1 means Icmp type matching is
         disabled."
    DEFVAL { -1 }
    ::= { tCpmIpFilterEntry 26 }

tCpmIpFilterEntryVRtrId  OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryVRtrId specifies the virtual router
         ID to be matched. When the value is '0', no virtual router matching
         occurs."
    DEFVAL { 0 }
    ::= { tCpmIpFilterEntry 27 }

tCpmIpFilterEntryLogCreated OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterEntryLogCreated indicates whether the
         filter log for this filter entry has been instantiated."
    ::= { tCpmIpFilterEntry 28 }

tCpmIpFilterEntrySrcIpPrefixList OBJECT-TYPE
    SYNTAX       TNamedItemOrEmpty
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tCpmIpFilterEntrySrcIpPrefixList specifies the
         ip-prefix-list to be used as match criterion for the source ip address.

         If the value of this object is empty the values of the objects
         tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask
         will be used as src-ip match criterion.

         The value specified for this object must correrspond to a prefix-list
         defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.

         When set to a non zero value, the value of the objects
         tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask
         will set to their default values.

         The value of those object will be set to its default value by the
         system if a new (non default) value is provided for the objects
         tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask.

         An attempt to set tCpmIpFilterEntrySrcIpPrefixList to a non-default
         value in combination with setting any of tCpmIpFilterEntrySrcIPAddr or
         tCpmIpFilterEntrySrcIPMask to (a) non-default value(s) is rejected by
         the system.

         Also, setting both tCpmIpFilterEntrySrcIpPrefixList and
         tCpmIpFilterEntryDstIpPrefixList to non-default values is rejected by
         the system"
    DEFVAL { ''H }
    ::= { tCpmIpFilterEntry 30 }

tCpmIpFilterEntryDstIpPrefixList OBJECT-TYPE
    SYNTAX       TNamedItemOrEmpty
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tCpmIpFilterEntryDstIpPrefixList specifies the
         ip-prefix-list to be used as match criterion for the destination
         ip address.

         If the value of this object is empty the values of the objects
         tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask
         will be used as src-ip match criterion.

         The value specified for this object must correrspond to a prefix-list
         defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.

         When set to a non zero value, the value of the objects
         tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask
         will set to their default values.

         The value of thos object will be set to its default value by the system
         if a new (non default) value is provided for the objects
         tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask.

         An attempt to set tCpmIpFilterEntryDstIpPrefixList to a non-default
         value in combination with setting any of tCpmIpFilterEntryDestIPAddr or
         tCpmIpFilterEntryDestIPMask to (a) non-default value(s) is rejected by
         the system.

         Also, setting both tCpmIpFilterEntryDstIpPrefixList and
         tCpmIpFilterEntrySrcIpPrefixList to non-default values is rejected by
         the system"
    DEFVAL { ''H }
    ::= { tCpmIpFilterEntry 31 }

--
--  CPM IP Filter Stats Table
--
tCpmIpFilterStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIpFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIpFilterStatsTable has a stats entry for each entry in each
         CPM filter configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 7 }

tCpmIpFilterStatsEntry  OBJECT-TYPE
    SYNTAX      TCpmIpFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmIpFilterEntry indexed by the same tCpmIpFilterEntryId. Entries
         are created when tCpmIpFilterEntry rows are created."
    INDEX { tCpmIpFilterEntryId }
    ::= { tCpmIpFilterStatsTable 1 }

TCpmIpFilterStatsEntry ::= SEQUENCE {
    tCpmIpFilterStatsDroppedPkts           Counter64,
    tCpmIpFilterStatsForwardedPkts         Counter64
}

tCpmIpFilterStatsDroppedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterStatsDroppedPkts indicates
         the number of packets dropped due to the tCpmIpFilterEntry
         with the same index."
    ::= { tCpmIpFilterStatsEntry 1 }

tCpmIpFilterStatsForwardedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIpFilterStatsForwardedPkts indicates
         the number of packets forwarded due to the tCpmIpFilterEntry
         with the same index."
    ::= { tCpmIpFilterStatsEntry 2 }

--
--  CPM Queue Stats Table
--
tCpmFilterQueueStatsTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmFilterQueueStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmFilterQueueStatsTable has a stats entry for each CPM filter
         queue configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 8 }

tCpmFilterQueueStatsEntry OBJECT-TYPE
    SYNTAX      TCpmFilterQueueStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmFilterQueueEntry indexed by the same tCpmFilterQueueId.
         Entries are created when tCpmFilterQueueEntry rows are created."
     INDEX {tCpmFilterQueueId }
     ::= { tCpmFilterQueueStatsTable 1}

TCpmFilterQueueStatsEntry ::= SEQUENCE {
    tCpmFilterQInProfileDropPkts        Counter64,
    tCpmFilterQInProfileFwdPkts         Counter64,
    tCpmFilterQInProfileDropOctets      Counter64,
    tCpmFilterQInProfileFwdOctets       Counter64,
    tCpmFilterQOutProfileDropPkts       Counter64,
    tCpmFilterQOutProfileFwdPkts        Counter64,
    tCpmFilterQOutProfileDropOctets     Counter64,
    tCpmFilterQOutProfileFwdOctets      Counter64
}

tCpmFilterQInProfileDropPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileDropPkts indicates
         the number of packets complying to the queue Qos profile dropped
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 1 }

tCpmFilterQInProfileFwdPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileFwdPkts indicates
         the number of packets complying to the queue Qos profile forwarded
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 2 }

tCpmFilterQInProfileDropOctets OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileDropOctets indicates
         the number of octets complying to the queue Qos profile dropped
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 3 }

tCpmFilterQInProfileFwdOctets OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQInProfileFwdOctets indicates
         the number of octets complying to the queue Qos profile forwarded
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 4 }

tCpmFilterQOutProfileDropPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileDropPkts indicates
         the number of packets not complying to the queue Qos profile dropped
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 5 }

tCpmFilterQOutProfileFwdPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileFwdPkts indicates
         the number of packets not complying to the queue Qos profile forwarded
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 6 }

tCpmFilterQOutProfileDropOctets OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileDropOctets indicates
         the number of octets not complying to the queue Qos profile dropped
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 7 }

tCpmFilterQOutProfileFwdOctets OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmFilterQOutProfileFwdOctets indicates
         the number of octets not complying to the queue Qos profile forwarded
         from the tCpmFilterQueueEntry with the same index."
    ::= { tCpmFilterQueueStatsEntry 8 }

--
-- CPM IPv6 Filter Table
--
tCpmIPv6FilterTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIPv6FilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIPv6FilterTable has an entry for each CPM IPv6 filter entry
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 9 }

tCpmIPv6FilterEntry OBJECT-TYPE
    SYNTAX      TCpmIPv6FilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular CPM IPv6 filter match entry.
         The CPM IPv6 Filter can have zero or more CPM IPv6 filter match
         entries.

         A filter entry with no match criteria set will match every packet, and
         the entry action will be taken.
         Entries are created/deleted by user.
         There is no StorageType object, entries have a presumed StorageType of
         nonVolatile."
    INDEX { tCpmIPv6FilterEntryId }
    ::= { tCpmIPv6FilterTable 1 }

TCpmIPv6FilterEntry ::= SEQUENCE {
    tCpmIPv6FilterEntryId                     TEntryId,
    tCpmIPv6FilterEntryRowStatus              RowStatus,
    tCpmIPv6FilterEntryLastChanged            TimeStamp,
    tCpmIPv6FilterEntryLogId                  TFilterLogId,
    tCpmIPv6FilterEntryDescription            TItemDescription,
    tCpmIPv6FilterEntryAction                 TCpmFilterActionOrDefault,
    tCpmIPv6FilterEntryQueueId                TCpmFilterQueueId,
    tCpmIPv6FilterEntrySrcIPAddr              InetAddressIPv6,
    tCpmIPv6FilterEntrySrcIPMask              InetAddressPrefixLength,
    tCpmIPv6FilterEntryDestIPAddr             InetAddressIPv6,
    tCpmIPv6FilterEntryDestIPMask             InetAddressPrefixLength,
    tCpmIPv6FilterEntryNextHeader             TIpProtocol,
    tCpmIPv6FilterEntrySrcPort                TTcpUdpPort,
    tCpmIPv6FilterEntrySrcPortMask            Integer32,
    tCpmIPv6FilterEntryDestPort               TTcpUdpPort,
    tCpmIPv6FilterEntryDestPortMask           Integer32,
    tCpmIPv6FilterEntryDSCP                   TDSCPNameOrEmpty,
    tCpmIPv6FilterEntryTcpSyn                 TItemMatch,
    tCpmIPv6FilterEntryTcpAck                 TItemMatch,
    tCpmIPv6FilterEntryIcmpCode               Integer32,
    tCpmIPv6FilterEntryIcmpType               Integer32,
    tCpmIPv6FilterEntryVRtrId                 TmnxVRtrIDOrZero,
    tCpmIPv6FilterEntryLogCreated             TruthValue,
    tCpmIPv6FilterEntryFlowLabel              IPv6FlowLabel
}

tCpmIPv6FilterEntryId  OBJECT-TYPE
    SYNTAX      TEntryId (1..2048)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryId is used to index into the
         tCpmIPv6FilterTable. It uniquely identifies a CPM IPv6 filter entry
         as configured on this system."
    ::= { tCpmIPv6FilterEntry 1 }

tCpmIPv6FilterEntryRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryRowStatus specifies the row status. It
         allows entries to be created and deleted in the tCpmIPv6FilterTable."
    ::= { tCpmIPv6FilterEntry 2 }

tCpmIPv6FilterEntryLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryLastChanged indicates the timestamp of
         the last change to this row in tCpmIPv6FilterTable."
    ::= { tCpmIPv6FilterEntry 3 }

tCpmIPv6FilterEntryLogId  OBJECT-TYPE
    SYNTAX      TFilterLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryLogId specifies the log in which
         packets matching this entry should be entered.
         The value zero indicates that logging is disabled."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 4 }

tCpmIPv6FilterEntryDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDescription specifies the
         user-provided string describing this filter entry."
    DEFVAL { ''H }
    ::= { tCpmIPv6FilterEntry 5 }

tCpmIPv6FilterEntryAction  OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryAction specifies the action to take
         for packets that match this filter entry. The value default(4)
         specifies this entry to inherit the behavior defined as the default
         for the filter in tCpmFilterDefaultAction.
         
         The value queue(3) can only be specified if a valid queue id is entered
         in tCpmIPv6FilterEntryQueueId."         
    DEFVAL { drop }
    ::= { tCpmIPv6FilterEntry 6 }

tCpmIPv6FilterEntryQueueId  OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryQueueId specifies which queue to put
         the packet in when tCpmIPv6FilterEntryAction is queue (3).
         
         If the value of tCpmIPv6FilterEntryAction is different from queue (3)
         tCpmIPv6FilterEntryQueueId will be forced by the system to 0, and any
         change attempt will be silently discarded."
         
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 7 }

tCpmIPv6FilterEntrySrcIPAddr  OBJECT-TYPE
    SYNTAX      InetAddressIPv6
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntrySrcIPAddr specifies the IPv6 address
         to match the source IPv6 address in the packet."
    DEFVAL { '00000000000000000000000000000000'H }
    ::= { tCpmIPv6FilterEntry 8 }

tCpmIPv6FilterEntrySrcIPMask  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tCpmIPv6FilterEntrySrcIPMask holds the IPv6 source address mask for
         this IPv6 CPM filter entry. The mask specifies the bits to be compared
         between tCpmIPv6FilterEntrySrcIPAddr and the IPv6 source address in
         the packet."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 9 }

tCpmIPv6FilterEntryDestIPAddr  OBJECT-TYPE
    SYNTAX      InetAddressIPv6
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDestIPAddr specifies the IPv6 address
         to match the destination IPv6 address in the packet."
    DEFVAL { '00000000000000000000000000000000'H }
    ::= { tCpmIPv6FilterEntry 10 }

tCpmIPv6FilterEntryDestIPMask  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tCpmIPv6FilterEntryDestIPMask holds the IPv6 destination address mask
         for this IPv6 CPM filter entry.

         The mask specifies the bits to be compared between
         tCpmIPv6FilterEntryDestIPAddr and the IPv6 destination address
         in the packet."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 11 }

tCpmIPv6FilterEntryNextHeader  OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryNextHeader specifies the IPv6 protocol
         to match. '-1' specifies that the matching has been disabled.
         To change a protocol, the protocol specific values should be reset.
         For instance, to change the protocol from TCP(6) to UDP(7),
         the TCP specific attributes such as tCpmIPv6FilterEntryTcpSyn and
         tCpmIPv6FilterEntryTcpAck should be reset.
         Because the match criteria only pertains to the last next-header, the
         following values are not accepted: 0, 43, 44, 50, 51, and 60."
    DEFVAL { -1 }
    ::= { tCpmIPv6FilterEntry 12 }

tCpmIPv6FilterEntrySrcPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntrySrcPort specifies the TCP/UDP port to
         match the source-port of the packet."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 13 }

tCpmIPv6FilterEntrySrcPortMask OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntrySrcPortMask specifies the bits to be
         compared between tCpmIPv6FilterEntrySrcPort and the TCP/UDP source
         port in the packet."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 14 }

tCpmIPv6FilterEntryDestPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDestPort specifies the TCP/UDP port to
         match the destination-port of the packet."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 15 }

tCpmIPv6FilterEntryDestPortMask OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDestPortMask specifies the bits to be
         compared between tCpmIPv6FilterEntryDestPort and the TCP/UDP source
         port in the packet."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 16 }

tCpmIPv6FilterEntryDSCP  OBJECT-TYPE
    SYNTAX      TDSCPNameOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryDSCP specifies the DSCP to be
         matched on the packet."
    DEFVAL { ''H }
    ::= { tCpmIPv6FilterEntry 17 }

tCpmIPv6FilterEntryTcpSyn  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryTcpSyn specifies whether a TCP Syn
         packet should match."
    DEFVAL { off }
    ::= { tCpmIPv6FilterEntry 23 }

tCpmIPv6FilterEntryTcpAck  OBJECT-TYPE
    SYNTAX      TItemMatch
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryTcpAck specifies whether a TCP Ack
         packet should match."
    DEFVAL { off }
    ::= { tCpmIPv6FilterEntry 24 }

tCpmIPv6FilterEntryIcmpCode  OBJECT-TYPE
    SYNTAX      Integer32 (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryIcmpCode specifies the ICMP code
         to be matched. tCpmIPv6FilterEntryIcmpCode complements the object
         tCpmIPv6FilterEntryIcmpType. Both of them need to be set to actually
         enable ICMP matching. The value '-1' means Icmp code matching is
         disabled."
    DEFVAL { -1 }
    ::= { tCpmIPv6FilterEntry 25 }

tCpmIPv6FilterEntryIcmpType  OBJECT-TYPE
    SYNTAX      Integer32 (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryIcmpType specifies the ICMP type to
         be matched. tCpmIPv6FilterEntryIcmpType complements the object
         tCpmIPv6FilterEntryIcmpCode. Both of them need to be set to actually
         enable ICMP matching. The value '-1' means Icmp type matching is
         disabled."
    DEFVAL { -1 }
    ::= { tCpmIPv6FilterEntry 26 }

tCpmIPv6FilterEntryVRtrId  OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryVRtrId specifies the virtual router
         ID to be matched. When the value is '0', no virtual router matching
         occurs."
    DEFVAL { 0 }
    ::= { tCpmIPv6FilterEntry 27 }

tCpmIPv6FilterEntryLogCreated OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryLogCreated indicates whether the
         filter log for this filter entry has been instantiated."
    ::= { tCpmIPv6FilterEntry 28 }

tCpmIPv6FilterEntryFlowLabel  OBJECT-TYPE
    SYNTAX      IPv6FlowLabel
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterEntryFlowLabel specifies the flow label
         to be matched. When the value is '-1', no flow label matching
         occurs."
    DEFVAL { -1 }
    ::= { tCpmIPv6FilterEntry 29 }

--
--  CPM IPv6 Filter Stats Table
--
tCpmIPv6FilterStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmIPv6FilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmIPv6FilterStatsTable has a stats entry for each entry in each
         CPM filter configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 10 }

tCpmIPv6FilterStatsEntry  OBJECT-TYPE
    SYNTAX      TCpmIPv6FilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmIPv6FilterEntry indexed by the same tCpmIPv6FilterEntryId. Entries
         are created when tCpmIPv6FilterEntry rows are created."
    INDEX { tCpmIPv6FilterEntryId }
    ::= { tCpmIPv6FilterStatsTable 1 }

TCpmIPv6FilterStatsEntry ::= SEQUENCE {
    tCpmIPv6FilterStatsDroppedPkts           Counter64,
    tCpmIPv6FilterStatsForwardedPkts         Counter64
}

tCpmIPv6FilterStatsDroppedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterStatsDroppedPkts indicates
         the number of packets dropped due to the tCpmIPv6FilterEntry
         with the same index."
    ::= { tCpmIPv6FilterStatsEntry 1 }

tCpmIPv6FilterStatsForwardedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmIPv6FilterStatsForwardedPkts indicates
         the number of packets forwarded due to the tCpmIPv6FilterEntry
         with the same index."
    ::= { tCpmIPv6FilterStatsEntry 2 }

--
-- CPM MAC Filter Table
--
tCpmMacFilterTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmMacFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmMacFilterTable has an entry for each CPM Mac filter entry
         configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 25 }

tCpmMacFilterEntry OBJECT-TYPE
    SYNTAX      TCpmMacFilterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular Cpm Mac Filter match entry.
         The Cpm Mac Filter can have zero or more Cpm Mac Filter match entries.
         A filter entry with no match criteria set will match every
         packet, and the entry action will be taken.
         Entries are created/deleted by user."
    INDEX { tCpmMacFltrEntryId }
    ::= { tCpmMacFilterTable 1 }

TCpmMacFilterEntry ::= SEQUENCE {
    tCpmMacFltrEntryId                TEntryId,
    tCpmMacFltrEntryRowStatus         RowStatus,
    tCpmMacFltrEntryLastChanged       TimeStamp,
    tCpmMacFltrEntryLogId             TFilterLogId,
    tCpmMacFltrEntryDescription       TItemDescription,
    tCpmMacFltrEntryAction            TCpmFilterActionOrDefault,
    tCpmMacFltrEntryQueueId           TCpmFilterQueueId,
    tCpmMacFltrEntryFrameType         TmnxCpmMacFltrFrameType,
    tCpmMacFltrEntrySvcId             TmnxServId,
    tCpmMacFltrEntryDot1pValue        Dot1PPriority,
    tCpmMacFltrEntryDot1pMask         Dot1PPriorityMask,
    tCpmMacFltrEntryDsap              ServiceAccessPoint,
    tCpmMacFltrEntryDsapMask          ServiceAccessPoint,
    tCpmMacFltrEntrySrcMAC            MacAddress,
    tCpmMacFltrEntrySrcMACMask        MacAddress,
    tCpmMacFltrEntryDstMAC            MacAddress,
    tCpmMacFltrEntryDstMACMask        MacAddress,
    tCpmMacFltrEntryEtherType         INTEGER,
    tCpmMacFltrEntrySsap              ServiceAccessPoint,
    tCpmMacFltrEntrySsapMask          ServiceAccessPoint,
    tCpmMacFltrEntryCfmOpCodeOper     TOperator,
    tCpmMacFltrEntryCfmOpCodeValue1   Unsigned32,
    tCpmMacFltrEntryCfmOpCodeValue2   Unsigned32,
    tCpmMacFltrEntryLogCreated        TruthValue
}

tCpmMacFltrEntryId  OBJECT-TYPE
    SYNTAX      TEntryId (1..2048)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryId is used to index into the
         tCpmMacFilterTable. It uniquely identifies a CPM Mac filter
         entry as configured on this system."
    ::= { tCpmMacFilterEntry 1 }

tCpmMacFltrEntryRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryRowStatus specifies the row status. It
         allows entries to be created and deleted in the tCpmMacFilterTable."
    ::= { tCpmMacFilterEntry 2 }

tCpmMacFltrEntryLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryLastChanged indicates the timestamp of
         the last change to this row in tCpmMacFilterTable."
    ::= { tCpmMacFilterEntry 3 }

tCpmMacFltrEntryLogId  OBJECT-TYPE
    SYNTAX      TFilterLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryLogId specifies the log in which
         packets matching this entry should be entered.
         The value zero indicates that logging is disabled."
    DEFVAL { 0 }
    ::= { tCpmMacFilterEntry 4 }

tCpmMacFltrEntryDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryDescription specifies the
         user-provided string describing this filter entry."
    DEFVAL { ''H }
    ::= { tCpmMacFilterEntry 5 }

tCpmMacFltrEntryAction  OBJECT-TYPE
    SYNTAX      TCpmFilterActionOrDefault
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryAction specifies the action to take
         for packets that match this filter entry. The value default(4)
         specifies this entry to inherit the behavior defined as the default
         for the filter in tCpmFilterDefaultAction.
                  
         The value queue(3) can only be specified if a valid queue id is entered
         in tCpmMacFltrEntryQueueId."
    DEFVAL { drop }
    ::= { tCpmMacFilterEntry 6 }

tCpmMacFltrEntryQueueId  OBJECT-TYPE
    SYNTAX      TCpmFilterQueueId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryQueueId specifies which queue to put
         the packet in when tCpmMacFltrEntryAction is queue (3).
                  
         If the value of tCpmMacFltrEntryAction is different from queue (3)
         tCpmMacFltrEntryQueueId will be forced by the system to 0, and any
         change attempt will be silently discarded."
    DEFVAL { 0 }
    ::= { tCpmMacFilterEntry 7 }

tCpmMacFltrEntryFrameType  OBJECT-TYPE
    SYNTAX       TmnxCpmMacFltrFrameType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of tCpmMacFltrEntryFrameType specifies the type of
         mac frame for which we are defining this match criteria.
         The value 'none' means that this entry is not matching on any
         enthernet frame.

         The value 'e802dot1ag(4)' is depricated, and replaced by 
         e802dot2LLC(1)."
    DEFVAL { none }
    ::= { tCpmMacFilterEntry 8 }

tCpmMacFltrEntrySvcId  OBJECT-TYPE
    SYNTAX       TmnxServId
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySvcId specifies the service-id
         in which the packet is to be received for this entry to match.
         A value of 0 indicates: any service."
    DEFVAL { 0 }
    ::= { tCpmMacFilterEntry 9 }

tCpmMacFltrEntryDot1pValue OBJECT-TYPE
    SYNTAX          Dot1PPriority
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "Filtering on dot1p bits is currently not offered on cpm-mac filters.
          All set actions on this object will therefore be ignored."
    DEFVAL { -1 }
    ::= { tCpmMacFilterEntry 10 }

tCpmMacFltrEntryDot1pMask OBJECT-TYPE
    SYNTAX          Dot1PPriorityMask
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "Filtering on dot1p bits is currently not offered on cpm-mac filters.
          All set actions on this object will therefore be ignored."
    DEFVAL { 0 }
    ::= { tCpmMacFilterEntry 11 }

tCpmMacFltrEntryDsap OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDsap specifies the MAC DSAP
         to match for this MAC filter entry. This object has no
         significance if the object tCpmMacFltrEntryFrameType is not set to
         802dot2LLC."
    DEFVAL { -1 }
    ::= { tCpmMacFilterEntry 12 }

tCpmMacFltrEntryDsapMask OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDsapMask specifies the
         MAC DSAP mask for this MAC filter entry.
         This object has no significance if the object
         tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
    DEFVAL { -1 }
    ::= { tCpmMacFilterEntry 13 }

tCpmMacFltrEntrySrcMAC OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySrcMAC specifies
         the source MAC to match for this policy MAC filter entry."
    DEFVAL { '000000000000'H }
    ::= { tCpmMacFilterEntry 14 }

tCpmMacFltrEntrySrcMACMask OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySrcMACMask specifies
         the source MAC mask value for this policy MAC filter entry.
         The mask is ANDed with the MAC to match tCpmMacFltrEntrySrcMAC.
         A zero bit means ignore this bit, do not match. A one bit means
         match this bit with tCpmMacFltrEntrySrcMAC.
         Use the value 00-00-00-00-00-00 to disable this filter criteria."
    DEFVAL { '000000000000'H }
    ::= { tCpmMacFilterEntry 15 }

tCpmMacFltrEntryDstMAC OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDstMAC specifies
         the Destination MAC mask value for this policy MAC filter entry."
    DEFVAL { '000000000000'H }
    ::= { tCpmMacFilterEntry 16 }

tCpmMacFltrEntryDstMACMask OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryDstMACMask specifies
         the destination MAC mask value for this policy MAC filter entry.
         The mask is ANDed with the MAC to match tCpmMacFltrEntryDstMAC.
         A zero bit means ignore this bit, do not match.  a one bit means
         match this bit with tCpmMacFltrEntryDstMAC.
         Use the value 00-00-00-00-00-00 to disable this filter criteria."
    DEFVAL { '000000000000'H }
    ::= { tCpmMacFilterEntry 17 }

tCpmMacFltrEntryEtherType OBJECT-TYPE
    SYNTAX          INTEGER (-1 | 0..65535)
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryEtherType specifies the
         Ethertype for this MAC filter entry. Use -1 to disable matching
         by this criteria. This object has no significance if the object
         tCpmMacFltrEntryFrameType is not set to Ethernet_II."
    DEFVAL { -1 }
    ::= { tCpmMacFilterEntry 18 }

tCpmMacFltrEntrySsap OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySsap specifies the
         the MAC SSAP to match for this MAC filter entry. This object has no
         significance if the object tCpmMacFltrEntryFrameType is not set to
         802dot2LLC."
    DEFVAL { -1 }
    ::= { tCpmMacFilterEntry 21 }

tCpmMacFltrEntrySsapMask OBJECT-TYPE
    SYNTAX          ServiceAccessPoint
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntrySsapMask specifies the
         MAC SSAP mask for this MAC filter entry. use 0 to disable
         matching by this criteria. This object has no significance if the
         object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
    DEFVAL { -1 }
    ::= { tCpmMacFilterEntry 22 }

tCpmMacFltrEntryCfmOpCodeOper  OBJECT-TYPE
    SYNTAX       TOperator
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryCfmOpCodeOper specifies which
         type of opcode checking is to be performed.
         If different fron none, more info is provided in the objects
         tCpmMacFltrEntryCfmOpCodeValue1 and tCpmMacFltrEntryCfmOpCodeValue2.
         This object has significance only if the object tCpmMacFltrEntryFrameType
         refers to either ieee802.1ag or Y1731."
    DEFVAL { none }
    ::= { tCpmMacFilterEntry 23 }

tCpmMacFltrEntryCfmOpCodeValue1  OBJECT-TYPE
    SYNTAX       Unsigned32(0..255)
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryCfmOpCodeValue1 specifies a cfm
         opcode. The value of this object is used as per the
         description for tCpmMacFltrEntryCfmOpCodeOper."
    DEFVAL { 0 }
    ::= { tCpmMacFilterEntry 24 }

tCpmMacFltrEntryCfmOpCodeValue2  OBJECT-TYPE
    SYNTAX       Unsigned32(0..255)
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
        "The value of the object tCpmMacFltrEntryCfmOpCodeValue2 specifies a cfm
         opcode. The value of this object is used as per the
         description for tCpmMacFltrEntryCfmOpCodeOper."
    DEFVAL { 0 }
    ::= { tCpmMacFilterEntry 25 }

tCpmMacFltrEntryLogCreated OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFltrEntryLogCreated indicates whether the
         filter log for this filter entry has been instantiated."
    ::= { tCpmMacFilterEntry 26 }

--
--  CPM MAC Filter Stats Table
--
tCpmMacFilterStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TCpmMacFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tCpmMacFilterStatsTable has a stats entry of the
         CPM Mac filter configured on this system.

         This table is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
    ::= { tmnxCpmSecurityObjs 26 }

tCpmMacFilterStatsEntry  OBJECT-TYPE
    SYNTAX      TCpmMacFilterStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the statistics related to the
         tCpmMacFilterEntry indexed by the same tCpmMacFltrEntryId.
         Entries are created when tCpmMacFilterEntry rows are created."
    INDEX { tCpmMacFltrEntryId }
    ::= { tCpmMacFilterStatsTable 1 }

TCpmMacFilterStatsEntry ::= SEQUENCE {
    tCpmMacFilterStatsDroppedPkts     Counter64,
    tCpmMacFilterStatsForwardedPkts   Counter64
}

tCpmMacFilterStatsDroppedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFilterStatsDroppedPkts indicates
         the number of packets dropped due to the tCpmMacFilterEntry
         with the same index."
    ::= { tCpmMacFilterStatsEntry 1 }

tCpmMacFilterStatsForwardedPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tCpmMacFilterStatsForwardedPkts indicates
         the number of packets forwarded due to the tCpmMacFilterEntry
         with the same index."
    ::= { tCpmMacFilterStatsEntry 2 }


-- Password Hash Versions
tmnxPasswordHashObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 10 }

tmnxPassHashReadVersion OBJECT-TYPE
    SYNTAX      INTEGER {
                    all     (0),
                    version1(1),
                    version2(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashReadVersion specifies the password hash version
         accepted by the system while executing commands.
         The value 'all' overrides this check and hence allows all
         supported versions to be accepted."
    DEFVAL { all }
    ::= { tmnxPasswordHashObjs 1 }

tmnxPassHashWriteVersion OBJECT-TYPE
    SYNTAX      INTEGER {
                    version1(1),
                    version2(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxPassHashWriteVersion specifies the hash version to be
         used while saving the configuration files."
    DEFVAL { version2 }
    ::= { tmnxPasswordHashObjs 2 }

-- SSH Information
tmnxSSHServerObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 11 }

tmnxSSHServerPreserveKey OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxSSHServerPreserveKey specifies the persistence of the SSH
         server host key. A value of 'true' specifies that the host key
         will be saved by the server and restored following a system
         reboot.  The SSH client also saves the host key and
         restores it following a system reboot.

         A value of 'false' specifies that the host key will be held
         in memory by both the SSH server and the SSH client and
         is not restored following a system reboot."
    DEFVAL { false }
    ::= { tmnxSSHServerObjs 1 }

tmnxSSHServerVersion    OBJECT-TYPE
    SYNTAX      INTEGER {
                    version1(1),
                    version2(2),
                    both    (3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "tmnxSSHServerVersion specifies the SSH protocol version that will be
         by supported by the SSH server.

         A value of tmnxSSHServerVersion 'version1' specifies that the SSH
         server will only accept connections from clients that support SSH
         protocol  version 1. A value of 'both' specifies that the SSH server
         will accept connections from clients supporting either SSH protocol
         version 1, or SSH protocol version 2 or both."
    DEFVAL { version2 }
    ::= { tmnxSSHServerObjs 2 }

-- Source IP address configuration

tmnxSourceIPTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxSourceIPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxSourceIPEntry has an entry for the source IP to be used by
         the specified protocol."
    ::= { tmnxSecurityObjects 12 }

tmnxSourceIPEntry  OBJECT-TYPE
    SYNTAX      TmnxSourceIPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxSourceIPEntry is an entry (conceptual row) in the
         tmnxSourceIPTable. Each entry represents the source IP address to be
         used by the specified application for a particular Virtual Router
         instance.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxSourceIPRowStatus."
    INDEX  {vRtrID, tmnxSourceIPProtoApp}
    ::= { tmnxSourceIPTable 1 }

TmnxSourceIPEntry ::= SEQUENCE {
    tmnxSourceIPProtoApp            INTEGER,
    tmnxSourceIPRowStatus           RowStatus,
    tmnxSourceIPAddressType         InetAddressType,
    tmnxSourceIPAddress             InetAddress,
    tmnxSourceIPIfIndex             InterfaceIndexOrZero,
    tmnxSourceIPOperStatus          INTEGER
}

tmnxSourceIPProtoApp OBJECT-TYPE
    SYNTAX      INTEGER {
                    telnet      (1),
                    ftp         (2),
                    ssh         (3),
                    radius      (4),
                    tacplus     (5),
                    snmpTrap    (6),
                    syslog      (7),
                    icmpPing    (8),
                    traceRoute  (9),
                    dns         (10),
                    sntp        (11),
                    ntp         (12),
                    cflowd      (13),
                    telnet6     (14),
                    ftp6        (15),
                    radius6     (16),
                    tacplus6    (17),
                    snmpTrap6   (18),
                    syslog6     (19),
                    icmpPing6   (20),
                    traceRoute6 (21),
                    dns6        (22),
                    ptp         (23),
                    mcreporter  (24)
                }
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPProtoApp specifies the application which
         should use the source-IP address specified by the value of
         tmnxSourceIPAddress.

         tmnxSourceIPAddressType must be 'ipv6 (2)' when setting the value of
         this object to 'telnet6 (14)', 'ftp6 (15)', 'radius6 (16)',  
         'tacplus6 (17)', 'snmpTrap6 (18)', 'syslog6 (19)', 'icmpPing6 (20)',
         'traceRoute6 (21)' or 'dns6 (22)'."
    ::= { tmnxSourceIPEntry 2 }

tmnxSourceIPRowStatus OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxSourceIPRowStatus is used to create or destroy
         entries in this table.

         A row entry for a particular vRtrID with tmnxSourceIPProtoApp set to
         any value can be created only if the value of tmnxSourceIPAddress
         or tmnxSourceIPIfIndex is specified."
    ::= { tmnxSourceIPEntry 3 }

tmnxSourceIPAddressType      OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPAddressType specifies the address type of
         tmnxSourceIPAddress address.

         The value of tmnxSourceIPAddressType can be either of
         InetAddressType - 'ipv4' or InetAddressType - 'ipv6'."
    DEFVAL { unknown }
    ::= { tmnxSourceIPEntry 4 }

tmnxSourceIPAddress      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE(0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxSourceIPAddress specifies the source address that
         should be used in all unsolicited packets sent by the application
         specified by the value of tmnxSourceIPProtoApp. For the value
         specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress
         or tmnxSourceIPIfIndex can be specified, but not both."
    DEFVAL { ''H }
    ::= { tmnxSourceIPEntry 5 }

tmnxSourceIPIfIndex      OBJECT-TYPE
    SYNTAX      InterfaceIndexOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "tmnxSourceIPIfIndex specifies the interface index whose IP
         address should be used in all unsolicited packets sent by the
         application specified by the value of tmnxSourceIPProtoApp. For the
         value specified by tmnxSourceIPProtoApp, either of
         tmnxSourceIPAddress or tmnxSourceIPIfIndex can be
         specified, but not both."
    DEFVAL { 0 }
    ::= { tmnxSourceIPEntry 6 }

tmnxSourceIPOperStatus      OBJECT-TYPE
    SYNTAX       INTEGER {
                     up(1),
                     down(2)
                 }
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxSourceIPOperStatus indicates the state of
         tmnxSourceIPEntry. A value of 'up' indicates that the IP
         address specified by tmnxSourceIPAddress will be used for all
         unsolicited packets sent by the application specified by the value of
         tmnxSourceIPProtoApp."
    DEFVAL { down }
    ::= { tmnxSourceIPEntry 7 }

--
-- User Template Table
--
tmnxUserTemplateTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxUserTemplateEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserTemplateTable contains configuration information for the
         template of a system user."
    ::= { tmnxSecurityObjects  13 }

tmnxUserTemplateEntry  OBJECT-TYPE
    SYNTAX      TmnxUserTemplateEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxUserTemplateEntry is an entry (conceptual row) in the
         tmnxUserTemplateTable.
         Each entry represents the configuration for the template of a system
         user. Entries in this table cannot be created or deleted."
    INDEX  { IMPLIED tmnxTemplateName }
    ::= { tmnxUserTemplateTable 1 }

TmnxUserTemplateEntry ::= SEQUENCE {
    tmnxTemplateName                      TNamedItem,
    tmnxTemplateAccess                    BITS,
    tmnxTemplateHomeDirectory             OCTET STRING,
    tmnxTemplateRestrictedToHome          TruthValue,
    tmnxTemplateConsoleLoginExecFile      OCTET STRING,
    tmnxTemplateProfile                   TNamedItem
}

tmnxTemplateName  OBJECT-TYPE
    SYNTAX      TNamedItem (SIZE(1..16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateName specifies the name of the template
         from which  a system user can be derived. This name must be unique
         amongst the table entries."
    ::= { tmnxUserTemplateEntry 1 }

tmnxTemplateAccess  OBJECT-TYPE
    SYNTAX      BITS {
                    console(0),
                    ftp    (1)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateAccess specifies the type of access
         permitted to the user derived from this template. To allow  this user
         access to the console or FTP, set the corresponding bit in
         tmnxTemplateAccess. Reset the bit to deny the access."
    DEFVAL { { } }
    ::= { tmnxUserTemplateEntry 2 }

tmnxTemplateHomeDirectory  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..200))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateHomeDirectory specifies the local home
         directory on FTP and console access of the user derived from this
         template."
    DEFVAL { ''h }
    ::= { tmnxUserTemplateEntry 3 }

tmnxTemplateRestrictedToHome  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When the value of tmnxTemplateRestrictedToHome is 'true', the
         user derived from this template is not allowed to navigate to
         directories above his home directory for file access.

         When the value of tmnxTemplateRestrictedToHome is 'false', the
         access is allowed to directories above the home directory."
    DEFVAL { false }
    ::= { tmnxUserTemplateEntry 4 }

tmnxTemplateConsoleLoginExecFile  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..200))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateConsoleLoginExecFile specifies the file
         that should be executed whenever the user derived from this template
         has successfully logged in to a console session."
    DEFVAL { ''h }
    ::= { tmnxUserTemplateEntry 5 }

tmnxTemplateProfile  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxTemplateProfile specifies the user profile
         entry from the tmnxUserProfileTable that will be applied
         to the user derived from this template.

         For users authenticated by TACACS+, the profile specified by
         tmnxTemplateProfile will only apply if TACACS+ command
         authorization is disabled as specified by
         tmnxTacPlusAuthorization being set to 'false'."
    DEFVAL { "default" }
    ::= { tmnxUserTemplateEntry 6 }

--
-- Key-chains
--
tmnxKeyChainTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxKeyChainEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxKeyChainEntry has an entry for a particular configured
         keychain used by the protocol session."
    ::= { tmnxSecurityObjects 14 }

tmnxKeyChainEntry  OBJECT-TYPE
    SYNTAX      TmnxKeyChainEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxKeyChainEntry is an entry (conceptual row) in the
         tmnxKeyChainTable. Each entry represents the keychain configuration
         which will be applied to a protocol session.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxKeyChainRowStatus."
    INDEX  {tmnxKeyChainName}
    ::= { tmnxKeyChainTable 1 }

TmnxKeyChainEntry ::= SEQUENCE {
    tmnxKeyChainName                  TNamedItem,
    tmnxKeyChainRowStatus             RowStatus,
    tmnxKeyChainDescription           TItemDescription,
    tmnxKeyChainSendTcpOptionNum      TmnxKeyChainTcpOptionNum,
    tmnxKeyChainReceiveTcpOptionNum   TmnxKeyChainTcpOptionNum,
    tmnxKeyChainAdminState            TmnxAdminState,
    tmnxKeyChainOperState             TmnxOperState
}

tmnxKeyChainName OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainName specifies a unique keychain name which
         identifies this particular keychain entry."
    ::= { tmnxKeyChainEntry 1 }

tmnxKeyChainRowStatus OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxKeyChainRowStatus is used to create or destroy
         entries in this table."
    ::= { tmnxKeyChainEntry 2 }

tmnxKeyChainDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainDescription specifies the description of
         the key chain identified by the keychain name tmnxKeyChainName."
    DEFVAL { ''H }
    ::= { tmnxKeyChainEntry 3 }

tmnxKeyChainSendTcpOptionNum   OBJECT-TYPE
    SYNTAX      TmnxKeyChainTcpOptionNum
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainSendTcpOptionNum specifies the TCP
         option value to use in the TCP header of packets being sent by the
         router to another device.

         The value of tmnxKeyChainSendTcpOptionNum is valid only when
         tmnxKeyChainAuthenticationKey is used to sign and/or
         authenticate the TCP protocol stream."
    DEFVAL { value254 }
    ::= { tmnxKeyChainEntry 4 }

tmnxKeyChainReceiveTcpOptionNum   OBJECT-TYPE
    SYNTAX      TmnxKeyChainTcpOptionNum
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainReceiveTcpOptionNum specifies the TCP
         option value to check for in the TCP header of packets being received
         by the router.

         The value of tmnxKeyChainReceiveTcpOptionNum is valid only when
         tmnxKeyChainAuthenticationKey is used to sign and/or
         authenticate the TCP protocol stream."
    DEFVAL { value254 }
    ::= { tmnxKeyChainEntry 5 }

tmnxKeyChainAdminState    OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainAdminState specifies the desired
         administrative state of the keychain. If the value is 'outOfService'
         the keychain capabilities are disabled but the keychain configuration
         parameters are retained."
    DEFVAL { inService }
    ::= { tmnxKeyChainEntry 6 }

tmnxKeyChainOperState    OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "The value of tmnxKeyChainOperState indicates the operational state
          of the keychain. A value of 'inService' indicates that the key chain
          can be used to sign and/or authenticate protocol streams."
    ::= { tmnxKeyChainEntry 7 }

--
--  Key entries
--
tmnxKeyChainKeyTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxKeyChainKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxKeyChainKeyEntry has an entry for a particular configured key
         that will be used in a particular keychain defined by
         tmnxKeyChainEntry in tmnxKeyChainTable."
    ::= { tmnxSecurityObjects 15 }

tmnxKeyChainKeyEntry  OBJECT-TYPE
    SYNTAX      TmnxKeyChainKeyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxKeyChainKeyEntry is an entry (conceptual row) in the
         tmnxKeyChainKeyTable. Each entry represents the key configuration
         which will be applied to a keychain.

         Entries in this table can be created and deleted via SNMP SET
         operations to tmnxKeyChainKeyRowStatus."
    INDEX  {tmnxKeyChainName, tmnxKeyChainKeyDirection, tmnxKeyChainKeyID}
    ::= { tmnxKeyChainKeyTable 1 }

TmnxKeyChainKeyEntry ::= SEQUENCE {
    tmnxKeyChainKeyDirection         TmnxKeyChainKeyDirection,
    tmnxKeyChainKeyID                Unsigned32,
    tmnxKeyChainKeyRowStatus         RowStatus,
    tmnxKeyChainAuthenticationKey    OCTET STRING,
    tmnxKeyChainKeyAlgorithm         TmnxKeyChainKeyAlgorithm,
    tmnxKeyChainKeyBeginTime         DateAndTime,
    tmnxKeyChainKeyEndTime           DateAndTime,
    tmnxKeyChainKeyTolerance         Unsigned32,
    tmnxKeyChainKeyAdminState        TmnxAdminState
}

tmnxKeyChainKeyDirection OBJECT-TYPE
    SYNTAX     TmnxKeyChainKeyDirection
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxKeyChainKeyDirection is used to specify the
         protocol-stream direction to encrypt.

         A value of 'send' specifies that this key entry will be used to sign
         protocol packets that are being sent by the router to another device.

         A value of 'receive' specifies this key entry will be used to
         authenticate protocol packets that are being received by the router.

         A value of 'send-receive' specifies that this key will be used to sign
         protocol packet that are being sent by the router to another device,
         as well as to authenticate protocol packets that are being received by
         the router."
    ::= { tmnxKeyChainKeyEntry 1 }

tmnxKeyChainKeyID    OBJECT-TYPE
    SYNTAX     Unsigned32 (0..63|255)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxKeyChainKeyID specifies a key id which is used along
         with tmnxKeyChainName and tmnxKeyChainKeyDirection to uniquely
         identify this particular key entry.

         A value of 255 identifies this as a 'null-key' entry which enables
         the transition from an unauthenticated session to an enhanced
         authentication session."
    ::= { tmnxKeyChainKeyEntry 2 }

tmnxKeyChainKeyRowStatus  OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxKeyChainKeyRowStatus is used to create or destroy
         entries in this table.

         tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm must
         be set in the same SNMP request PDU as tmnxKeyChainKeyRowStatus
         during row creation else the set request will fail with an
         inconsistentValue error."
    ::= { tmnxKeyChainKeyEntry 3 }

tmnxKeyChainAuthenticationKey  OBJECT-TYPE
    SYNTAX     OCTET STRING (SIZE(0..20))
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxKeyChainAuthenticationKey specifies the key that
         will be used by the encryption algorithm specified by
         tmnxKeyChainKeyAlgorithm. tmnxKeyChainAuthenticationKey is used
         to sign and authenticate a protocol packet.

         The value of tmnxKeyChainAuthenticationKey can be any combination
         of letters or numbers. Note that the string may contain embedded nulls.

         tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which
         indicates the encryption algorithm to be used, must be set together in
         the same SNMP request PDU or else the set request will fail with an
         inconsistentValue error.

         When read, tmnxKeyChainAuthenticationKey always returns an Octet
         string of length zero."
    ::= { tmnxKeyChainKeyEntry 4 }

tmnxKeyChainKeyAlgorithm  OBJECT-TYPE
    SYNTAX     TmnxKeyChainKeyAlgorithm
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxKeyChainKeyAlgorithm specifies the algorithm that
         will be used to sign and/or authenticate the protocol stream.

         tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which
         indicates the encryption algorithm to be used, must be set together in
         the same SNMP request PDU or else the set request will fail with an
         inconsistentValue error."
    ::= { tmnxKeyChainKeyEntry 5 }

tmnxKeyChainKeyBeginTime  OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyBeginTime specifies the calendar date
         and time after which the key specified by
         tmnxKeyChainAuthenticationKey will be used to sign and/or
         authenticate the protocol stream.

         If no date and time is set, tmnxKeyChainKeyBeginTime is represented
         by a DateAndTime string with all NULLs and the key is not valid by
         default."
    DEFVAL { '0000000000000000'H }
    ::= { tmnxKeyChainKeyEntry 6 }

tmnxKeyChainKeyEndTime  OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyEndTime specifies the calendar date and
         time after which the key specified by
         tmnxKeyChainAuthenticationKey is no longer eligible to sign and/or
         authenticate the protocol stream.

         tmnxKeyChainKeyEndTime is not applicable when
         tmnxKeyChainKeyDirection is set to 'send' or 'send-receive'.

         If no date and time is set, tmnxKeyChainKeyEndTime is represented by
         a DateAndTime string with all NULLs and the key is valid
         indefinitely."
    DEFVAL { '0000000000000000'H }
    ::= { tmnxKeyChainKeyEntry 7 }

tmnxKeyChainKeyTolerance    OBJECT-TYPE
    SYNTAX      Unsigned32 (0..4294967295)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyTolerance specifies the number of
         seconds that a eligible receive key should overlap with the active
         send key.

         tmnxKeyChainKeyTolerance is valid only when
         tmnxKeyChainKeyDirection is set to 'send-receive' or 'receive'."
    DEFVAL { 300 }
    ::= { tmnxKeyChainKeyEntry 8 }

tmnxKeyChainKeyAdminState    OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxKeyChainKeyAdminState specifies the desired
         administrative state of the particular key in the keychain.  When the
         value is 'outOfService' the keychain capabilities are disabled but the
         particular key's configuration parameters are retained."
    DEFVAL { inService }
    ::= { tmnxKeyChainKeyEntry 9 }

-- ------------------------------------------------
-- tmnxCpmProtPolTable
-- ------------------------------------------------

tmnxCpmProtPolTableLastChanged         OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtPolTableLastChanged indicates the
         sysUpTime at the time of the last modification of an entry in the
         tmnxCpmProtPolTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object
         contains a zero value.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 11 }

tmnxCpmProtPolTable                    OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtPolTable has an entry for each CPM Protection policy
         configured in the system. There are two default policies. 

         CPM Protection policy (254) is the default Access CPM Protection 
         policy. CPM Protection policy (255) is the default Network CPM 
         Protection policy.

         The default CPM Protection policies are created by the system,
         and can be modified but cannot be destroyed.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 12 }

tmnxCpmProtPolEntry                    OBJECT-TYPE
    SYNTAX      TmnxCpmProtPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the configuration information related
         to a CPM Protection policy."
    INDEX { tmnxCpmProtPolicyId }
    ::= { tmnxCpmProtPolTable 1}

TmnxCpmProtPolEntry ::= SEQUENCE
    {
        tmnxCpmProtPolicyId              TCpmProtPolicyID,
        tmnxCpmProtPolRowStatus          RowStatus,
        tmnxCpmProtPolLastChanged        TimeStamp,
        tmnxCpmProtPolDescription        TItemDescription,
        tmnxCpmProtPolPerSrcRateLimit    TmnxCpmPacketPolRateLimit,
        tmnxCpmProtPolOverallRateLimit   TmnxCpmPacketPolRateLimit,
        tmnxCpmProtPolAlarm              TruthValue,
        tmnxCpmProtPolOutProfileRate     TmnxCpmPacketPolRateLimit,
        tmnxCpmProtPolLimDhcpCiAddrZero  TruthValue
    }

tmnxCpmProtPolicyId              OBJECT-TYPE
    SYNTAX      TCpmProtPolicyID (1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolicyId specifies the identification number
         of the CPM Protection policy."
    ::= { tmnxCpmProtPolEntry 1 }

tmnxCpmProtPolRowStatus          OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolRowStatus controls the creation and deletion
         of rows in this table."
    ::= { tmnxCpmProtPolEntry 2 }

tmnxCpmProtPolLastChanged        OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtPolLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains
         a zero value."
    ::= { tmnxCpmProtPolEntry 3 }

tmnxCpmProtPolDescription        OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolDescription specifies the user provided
         description of this CPM Protection policy. The default CPM Protection 
         policies 254 and 255 have a default description which can be modified 
         by the user."
    DEFVAL { ''H }
    ::= { tmnxCpmProtPolEntry 4 }

tmnxCpmProtPolPerSrcRateLimit    OBJECT-TYPE
    SYNTAX      TmnxCpmPacketPolRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolPerSrcRateLimit specifies the packet arrival
         rate limit to be applied to each source of packets.

         Objects referring to this CPM Protection policy that do not support
         per-source rate limiting, may ignore the
         tmnxCpmProtPolPerSrcRateLimit."
    DEFVAL { -1 }
    ::= { tmnxCpmProtPolEntry 5 }

tmnxCpmProtPolOverallRateLimit   OBJECT-TYPE
    SYNTAX      TmnxCpmPacketPolRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolOverallRateLimit specifies
         the overall packet arrival rate limit to be applied to all sources
         of packets. 

         A default value of -1, specifies an unrestricted packet arrival rate
         on the interface. 
         
         The value of tmnxCpmProtPolOverallRateLimit is equal to 6000 
         for the default access policy (policy 254)."
    DEFVAL { -1 }
    ::= { tmnxCpmProtPolEntry 6 }

tmnxCpmProtPolAlarm              OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolAlarm specifies if a notification must be
         issued when one of the packet arrival rate limits is crossed.

         A value of 'true' specifies that a notification must be issued."
    DEFVAL      { true }
    ::= { tmnxCpmProtPolEntry 7 }

tmnxCpmProtPolOutProfileRate     OBJECT-TYPE
     SYNTAX      TmnxCpmPacketPolRateLimit
     UNITS       "packets per second"
     MAX-ACCESS  read-create
     STATUS      current
     DESCRIPTION
         "The value of tmnxCpmProtPolOutProfileRate specifies the
          threshold value at which incoming control packets are marked out of 
          profile. 

          A default value of -1 specifies absence of a set threshold on
          the interface. 
          
          The value of tmnxCpmProtPolOutProfileRate is 6000 
          for the default access policy (policy 254)."
     DEFVAL { 3000 }
     ::= { tmnxCpmProtPolEntry 8 }

tmnxCpmProtPolLimDhcpCiAddrZero  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPolLimDhcpCiAddrZero specifies whether or not
         to apply per-source rate limiting to DHCP packets containing Client IP
         address zero (e.g., for IPv4, ciaddr = 0.0.0.0).

         For example, suppose a SAP has the following configuration:
           a) TIMETRA-SAP-MIB::sapCpmProtMonitorIP = 'true', and
           b) TIMETRA-SAP-MIB::sapCpmProtPolicyId = 7.

         Then, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection
         policy 7 is 'true', DHCP packets arriving at the SAP are rate limited
         using tmnxCpmProtPolPerSrcRateLimit, whether or not the ciaddr field is
         zero.  On the other hand, with the same SAP configuration, if the
         tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is
         'false', DHCP packets arriving at the SAP with ciaddr zero are exempt
         from the tmnxCpmProtPolPerSrcRateLimit.

         The value of this object is irrelevant if the SAP's
         TIMETRA-SAP-MIB::sapCpmProtMonitorIP value is 'false'."
    REFERENCE
        "RFC 2131 ('Dynamic Host Configuration Protocol') explains the role of
         the ciaddr field in the DHCP protocol."
    DEFVAL { false }
    ::= { tmnxCpmProtPolEntry 9 }

-- ------------------------------------------------
-- tmnxCpmProtDropUncfgdProtocolMsg
-- ------------------------------------------------
tmnxCpmProtDropUncfgdProtocolMsg       OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtDropUncfgdProtocolMsg specifies
         the administrative state of the protocol protection facility.

         When the value of this object is set to 'inService (2)',
         network control protocol traffic is dropped if it is received
         on an interface where the protocol is not configured.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    DEFVAL { outOfService }
    ::= { tmnxCpmSecurityObjs 13 }

-- ------------------------------------------------
-- tmnxCpmProtLinkRateLimit
-- ------------------------------------------------
tmnxCpmProtLinkRateLimit               OBJECT-TYPE
    SYNTAX      TmnxCpmPacketRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtLinkRateLimit specifies the link-specific
         packet arrival rate limit to be applied to link-level protocols
         such as LACP.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    DEFVAL { -1 }
    ::= { tmnxCpmSecurityObjs 14 }

-- ------------------------------------------------
-- tmnxCpmProtExcdTable
-- ------------------------------------------------

tmnxCpmProtExcdTableLastChanged  OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtExcdTableLastChanged indicates the sysUpTime at
         the time of the last add, change, or delete of a row in the
         tmnxCpmProtExcdTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 15 }

tmnxCpmProtExcdTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdTable has a row for each <service ID, SAP, source MAC
         address> triple that has exceeded the per-source rate limit configured
         for the <service ID, SAP> pair.  MAC-layer per-source rate limiting is
         enabled for a <service ID, SAP> pair by setting
         TIMETRA-SAP-MIB::sapCpmProtMonitorMac to 'true'.

         This object is not supported on SR-1 and ESS-1, where the value of
         TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
         of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
    ::= { tmnxCpmSecurityObjs 16 }

tmnxCpmProtExcdEntry             OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains statistics for a MAC packet stream that has exceeded
         its per-source rate limit.

         A row is created by the system the first time a <service ID, SAP,
         source MAC address> triple exceeds its per-source rate limit.  The
         row is updated by the system on subsequent violations.

         Rows are deleted when a clear operation is requested on the underlying
         statistics."
    INDEX { svcId, sapPortId, sapEncapValue, tmnxCpmProtExcdMac }
    ::= { tmnxCpmProtExcdTable 1}

TmnxCpmProtExcdEntry ::= SEQUENCE
    {
        tmnxCpmProtExcdMac             MacAddress,
        tmnxCpmProtExcdPeriods         Gauge32,
        tmnxCpmProtExcdTimeStarted     TimeStamp,
        tmnxCpmProtExcdTime            TimeStamp
    }

tmnxCpmProtExcdMac               OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdMac indicates the MAC address of a source
         which has exceeded its per-source rate limit."
    ::= { tmnxCpmProtExcdEntry 1 }

tmnxCpmProtExcdPeriods           OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdPeriods indicates the number of times a
         per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdEntry 2 }

tmnxCpmProtExcdTimeStarted       OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdTimeStarted indicates the sysUpTime at the
         time of the creation of this row."
    ::= { tmnxCpmProtExcdEntry 3 }

tmnxCpmProtExcdTime              OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdTime indicates the sysUpTime at the time of
         the last update of this row."
    ::= { tmnxCpmProtExcdEntry 4 }

-- ------------------------------------------------
-- tmnxCpmProtViolPortTable
-- ------------------------------------------------

--  Sparse augmentation of the TIMETRA-PORT-MIB::tmnxPortTable

tmnxCpmProtViolPortTableLastChgd        OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortTableLastChgd indicates the
         sysUpTime at the time of the last modification of an entry in the
         tmnxCpmProtViolPortTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object
         contains a zero value.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 17 }

tmnxCpmProtViolPortTable                OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolPortTable has an entry for each port where
         either the link-specific packet arrival rate limit or the
         per-port overall packet rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 18 }

tmnxCpmProtViolPortEntry                OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a port where the
         link-specific packet arrival rate limit was violated.

         Rows are created or removed automatically by the system.

         "
    INDEX { tmnxPortPortID }
    ::= { tmnxCpmProtViolPortTable 1 }

TmnxCpmProtViolPortEntry ::= SEQUENCE
    {
        tmnxCpmProtViolPortPeriods      Gauge32,
        tmnxCpmProtViolPortTimeStarted  TimeStamp,
        tmnxCpmProtViolPortTime         TimeStamp,
        tmnxCpmProtViolPortAggPeriods   Gauge32,
        tmnxCpmProtViolPortAggTimeStart TimeStamp,
        tmnxCpmProtViolPortAggTime      TimeStamp
    }

tmnxCpmProtViolPortPeriods              OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortPeriods indicates the number of times
         the link-specific rate limit violation was detected at this port.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolPortEntry 1 }

tmnxCpmProtViolPortTimeStarted                 OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortTimeStarted indicates the sysUpTime
         when the link-specific rate limit violation was detected
         the first time at this port."
    ::= { tmnxCpmProtViolPortEntry 2 }

tmnxCpmProtViolPortTime                 OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortTime indicates the sysUpTime
         when the link-specific rate limit violation was detected
         the last time at this port."
    ::= { tmnxCpmProtViolPortEntry 3 }

tmnxCpmProtViolPortAggPeriods           OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortAggPeriods indicates the number of
         times the per-port overall rate limit violation was detected at this
         port."
    ::= { tmnxCpmProtViolPortEntry 4 }

tmnxCpmProtViolPortAggTimeStart         OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortAggTimeStart indicates the sysUpTime
         when the per-port overall rate limit violation was detected
         the first time at this port."
    ::= { tmnxCpmProtViolPortEntry 5 }

tmnxCpmProtViolPortAggTime              OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolPortAggTime indicates the sysUpTime
         when the per-port overall rate limit violation was detected
         the last time at this port."
    ::= { tmnxCpmProtViolPortEntry 6 }

-- ------------------------------------------------
-- tmnxCpmProtViolIfTable
-- ------------------------------------------------

--  Sparse augmentation of the TIMETRA-VRTR-MIB:vRtrIfTable

tmnxCpmProtViolIfTableLastChgd          OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfTableLastChgd indicates the
         sysUpTime at the time of the last modification of an entry in the
         tmnxCpmProtViolIfTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object
         contains a zero value.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 19 }

tmnxCpmProtViolIfTable                  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolIfTable has an entry for each router interface
         where the overall packet arrival rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 20 }

tmnxCpmProtViolIfEntry                  OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a router interface
         where the overall packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
        INDEX { vRtrID, vRtrIfIndex }
    ::= { tmnxCpmProtViolIfTable 1}

TmnxCpmProtViolIfEntry ::= SEQUENCE
    {
        tmnxCpmProtViolIfPeriods        Gauge32,
        tmnxCpmProtViolIfTimeStarted    TimeStamp,
        tmnxCpmProtViolIfTime           TimeStamp
    }

tmnxCpmProtViolIfPeriods                OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfPeriods indicates the number of times
         the rate limit violation was detected at this router interface.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolIfEntry 1 }

tmnxCpmProtViolIfTimeStarted            OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfTimeStarted indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolIfEntry 2 }

tmnxCpmProtViolIfTime                   OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolIfTime indicates the sysUpTime
         at the time of the last modification of this entry."
    ::= { tmnxCpmProtViolIfEntry 3 }

-- ------------------------------------------------
-- tmnxCpmProtViolSapTable
-- ------------------------------------------------

--  Sparse augmentation of the TIMETRA-SAP-MIB::sapBaseInfoTable

tmnxCpmProtViolSapTableLastChgd         OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapTableLastChgd indicates the
         sysUpTime at the time of the last modification of an entry in the
         tmnxCpmProtViolSapTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object
         contains a zero value.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 21 }

tmnxCpmProtViolSapTable                 OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolSapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolSapTable has an entry for each SAP
         where the overall packet arrival rate limit was violated.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 22 }

tmnxCpmProtViolSapEntry                 OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolSapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a SAP
         where the overall packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX { svcId, sapPortId, sapEncapValue }
    ::= { tmnxCpmProtViolSapTable 1 }

TmnxCpmProtViolSapEntry ::= SEQUENCE
    {
        tmnxCpmProtViolSapPeriods       Gauge32,
        tmnxCpmProtViolSapTimeStarted   TimeStamp,
        tmnxCpmProtViolSapTime          TimeStamp
    }

tmnxCpmProtViolSapPeriods               OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapPeriods indicates the number of times
         the rate limit violation was detected at this SAP.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolSapEntry 1 }

tmnxCpmProtViolSapTimeStarted                  OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapTimeStarted indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolSapEntry 2 }

tmnxCpmProtViolSapTime                  OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolSapTime indicates the sysUpTime
         at the time of the last update of this entry."
    ::= { tmnxCpmProtViolSapEntry 3 }

-- ------------------------------------------------
-- tmnxCpmProtPortOverallRateLimit
-- ------------------------------------------------
tmnxCpmProtPortOverallRateLimit         OBJECT-TYPE
    SYNTAX      TmnxCpmPacketRateLimit
    UNITS       "packets per second"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtPortOverallRateLimit specifies the per-port
         packet arrival rate limit to be applied to all protocol messages
         that are to be processed by the CPM.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    DEFVAL { 15000 }
    ::= { tmnxCpmSecurityObjs 23 }

-- ------------------------------------------------
-- tmnxCpmProtDetectPeriod
-- ------------------------------------------------
tmnxCpmProtDetectPeriod                 OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "100 milliseconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtDetectPeriod indicates the length of a packet
         arrival rate limit detection period.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxCpmSecurityObjs 24 }

-- ------------------------------------------------
-- tmnxCpmProtAllowShamLinkPackets
-- ------------------------------------------------
tmnxCpmProtAllowShamLinkPackets         OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtAllowShamLinkPackets specifies whether OSPF 
         sham-link traffic will be allowed over VPRN transport tunnels.         

         When the value of this object is set to 'true (1)', OSPF sham-link 
         traffic will be allowed even if OSPF is not configured. When the value 
         of this object is set to 'false (2)', OSPF sham-link traffic is dropped 
         if it is received on an interface where the protocol is not configured.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    DEFVAL { false }
    ::= { tmnxCpmSecurityObjs 27 }

-- ------------------------------------------------
-- tmnxCpmProtViolVdoSvcTable
-- ------------------------------------------------

tmnxCpmProtViolVdoSvcTable                 OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolVdoSvcEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolVdoSvcTable has an entry for each client address of
         a RTCP control traffic in VPLS service where the per-source
         rate limit was violated."
    ::= { tmnxCpmSecurityObjs 28 }

tmnxCpmProtViolVdoSvcEntry                 OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolVdoSvcEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a client address
         of a RTCP control traffic in VPLS service where the per-source rate
         limit was violated.

         Rows are created or removed automatically by the system."
    INDEX { svcId,
            tmnxCpmProtViolVdoSvcCltAddrType,
            tmnxCpmProtViolVdoSvcCltAddr
          }
    ::= { tmnxCpmProtViolVdoSvcTable 1 }

TmnxCpmProtViolVdoSvcEntry ::= SEQUENCE
    {
        tmnxCpmProtViolVdoSvcCltAddrType    InetAddressType,
        tmnxCpmProtViolVdoSvcCltAddr        InetAddress,
        tmnxCpmProtViolVdoSvcPeriods        Gauge32,
        tmnxCpmProtViolVdoSvcTimeStarted    TimeStamp,
        tmnxCpmProtViolVdoSvcTime           TimeStamp,
        tmnxCpmProtViolVdoSvcVrtrIfIndex    InterfaceIndex
    }

tmnxCpmProtViolVdoSvcCltAddrType            OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcCltAddrType indicates the type of
         address represented by tmnxCpmProtViolVdoSvcCltAddr."
    ::= { tmnxCpmProtViolVdoSvcEntry 1 }

tmnxCpmProtViolVdoSvcCltAddr                OBJECT-TYPE
    SYNTAX     InetAddress (SIZE (4|16))
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP
         address of a RTCP control traffic in VPLS service where the per-source
         rate limit was violated."
    ::= { tmnxCpmProtViolVdoSvcEntry 2 }

tmnxCpmProtViolVdoSvcPeriods                OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcPeriods indicates the number of times
         the per-source rate limit violation was detected for this client.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolVdoSvcEntry 3 }

tmnxCpmProtViolVdoSvcTimeStarted            OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcTimeStarted indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolVdoSvcEntry 4 }

tmnxCpmProtViolVdoSvcTime                   OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcTime indicates the sysUpTime
         at the time of the last update of this entry."
    ::= { tmnxCpmProtViolVdoSvcEntry 5 }

tmnxCpmProtViolVdoSvcVrtrIfIndex            OBJECT-TYPE
    SYNTAX     InterfaceIndex
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcVrtrIfIndex specifies the secondary
         index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video
         interface where the per-source rate limit was violated. The value of
         primary index TIMETRA-VRTR-MIB::vRtrIfTable will be equal to the
         virtual router identifier of vpls-management which is 4094."
    ::= { tmnxCpmProtViolVdoSvcEntry 6 }

-- ------------------------------------------------
-- tmnxCpmProtViolVdoVrtrTable
-- ------------------------------------------------

tmnxCpmProtViolVdoVrtrTable                 OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolVdoVrtrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxCpmProtViolVdoVrtrTable has an entry for each client address of
         a RTCP control traffic in router context where the per-source
         rate limit was violated."
    ::= { tmnxCpmSecurityObjs 29 }

tmnxCpmProtViolVdoVrtrEntry                 OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolVdoVrtrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents the information related to a client address
         of a RTCP control traffic in router context where the per-source rate
         limit was violated.

         Rows are created or removed automatically by the system."
    INDEX { vRtrID,
            tmnxCpmProtViolVdoVrtrCltAdrType,
            tmnxCpmProtViolVdoVrtrCltAddr
          }
    ::= { tmnxCpmProtViolVdoVrtrTable 1 }

TmnxCpmProtViolVdoVrtrEntry ::= SEQUENCE
    {
        tmnxCpmProtViolVdoVrtrCltAdrType    InetAddressType,
        tmnxCpmProtViolVdoVrtrCltAddr       InetAddress,
        tmnxCpmProtViolVdoVrtrPeriods       Gauge32,
        tmnxCpmProtViolVdoVrtrTimeStart     TimeStamp,
        tmnxCpmProtViolVdoVrtrTime          TimeStamp,
        tmnxCpmProtViolVdoVrtrSvcId         TmnxServId,
        tmnxCpmProtViolVdoVrtrIfIndex       InterfaceIndex
    }

tmnxCpmProtViolVdoVrtrCltAdrType            OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrCltAdrType indicates the type of
         address represented by tmnxCpmProtViolVdoVrtrCltAddr."
    ::= { tmnxCpmProtViolVdoVrtrEntry 1 }

tmnxCpmProtViolVdoVrtrCltAddr               OBJECT-TYPE
    SYNTAX     InetAddress (SIZE (4|16))
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP
         address of a RTCP control traffic in router context where the
         per-source rate limit was violated."
    ::= { tmnxCpmProtViolVdoVrtrEntry 2 }

tmnxCpmProtViolVdoVrtrPeriods               OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrPeriods indicates the number of
         times the per-source rate limit violation was detected for this client.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolVdoVrtrEntry 3 }

tmnxCpmProtViolVdoVrtrTimeStart             OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrTimeStart indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolVdoVrtrEntry 4 }

tmnxCpmProtViolVdoVrtrTime                  OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrTime indicates the sysUpTime
         at the time of the last update of this entry."
    ::= { tmnxCpmProtViolVdoVrtrEntry 5 }

tmnxCpmProtViolVdoVrtrSvcId                 OBJECT-TYPE
    SYNTAX     TmnxServId
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrSvcId indicates the row index in the
         TIMETRA-SERV-MIB::svcBaseInfoTable corresponding to the service
         where the per-source rate limit was violated."
    ::= { tmnxCpmProtViolVdoVrtrEntry 6 }

tmnxCpmProtViolVdoVrtrIfIndex               OBJECT-TYPE
    SYNTAX     InterfaceIndex
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolVdoVrtrIfIndex specifies the secondary
         index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video
         interface where the per-source rate limit was violated. The value of
         vRtrID specifies the primary index in the
         TIMETRA-VRTR-MIB::vRtrIfTable."
    ::= { tmnxCpmProtViolVdoVrtrEntry 7 }

--
-- CPM Protection Ethernet CFM Policy Table
--
tmnxCpmProtEthCfmPolTableLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolTableLastChg indicates the value of
         the sysUpTime object when the last change was made to
         tmnxCpmProtEthCfmPolTable.  A value of 0 indicates that no changes were
         made to tmnxCpmProtEthCfmPolTable since the system was last initialized."
    ::= { tmnxCpmSecurityObjs 30 }

tmnxCpmProtEthCfmPolTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtEthCfmPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an
         Access Control List) used to rate limit the flow of Ethernet
         Connectivity Fault Management packets.  The table can be used to 
         minimize the impact of an Eth-CFM Denial of Service attack.

         The table extends tmnxCpmProtPolTable, by allowing several
         <rate-limit, eth-cfm-level, eth-cfm-opcode> triples to be defined for
         a CPM protection policy.

         For example, tmnxCpmProtEthCfmPolTable could contain the following 
         information (where the column labels for the table's index objects are
         in upper case):
            POLICY ID  ENTRY NUM  Level  Opcode    Rate Limit
            ---------  ---------  -----  ------    ----------
            250        10         {4}    {10}      100 packets/sec
            250        20         {4,6}  {1,3}     200 packets/sec
            250        30         {0-7}  {0-255}   300 packets/sec

         {0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}.

         Suppose the example configuration above is in place, and an Eth-CFM
         PDU arrives on a SAP which has Policy ID 250 configured against it.
         If the PDU contains level=4 and opcode=1, the 200 packets/sec rate
         limit is applied.  Within a Policy ID, the first row (i.e.
         the row with the lowest entry number) matching the PDU applies.  
         Therefore, the third row in the example applies a 300 packets/sec
         limit to any PDU which does not match the first or second row.

         At most four Policy IDs can have rows in this table.  At most 10 rows
         are supported per Policy ID.   

         If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values
         (e.g. 10, 20, 30) when initially creating the rows for a particular
         tmnxCpmProtPolicyId, it will be possible to add rows in the gaps
         later, without reconfiguration.  

         A prerequisite for creating a row in this table:  a row with the same
         tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable.  Deleting a row
         in tmnxCpmProtPolTable deletes all the rows in this table with
         matching tmnxCpmProtPolicyId values."
    REFERENCE   "ITU-T Y.1731 Specification, 02/2008"
    ::= { tmnxCpmSecurityObjs 31 }

tmnxCpmProtEthCfmPolEntry OBJECT-TYPE
    SYNTAX      TmnxCpmProtEthCfmPolEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row specifies a set of Ethernet CFM packets to be rate limited,
         and the associated rate limit.

         Table rows are created and destroyed using
         tmnxCpmProtEthCfmPolRowStatus."
    INDEX { tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolEntryNum }
    ::= { tmnxCpmProtEthCfmPolTable 1 }

TmnxCpmProtEthCfmPolEntry ::= SEQUENCE
    {
        tmnxCpmProtEthCfmPolEntryNum    Unsigned32,
        tmnxCpmProtEthCfmPolRowStatus   RowStatus,
        tmnxCpmProtEthCfmPolLastChanged TimeStamp,
        tmnxCpmProtEthCfmPolLevelSet    BITS,
        tmnxCpmProtEthCfmPolOpCodeSet   BITS,
        tmnxCpmProtEthCfmPolRateLimit   TmnxCpmPktPolRateLimitInclZero
    }

tmnxCpmProtEthCfmPolEntryNum OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolEntryNum specifies a user-selected
         entry number.  This index exists to allow multiple
         tmnxCpmProtEthCfmPolTable rows for one tmnxCpmProtPolicyId."
    ::= { tmnxCpmProtEthCfmPolEntry 1 }

tmnxCpmProtEthCfmPolRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolRowStatus specifies the row status of
         this tmnxCpmProtEthCfmPolEntry."
    ::= { tmnxCpmProtEthCfmPolEntry 2 }

tmnxCpmProtEthCfmPolLastChanged OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolLastChanged indicates the value of
         the sysUpTime object when the last change was made to this row.  A
         value of 0 indicates that no changes were made to this row since the
         system was last initialized."
    ::= { tmnxCpmProtEthCfmPolEntry 3 }

tmnxCpmProtEthCfmPolLevelSet OBJECT-TYPE
    SYNTAX BITS {
        level0(0),
        level1(1),
        level2(2),
        level3(3),
        level4(4),
        level5(5),
        level6(6),
        level7(7)
    }
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolLevelSet specifies a set of MEG
         (Maintenance Entity Group) Level values.  At least one Level must be
         specified (i.e. the empty set is not supported).

         The rate limit specified by tmnxCpmProtEthCfmPolRateLimit applies to an
         Eth-CFM PDU if:
         a) tmnxCpmProtPolicyId is configured against the PDU stream containing
            the PDU, and
         b) the PDU's MEL (MEG Level) value is an element of
            tmnxCpmProtEthCfmPolLevelSet, and
         c) the PDU's Opcode value is an element of
            tmnxCpmProtEthCfmPolOpCodeSet."
    ::= { tmnxCpmProtEthCfmPolEntry 4 }

tmnxCpmProtEthCfmPolOpCodeSet OBJECT-TYPE
    SYNTAX BITS {
        opCode0  (  0), opCode1  (  1), opCode2  (  2), opCode3  (  3),
        opCode4  (  4), opCode5  (  5), opCode6  (  6), opCode7  (  7),
        opCode8  (  8), opCode9  (  9), opCode10 ( 10), opCode11 ( 11),
        opCode12 ( 12), opCode13 ( 13), opCode14 ( 14), opCode15 ( 15),
        opCode16 ( 16), opCode17 ( 17), opCode18 ( 18), opCode19 ( 19),
        opCode20 ( 20), opCode21 ( 21), opCode22 ( 22), opCode23 ( 23),
        opCode24 ( 24), opCode25 ( 25), opCode26 ( 26), opCode27 ( 27),
        opCode28 ( 28), opCode29 ( 29), opCode30 ( 30), opCode31 ( 31),
        opCode32 ( 32), opCode33 ( 33), opCode34 ( 34), opCode35 ( 35),
        opCode36 ( 36), opCode37 ( 37), opCode38 ( 38), opCode39 ( 39),
        opCode40 ( 40), opCode41 ( 41), opCode42 ( 42), opCode43 ( 43),
        opCode44 ( 44), opCode45 ( 45), opCode46 ( 46), opCode47 ( 47),
        opCode48 ( 48), opCode49 ( 49), opCode50 ( 50), opCode51 ( 51),
        opCode52 ( 52), opCode53 ( 53), opCode54 ( 54), opCode55 ( 55),
        opCode56 ( 56), opCode57 ( 57), opCode58 ( 58), opCode59 ( 59),
        opCode60 ( 60), opCode61 ( 61), opCode62 ( 62), opCode63 ( 63),
        opCode64 ( 64), opCode65 ( 65), opCode66 ( 66), opCode67 ( 67),
        opCode68 ( 68), opCode69 ( 69), opCode70 ( 70), opCode71 ( 71),
        opCode72 ( 72), opCode73 ( 73), opCode74 ( 74), opCode75 ( 75),
        opCode76 ( 76), opCode77 ( 77), opCode78 ( 78), opCode79 ( 79),
        opCode80 ( 80), opCode81 ( 81), opCode82 ( 82), opCode83 ( 83),
        opCode84 ( 84), opCode85 ( 85), opCode86 ( 86), opCode87 ( 87),
        opCode88 ( 88), opCode89 ( 89), opCode90 ( 90), opCode91 ( 91),
        opCode92 ( 92), opCode93 ( 93), opCode94 ( 94), opCode95 ( 95),
        opCode96 ( 96), opCode97 ( 97), opCode98 ( 98), opCode99 ( 99),
        opCode100(100), opCode101(101), opCode102(102), opCode103(103),
        opCode104(104), opCode105(105), opCode106(106), opCode107(107),
        opCode108(108), opCode109(109), opCode110(110), opCode111(111),
        opCode112(112), opCode113(113), opCode114(114), opCode115(115),
        opCode116(116), opCode117(117), opCode118(118), opCode119(119),
        opCode120(120), opCode121(121), opCode122(122), opCode123(123),
        opCode124(124), opCode125(125), opCode126(126), opCode127(127),
        opCode128(128), opCode129(129), opCode130(130), opCode131(131),
        opCode132(132), opCode133(133), opCode134(134), opCode135(135),
        opCode136(136), opCode137(137), opCode138(138), opCode139(139),
        opCode140(140), opCode141(141), opCode142(142), opCode143(143),
        opCode144(144), opCode145(145), opCode146(146), opCode147(147),
        opCode148(148), opCode149(149), opCode150(150), opCode151(151),
        opCode152(152), opCode153(153), opCode154(154), opCode155(155),
        opCode156(156), opCode157(157), opCode158(158), opCode159(159),
        opCode160(160), opCode161(161), opCode162(162), opCode163(163),
        opCode164(164), opCode165(165), opCode166(166), opCode167(167),
        opCode168(168), opCode169(169), opCode170(170), opCode171(171),
        opCode172(172), opCode173(173), opCode174(174), opCode175(175),
        opCode176(176), opCode177(177), opCode178(178), opCode179(179),
        opCode180(180), opCode181(181), opCode182(182), opCode183(183),
        opCode184(184), opCode185(185), opCode186(186), opCode187(187),
        opCode188(188), opCode189(189), opCode190(190), opCode191(191),
        opCode192(192), opCode193(193), opCode194(194), opCode195(195),
        opCode196(196), opCode197(197), opCode198(198), opCode199(199),
        opCode200(200), opCode201(201), opCode202(202), opCode203(203),
        opCode204(204), opCode205(205), opCode206(206), opCode207(207),
        opCode208(208), opCode209(209), opCode210(210), opCode211(211),
        opCode212(212), opCode213(213), opCode214(214), opCode215(215),
        opCode216(216), opCode217(217), opCode218(218), opCode219(219),
        opCode220(220), opCode221(221), opCode222(222), opCode223(223),
        opCode224(224), opCode225(225), opCode226(226), opCode227(227),
        opCode228(228), opCode229(229), opCode230(230), opCode231(231),
        opCode232(232), opCode233(233), opCode234(234), opCode235(235),
        opCode236(236), opCode237(237), opCode238(238), opCode239(239),
        opCode240(240), opCode241(241), opCode242(242), opCode243(243),
        opCode244(244), opCode245(245), opCode246(246), opCode247(247),
        opCode248(248), opCode249(249), opCode250(250), opCode251(251),
        opCode252(252), opCode253(253), opCode254(254), opCode255(255)
    }
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolOpCodeSet specifies a set of Eth-CFM
         PDU Opcode values to be matched against the Opcode field of an Eth-CFM
         PDU which is subject to rate limiting.  At least one Opcode must be
         specified (i.e. the empty set is not supported).

         This object works in conjunction with tmnxCpmProtEthCfmPolLevelSet, as
         described in the tmnxCpmProtEthCfmPolLevelSet DESCRIPTION."
    ::= { tmnxCpmProtEthCfmPolEntry 5 }

tmnxCpmProtEthCfmPolRateLimit OBJECT-TYPE
    SYNTAX     TmnxCpmPktPolRateLimitInclZero
    UNITS      "packets per second"
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtEthCfmPolRateLimit specifies the rate limit
         to be enforced for the Eth-CFM packet stream specified by
         tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolLevelSet, and
         tmnxCpmProtEthCfmPolOpCodeSet."
    DEFVAL { -1 }
    ::= { tmnxCpmProtEthCfmPolEntry 6 }

-- ------------------------------------------------------
-- tmnxCpmProtViolSdpBindTable
-- Sparse extension of TIMETRA-SDP-MIB::sdpBindTable
-- ------------------------------------------------------

tmnxCpmProtViolSdpBindTblLastChg OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindTblLastChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtViolSdpBindTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 32 }

tmnxCpmProtViolSdpBindTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtViolSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtViolSdpBindTable has a row for each SDP binding,
         where the overall packet arrival rate limit was violated."
    ::= { tmnxCpmSecurityObjs 33 }

tmnxCpmProtViolSdpBindEntry      OBJECT-TYPE
    SYNTAX      TmnxCpmProtViolSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for an SDP binding where the overall
         packet arrival rate limit was violated.

         Rows are created or removed automatically by the system."
    INDEX { svcId, sdpBindId }
    ::= { tmnxCpmProtViolSdpBindTable 1 }

TmnxCpmProtViolSdpBindEntry      ::= SEQUENCE {
    tmnxCpmProtViolSdpBindPeriods    Counter32,
    tmnxCpmProtViolSdpBindTimeStartd TimeStamp,
    tmnxCpmProtViolSdpBindTime       TimeStamp
}

tmnxCpmProtViolSdpBindPeriods    OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindPeriods indicates the number of
         times a rate limit violation was detected at this SDP binding.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtViolSdpBindEntry 1 }

tmnxCpmProtViolSdpBindTimeStartd OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindTimeStartd indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtViolSdpBindEntry 2 }

tmnxCpmProtViolSdpBindTime       OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolSdpBindTime indicates the sysUpTime
         at the time of the last update of this entry."
    ::= { tmnxCpmProtViolSdpBindEntry 3 }

-- ------------------------------------------------
-- tmnxCpmProtExcdSdpBindTable
-- ------------------------------------------------

tmnxCpmProtExcdSdpBindTblLastChg OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindTblLastChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtExcdSdpBindTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 34 }

tmnxCpmProtExcdSdpBindTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSdpBindTable has a row for each SDP binding and
         source MAC address pair that has exceeded its per-source rate limit.
         The equivalent table for SAPs is tmnxCpmProtExcdTable."
    ::= { tmnxCpmSecurityObjs 35 }

tmnxCpmProtExcdSdpBindEntry      OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSdpBindEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for a PDU stream that has exceeded
         its per-source rate limit.

         Rows are created or removed automatically by the system."
    INDEX { svcId, sdpBindId, tmnxCpmProtExcdSdpBindMac }
    ::= { tmnxCpmProtExcdSdpBindTable 1 }

TmnxCpmProtExcdSdpBindEntry      ::= SEQUENCE {
    tmnxCpmProtExcdSdpBindMac        MacAddress,
    tmnxCpmProtExcdSdpBindPeriods    Counter32,
    tmnxCpmProtExcdSdpBindTimeStartd TimeStamp,
    tmnxCpmProtExcdSdpBindTime       TimeStamp
}

tmnxCpmProtExcdSdpBindMac        OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindMac specifies the MAC address of the
         source."
    ::= { tmnxCpmProtExcdSdpBindEntry 1 }

tmnxCpmProtExcdSdpBindPeriods    OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindPeriods indicates the number of
         times a per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSdpBindEntry 2 }

tmnxCpmProtExcdSdpBindTimeStartd OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindTimeStartd indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtExcdSdpBindEntry 3 }

tmnxCpmProtExcdSdpBindTime       OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtExcdSdpBindEntry 4 }

-- ------------------------------------------------
-- tmnxCpmProtExcdSdpBindEcmTable
-- ------------------------------------------------

tmnxCpmProtExcdSdpBindEcmTblLChg OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmTblLChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtExcdSdpBindEcmTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 36 }

tmnxCpmProtExcdSdpBindEcmTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSdpBindEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSdpBindEcmTable has a row for each Ethernet
         Connectivity Fault Management (Eth-CFM) PDU stream, served by an SDP
         binding, that has exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmSecurityObjs 37 }

tmnxCpmProtExcdSdpBindEcmEntry   OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSdpBindEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for an Eth-CFM PDU stream that has
         exceeded its Eth-CFM rate limit.

         Rows are created or removed automatically by the system."
    INDEX { svcId,
            sdpBindId,
            tmnxCpmProtExcdSdpBindEcmMac,
            tmnxCpmProtExcdSdpBindEcmLevel,
            tmnxCpmProtExcdSdpBindEcmOpCode
          }
    ::= { tmnxCpmProtExcdSdpBindEcmTable 1 }

TmnxCpmProtExcdSdpBindEcmEntry   ::= SEQUENCE {
    tmnxCpmProtExcdSdpBindEcmMac     MacAddress,
    tmnxCpmProtExcdSdpBindEcmLevel   Dot1agCfmMDLevel,
    tmnxCpmProtExcdSdpBindEcmOpCode  TmnxCpmProtEthCfmOpCode,
    tmnxCpmProtExcdSdpBindEcmPeriods Counter32,
    tmnxCpmProtExcdSdpBindEcmStarted TimeStamp,
    tmnxCpmProtExcdSdpBindEcmTime    TimeStamp
}

tmnxCpmProtExcdSdpBindEcmMac     OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmMac specifies a source MAC
         address.  The Eth-CFM PDU stream matching the MAC address (and
         matching the other index values of this table) has exceeded its
         Eth-CFM rate limit.

         The manager must provide the all-zero MAC address to get a row for a
         stream which is Eth-CFM rate limited using the 
         'ethCfmMonitorAggregate(1)' option of the
         sdpBindCpmProtEthCfmMonitorFlags object."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 1 }

tmnxCpmProtExcdSdpBindEcmLevel   OBJECT-TYPE
    SYNTAX     Dot1agCfmMDLevel
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmLevel specifies an Eth-CFM domain
         level.  The Eth-CFM PDU stream matching the domain level (and matching
         the other index values of this table) has exceeded its Eth-CFM rate
         limit."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 2 }

tmnxCpmProtExcdSdpBindEcmOpCode  OBJECT-TYPE
    SYNTAX     TmnxCpmProtEthCfmOpCode
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmOpCode specifies an Eth-CFM
         opcode (e.g. Continuity Check Message == 1).  The Eth-CFM PDU stream
         matching the opcode (and matching the other index values of this table)
         has exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 3 }

tmnxCpmProtExcdSdpBindEcmPeriods OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmPeriods indicates the number of
         times a rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 4 }

tmnxCpmProtExcdSdpBindEcmStarted OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmStarted indicates the sysUpTime
         at the time of the creation of this entry."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 5 }

tmnxCpmProtExcdSdpBindEcmTime    OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSdpBindEcmTime indicates the sysUpTime at
         the time of the last update of this entry."
    ::= { tmnxCpmProtExcdSdpBindEcmEntry 6 }


-- ------------------------------------------------
-- tmnxCpmProtExcdSapEcmTable
-- ------------------------------------------------

tmnxCpmProtExcdSapEcmTblLChg     OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmTblLChg indicates the sysUpTime
         at the time of the last modification of an entry in the
         tmnxCpmProtExcdSapEcmTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object is zero."
    ::= { tmnxCpmSecurityObjs 38 }

tmnxCpmProtExcdSapEcmTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSapEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSapEcmTable has a row for each Ethernet
         Connectivity Fault Management (Eth-CFM) PDU stream, served by a SAP,
         that has exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmSecurityObjs 39 }

tmnxCpmProtExcdSapEcmEntry       OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSapEcmEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains the statistics for an Eth-CFM PDU stream that has
         exceeded its Eth-CFM rate limit.

         Rows are created or removed automatically by the system."
    INDEX { svcId,
            sapPortId,
            sapEncapValue,
            tmnxCpmProtExcdSapEcmMac,
            tmnxCpmProtExcdSapEcmLevel,
            tmnxCpmProtExcdSapEcmOpCode
          }
    ::= { tmnxCpmProtExcdSapEcmTable 1 }

TmnxCpmProtExcdSapEcmEntry       ::= SEQUENCE {
    tmnxCpmProtExcdSapEcmMac     MacAddress,
    tmnxCpmProtExcdSapEcmLevel   Dot1agCfmMDLevel,
    tmnxCpmProtExcdSapEcmOpCode  TmnxCpmProtEthCfmOpCode,
    tmnxCpmProtExcdSapEcmPeriods Counter32,
    tmnxCpmProtExcdSapEcmStarted TimeStamp,
    tmnxCpmProtExcdSapEcmTime    TimeStamp
}

tmnxCpmProtExcdSapEcmMac         OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmMac specifies a source MAC
         address.  The Eth-CFM PDU stream matching the MAC address (and
         matching the other index values of this table) has exceeded its
         Eth-CFM rate limit.

         The manager must provide the all-zero MAC address to get a row for a
         stream which is Eth-CFM rate limited using the 
         'ethCfmMonitorAggregate(1)' option of the
         sapCpmProtEthCfmMonitorFlags object."
    ::= { tmnxCpmProtExcdSapEcmEntry 1 }

tmnxCpmProtExcdSapEcmLevel       OBJECT-TYPE
    SYNTAX     Dot1agCfmMDLevel
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmLevel specifies an Eth-CFM domain
         level.  The Eth-CFM PDU stream matching the domain level (and matching
         the other index values of this table) has exceeded its Eth-CFM rate
         limit."
    ::= { tmnxCpmProtExcdSapEcmEntry 2 }

tmnxCpmProtExcdSapEcmOpCode      OBJECT-TYPE
    SYNTAX     TmnxCpmProtEthCfmOpCode
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmOpCode specifies an Eth-CFM opcode
         (e.g. Continuity Check Message == 1).  The Eth-CFM PDU stream matching
         the opcode (and matching the other index values of this table) has
         exceeded its Eth-CFM rate limit."
    ::= { tmnxCpmProtExcdSapEcmEntry 3 }

tmnxCpmProtExcdSapEcmPeriods     OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmPeriods indicates the number of times
         a rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSapEcmEntry 4 }

tmnxCpmProtExcdSapEcmStarted     OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmStarted indicates the sysUpTime at
         the time of the creation of this entry."
    ::= { tmnxCpmProtExcdSapEcmEntry 5 }

tmnxCpmProtExcdSapEcmTime        OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapEcmTime indicates the sysUpTime at the
         time of the last update of this entry."
    ::= { tmnxCpmProtExcdSapEcmEntry 6 }

-- ------------------------------------------------
-- tmnxCpmProtExcdSapIpTable
-- ------------------------------------------------

tmnxCpmProtExcdSapIpTableLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpTableLastChg indicates the sysUpTime
         at the time of the last add, change, or delete of a row in the
         tmnxCpmProtExcdSapIpTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero."
    ::= { tmnxCpmSecurityObjs 43 }

tmnxCpmProtExcdSapIpTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxCpmProtExcdSapIpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tmnxCpmProtExcdSapIpTable has a row for each <service ID, SAP, source
         IP address> triple that has exceeded the per-source rate limit
         configured for the <service ID, SAP> pair.  IP-layer per-source rate
         limiting is enabled for a <service ID, SAP> pair by setting
         TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'true'."
    ::= { tmnxCpmSecurityObjs 44 }

tmnxCpmProtExcdSapIpEntry        OBJECT-TYPE
    SYNTAX      TmnxCpmProtExcdSapIpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row contains statistics for an IP packet stream that has exceeded
         its per-source rate limit.

         A row is created by the system the first time a <service ID, SAP,
         source IP address> triple exceeds its per-source rate limit.  The
         row is updated by the system on subsequent violations.

         Rows are deleted when a clear operation is requested on the underlying
         statistics."
    INDEX { svcId, sapPortId, sapEncapValue, tmnxCpmProtExcdSapIpAddrType,
            tmnxCpmProtExcdSapIpAddr }
    ::= { tmnxCpmProtExcdSapIpTable 1 }

TmnxCpmProtExcdSapIpEntry ::= SEQUENCE
    {
        tmnxCpmProtExcdSapIpAddrType        InetAddressType,
        tmnxCpmProtExcdSapIpAddr            InetAddress,
        tmnxCpmProtExcdSapIpPeriods         Counter32,
        tmnxCpmProtExcdSapIpStarted         TimeStamp,
        tmnxCpmProtExcdSapIpTime            TimeStamp
    }

tmnxCpmProtExcdSapIpAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpAddrType indicates the address type of
         tmnxCpmProtExcdSapIpAddr.  'ipv4(1)' is the only supported value."
    ::= { tmnxCpmProtExcdSapIpEntry 1 }

tmnxCpmProtExcdSapIpAddr        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpAddr indicates the IP address of a
         source which has exceeded its per-source rate limit."
    ::= { tmnxCpmProtExcdSapIpEntry 2 }

tmnxCpmProtExcdSapIpPeriods      OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpPeriods indicates the number of times
         a per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod."
    ::= { tmnxCpmProtExcdSapIpEntry 3 }

tmnxCpmProtExcdSapIpStarted      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpStarted indicates the sysUpTime at the
         time of the creation of this row."
    ::= { tmnxCpmProtExcdSapIpEntry 4 }

tmnxCpmProtExcdSapIpTime         OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxCpmProtExcdSapIpTime indicates the sysUpTime at the
         time of the last update of this row."
    ::= { tmnxCpmProtExcdSapIpEntry 5 }

-- PKI Information
tmnxPkiSecurityObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 18 }

tmnxPkiMaxCertChainDepth  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..7)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiMaxCertChainDepth specifies maximum depth of certificate
         chain verification."
    DEFVAL { 7 }
    ::= { tmnxPkiSecurityObjs 1 }
    
tmnxPkiCAProfileTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This value of the object tmnxPkiCAProfileTableLastChanged indicates
         the timestamp of the last change to the tmnxPkiCAProfileTable.
         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxPkiSecurityObjs 2 }

--
-- PKI CA-Profile Table
--
tmnxPkiCAProfileTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxPkiCAProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileTable is the Certificate-Authority profile table.
         Entries are created and deleted by the user."
    ::= { tmnxPkiSecurityObjs 3 }

tmnxPkiCAProfileEntry OBJECT-TYPE
    SYNTAX      TmnxPkiCAProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single Certificate-Authority profile."
    INDEX { tmnxPkiCAProfile }
    ::= { tmnxPkiCAProfileTable 1 }

TmnxPkiCAProfileEntry ::= SEQUENCE {
    tmnxPkiCAProfile               TNamedItem,
    tmnxPkiCAProfileRowStatus      RowStatus,
    tmnxPkiCAProfileLastChanged    TimeStamp,
    tmnxPkiCAProfileDescr          TItemDescription,
    tmnxPkiCAProfileCRLFile        DisplayString,
    tmnxPkiCAProfileCertFile       DisplayString,
    tmnxPkiCAProfileAdminState     TmnxAdminState,
    tmnxPkiCAProfileOperState      TmnxOperState,
    tmnxPkiCAProfileOperFlags      BITS
}

tmnxPkiCAProfile  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfile specifies the name of the Certificate-Authority
         profile."
    ::= { tmnxPkiCAProfileEntry 1 }

tmnxPkiCAProfileRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileRowStatus specifies Row-Status for the
         Certificate-Authority profile."
    ::= { tmnxPkiCAProfileEntry 2 }

tmnxPkiCAProfileLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileLastChanged is the timestamp of last
         change to this row in tmnxPkiCAProfileTable."
    ::= { tmnxPkiCAProfileEntry 3 }

tmnxPkiCAProfileDescr  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileDescr specifies the description of the
         Certificate-Authority profile."
    DEFVAL { ''H }
    ::= { tmnxPkiCAProfileEntry 4 }

tmnxPkiCAProfileCRLFile  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileCRLFile specifies the location and name of the
         Certificate Revoke List (CRL) file."
    DEFVAL { ''H }
    ::= { tmnxPkiCAProfileEntry 5 }

tmnxPkiCAProfileCertFile   OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileCertFile specifies the location and name of the
         Certificate file."
    DEFVAL { ''H }
    ::= { tmnxPkiCAProfileEntry 6 }

tmnxPkiCAProfileAdminState   OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxPkiCAProfileAdminState specifies the adminstrative state of
         this Certificate-Authority profile."
    DEFVAL { outOfService }
    ::= { tmnxPkiCAProfileEntry 7 }

tmnxPkiCAProfileOperState   OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileOperState indicates the current
        operational status of this Certificate-Authority profile."
    ::= { tmnxPkiCAProfileEntry 8 }

tmnxPkiCAProfileOperFlags    OBJECT-TYPE
    SYNTAX      BITS {
                    adminDown      (0),
                    invalidCrl     (1),
                    invalidCert    (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxPkiCAProfileOperFlags indicates the reason that this 
        Certificate-Authority profile is not in service. I.e.,
        tmnxPkiCAProfileOperState has the value 'outOfService':
        adminDown       - tmnxPkiCAProfileAdminState is 'outOfService'
        invalidCrl      - CRL file is invalid or could not be found.
        invalidCert     - Cert file is invalid could not be found."
    ::= { tmnxPkiCAProfileEntry 9 }

--
-- Radius user statistics table
--
tmnxRadiusUserStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxRadiusUserStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserStatsTable is the radius server statistics per user
         using specific policy.

         Entries are created and deleted by the system."
    ::= { tmnxRadiusInfo 18 }

tmnxRadiusUserStatsEntry OBJECT-TYPE
    SYNTAX      TmnxRadiusUserStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about radius server statistics per user per policy."
    INDEX { tmnxUserName, tmnxRadiusPolicyName, tmnxRadiusUserServerIndex }
    ::= { tmnxRadiusUserStatsTable 1 }

TmnxRadiusUserStatsEntry ::= SEQUENCE {
        tmnxRadiusPolicyName           TNamedItem,
        tmnxRadiusUserServerIndex      Unsigned32,
        tmnxRadiusUserReqTx            Counter32,
        tmnxRadiusUserReqRx            Counter32,
        tmnxRadiusUserOpenFail         Counter32,
        tmnxRadiusUserBindFail         Counter32,
        tmnxRadiusUserSendFail         Counter32,
        tmnxRadiusUserRecvFail         Counter32,
        tmnxRadiusUserSendTimeout      Counter32,
        tmnxRadiusUserLoginPass        Counter32,
        tmnxRadiusUserLoginFail        Counter32,
        tmnxRadiusUserMd5Fail          Counter32,
        tmnxRadiusUserPending          Counter32,
        tmnxRadiusUserAcctReqTx        Counter32,
        tmnxRadiusUserAcctRejRx        Counter32,
        tmnxRadiusUserAcctConnError    Counter32,
        tmnxRadiusUserAccChallengePkt  Counter32
    }


tmnxRadiusPolicyName  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusPolicyName indicates the policy name used by the user
        to access the radius server."
    ::= { tmnxRadiusUserStatsEntry 1 }

tmnxRadiusUserServerIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of the tmnxRadiusUserServerIndex identifies a specific
        radius server."
    ::= { tmnxRadiusUserStatsEntry 2 }

tmnxRadiusUserReqTx  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserReqTx indicates the number of requests sent to the
        radius server from the user using this policy."
    ::= { tmnxRadiusUserStatsEntry 3 }

tmnxRadiusUserReqRx  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserReqRx indicates the number of requests received by
        the radius server by the user using this policy."
    ::= { tmnxRadiusUserStatsEntry 4 }

tmnxRadiusUserOpenFail  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserOpenFail indicates the number of socket open
        failures to the radius server."
    ::= { tmnxRadiusUserStatsEntry 5 }

tmnxRadiusUserBindFail  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserReqTx indicates the number of socket bind failures to
        the radius server."
    ::= { tmnxRadiusUserStatsEntry 6 }

tmnxRadiusUserSendFail  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserSendFail indicates the number of socket send
        failures to the raidus server."
    ::= { tmnxRadiusUserStatsEntry 7 }

tmnxRadiusUserRecvFail  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserRecvFail indicates the number of socket receive
        failures to the raidus server."
    ::= { tmnxRadiusUserStatsEntry 8 }

tmnxRadiusUserSendTimeout  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserSendTimeout indicates the number of sends which
        timed-out waiting for reply from the radius server."
    ::= { tmnxRadiusUserStatsEntry 9 }

tmnxRadiusUserLoginPass  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserLoginPass indicates the number of authentication
        succeeded for the user using this policy to the radius server."
    ::= { tmnxRadiusUserStatsEntry 10 }

tmnxRadiusUserLoginFail  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserLoginFail indicates the number of authentication
        failed for the user using this policy to the radius server."
    ::= { tmnxRadiusUserStatsEntry 11 }

tmnxRadiusUserMd5Fail  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserMd5Fail indicates the number of times authentication
        failed due to MD5 for the user using this policy to the radius server."
    ::= { tmnxRadiusUserStatsEntry 12 }

tmnxRadiusUserPending  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserPending indicates the number of requests pending
        for the user using this policy to the radius server."
    ::= { tmnxRadiusUserStatsEntry 13 }

tmnxRadiusUserAcctReqTx  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctReqTx indicates the number of accounting requests
        for the user using this policy to the radius server."
    ::= { tmnxRadiusUserStatsEntry 14 }

tmnxRadiusUserAcctRejRx  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctRejRx indicates the number of accounting
        rejections received for the user using this policy to the radius
        server."
    ::= { tmnxRadiusUserStatsEntry 15 }

tmnxRadiusUserAcctConnError  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAcctConnError indicates the number of accounting
        connection failures for the user using this policy to the radius
        server."
    ::= { tmnxRadiusUserStatsEntry 16 }

tmnxRadiusUserAccChallengePkt  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxRadiusUserAccChallengePkt indicates the number of packets
        which challenged access to the user-account from the radius server."
    ::= { tmnxRadiusUserStatsEntry 17 }

--
-- Certificate Manager Statistics Group
--

tmnxCertMgrStatsGroup OBJECT IDENTIFIER ::= { tmnxSecurityObjects 19 }

tmnxCertMgrAuthFailed  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxCertMgrAuthFailed indicates the number of authentication
        failures using the certificates."
    ::= { tmnxCertMgrStatsGroup 1 }

tmnxCertMgrAuthPassed  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxCertMgrAuthPassed indicates the number of authentication
        checks passed using the certificates."
    ::= { tmnxCertMgrStatsGroup 2 }

tmnxCertMgrTotalAuth  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tmnxCertMgrTotalAuth indicates the number of authentication
        attempts using the certificates."
    ::= { tmnxCertMgrStatsGroup 3 }

tmnxUserActionObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 21 }

tmnxUserActionUserName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty (SIZE(0..16))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxUserActionUserName specifies
         the user name on which the action applies."
    ::= { tmnxUserActionObjs 1 }

tmnxUserActionUnlock OBJECT-TYPE
    SYNTAX      TmnxActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When tmnxUserActionUnlock is set to 'doAction',
         the user specified in tmnxUserActionUserName can make again
         tmnxPasswordAttemptsCount unsuccessful login attempts
         before he is locked out for tmnxPasswordAttemptsLockoutPeriod minutes,
         and his exponential backoff period is reset to 1 second
         if slcLoginExponentialBackOff is set to 'true'.

         The value of tmnxUserActionUserName must be set
         to a non-empty string in the same SNMP SET PDU when setting
         tmnxUserActionUnlock to 'doAction'."
    ::= { tmnxUserActionObjs 2 }

--
--
--
--  Notification objects
--
tmnxSecurityNotificationObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 16 }

tmnxKeyChainAuthFailReason OBJECT-TYPE
    SYNTAX     INTEGER {
                    other (1),
                    noEnhAuthOptionRecvd (2),
                    invalidOptionLen (3),
                    mismatchRecvOption (4),
                    invalidKeyId (5),
                    digestMismatch (6),
                    mismatchAlgId (7)
               }
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "tmnxKeyChainAuthFailReason is used by tmnxKeyChainAuthFailure
         to notify the reason for the keychain authentication failure."
    ::= { tmnxSecurityNotificationObjs 1 }

tmnxKeyChainAuthAddrType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The value of the object tmnxKeyChainAuthAddrType indicates the
         address type (ipv4 or ipv6) of the source address in the
         authentication packet."
    ::= { tmnxSecurityNotificationObjs 2 }

tmnxKeyChainAuthAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The value of the object tmnxKeyChainAuthAddr indicates the source
         address in the authentication packet."
    ::= { tmnxSecurityNotificationObjs 3 }

tmnxMD5AuthFailReason OBJECT-TYPE
    SYNTAX     INTEGER {
                    digestMismatch (1)
               }
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "tmnxMD5AuthFailReason is used by tmnxMD5AuthFailure to notify the 
         reason for the MD5 authentication failure."
    ::= { tmnxSecurityNotificationObjs 4 }

tmnxMD5AuthAddrType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The value of the object tmnxMD5AuthAddrType indicates the
         address type (ipv4 or ipv6) of the source address in the
         authentication packet."
    ::= { tmnxSecurityNotificationObjs 5 }

tmnxMD5AuthAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The value of the object tmnxMD5AuthAddr indicates the source
         address in the authentication packet."
    ::= { tmnxSecurityNotificationObjs 6 }

tmnxMD5AuthKey  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..255))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxMD5AuthKey indicates the MD5 key used for 
         authentication."
    ::= { tmnxSecurityNotificationObjs 7 }

tmnxCpmProtPolId  OBJECT-TYPE
    SYNTAX      TCpmProtPolicyID (1..255)
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxCpmProtPolId indicates the policy index of 
         the cpm protection policy."
    ::= { tmnxSecurityNotificationObjs 8 }

tmnxSecNotifFailureReason OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifFailureReason indicates the reason
        for the generation of the notification."
    ::= { tmnxSecurityNotificationObjs 9 }

tmnxSecNotifFile OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifFile indicates the file
        associated with the notification."
    ::= { tmnxSecurityNotificationObjs 10 }

tmnxSecNotifTunnelName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifTunnelName indicates the name
        of tunnel associated with the notification."
    ::= { tmnxSecurityNotificationObjs 11 }

tmnxSecNotifCert OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxSecNotifCert indicates the certificate
        name associated with the notification."
    ::= { tmnxSecurityNotificationObjs 12 }

tmnxSecurityCpmProtNotificationObjs   OBJECT IDENTIFIER ::= { tmnxSecurityObjects 17 }

tmnxCpmProtViolMacAddress               OBJECT-TYPE
    SYNTAX     MacAddress
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolMacAddress indicates the MAC address
         of the source.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityCpmProtNotificationObjs 1 }

tmnxCpmProtViolMacPeriods               OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The value of tmnxCpmProtViolMacPeriods indicates the number of times
         the per-source rate limit violation was detected for this source.

         The sampling interval length is indicated by the object
         tmnxCpmProtDetectPeriod.

         This object is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityCpmProtNotificationObjs 2 }

--
-- Notification Definition section
--
tmnxSSHServerPreserveKeyFail  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmFlashHwIndex,
        tmnxCpmFlashOperStatus
    }
    STATUS  current
    DESCRIPTION
        "The tmnxSSHServerPreserveKeyFail notification is generated when the
         saving of SSH server host key on the persistent drive fails by the
         CPM module.

         tmnxCpmFlashId identifies the failed compact flash.
         tmnxCpmFlashOperStatus indicates the status of the compact flash
         reported in tmnxCpmFlashId."
    ::= { tmnxSecurityNotifications 1 }

tmnxKeyChainAuthFailure  NOTIFICATION-TYPE
    OBJECTS {
        tmnxKeyChainReceiveTcpOptionNum,
        tmnxKeyChainAuthFailReason,
        tmnxKeyChainAuthAddrType,
        tmnxKeyChainAuthAddr,
        vRtrID
    }
    STATUS  current
    DESCRIPTION
        "The tmnxKeyChainAuthFailure notification is generated when the
         incoming packet is dropped due to key chain authentication failure.

        Failure could be due to the following reasons or more:
        - Send packet had not auth keychain but recv side had keychain enabled.
        - Keychain key id's did not match.
        - Keychain key digest mismatch
        - Received packet with invalid enhanced authentication option length.
        - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'.
        "
    ::= { tmnxSecurityNotifications 2 }

tmnxCpmProtViolPort  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolPortPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolPort notification is generated when a
         link-specific packet arrival rate limit violation is detected
         for a port.

         This notification is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityNotifications 3 }

tmnxCpmProtViolPortAgg  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolPortAggPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolPortAgg notification is generated when a
         per-port overall packet rate limit violation is detected
         for a port.

         This notification is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityNotifications 4 }

tmnxCpmProtViolIf  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolIfPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolIf notification is generated when a
         overall packet arrival rate violation is detected
         for an interface, and this notification is enabled.

         This notification is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityNotifications 5 }

tmnxCpmProtViolSap  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolSapPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolSap notification is generated when a
         overall packet arrival rate violation is detected
         for a SAP, and this notification is enabled.

         This notification is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityNotifications 6 }

tmnxCpmProtViolMac  NOTIFICATION-TYPE
    OBJECTS {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxCpmProtViolMacAddress,
        tmnxCpmProtViolMacPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolMac notification is generated when a
         per-source rate limit violation was detected
         for a source, and this notification is enabled.

         This notification is not supported on SR-1 and ESS-1, where the
         value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5',
         and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is
         '7' or '9'."
    ::= { tmnxSecurityNotifications 7 }

tmnxCpmProtViolVdoSvcClient  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolVdoSvcPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolVdoSvcClient notification is generated when a
         per-source rate limit violation was detected for a client address of
         a RTCP control traffic in VPLS service."
    ::= { tmnxSecurityNotifications 8 }

tmnxCpmProtViolVdoVrtrClient  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolVdoVrtrPeriods
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtViolVdoVrtrClient notification is generated when a
         per-source rate limit violation was detected for a client address of
         a RTCP control traffic in router context."
    ::= { tmnxSecurityNotifications 9 }

tmnxMD5AuthFailure  NOTIFICATION-TYPE
    OBJECTS {
        tmnxMD5AuthKey,
        tmnxMD5AuthFailReason,
        tmnxMD5AuthAddrType,
        tmnxMD5AuthAddr,
        vRtrID
    }
    STATUS  current
    DESCRIPTION
        "The tmnxMD5AuthFailure notification is generated when the
         incoming packet is dropped due to MD5 authentication failure."
    ::= { tmnxSecurityNotifications 10 }
 
tmnxCpmProtDefPolModified  NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtPolId
    }
    STATUS  current
    DESCRIPTION
        "The tmnxCpmProtDefPolModified notification is generated when the
         user modifies a default access or default network policy."
    ::= { tmnxSecurityNotifications 11 }

tmnxCpmProtViolSdpBind           NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtViolSdpBindPeriods
    }
    STATUS  current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtViolSdpBind notification is generated when the
         packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's
         configured overall-rate.

         [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
         discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured overall-rate for the SDP."
    ::= { tmnxSecurityNotifications 12 }

tmnxCpmProtExcdSdpBind           NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtExcdSdpBindPeriods
    }
    STATUS  current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSdpBind notification is generated when a 
         source (identified by a MAC address) sends a packet stream to a local
         mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured
         per-source-rate.

         [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
         discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured per-source-rate for the SDP."
    ::= { tmnxSecurityNotifications 13 }

tmnxCpmProtExcdSapEcm            NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtExcdSapEcmPeriods
    }
    STATUS  current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSapEcm notification is generated when an
         Eth-CFM packet stream (identified by a source MAC address, domain
         level, and Eth-CFM opcode) arrives at a local SAP at a rate which
         exceeds the configured Eth-CFM rate limit for the stream.

         [EFFECT] One or more Eth-CFM packets arriving at the SAP was discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured Eth-CFM rate limit for the stream."
    ::= { tmnxSecurityNotifications 14 }

tmnxCpmProtExcdSdpBindEcm        NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtExcdSdpBindEcmPeriods
    }
    STATUS  current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSdpBindEcm notification is generated when an
         Eth-CFM packet stream (identified by a source MAC address, domain
         level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp
         at a rate which exceeds the configured Eth-CFM rate limit for the
         stream.

         [EFFECT] One or more Eth-CFM packets arriving at the mesh-sdp or
         spoke-sdp was discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, or
         increase the locally configured Eth-CFM rate limit for the stream."
    ::= { tmnxSecurityNotifications 15 }

tmnxPkiFileReadFailed NOTIFICATION-TYPE
   OBJECTS {
       tmnxSecNotifFile,
       tmnxSecNotifFailureReason
   }
   STATUS current
   DESCRIPTION
       "[CAUSE] The tmnxPkiFileReadFailed notification is generated when an
       attempt to read the file fails. Reason of the failure is indicated by
       the tmnxSecNotifFailureReason object.

       [EFFECT] Operational status of tunnels configured to use this
       certificate will be set to 'down'.

       [RECOVERY] Make sure the path specified in tmnxSecNotifFile is
       correct and the file exists."
    ::= { tmnxSecurityNotifications 16 }

tmnxPkiCertVerificationFailed NOTIFICATION-TYPE
   OBJECTS {
       tmnxSecNotifTunnelName,
       tmnxSecNotifCert,
       tmnxSecNotifFailureReason
   }
   STATUS current
   DESCRIPTION
       "[CAUSE] The tmnxPkiCertVerificationFailed notification is generated
       when an attempt to verify the certificate fails.

       [EFFECT] Authentication of the tunnel configured with the certificate
       will start to fail.

       [RECOVERY] Make sure the certificate specified in tmnxSecNotifCert
       exists and is a valid certificate."
    ::= { tmnxSecurityNotifications 17 }

tmnxCAProfileStateChange NOTIFICATION-TYPE
    OBJECTS {
       tmnxPkiCAProfileOperState,
       tmnxSecNotifFailureReason
    }
    STATUS          current
    DESCRIPTION
        "[CAUSE] The tmnxCAProfileStateChange notification is generated when
        Certificate Authority profile changes state to 'down' due to
        tmnxSecNotifFailureReason.

        [EFFECT] Certificate Authority profile will remain in this state until
        a corrective action is taken.

        [RECOVERY] Depending on the reason indicated by
        tmnxSecNotifFailureReason, corrective action should be taken."
    ::= { tmnxSecurityNotifications 18 }

tmnxCpmProtExcdSapIp             NOTIFICATION-TYPE
    OBJECTS {
        tmnxCpmProtExcdSapIpPeriods
    }
    STATUS  current
    DESCRIPTION
        "[CAUSE] The tmnxCpmProtExcdSapIp notification is generated when a
         source (identified by an IP address) sends a packet stream to a local
         SAP at a rate which exceeds the SAP's configured per-source-rate.

         [EFFECT] One or more packets arriving at the SAP was discarded.

         [RECOVERY] Reduce the packet transmission rate at the far end, OR
         increase the locally configured per-source-rate for the SAP, OR
         disable per-IP-source rate limiting on the SAP by setting
         TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'."
    ::= { tmnxSecurityNotifications 19 }

--
-- SSHv2 Public-Key
--
tmnxUserPublicKeyObjects OBJECT IDENTIFIER ::= { tmnxSecurityObjects  20 } -- MG feature

--
-- Conformance Information
--
tmnxSecurityCompliances OBJECT IDENTIFIER ::= { tmnxSecurityConformance 1 }
tmnxSecurityGroups      OBJECT IDENTIFIER ::= { tmnxSecurityConformance 2 }

--
-- Compliance Statements
--

-- tmnxSecurityCompliance  MODULE-COMPLIANCE
--    ::= { tmnxSecurityCompliances 1 }

-- tmnxSecurityR2r1Compliance  MODULE-COMPLIANCE
--    ::= { tmnxSecurityCompliances 2 }

-- tmnxSecurityV3v0Compliance  MODULE-COMPLIANCE
--    ::= { tmnxSecurityCompliances 3 }

-- tmnxSecurityV3v0r2Compliance  MODULE-COMPLIANCE
--    ::= { tmnxSecurityCompliances 4 }

tmnxSecurity7450V4v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7450 ESS series systems release R4.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserGroup,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV4v0Group,
            tmnxSecurityTacPlusV4v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV3v0r2Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationGroup,
            tmnxSecuritySourceIpV4v0Group
        }
    ::= { tmnxSecurityCompliances 5 }

tmnxSecurity7750V4v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7750 SR series systems release R4.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV4v0Group,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV4v0Group,
            tmnxSecurityTacPlusV4v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV3v0r2Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationGroup,
            tmnxSecuritySourceIpV4v0Group
        }
    ::= { tmnxSecurityCompliances 6 }

tmnxSecurity7450V5v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7450 ESS series systems release R5.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV4v0Group,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV5v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityRadiusAuthV5v0Group
        }
    ::= { tmnxSecurityCompliances 7 }

tmnxSecurity7750V5v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7750/7710 SR series systems release R5.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV4v0Group,
            tmnxSecurityMafR2r1Group,
            tmnxSecurityPasswordsR2r1Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV5v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityRadiusAuthV5v0Group
        }
    ::= { tmnxSecurityCompliances 8 }

tmnxSecurity7450V6v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7450 ESS series systems release R6.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup
        }
    ::= { tmnxSecurityCompliances 9 }

tmnxSecurity7750V6v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7750/7710 SR series systems release R6.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup
        }
    ::= { tmnxSecurityCompliances 10 }

tmnxSecurity7450V6v1Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7450 ESS series systems release R6.1."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup
        }
    ::= { tmnxSecurityCompliances 11 }

tmnxSecurity7750V6v1Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7750/7710 SR series systems release R6.1."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup
        }
    ::= { tmnxSecurityCompliances 12 }

tmnxSecurity7450V7v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7450 ESS series systems release R7.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group
        }
    ::= { tmnxSecurityCompliances 13 }

tmnxSecurity7750V7v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7750/7710 SR series systems release R7.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV6v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp
        }
    ::= { tmnxSecurityCompliances 14 }

tmnxSecurity7450V8v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7450 ESS series systems release R8.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp
        }
    ::= { tmnxSecurityCompliances 15 }

tmnxSecurity7710V8v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7710 SR series systems release R8.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            -- tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            -- tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            -- tmnxSecurityV7v0Group,
            -- tmnxSecurityCpmProtNotifyV7v0Grp
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp
            -- tmnxCpmProtEthCfmPolV8v0Grp
            -- tmnxCpmProtPolV8v0Grp
            -- tmnxCpmProtPolNotifyV8v0Grp

        }
    ::= { tmnxSecurityCompliances 16 }

tmnxSecurity7750V8v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel-Lucent 7750 SR series systems release R8.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp
        }
    ::= { tmnxSecurityCompliances 17 }

-- 9.0 Compliance
tmnxSecurity7450V9v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel 7450 ESS series systems release R9.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group
        }
    ::= { tmnxSecurityCompliances 18 }

tmnxSecurity7710V9v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel 7710 SR series systems release R9.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            -- tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            -- tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            -- tmnxSecurityV7v0Group,
            -- tmnxSecurityCpmProtNotifyV7v0Grp
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            -- tmnxCpmProtEthCfmPolV8v0Grp
            -- tmnxCpmProtPolV8v0Grp
            -- tmnxCpmProtPolNotifyV8v0Grp
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup
            -- tmnxCpmProtExcdSapIpV9v0Group
            -- tmnxCpmProtPolNotifyV9v0Group
        }
    ::= { tmnxSecurityCompliances 19 }

tmnxSecurity7750V9v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel 7750 SR series systems release R9.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group
        }
    ::= { tmnxSecurityCompliances 20 }

-- 10.0 Compliance
tmnxSecurity7450V10v0Compliance  MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel 7450 ESS series systems release R10.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            -- tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCpmFltrPrefixListV10v0Group
        }
    ::= { tmnxSecurityCompliances 21 }

tmnxSecurity7710V10v0Compliance  MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel 7710 SR series systems release R10.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            -- tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            -- tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            -- tmnxSecurityV7v0Group,
            -- tmnxSecurityCpmProtNotifyV7v0Grp
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            -- tmnxCpmProtEthCfmPolV8v0Grp
            -- tmnxCpmProtPolV8v0Grp
            -- tmnxCpmProtPolNotifyV8v0Grp
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            -- tmnxCpmProtExcdSapIpV9v0Group
            -- tmnxCpmProtPolNotifyV9v0Group
            tmnxCpmFltrPrefixListV10v0Group
        }
    ::= { tmnxSecurityCompliances 22 }

tmnxSecurity7750V10v0Compliance  MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for management of security features
         on Alcatel 7750 SR series systems release R10.0."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxSecurityUserV6v0Group,
            tmnxSecurityUserActionGroup,
            tmnxSecurityMafV6v0Group,
            tmnxSecurityPasswordsV6v0Group,
            tmnxSecurityRadiusV5v0Group,
            tmnxSecurityTacPlusV8v0Group,
            tmnxSecurityServerCtlV4v0Group,
            tmnxSecurityCpmGroup,
            tmnxSecurityPasswordHashGroup,
            tmnxSecurityCpmIpFilterV5v0Group,
            tmnxSecurityCpmIPv6FilterV4v0Group,
            tmnxSSHServerV4v0Group,
            tmnxSecurityNotificationV5v0Group,
            tmnxSecuritySourceIpV4v0Group,
            tmnxSecurityKeyChainV5v0Group,
            tmnxSecurityCpmProtectGroup,
            tmnxSecurityLiGroup,
            tmnxSecurityCpmProtNotificationGroup,
            tmnxSecurityCpmMacFilterGroup,
            tmnxSecurityMafMacFilterGroup,
            tmnxSecurityRadiusAuthV5v0Group,
            tmnxSecurityV7v0Group,
            tmnxSecurityCpmProtNotifyV7v0Grp,
            tmnxSecurityNotifyObjsV8v0Group,
            tmnxSecurityNotificationV8v0Grp,
            tmnxCpmProtEthCfmPolV8v0Grp,
            tmnxCpmProtPolV8v0Grp,
            tmnxCpmProtPolNotifyV8v0Grp,
            tmnxSecPkiV9v0Grp,
            tmnxSecurityNwExceptionsGroup,
            tmnxCertNotifyGroup,
            tmnxRadiusUserGroup,
            tmnxRadiusUserExGroup,
            tmnxCpmProtExcdSapIpV9v0Group,
            tmnxCpmProtPolNotifyV9v0Group,
            tmnxCpmFltrPrefixListV10v0Group
        }
    ::= { tmnxSecurityCompliances 23 }

--
-- Units of conformance
--
tmnxSecurityUserGroup OBJECT-GROUP
    OBJECTS {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserPasswordEncrypted,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 1 }

-- tmnxSecurityMafGroup OBJECT-GROUP
--    ::= { tmnxSecurityGroups 2 }

-- tmnxSecurityPasswordsGroup OBJECT-GROUP
--    ::= { tmnxSecurityGroups 3 }

-- tmnxSecurityRadiusGroup  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 4 }

-- tmnxSecurityTacPlusGroup  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 5 }

tmnxSecurityMafR2r1Group OBJECT-GROUP
    OBJECTS {
        tmnxMafRowStatus,
        tmnxMafDefaultAction,
        tmnxMafAdminState,
        tmnxMafMatchRowStatus,
        tmnxMafMatchLastChanged,
        tmnxMafMatchAction,
        tmnxMafMatchDescription,
        tmnxMafMatchSrcIpAddr,
        tmnxMafMatchSrcIpMask,
        tmnxMafMatchSrcPortType,
        tmnxMafMatchSrcPortId,
        tmnxMafMatchDestPort,
        tmnxMafMatchDestPortMask,
        tmnxMafMatchProtocol,
        tmnxMafMatchCount,
        tmnxMafMatchRouter,
        tmnxMafMatchLog
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of Management Access
         Filters (MAF) capabilities on Alcatel-Lucent SROS series systems
         release 2.1."
    ::= { tmnxSecurityGroups 6 }

tmnxSecurityPasswordsR2r1Group OBJECT-GROUP
    OBJECTS {
        tmnxPasswordAging,
        tmnxPasswordMinLength,
        tmnxPasswordComplexity,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsTime,
        tmnxPasswordAttemptsLockoutPeriod,
        tmnxPasswordAuthenOrder1,
        tmnxPasswordAuthenOrder2,
        tmnxPasswordAuthenOrder3,
        tmnxPasswordAuthenExitOnReject,
        tmnxAdminPassword,
        tmnxAdminPasswordEncrypted,
        tmnxPasswordHealthCheck
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of passwords
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 7 }

-- tmnxSecurityRadiusR2r1Group  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 8 }

-- tmnxSecurityTacPlusR2r1Group  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 9 }

-- tmnxSecurityServerCtlGroup    OBJECT-GROUP
--    ::= { tmnxSecurityGroups 10 }

tmnxSecurityCpmGroup  OBJECT-GROUP
    OBJECTS {
        tmnxCpmPerPeerQueuing,
        tmnxCpmQueuesTotal,
        tmnxCpmQueuesInUse
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting CPM security capabilities for
         revision 2.1 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 11 }

tmnxSecurityPasswordHashGroup  OBJECT-GROUP
    OBJECTS {
        tmnxPassHashReadVersion,
        tmnxPassHashWriteVersion
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting password hashing capabilities
         for revision 2.1 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 12 }

-- tmnxSSHServerGroup  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 13 }

tmnxSecurityNotificationGroup  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSSHServerPreserveKeyFail
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of notifications supporting security in revision 3.0 on
         Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 14 }

-- tmnxSecurityCpmIpFilterGroup  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 15 }

-- tmnxSecurityRadiusV3v0Group  OBJECT-GROUP
--    ::= { tmnxSecurityGroups 16 }

tmnxSecurityCpmIpFilterV3v0r2Group  OBJECT-GROUP
    OBJECTS {
        tCpmFilterQueueRowStatus,
        tCpmFilterQueueLastChanged,
        tCpmFilterQueueAdminPIR,
        tCpmFilterQueueAdminCIR,
        tCpmFilterQueueCBS,
        tCpmFilterQueueMBS,
        tCpmFilterQueueReferences,
        tCpmFilterDefaultAction,
        tCpmIpFilterAdminState,
        tCpmIpFilterEntryRowStatus,
        tCpmIpFilterEntryLastChanged,
        tCpmIpFilterEntryLogId,
        tCpmIpFilterEntryDescription,
        tCpmIpFilterEntryAction,
        tCpmIpFilterEntryQueueId,
        tCpmIpFilterEntrySrcIPAddr,
        tCpmIpFilterEntrySrcIPMask,
        tCpmIpFilterEntryDestIPAddr,
        tCpmIpFilterEntryDestIPMask,
        tCpmIpFilterEntryProtocol,
        tCpmIpFilterEntrySrcPort,
        tCpmIpFilterEntrySrcPortMask,
        tCpmIpFilterEntryDestPort,
        tCpmIpFilterEntryDestPortMask,
        tCpmIpFilterEntryDSCP,
        tCpmIpFilterEntryFragment,
        tCpmIpFilterEntryOptionPresent,
        tCpmIpFilterEntryIPOptionValue,
        tCpmIpFilterEntryIPOptionMask,
        tCpmIpFilterEntryMultipleOption,
        tCpmIpFilterEntryTcpSyn,
        tCpmIpFilterEntryTcpAck,
        tCpmIpFilterEntryIcmpCode,
        tCpmIpFilterEntryIcmpType,
        tCpmIpFilterEntryVRtrId,
        tCpmIpFilterEntryLogCreated,
        tCpmIpFilterStatsDroppedPkts,
        tCpmIpFilterStatsForwardedPkts,
        tCpmFilterQInProfileDropPkts,
        tCpmFilterQInProfileFwdPkts,
        tCpmFilterQInProfileDropOctets,
        tCpmFilterQInProfileFwdOctets,
        tCpmFilterQOutProfileDropPkts,
        tCpmFilterQOutProfileFwdPkts,
        tCpmFilterQOutProfileDropOctets,
        tCpmFilterQOutProfileFwdOctets
    }
    STATUS obsolete
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter
         capabilities for revision 3.0r2 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 17 }

tmnxSecurityCpmIPv6FilterV4v0Group  OBJECT-GROUP
    OBJECTS {
        tCpmIPv6FilterEntryRowStatus,
        tCpmIPv6FilterEntryLastChanged,
        tCpmIPv6FilterEntryLogId,
        tCpmIPv6FilterEntryDescription,
        tCpmIPv6FilterEntryAction,
        tCpmIPv6FilterEntryQueueId,
        tCpmIPv6FilterEntrySrcIPAddr,
        tCpmIPv6FilterEntrySrcIPMask,
        tCpmIPv6FilterEntryDestIPAddr,
        tCpmIPv6FilterEntryDestIPMask,
        tCpmIPv6FilterEntryNextHeader,
        tCpmIPv6FilterEntrySrcPort,
        tCpmIPv6FilterEntrySrcPortMask,
        tCpmIPv6FilterEntryDestPort,
        tCpmIPv6FilterEntryDestPortMask,
        tCpmIPv6FilterEntryDSCP,
        tCpmIPv6FilterEntryTcpSyn,
        tCpmIPv6FilterEntryTcpAck,
        tCpmIPv6FilterEntryIcmpCode,
        tCpmIPv6FilterEntryIcmpType,
        tCpmIPv6FilterEntryVRtrId,
        tCpmIPv6FilterEntryLogCreated,
        tCpmIPv6FilterEntryFlowLabel,
        tCpmIPv6FilterStatsDroppedPkts,
        tCpmIPv6FilterStatsForwardedPkts,
        tCpmIPv6FilterAdminState
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter
         IPv6 capabilities for revision 4.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 18 }

tmnxSecurityServerCtlV4v0Group    OBJECT-GROUP
    OBJECTS {
                tmnxEnableServers,
                tmnxTelnetServerOperStatus,
                tmnxSSHServerOperStatus,
                tmnxFTPServerOperStatus,
                tmnxTelnet6ServerOperStatus
            }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of TELNET/SSH/FTP
         capabilities for revision 4.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 19 }

tmnxSSHServerV4v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxSSHServerPreserveKey,
        tmnxSSHServerVersion
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of SSH capabilities for
         revision 4.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 20 }

tmnxSecuritySourceIpV4v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxSourceIPRowStatus,
        tmnxSourceIPAddressType,
        tmnxSourceIPAddress,
        tmnxSourceIPIfIndex,
        tmnxSourceIPOperStatus
    }
    STATUS  current
    DESCRIPTION
        "The group of objects supporting management of application source-ip
         override capabilities for revision 4.0 on Alcatel-Lucent SROS series
         systems."
    ::= { tmnxSecurityGroups 21 }

tmnxSecurityRadiusV4v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxRadiusAdminStatus,
        tmnxRadiusAccounting,
        tmnxRadiusAuthorization,
        tmnxRadiusRetryAttempts,
        tmnxRadiusTimeout,
        tmnxRadiusPort,
        tmnxRadiusServerAddress,
        tmnxRadiusServerSecret,
        tmnxRadiusServerOperStatus,
        tmnxRadiusServerRowStatus,
        tmnxRadiusConfigured,
        tmnxRadiusPEDiscovery,
        tmnxRadiusPEDiscoveryPassword,
        tmnxRadiusPEDiscoveryInterval,
        tmnxRadiusPEForceDiscovery,
        tmnxRadiusPEForceDiscoverySvcId,
        tmnxRadiusAccountingPort
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities
         for revision 4.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 22 }

tmnxSecurityTacPlusV4v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerAddress,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusSingleConnection,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities
         for revision 4.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 23 }

tmnxSecurityObsoleteGroup    OBJECT-GROUP
    OBJECTS {
        tmnxRadiusSourceAddress,
        tmnxTacPlusServerAddress,
        tmnxTacPlusSourceAddress,
        tmnxRadiusPEDiscovery,
        tmnxRadiusPEDiscoveryPassword,
        tmnxRadiusPEDiscoveryInterval,
        tmnxRadiusServerAddress
    }
    STATUS    current
    DESCRIPTION
        "The group of objects in TIMETRA-SECURITY-MIB which are obsoleted."
    ::= { tmnxSecurityGroups 24 }

tmnxSecurityUserV4v0Group OBJECT-GROUP
    OBJECTS {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserPasswordEncrypted,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged,
        tmnxTemplateAccess,
        tmnxTemplateHomeDirectory,
        tmnxTemplateRestrictedToHome,
        tmnxTemplateConsoleLoginExecFile
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 25 }

tmnxSecurityKeyChainV5v0Group   OBJECT-GROUP
    OBJECTS {
        tmnxKeyChainRowStatus,
        tmnxKeyChainDescription,
        tmnxKeyChainReceiveTcpOptionNum,
        tmnxKeyChainSendTcpOptionNum,
        tmnxKeyChainAdminState,
        tmnxKeyChainOperState,
        tmnxKeyChainKeyRowStatus,
        tmnxKeyChainAuthenticationKey,
        tmnxKeyChainKeyAlgorithm,
        tmnxKeyChainKeyBeginTime,
        tmnxKeyChainKeyEndTime,
        tmnxKeyChainKeyTolerance,
        tmnxKeyChainKeyAdminState
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of Keychain capabilities
         for revision 5.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 26 }

tmnxSecurityRadiusV5v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxRadiusAdminStatus,
        tmnxRadiusAccounting,
        tmnxRadiusAuthorization,
        tmnxRadiusTimeout,
        tmnxRadiusPort,
        tmnxRadiusServerSecret,
        tmnxRadiusServerOperStatus,
        tmnxRadiusServerRowStatus,
        tmnxRadiusRetryAttempts,
        tmnxRadiusConfigured,
        tmnxRadiusPEForceDiscovery,
        tmnxRadiusPEForceDiscoverySvcId,
        tmnxRadiusAccountingPort,
        tmnxRadiusServerInetAddressType,
        tmnxRadiusServerInetAddress,
        tmnxRadiusUseTemplate
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities
         for revision 5.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 27 }

tmnxSecurityTacPlusV5v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusSingleConnection,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities
         for revision 5.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 28 }

tmnxSecurityCpmIpFilterV5v0Group  OBJECT-GROUP
    OBJECTS {
        tCpmFilterQueueRowStatus,
        tCpmFilterQueueLastChanged,
        tCpmFilterQueueAdminPIR,
        tCpmFilterQueueAdminCIR,
        tCpmFilterQueueCBS,
        tCpmFilterQueueMBS,
        tCpmFilterQueueReferences,
        tCpmFilterQueueOperPIR,
        tCpmFilterQueueOperCIR,
        tCpmFilterDefaultAction,
        tCpmIpFilterAdminState,
        tCpmIpFilterEntryRowStatus,
        tCpmIpFilterEntryLastChanged,
        tCpmIpFilterEntryLogId,
        tCpmIpFilterEntryDescription,
        tCpmIpFilterEntryAction,
        tCpmIpFilterEntryQueueId,
        tCpmIpFilterEntrySrcIPAddr,
        tCpmIpFilterEntrySrcIPMask,
        tCpmIpFilterEntryDestIPAddr,
        tCpmIpFilterEntryDestIPMask,
        tCpmIpFilterEntryProtocol,
        tCpmIpFilterEntrySrcPort,
        tCpmIpFilterEntrySrcPortMask,
        tCpmIpFilterEntryDestPort,
        tCpmIpFilterEntryDestPortMask,
        tCpmIpFilterEntryDSCP,
        tCpmIpFilterEntryFragment,
        tCpmIpFilterEntryOptionPresent,
        tCpmIpFilterEntryIPOptionValue,
        tCpmIpFilterEntryIPOptionMask,
        tCpmIpFilterEntryMultipleOption,
        tCpmIpFilterEntryTcpSyn,
        tCpmIpFilterEntryTcpAck,
        tCpmIpFilterEntryIcmpCode,
        tCpmIpFilterEntryIcmpType,
        tCpmIpFilterEntryVRtrId,
        tCpmIpFilterEntryLogCreated,
        tCpmIpFilterStatsDroppedPkts,
        tCpmIpFilterStatsForwardedPkts,
        tCpmFilterQInProfileDropPkts,
        tCpmFilterQInProfileFwdPkts,
        tCpmFilterQInProfileDropOctets,
        tCpmFilterQInProfileFwdOctets,
        tCpmFilterQOutProfileDropPkts,
        tCpmFilterQOutProfileFwdPkts,
        tCpmFilterQOutProfileDropOctets,
        tCpmFilterQOutProfileFwdOctets
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting the CPM hardware filter
         capabilities for revision 5.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 29 }

tmnxSecurityNotificationV5v0Group  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSSHServerPreserveKeyFail,
        tmnxKeyChainAuthFailure
    }
    STATUS    current
    DESCRIPTION
        "The group of notifications supporting security in revision 5.0 on
         Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 30 }

tmnxSecurityNotifyObjsGroup   OBJECT-GROUP
    OBJECTS {
        tmnxKeyChainAuthFailReason,
        tmnxKeyChainAuthAddrType,
        tmnxKeyChainAuthAddr
    }
    STATUS        current
    DESCRIPTION
        "The group of objects supporting security notifications
         on Alcatel-Lucent SROS series systems 5.0 release."
    ::= { tmnxSecurityGroups 31 }

tmnxSecurityTacPlusV6v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusSingleConnection,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress,
        tmnxTacPlusServerPort
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities
         for revision 6.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 32 }

tmnxSecurityPasswordsV6v0Group OBJECT-GROUP
    OBJECTS {
        tmnxPasswordAging,
        tmnxPasswordMinLength,
        tmnxPasswordComplexity,
        tmnxPasswordAttemptsCount,
        tmnxPasswordAttemptsTime,
        tmnxPasswordAttemptsLockoutPeriod,
        tmnxPasswordAuthenOrder1,
        tmnxPasswordAuthenOrder2,
        tmnxPasswordAuthenOrder3,
        tmnxPasswordAuthenExitOnReject,
        tmnxAdminPassword,
        tmnxAdminPasswordEncrypted,
        tmnxPasswordHealthCheck,
        tmnxPasswordHealthCheckInterval
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of passwords
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 33 }

tmnxSecurityMafV6v0Group OBJECT-GROUP
    OBJECTS {
        tmnxGenMafTableLastChanged,
        tmnxMafIPMatchTableLastChanged,
        tmnxGenMafLastModified,
        tmnxGenMafRowStatus,
        tmnxGenMafAdminState,
        tmnxGenMafDefaultAction,
        tmnxIPMafMatchRowStatus,
        tmnxIPMafMatchLastChanged,
        tmnxIPMafMatchAction,
        tmnxIPMafMatchDescription,
        tmnxIPMafMatchSrcIpAddrType,
        tmnxIPMafMatchSrcIpAddr,
        tmnxIPMafMatchSrcIpMask,
        tmnxIPMafMatchSrcPortType,
        tmnxIPMafMatchSrcPortId,
        tmnxIPMafMatchDestPort,
        tmnxIPMafMatchDestPortMask,
        tmnxIPMafMatchProtNxtHdr,
        tmnxIPMafMatchCount,
        tmnxIPMafMatchRouter,
        tmnxIPMafMatchFlowLabel,
        tmnxIPMafMatchLog
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of Management Access
         Filters (MAF) capabilities on Alcatel-Lucent SROS series systems
         release 6.0"
    ::= { tmnxSecurityGroups 34 }

tmnxObsoletedObjectsV6v0Group OBJECT-GROUP
    OBJECTS {
        tmnxMafRowStatus,
        tmnxMafDefaultAction,
        tmnxMafAdminState,
        tmnxMafMatchRowStatus,
        tmnxMafMatchLastChanged,
        tmnxMafMatchAction,
        tmnxMafMatchDescription,
        tmnxMafMatchSrcIpAddr,
        tmnxMafMatchSrcIpMask,
        tmnxMafMatchSrcPortType,
        tmnxMafMatchSrcPortId,
        tmnxMafMatchDestPort,
        tmnxMafMatchDestPortMask,
        tmnxMafMatchProtocol,
        tmnxMafMatchCount,
        tmnxMafMatchRouter,
        tmnxMafMatchLog
    }
    STATUS    current
    DESCRIPTION
        "The group of objects that are obsoleted in  on Alcatel-Lucent SROS
         series systems release 6.0"
    ::= { tmnxSecurityGroups 35 }

tmnxSecurityCpmProtectGroup  OBJECT-GROUP
    OBJECTS {
               tmnxCpmProtPolTableLastChanged,
               tmnxCpmProtPolRowStatus,
               tmnxCpmProtPolLastChanged,
               tmnxCpmProtPolDescription,
               tmnxCpmProtPolPerSrcRateLimit,
               tmnxCpmProtPolOverallRateLimit,
               tmnxCpmProtPolAlarm,
               tmnxCpmProtPolOutProfileRate,
               tmnxCpmProtDropUncfgdProtocolMsg,
               tmnxCpmProtLinkRateLimit,
               tmnxCpmProtExcdTableLastChanged,
               tmnxCpmProtExcdPeriods,
               tmnxCpmProtExcdTime,
               tmnxCpmProtExcdTimeStarted,
               tmnxCpmProtViolPortTableLastChgd,
               tmnxCpmProtViolPortPeriods,
               tmnxCpmProtViolPortTimeStarted,
               tmnxCpmProtViolPortTime,
               tmnxCpmProtViolPortAggPeriods,
               tmnxCpmProtViolPortAggTimeStart,
               tmnxCpmProtViolPortAggTime,
               tmnxCpmProtViolIfTableLastChgd,
               tmnxCpmProtViolIfPeriods,
               tmnxCpmProtViolIfTimeStarted,
               tmnxCpmProtViolIfTime,
               tmnxCpmProtViolSapTableLastChgd,
               tmnxCpmProtViolSapPeriods,
               tmnxCpmProtViolSapTimeStarted,
               tmnxCpmProtViolSapTime,
               tmnxCpmProtPortOverallRateLimit,
               tmnxCpmProtDetectPeriod
            }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of CPM Protection
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 36 }

tmnxSecurityLiGroup     OBJECT-GROUP
    OBJECTS {
                tmnxUserProfileLi
            }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of Lawful Intercept (LI)
         users."
    ::= { tmnxSecurityGroups 37 }

tmnxSecurityCpmProtNotificationGroup  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolPort,
        tmnxCpmProtViolPortAgg,
        tmnxCpmProtViolIf,
        tmnxCpmProtViolSap,
        tmnxCpmProtViolMac
    }
    STATUS    current
    DESCRIPTION
        "The group of notifications supporting CPM Protection
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 38 }

tmnxSecurityCpmProtNotificationObjsGroup     OBJECT-GROUP
    OBJECTS {
        tmnxCpmProtViolMacAddress,
        tmnxCpmProtViolMacPeriods
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting CPM Protection notifications."
    ::= { tmnxSecurityGroups 39 }

tmnxSecurityCpmMacFilterGroup  OBJECT-GROUP
    OBJECTS {
        tCpmMacFilterAdminState,
        tCpmMacFltrEntryRowStatus,
        tCpmMacFltrEntryLastChanged,
        tCpmMacFltrEntryLogId,
        tCpmMacFltrEntryDescription,
        tCpmMacFltrEntryAction,
        tCpmMacFltrEntryQueueId,
        tCpmMacFltrEntryFrameType,
        tCpmMacFltrEntrySvcId,
        tCpmMacFltrEntryDot1pValue,
        tCpmMacFltrEntryDot1pMask,
        tCpmMacFltrEntryDsap,
        tCpmMacFltrEntryDsapMask,
        tCpmMacFltrEntrySrcMAC,
        tCpmMacFltrEntrySrcMACMask,
        tCpmMacFltrEntryDstMAC,
        tCpmMacFltrEntryDstMACMask,
        tCpmMacFltrEntryEtherType,
        tCpmMacFltrEntrySsap,
        tCpmMacFltrEntrySsapMask,
        tCpmMacFltrEntryCfmOpCodeOper,
        tCpmMacFltrEntryCfmOpCodeValue1,
        tCpmMacFltrEntryCfmOpCodeValue2,
        tCpmMacFltrEntryLogCreated,
        tCpmMacFilterStatsDroppedPkts,
        tCpmMacFilterStatsForwardedPkts
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting the CPM hardware Mac filter
         capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 40 }

tmnxSecurityMafMacFilterGroup  OBJECT-GROUP
    OBJECTS {
        tmnxMafMacMatchTableLastChanged,
        tmnxMacMafMatchRowStatus,
        tmnxMacMafMatchLastChanged,
        tmnxMacMafMatchAction,
        tmnxMacMafMatchDescription,
        tmnxMacMafMatchLog,
        tmnxMacMafMatchFrameType,
        tmnxMacMafMatchSvcId,
        tmnxMacMafMatchDot1pValue,
        tmnxMacMafMatchDot1pMask,
        tmnxMacMafMatchDsap,
        tmnxMacMafMatchDsapMask,
        tmnxMacMafMatchSrcMAC,
        tmnxMacMafMatchSrcMACMask,
        tmnxMacMafMatchDstMAC,
        tmnxMacMafMatchDstMACMask,
        tmnxMacMafMatchEtherType,
        tmnxMacMafMatchSnapOui,
        tmnxMacMafMatchSnapPid,
        tmnxMacMafMatchSsap,
        tmnxMacMafMatchSsapMask,
        tmnxMacMafMatchCfmOpCodeOper,
        tmnxMacMafMatchCfmOpCodeValue1,
        tmnxMacMafMatchCfmOpCodeValue2,
        tmnxMacMafMatchCount
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting the Maf Mac filter
         capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 41 }

tmnxSecurityUserV6v0Group OBJECT-GROUP
    OBJECTS {
        tmnxUserProfileRowStatus,
        tmnxUserProfileDefaultAction,
        tmnxUserProfileMatchRowStatus,
        tmnxUserProfileMatchDescription,
        tmnxUserProfileMatchAction,
        tmnxUserProfileMatchString,
        tmnxUserRowStatus,
        tmnxUserPassword,
        tmnxUserPasswordEncrypted,
        tmnxUserAccess,
        tmnxUserHomeDirectory,
        tmnxUserRestrictedToHome,
        tmnxUserConsoleLoginExecFile,
        tmnxUserConsoleCannotChangePswd,
        tmnxUserConsoleNewPswdAtLogin,
        tmnxUserConsoleMemberProfile1,
        tmnxUserConsoleMemberProfile2,
        tmnxUserConsoleMemberProfile3,
        tmnxUserConsoleMemberProfile4,
        tmnxUserConsoleMemberProfile5,
        tmnxUserConsoleMemberProfile6,
        tmnxUserConsoleMemberProfile7,
        tmnxUserConsoleMemberProfile8,
        tmnxUserAttemptedLogins,
        tmnxUserSuccessfulLogins,
        tmnxUserPasswordChanged,
        tmnxTemplateAccess,
        tmnxTemplateHomeDirectory,
        tmnxTemplateRestrictedToHome,
        tmnxTemplateConsoleLoginExecFile,
        tmnxTemplateProfile
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of user security
         capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 42 }

tmnxSecurityRadiusAuthV5v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxRadiusAuthAlgorithm
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of RADIUS capabilities
         for revision 5.0 on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 43 }

tmnxSecurityV7v0Group    OBJECT-GROUP
    OBJECTS {
        tmnxCpmProtAllowShamLinkPackets,
        tmnxCpmProtViolVdoSvcPeriods,
        tmnxCpmProtViolVdoSvcTimeStarted,
        tmnxCpmProtViolVdoSvcTime,
        tmnxCpmProtViolVdoSvcVrtrIfIndex,
        tmnxCpmProtViolVdoVrtrPeriods,
        tmnxCpmProtViolVdoVrtrTimeStart,
        tmnxCpmProtViolVdoVrtrTime,
        tmnxCpmProtViolVdoVrtrSvcId,
        tmnxCpmProtViolVdoVrtrIfIndex
    }
    STATUS        current
    DESCRIPTION
       "The group of objects supporting management of CPM Protection
         on Alcatel-Lucent SROS 7.0 series systems."
   ::= { tmnxSecurityGroups 44 }

tmnxSecurityCpmProtNotifyV7v0Grp  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolVdoSvcClient,
        tmnxCpmProtViolVdoVrtrClient
    }
    STATUS    current
    DESCRIPTION
        "The group of notifications supporting CPM Protection on Alcatel-Lucent
         SROS 7.0 series systems."
    ::= { tmnxSecurityGroups 45 }

tmnxSecurityTacPlusV8v0Group  OBJECT-GROUP
    OBJECTS {
        tmnxTacPlusAdminStatus,
        tmnxTacPlusTimeout,
        tmnxTacPlusServerSecret,
        tmnxTacPlusServerRowStatus,
        tmnxTacPlusServerOperStatus,
        tmnxTacPlusAccounting,
        tmnxTacPlusAcctRecType,
        tmnxTacPlusAuthorization,
        tmnxTacPlusConfigured,
        tmnxTacplusUseTemplate,
        tmnxTacPlusServerInetAddressType,
        tmnxTacPlusServerInetAddress,
        tmnxTacPlusServerPort
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting management of TACACS+ capabilities
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 46 }

tmnxObsoletedObjectsV8v0Group OBJECT-GROUP
    OBJECTS {
        tmnxTacPlusSingleConnection
    }
    STATUS    current
    DESCRIPTION
        "The group of objects that are made obsolete on Alcatel-Lucent SROS
         series systems in release 8.0"
    ::= { tmnxSecurityGroups 47 }

tmnxSecurityNotifyObjsV8v0Group   OBJECT-GROUP
    OBJECTS {
        tmnxMD5AuthFailReason,
        tmnxMD5AuthAddrType,
        tmnxMD5AuthAddr,
        tmnxMD5AuthKey,
        tmnxCpmProtPolId
    }
    STATUS        current
    DESCRIPTION
        "The group of objects supporting security notifications in revision 8.0
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 48 }

tmnxSecurityNotificationV8v0Grp  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxMD5AuthFailure,
        tmnxCpmProtDefPolModified
    }
    STATUS    current
    DESCRIPTION
        "The group of notifications supporting security in revision 8.0 on
         Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 49 }

tmnxCpmProtEthCfmPolV8v0Grp      OBJECT-GROUP
    OBJECTS {
        tmnxCpmProtEthCfmPolTableLastChg,
        tmnxCpmProtEthCfmPolRowStatus,
        tmnxCpmProtEthCfmPolLastChanged,
        tmnxCpmProtEthCfmPolLevelSet,
        tmnxCpmProtEthCfmPolOpCodeSet,
        tmnxCpmProtEthCfmPolRateLimit,
        tmnxCpmProtExcdSdpBindEcmTblLChg,
        tmnxCpmProtExcdSdpBindEcmPeriods,
        tmnxCpmProtExcdSdpBindEcmStarted,
        tmnxCpmProtExcdSdpBindEcmTime,
        tmnxCpmProtExcdSapEcmTblLChg,
        tmnxCpmProtExcdSapEcmPeriods,
        tmnxCpmProtExcdSapEcmStarted,
        tmnxCpmProtExcdSapEcmTime
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting CPM protection policies for Ethernet
         CFM packets in revision 8.0 R5 on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 50 }

tmnxCpmProtPolV8v0Grp            OBJECT-GROUP
    OBJECTS {
        tmnxCpmProtViolSdpBindTblLastChg,
        tmnxCpmProtViolSdpBindPeriods,
        tmnxCpmProtViolSdpBindTimeStartd,
        tmnxCpmProtViolSdpBindTime,
        tmnxCpmProtExcdSdpBindTblLastChg,
        tmnxCpmProtExcdSdpBindPeriods,
        tmnxCpmProtExcdSdpBindTimeStartd,
        tmnxCpmProtExcdSdpBindTime
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting CPM protection policies in revision
         8.0 R5 on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 51 }

tmnxCpmProtPolNotifyV8v0Grp      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtViolSdpBind,
        tmnxCpmProtExcdSdpBind,
        tmnxCpmProtExcdSapEcm,
        tmnxCpmProtExcdSdpBindEcm
    }
    STATUS current
    DESCRIPTION
        "The group of notifications supporting CPM protection policies in
         revision 8.0 R5 on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 52 }

tmnxSecPkiV9v0Grp            OBJECT-GROUP
    OBJECTS {
       tmnxPkiCAProfileAdminState,  
       tmnxPkiCAProfileCRLFile,  
       tmnxPkiCAProfileCertFile,  
       tmnxPkiCAProfileDescr,  
       tmnxPkiCAProfileLastChanged,  
       tmnxPkiCAProfileRowStatus,  
       tmnxPkiCAProfileTableLastChanged,  
       tmnxPkiMaxCertChainDepth,
       tmnxPkiCAProfileOperFlags,  
       tmnxPkiCAProfileOperState,
       tmnxCertMgrAuthFailed,  
       tmnxCertMgrAuthPassed,  
       tmnxCertMgrTotalAuth
    }
    STATUS current
    DESCRIPTION
        "The tmnxSecPkiV9v0Grp indicates the group of objects supporting PKI
         objects in revision 9.0 R4 on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 53 }

tmnxSecurityNwExceptionsGroup  OBJECT-GROUP
    OBJECTS {
        tmnxCpmVprnNwExceptions,
        tmnxCpmNumVprnNwExceptions,
        tmnxCpmVprnNwExceptionsTime
    }
    STATUS    current
    DESCRIPTION
        "The group of objects supporting MPLS Network Exception capabilities
         for on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 54 }

tmnxCertNotifyGroup      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxPkiFileReadFailed,
        tmnxPkiCertVerificationFailed,
        tmnxCAProfileStateChange
    }
    STATUS current
    DESCRIPTION
        "The group of notifications supporting CA Profile certificate
        capabilities on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 55 }

tmnxSecNotifyObjsV10v0Group   OBJECT-GROUP
    OBJECTS {
       tmnxSecNotifCert,  
       tmnxSecNotifFailureReason,  
       tmnxSecNotifFile,  
       tmnxSecNotifTunnelName
    }
    STATUS        current
    DESCRIPTION
        "The group of objects supporting security notifications in revision 8.0
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 56 }

tmnxRadiusUserGroup  OBJECT-GROUP
    OBJECTS {
       tmnxRadiusUserAcctConnError,  
       tmnxRadiusUserAcctRejRx,  
       tmnxRadiusUserAcctReqTx,  
       tmnxRadiusUserBindFail,  
       tmnxRadiusUserLoginFail,  
       tmnxRadiusUserLoginPass,  
       tmnxRadiusUserMd5Fail,  
       tmnxRadiusUserOpenFail,  
       tmnxRadiusUserPending,  
       tmnxRadiusUserRecvFail,  
       tmnxRadiusUserReqRx,  
       tmnxRadiusUserReqTx,  
       tmnxRadiusUserSendFail,  
       tmnxRadiusUserSendTimeout
    }
    STATUS current
    DESCRIPTION
        "The tmnxRadiusUserGroup indicates the group of objects supporting
         radius objects on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 57 }

tmnxCpmProtExcdSapIpV9v0Group    OBJECT-GROUP
    OBJECTS {
        tmnxCpmProtExcdSapIpTableLastChg,
        tmnxCpmProtExcdSapIpPeriods,
        tmnxCpmProtExcdSapIpStarted,
        tmnxCpmProtExcdSapIpTime,
        tmnxCpmProtPolLimDhcpCiAddrZero
    }
    STATUS        current
    DESCRIPTION
        "The group of objects supporting per-SAP, per-source rate limiting of IP
         packets in release 9.0 Alcatel-Lucent SROS series systems."
    ::= { tmnxSecurityGroups 58 }

tmnxCpmProtPolNotifyV9v0Group    NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxCpmProtExcdSapIp
    }
    STATUS current
    DESCRIPTION
        "The group of notifications supporting CPM protection policies in
         Alcatel-Lucent SROS systems, release 9.0."
    ::= { tmnxSecurityGroups 59 }

tmnxCpmFltrPrefixListV10v0Group OBJECT-GROUP
    OBJECTS {
        tCpmIpFilterEntrySrcIpPrefixList ,
        tCpmIpFilterEntryDstIpPrefixList
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting management of IP prefix lists
        in CPM filters on Alcatel-Lucent SROS series systems
        10.0 release."
    ::= { tmnxSecurityGroups 60 }

tmnxRadiusUserExGroup  OBJECT-GROUP
    OBJECTS {
        tmnxRadiusUserAccChallengePkt
    }
    STATUS current
    DESCRIPTION
        "The tmnxRadiusUserGroup indicates the group of additional objects
        supporting radius objects on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 61 }

tmnxSecurityUserActionGroup OBJECT-GROUP
    OBJECTS {
        tmnxUserActionUserName,
        tmnxUserActionUnlock
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting management of
         user lock-out on Alcatel-Lucent SROS systems."
    ::= { tmnxSecurityGroups 62 }

END
