DOCS-BPI-MIB DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-IDENTITY,
	OBJECT-TYPE,
	Integer32,
	Counter32,
	IpAddress
		FROM SNMPv2-SMI
	DisplayString,
	MacAddress,
	RowStatus,
	TruthValue,
	DateAndTime
		FROM SNMPv2-TC
	OBJECT-GROUP,
	MODULE-COMPLIANCE
		FROM SNMPv2-CONF
	ifIndex
		FROM IF-MIB
	docsIfMib,
	docsIfCmServiceId,
	docsIfCmtsServiceId
		FROM DOCS-IF-MIB;

docsBpiMIB MODULE-IDENTITY
	LAST-UPDATED "200103130000Z"	-- Mar 13, 2001 12:00:00 AM
	ORGANIZATION "IETF IPCDN Working Group"
	CONTACT-INFO
		"Rich Woundy
		Postal: Cisco Systems
		        250 Apollo Drive
		        Chelmsford, MA 01824 U.S.A.
		Tel: +1 978 244 8000
		E-mail: rwoundy@cisco.com

		IETF IPCDN Working Group
		General Discussion: ipcdn@ietf.org
		Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn
		Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn
		Co-chairs: Richard Woundy, rwoundy@cisco.com
		           Andrew Valentine, a.valentine@eu.hns.com"
	DESCRIPTION
		"This is the MIB Module for the DOCSIS Baseline Privacy Interface
		(BPI) at cable modems (CMs) and cable modem termination systems
		(CMTSs). CableLabs requires the implementation of this MIB in
		DOCSIS 1.0 cable modems that implement the Baseline Privacy
		Interface, as a prerequisite for DOCSIS 1.0 certification."
	REVISION "200103130000Z"	-- Mar 13, 2001 12:00:00 AM
	DESCRIPTION
		"Version published as RFC 3083."
	REVISION "200011031930Z"	-- Nov 3, 2000 7:30:00 PM
	DESCRIPTION
		"Modified by Richard Woundy to fix problems identified by the MIB





		doctor. I marked docsBpiCmtsDefaultAuthGraceTime and
		docsBpiCmtsDefaultTEKGraceTime as obsolete objects, to prevent OID
		reassignment. Several object descriptions were also corrected."
	REVISION "200002161930Z"	-- Feb 16, 2000 7:30:00 PM
	DESCRIPTION
		"Initial version.
		CableLabs requires the implementation of this MIB in certified DOCSIS
		1.0 cable modems implementing the Baseline Privacy Interface, per
		DOCSIS 1.0 engineering change notice oss-n-99027."
	-- 1.3.6.1.2.1.10.127.5
	::= { docsIfMib 5 }


docsBpiMIBObjects OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.1
	::= { docsBpiMIB 1 }

-- Cable Modem Group

docsBpiCmObjects OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.1.1
	::= { docsBpiMIBObjects 1 }

--
-- The BPI base and authorization table for CMs, indexed by ifIndex
--

docsBpiCmBaseTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiCmBaseEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the basic and authorization-related Baseline
		Privacy attributes of each CM MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.1.1
	::= { docsBpiCmObjects 1 }


docsBpiCmBaseEntry OBJECT-TYPE
	SYNTAX  DocsBpiCmBaseEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing attributes of one CM MAC
		interface. An entry in this table exists for each ifEntry with an
		ifType of docsCableMaclayer(127)."
	INDEX {
		ifIndex }
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1
	::= { docsBpiCmBaseTable 1 }


DocsBpiCmBaseEntry ::= SEQUENCE {

	docsBpiCmPrivacyEnable          TruthValue,
	docsBpiCmPublicKey              OCTET STRING,
	docsBpiCmAuthState              INTEGER,
	docsBpiCmAuthKeySequenceNumber  Integer32,
	docsBpiCmAuthExpires            DateAndTime,
	docsBpiCmAuthReset              TruthValue,
	docsBpiCmAuthGraceTime          Integer32,
	docsBpiCmTEKGraceTime           Integer32,
	docsBpiCmAuthWaitTimeout        Integer32,
	docsBpiCmReauthWaitTimeout      Integer32,
	docsBpiCmOpWaitTimeout          Integer32,
	docsBpiCmRekeyWaitTimeout       Integer32,
	docsBpiCmAuthRejectWaitTimeout  Integer32,
	docsBpiCmAuthRequests           Counter32,
	docsBpiCmAuthReplies            Counter32,
	docsBpiCmAuthRejects            Counter32,
	docsBpiCmAuthInvalids           Counter32,
	docsBpiCmAuthRejectErrorCode    INTEGER,
	docsBpiCmAuthRejectErrorString  DisplayString,
	docsBpiCmAuthInvalidErrorCode   INTEGER,
	docsBpiCmAuthInvalidErrorString DisplayString }


docsBpiCmPrivacyEnable OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object identifies whether this CM is provisioned to run
		Baseline Privacy. This is analogous to the presence (or absence)
		of the Baseline Privacy Configuration Setting option. The status
		of each individual SID with respect to Baseline Privacy is
		captured in the docsBpiCmTEKPrivacyEnable object."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.1
	::= { docsBpiCmBaseEntry 1 }


docsBpiCmPublicKey OBJECT-TYPE
	SYNTAX  OCTET STRING (SIZE (74 | 106 | 140 | 270))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is a DER-encoded RSAPublicKey ASN.1 type
		string, as defined in the RSA Encryption Standard (PKCS #1) [22],
		corresponding to the public key of the CM. The 74, 106, 140, and
		270 byte key encoding lengths correspond to 512 bit, 768 bit, 1024
		bit, and 2048 public moduli respectively."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.2.4."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.2
	::= { docsBpiCmBaseEntry 2 }


docsBpiCmAuthState OBJECT-TYPE
	SYNTAX  INTEGER {
			authWait(2),
			authorized(3),
			reauthWait(4),
			authRejectWait(5) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the state of the CM authorization
		FSM.  The start state indicates that FSM is in its initial state."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.1.2.1."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.3
	::= { docsBpiCmBaseEntry 3 }


docsBpiCmAuthKeySequenceNumber OBJECT-TYPE
	SYNTAX  Integer32 (0..15)
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the authorization key sequence number
		for this FSM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.2
		and 4.2.2.10."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.4
	::= { docsBpiCmBaseEntry 4 }


docsBpiCmAuthExpires OBJECT-TYPE
	SYNTAX  DateAndTime
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the actual clock time when the current
		authorization for this FSM expires. If the CM does not have an active
		authorization, then the value is of the expiration date and time of
		the last active authorization."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.2
		and 4.2.2.9."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.5
	::= { docsBpiCmBaseEntry 5 }


docsBpiCmAuthReset OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"Setting this object to TRUE generates a Reauthorize event in the
		authorization FSM. Reading this object always returns FALSE."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.1.2.3.4."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.6
	::= { docsBpiCmBaseEntry 6 }


docsBpiCmAuthGraceTime OBJECT-TYPE
	SYNTAX  Integer32 (1..1800)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the grace time for an authorization key.
		A CM is expected to start trying to get a new authorization key
		beginning AuthGraceTime seconds before the authorization key actually
		expires."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.3."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.7
	::= { docsBpiCmBaseEntry 7 }


docsBpiCmTEKGraceTime OBJECT-TYPE
	SYNTAX  Integer32 (1..1800)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the grace time for a TEK.  A CM is
		expected to start trying to get a new TEK beginning TEKGraceTime
		seconds before the TEK actually expires."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.6."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.8
	::= { docsBpiCmBaseEntry 8 }


docsBpiCmAuthWaitTimeout OBJECT-TYPE
	SYNTAX  Integer32 (1..30)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Authorize Wait Timeout."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.1."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.9
	::= { docsBpiCmBaseEntry 9 }


docsBpiCmReauthWaitTimeout OBJECT-TYPE
	SYNTAX  Integer32 (1..30)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Reauthorize Wait Timeout in seconds."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.2."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.10
	::= { docsBpiCmBaseEntry 10 }


docsBpiCmOpWaitTimeout OBJECT-TYPE
	SYNTAX  Integer32 (1..10)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Operational Wait Timeout in seconds."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.4."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.11
	::= { docsBpiCmBaseEntry 11 }


docsBpiCmRekeyWaitTimeout OBJECT-TYPE
	SYNTAX  Integer32 (1..10)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Rekey Wait Timeout in seconds."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.5."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.12
	::= { docsBpiCmBaseEntry 12 }


docsBpiCmAuthRejectWaitTimeout OBJECT-TYPE
	SYNTAX  Integer32 (1..600)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Authorization Reject Wait Timeout in
		seconds."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.7."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.13
	::= { docsBpiCmBaseEntry 13 }


docsBpiCmAuthRequests OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has
		transmitted an Authorization Request message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.1."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.14
	::= { docsBpiCmBaseEntry 14 }


docsBpiCmAuthReplies OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has
		received an Authorization Reply message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.2."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.15
	::= { docsBpiCmBaseEntry 15 }


docsBpiCmAuthRejects OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has
		received an Authorization Reject message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.3."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.16
	::= { docsBpiCmBaseEntry 16 }


docsBpiCmAuthInvalids OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has
		received an Authorization Invalid message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.7."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.17
	::= { docsBpiCmBaseEntry 17 }


docsBpiCmAuthRejectErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			unauthorizedCm(3),
			unauthorizedSid(4) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in most recent Authorization Reject message received by
		the CM.  This has value unknown(2) if the last Error-Code value was
		0, and none(1) if no Authorization Reject message has been received
		since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.3
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.18
	::= { docsBpiCmBaseEntry 18 }


docsBpiCmAuthRejectErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in most recent
		Authorization Reject message received by the CM.  This is a zero
		length string if no Authorization Reject message has been received
		since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.3
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.19
	::= { docsBpiCmBaseEntry 19 }


docsBpiCmAuthInvalidErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			unauthorizedCm(3),
			unsolicited(5),
			invalidKeySequence(6),
			keyRequestAuthenticationFailure(7) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in most recent Authorization Invalid message received by
		the CM.  This has value unknown(2) if the last Error-Code value was
		0, and none(1) if no Authorization Invalid message has been received
		since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.7
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.20
	::= { docsBpiCmBaseEntry 20 }


docsBpiCmAuthInvalidErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in most recent
		Authorization Invalid message received by the CM.  This is a zero





		length string if no Authorization Invalid message has been received
		since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.7
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.1.1.1.21
	::= { docsBpiCmBaseEntry 21 }


--
-- The CM TEK Table, indexed by ifIndex and SID
--

docsBpiCmTEKTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiCmTEKEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the attributes of each CM Traffic Encryption Key
		(TEK) association. The CM maintains (no more than) one TEK association
		per SID per CM MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.1.2
	::= { docsBpiCmObjects 2 }


docsBpiCmTEKEntry OBJECT-TYPE
	SYNTAX  DocsBpiCmTEKEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing the TEK association attributes
		of one SID. The CM MUST create one entry per unicast SID, regardless
		of whether the SID was obtained from a Registration Response message,
		or from an Authorization Reply message."
	INDEX {
		ifIndex,
		docsIfCmServiceId }
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1
	::= { docsBpiCmTEKTable 1 }


DocsBpiCmTEKEntry ::= SEQUENCE {

	docsBpiCmTEKPrivacyEnable        TruthValue,
	docsBpiCmTEKState                INTEGER,
	docsBpiCmTEKExpiresOld           DateAndTime,
	docsBpiCmTEKExpiresNew           DateAndTime,
	docsBpiCmTEKKeyRequests          Counter32,
	docsBpiCmTEKKeyReplies           Counter32,
	docsBpiCmTEKKeyRejects           Counter32,
	docsBpiCmTEKInvalids             Counter32,
	docsBpiCmTEKAuthPends            Counter32,
	docsBpiCmTEKKeyRejectErrorCode   INTEGER,
	docsBpiCmTEKKeyRejectErrorString DisplayString,
	docsBpiCmTEKInvalidErrorCode     INTEGER,
	docsBpiCmTEKInvalidErrorString   DisplayString }


docsBpiCmTEKPrivacyEnable OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object identifies whether this SID is provisioned to run
		Baseline Privacy. This is analogous to enabling Baseline Privacy on
		a provisioned SID using the Class-of-Service Privacy Enable option.
		Baseline Privacy is not effectively enabled for any SID unless
		Baseline Privacy is enabled for the CM, which is managed via the
		docsBpiCmPrivacyEnable object."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.2."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.1
	::= { docsBpiCmTEKEntry 1 }


docsBpiCmTEKState OBJECT-TYPE
	SYNTAX  INTEGER {
			start(1),
			opWait(2),
			opReauthWait(3),
			operational(4),
			rekeyWait(5),
			rekeyReauthWait(6) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the state of the indicated TEK FSM.
		The start(1) state indicates that FSM is in its initial state."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.1.3.1."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.2
	::= { docsBpiCmTEKEntry 2 }


docsBpiCmTEKExpiresOld OBJECT-TYPE
	SYNTAX  DateAndTime
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the actual clock time for expiration
		of the immediate predecessor of the most recent TEK for this FSM.
		If this FSM has only one TEK, then the value is the time of activation
		of this FSM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.5 and
		4.2.2.9."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.3
	::= { docsBpiCmTEKEntry 3 }


docsBpiCmTEKExpiresNew OBJECT-TYPE
	SYNTAX  DateAndTime
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the actual clock time for expiration
		of the most recent TEK for this FSM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.5 and
		4.2.2.9."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.4
	::= { docsBpiCmTEKEntry 4 }


docsBpiCmTEKKeyRequests OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has transmitted
		a Key Request message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.4."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.5
	::= { docsBpiCmTEKEntry 5 }


docsBpiCmTEKKeyReplies OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has received
		a Key Reply message, including a message whose authentication failed."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.5."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.6
	::= { docsBpiCmTEKEntry 6 }


docsBpiCmTEKKeyRejects OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has received
		a Key Reject message, including a message whose authentication failed."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.6."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.7
	::= { docsBpiCmTEKEntry 7 }


docsBpiCmTEKInvalids OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CM has received
		a TEK Invalid message, including a message whose authentication failed."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.8."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.8
	::= { docsBpiCmTEKEntry 8 }


docsBpiCmTEKAuthPends OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times an Authorization
		Pending (Auth Pend) event occurred in this FSM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.1.3.3.3."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.9
	::= { docsBpiCmTEKEntry 9 }


docsBpiCmTEKKeyRejectErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			unauthorizedSid(4) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in most recent Key Reject message received by the CM. This
		has value unknown(2) if the last Error-Code value was 0, and none(1)
		if no Key Reject message has been received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.1.2.6
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.10
	::= { docsBpiCmTEKEntry 10 }


docsBpiCmTEKKeyRejectErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in most recent Key
		Reject message received by the CM. This is a zero length string if no
		Key Reject message has been received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.1.2.6
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.11
	::= { docsBpiCmTEKEntry 11 }


docsBpiCmTEKInvalidErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			invalidKeySequence(6) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in most recent TEK Invalid message received by the CM.
		This has value unknown(2) if the last Error-Code value was 0, and
		none(1) if no TEK Invalid message has been received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.1.2.8
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.12
	::= { docsBpiCmTEKEntry 12 }


docsBpiCmTEKInvalidErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in most recent TEK
		Invalid message received by the CM. This is a zero length string if
		no TEK Invalid message has been received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.1.2.8
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.1.2.1.13
	::= { docsBpiCmTEKEntry 13 }


-- Cable Modem Termination System Group

docsBpiCmtsObjects OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.1.2
	::= { docsBpiMIBObjects 2 }

--
-- The BPI base table for CMTSs, indexed by ifIndex
--

docsBpiCmtsBaseTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiCmtsBaseEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the basic Baseline Privacy attributes of each
		CMTS MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.2.1
	::= { docsBpiCmtsObjects 1 }


docsBpiCmtsBaseEntry OBJECT-TYPE
	SYNTAX  DocsBpiCmtsBaseEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing attributes of one CMTS MAC
		interface. An entry in this table exists for each ifEntry with an
		ifType of docsCableMaclayer(127)."
	INDEX {
		ifIndex }
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1
	::= { docsBpiCmtsBaseTable 1 }


DocsBpiCmtsBaseEntry ::= SEQUENCE {

	docsBpiCmtsDefaultAuthLifetime  Integer32,
	docsBpiCmtsDefaultTEKLifetime   Integer32,
	docsBpiCmtsDefaultAuthGraceTime Integer32,
	docsBpiCmtsDefaultTEKGraceTime  Integer32,
	docsBpiCmtsAuthRequests         Counter32,
	docsBpiCmtsAuthReplies          Counter32,
	docsBpiCmtsAuthRejects          Counter32,
	docsBpiCmtsAuthInvalids         Counter32 }


docsBpiCmtsDefaultAuthLifetime OBJECT-TYPE
	SYNTAX  Integer32 (1..6048000)
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The value of this object is the default lifetime, in seconds, the
		CMTS assigns to a new authorization key."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.2."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.1
	::= { docsBpiCmtsBaseEntry 1 }


docsBpiCmtsDefaultTEKLifetime OBJECT-TYPE
	SYNTAX  Integer32 (1..604800)
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The value of this object is the default lifetime, in seconds, the
		CMTS assigns to a new Traffic Encryption Key (TEK)."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.2."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.2
	::= { docsBpiCmtsBaseEntry 2 }


-- Note: the following two objects have been obsoleted from this MIB.

docsBpiCmtsDefaultAuthGraceTime OBJECT-TYPE
	SYNTAX  Integer32 (1..1800)
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  obsolete
	DESCRIPTION
		"This object was obsoleted because the provisioning system, not the CMTS,
		manages the authorization key grace time for DOCSIS CMs."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.3
	::= { docsBpiCmtsBaseEntry 3 }


docsBpiCmtsDefaultTEKGraceTime OBJECT-TYPE
	SYNTAX  Integer32 (1..1800)
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  obsolete
	DESCRIPTION
		"This object was obsoleted because the provisioning system, not the CMTS,
		manages the Traffic Encryption Key (TEK) grace time for DOCSIS CMs."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.4
	::= { docsBpiCmtsBaseEntry 4 }


docsBpiCmtsAuthRequests OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		received an Authorization Request message from any CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.1."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.5
	::= { docsBpiCmtsBaseEntry 5 }


docsBpiCmtsAuthReplies OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted an Authorization Reply message to any CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.2."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.6
	::= { docsBpiCmtsBaseEntry 6 }


docsBpiCmtsAuthRejects OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has





		transmitted an Authorization Reject message to any CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.3."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.7
	::= { docsBpiCmtsBaseEntry 7 }


docsBpiCmtsAuthInvalids OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted an Authorization Invalid message to any CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.7."
	-- 1.3.6.1.2.1.10.127.5.1.2.1.1.8
	::= { docsBpiCmtsBaseEntry 8 }


--
-- The CMTS Authorization Table, indexed by ifIndex and CM MAC address
--

docsBpiCmtsAuthTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiCmtsAuthEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the attributes of each CM authorization
		association. The CMTS maintains one authorization association with
		each Baseline Privacy-enabled CM on each CMTS MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.2.2
	::= { docsBpiCmtsObjects 2 }


docsBpiCmtsAuthEntry OBJECT-TYPE
	SYNTAX  DocsBpiCmtsAuthEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing attributes of one
		authorization association. The CMTS MUST create one entry per CM per
		MAC interface, based on the receipt of an Authorization Request
		message, and MUST not delete the entry before the CM authorization
		permanently expires."
	INDEX {
		ifIndex,
		docsBpiCmtsAuthCmMacAddress }
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1
	::= { docsBpiCmtsAuthTable 1 }


DocsBpiCmtsAuthEntry ::= SEQUENCE {

	docsBpiCmtsAuthCmMacAddress        MacAddress,
	docsBpiCmtsAuthCmPublicKey         OCTET STRING,
	docsBpiCmtsAuthCmKeySequenceNumber Integer32,
	docsBpiCmtsAuthCmExpires           DateAndTime,
	docsBpiCmtsAuthCmLifetime          Integer32,
	docsBpiCmtsAuthCmGraceTime         Integer32,
	docsBpiCmtsAuthCmReset             INTEGER,
	docsBpiCmtsAuthCmRequests          Counter32,
	docsBpiCmtsAuthCmReplies           Counter32,
	docsBpiCmtsAuthCmRejects           Counter32,
	docsBpiCmtsAuthCmInvalids          Counter32,
	docsBpiCmtsAuthRejectErrorCode     INTEGER,
	docsBpiCmtsAuthRejectErrorString   DisplayString,
	docsBpiCmtsAuthInvalidErrorCode    INTEGER,
	docsBpiCmtsAuthInvalidErrorString  DisplayString }


docsBpiCmtsAuthCmMacAddress OBJECT-TYPE
	SYNTAX  MacAddress
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The value of this object is the physical address of the CM to
		which the authorization association applies."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.1
	::= { docsBpiCmtsAuthEntry 1 }


docsBpiCmtsAuthCmPublicKey OBJECT-TYPE
	SYNTAX  OCTET STRING (SIZE (0 | 74 | 106 | 140 | 270))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is a DER-encoded RSAPublicKey ASN.1 type
		string, as defined in the RSA Encryption Standard (PKCS #1) [22],
		corresponding to the public key of the CM. The 74, 106, 140, and
		270 byte key encoding lengths correspond to 512 bit, 768 bit, 1024
		bit, and 2048 public moduli respectively. This is a zero-length
		string if the CMTS does not retain the public key."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.2.4."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.2
	::= { docsBpiCmtsAuthEntry 2 }


docsBpiCmtsAuthCmKeySequenceNumber OBJECT-TYPE
	SYNTAX  Integer32 (0..15)
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the authorization key sequence number
		for this CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.2
		and 4.2.2.10."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.3
	::= { docsBpiCmtsAuthEntry 3 }


docsBpiCmtsAuthCmExpires OBJECT-TYPE
	SYNTAX  DateAndTime
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the actual clock time when the current
		authorization for this CM expires. If this CM does not have an
		active authorization, then the value is of the expiration date and
		time of the last active authorization."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.2
		and 4.2.2.9."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.4
	::= { docsBpiCmtsAuthEntry 4 }


docsBpiCmtsAuthCmLifetime OBJECT-TYPE
	SYNTAX  Integer32 (1..6048000)
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The value of this object is the lifetime, in seconds, the CMTS
		assigns to an authorization key for this CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.2
		and Appendix A.2."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.5
	::= { docsBpiCmtsAuthEntry 5 }


docsBpiCmtsAuthCmGraceTime OBJECT-TYPE
	SYNTAX  Integer32 (1..1800)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the grace time for the authorization key
		in seconds.  The CM is expected to start trying to get a new
		authorization key beginning AuthGraceTime seconds before the
		authorization key actually expires."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.3."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.6
	::= { docsBpiCmtsAuthEntry 6 }


docsBpiCmtsAuthCmReset OBJECT-TYPE
	SYNTAX  INTEGER {
			noResetRequested(1),
			invalidateAuth(2),
			sendAuthInvalid(3),
			invalidateTeks(4) }
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"Setting this object to invalidateAuth(2) causes the CMTS to
		invalidate the current CM authorization key, but not to transmit an
		Authorization Invalid message nor to invalidate unicast TEKs.  Setting
		this object to sendAuthInvalid(3) causes the CMTS to invalidate the
		current CM authorization key, and to transmit an Authorization Invalid
		message to the CM, but not to invalidate unicast TEKs.  Setting this
		object to invalidateTeks(4) causes the CMTS to invalidate the current
		CM authorization key, to transmit an Authorization Invalid message to
		the CM, and to invalidate all unicast TEKs associated with this CM
		authorization. Reading this object returns the most-recently-set value
		of this object, or returns noResetRequested(1) if the object has not
		been set since the last CMTS reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.1.2.3.4,
		4.1.2.3.5, and 4.1.3.3.5."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.7
	::= { docsBpiCmtsAuthEntry 7 }


docsBpiCmtsAuthCmRequests OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		received an Authorization Request message from this CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.1."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.8
	::= { docsBpiCmtsAuthEntry 8 }


docsBpiCmtsAuthCmReplies OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted an Authorization Reply message to this CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.2."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.9
	::= { docsBpiCmtsAuthEntry 9 }


docsBpiCmtsAuthCmRejects OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted an Authorization Reject message to this CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.3."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.10
	::= { docsBpiCmtsAuthEntry 10 }


docsBpiCmtsAuthCmInvalids OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted an Authorization Invalid message to this CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.7."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.11
	::= { docsBpiCmtsAuthEntry 11 }


docsBpiCmtsAuthRejectErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			unauthorizedCm(3),
			unauthorizedSid(4) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in most recent Authorization Reject message transmitted to
		the CM.  This has value unknown(2) if the last Error-Code value was
		0, and none(1) if no Authorization Reject message has been transmitted
		to the CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.3
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.12
	::= { docsBpiCmtsAuthEntry 12 }


docsBpiCmtsAuthRejectErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in most recent
		Authorization Reject message transmitted to the CM.  This is a
		zero length string if no Authorization Reject message has been
		transmitted to the CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.3
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.13
	::= { docsBpiCmtsAuthEntry 13 }


docsBpiCmtsAuthInvalidErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			unauthorizedCm(3),
			unsolicited(5),
			invalidKeySequence(6),
			keyRequestAuthenticationFailure(7) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in most recent Authorization Invalid message transmitted
		to the CM.  This has value unknown(2) if the last Error-Code value was
		0, and none(1) if no Authorization Invalid message has been
		transmitted to the CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.7
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.14
	::= { docsBpiCmtsAuthEntry 14 }


docsBpiCmtsAuthInvalidErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in most recent
		Authorization Invalid message transmitted to the CM.  This is a
		zero length string if no Authorization Invalid message has been
		transmitted to the CM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.7
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.2.2.1.15
	::= { docsBpiCmtsAuthEntry 15 }


--
-- The CMTS TEK Table, indexed by ifIndex and SID
--

docsBpiCmtsTEKTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiCmtsTEKEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the attributes of each CM Traffic Encryption
		Key (TEK) association. The CMTS maintains one TEK association per BPI
		SID on each CMTS MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.2.3
	::= { docsBpiCmtsObjects 3 }


docsBpiCmtsTEKEntry OBJECT-TYPE
	SYNTAX  DocsBpiCmtsTEKEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing attributes of one TEK
		association on a particular CMTS MAC interface. The CMTS MUST create
		one entry per SID per MAC interface, based on the receipt of an
		Key Request message, and MUST not delete the entry before the CM
		authorization for the SID permanently expires."
	INDEX {
		ifIndex,
		docsIfCmtsServiceId }
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1
	::= { docsBpiCmtsTEKTable 1 }


DocsBpiCmtsTEKEntry ::= SEQUENCE {

	docsBpiCmtsTEKLifetime           Integer32,
	docsBpiCmtsTEKGraceTime          Integer32,
	docsBpiCmtsTEKExpiresOld         DateAndTime,
	docsBpiCmtsTEKExpiresNew         DateAndTime,
	docsBpiCmtsTEKReset              TruthValue,
	docsBpiCmtsKeyRequests           Counter32,
	docsBpiCmtsKeyReplies            Counter32,
	docsBpiCmtsKeyRejects            Counter32,
	docsBpiCmtsTEKInvalids           Counter32,
	docsBpiCmtsKeyRejectErrorCode    INTEGER,
	docsBpiCmtsKeyRejectErrorString  DisplayString,
	docsBpiCmtsTEKInvalidErrorCode   INTEGER,
	docsBpiCmtsTEKInvalidErrorString DisplayString }


docsBpiCmtsTEKLifetime OBJECT-TYPE
	SYNTAX  Integer32 (1..604800)
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The value of this object is the lifetime, in seconds, the CMTS assigns
		to keys for this TEK association."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.5
		and Appendix A.2."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.1
	::= { docsBpiCmtsTEKEntry 1 }


docsBpiCmtsTEKGraceTime OBJECT-TYPE
	SYNTAX  Integer32 (1..1800)
	UNITS	"seconds"
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the grace time for the TEK in seconds.
		The CM is expected to start trying to get a new TEK beginning
		TEKGraceTime seconds before the TEK actually expires."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Appendix A.1.1.1.6."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.2
	::= { docsBpiCmtsTEKEntry 2 }


docsBpiCmtsTEKExpiresOld OBJECT-TYPE
	SYNTAX  DateAndTime
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the actual clock time for expiration
		of the immediate predecessor of the most recent TEK for this FSM.
		If this FSM has only one TEK, then the value is the time of activation
		of this FSM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.5
		and 4.2.2.9."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.3
	::= { docsBpiCmtsTEKEntry 3 }


docsBpiCmtsTEKExpiresNew OBJECT-TYPE
	SYNTAX  DateAndTime
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the actual clock time for expiration
		of the most recent TEK for this FSM."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.5
		and 4.2.2.9."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.4
	::= { docsBpiCmtsTEKEntry 4 }


docsBpiCmtsTEKReset OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"Setting this object to TRUE causes the CMTS to invalidate the current
		active TEK(s) (plural due to key transition periods), and to generate
		a new TEK for the associated SID; the CMTS MAY also generate an
		unsolicited TEK Invalid message, to optimize the TEK synchronization





		between the CMTS and the CM. Reading this object always returns
		FALSE."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.1.3.3.5."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.5
	::= { docsBpiCmtsTEKEntry 5 }


docsBpiCmtsKeyRequests OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		received a Key Request message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.4."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.6
	::= { docsBpiCmtsTEKEntry 6 }


docsBpiCmtsKeyReplies OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted a Key Reply message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.5."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.7
	::= { docsBpiCmtsTEKEntry 7 }


docsBpiCmtsKeyRejects OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted a Key Reject message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.6."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.8
	::= { docsBpiCmtsTEKEntry 8 }


docsBpiCmtsTEKInvalids OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the count of times the CMTS has
		transmitted a TEK Invalid message."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Section 4.2.1.8."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.9
	::= { docsBpiCmtsTEKEntry 9 }


docsBpiCmtsKeyRejectErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			unauthorizedSid(4) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in the most recent Key Reject message sent in response to
		a Key Request for this BPI SID. This has value unknown(2) if the last
		Error-Code value was 0, and none(1) if no Key Reject message has been
		received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.6
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.10
	::= { docsBpiCmtsTEKEntry 10 }


docsBpiCmtsKeyRejectErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in the most recent
		Key Reject message sent in response to a Key Request for this BPI
		SID.  This is a zero length string if no Key Reject message has been
		received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.6
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.11
	::= { docsBpiCmtsTEKEntry 11 }


docsBpiCmtsTEKInvalidErrorCode OBJECT-TYPE
	SYNTAX  INTEGER {
			none(1),
			unknown(2),
			invalidKeySequence(6) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the enumerated description of the
		Error-Code in the most recent TEK Invalid message sent in association
		with this BPI SID.  This has value unknown(2) if the last Error-Code
		value was 0, and none(1) if no TEK Invalid message has been received





		since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.8
		and 4.2.2.16."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.12
	::= { docsBpiCmtsTEKEntry 12 }


docsBpiCmtsTEKInvalidErrorString OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..128))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The value of this object is the Display-String in the most recent TEK
		Invalid message sent in association with this BPI SID.  This is a zero
		length string if no TEK Invalid message has been received since reboot."
	REFERENCE
		"DOCSIS Baseline Privacy Interface Specification, Sections 4.2.1.8
		and 4.2.2.6."
	-- 1.3.6.1.2.1.10.127.5.1.2.3.1.13
	::= { docsBpiCmtsTEKEntry 13 }


--
-- The CMTS Multicast Control Group
--

docsBpiMulticastControl OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.1.2.4
	::= { docsBpiCmtsObjects 4 }

--
-- The CMTS IP Multicast Mapping Table, indexed by IP multicast
-- address and prefix, and by ifindex
--

docsBpiIpMulticastMapTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiIpMulticastMapEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the mapping of IP multicast address prefixes to
		multicast SIDs on each CMTS MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.1
	::= { docsBpiMulticastControl 1 }


docsBpiIpMulticastMapEntry OBJECT-TYPE
	SYNTAX  DocsBpiIpMulticastMapEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing the mapping of one IP
		multicast address prefix to one multicast SID on one CMTS MAC
		interface. The CMTS uses the mapping when forwarding downstream IP
		multicast traffic."
	INDEX {
		ifIndex,
		docsBpiIpMulticastAddress,
		docsBpiIpMulticastPrefixLength }
	-- 1.3.6.1.2.1.10.127.5.1.2.4.1.1
	::= { docsBpiIpMulticastMapTable 1 }


DocsBpiIpMulticastMapEntry ::= SEQUENCE {

	docsBpiIpMulticastAddress      IpAddress,
	docsBpiIpMulticastPrefixLength Integer32,
	docsBpiIpMulticastServiceId    Integer32,
	docsBpiIpMulticastMapControl   RowStatus }


docsBpiIpMulticastAddress OBJECT-TYPE
	SYNTAX  IpAddress
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This object represents the IP multicast address (prefix) to be
		mapped by this row, in conjunction with
		docsBpiIpMulticastPrefixLength."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.1.1.1
	::= { docsBpiIpMulticastMapEntry 1 }


docsBpiIpMulticastPrefixLength OBJECT-TYPE
	SYNTAX  Integer32 (0..32)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This object represents the IP multicast address prefix length
		for this row. The value of this object represents the length in
		bits of docsBpiIpMulticastAddress for multicast address
		comparisons, using big-endian ordering. An IP multicast address
		matches this row if the (docsBpiIpMulticastPrefixLength) most
		significant bits of the IP multicast address and of the
		(docsBpiIpMulticastAddress) are identical.
		This object is similar in usage to an IP address mask. The value
		0 corresponds to IP address mask 0.0.0.0, the value 1 corresponds
		to IP address mask 128.0.0.0, the value 8 corresponds to IP
		address mask 255.0.0.0, and the value 32 corresponds to IP
		address mask 255.255.255.255."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.1.1.2
	::= { docsBpiIpMulticastMapEntry 2 }


docsBpiIpMulticastServiceId OBJECT-TYPE
	SYNTAX  Integer32 (8192..16368)
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This object represents the multicast SID to be used in this
		IP multicast address prefix mapping entry."
	-- DEFVAL is an unused multicast SID value chosen by CMTS.
	-- 1.3.6.1.2.1.10.127.5.1.2.4.1.1.3
	::= { docsBpiIpMulticastMapEntry 3 }


docsBpiIpMulticastMapControl OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This object controls and reflects the IP multicast address prefix
		mapping entry. There is no restriction on the ability to change values
		in this row while the row is active."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.1.1.4
	::= { docsBpiIpMulticastMapEntry 4 }


--
-- The CMTS Multicast SID Authorization Table, indexed by ifIndex by
-- multicast SID by CM MAC address
--

docsBpiMulticastAuthTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF DocsBpiMulticastAuthEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table describes the multicast SID authorization for each
		CM on each CMTS MAC interface."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.2
	::= { docsBpiMulticastControl 2 }


docsBpiMulticastAuthEntry OBJECT-TYPE
	SYNTAX  DocsBpiMulticastAuthEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"Each entry contains objects describing the key authorization of one
		cable modem for one multicast SID for one CMTS MAC interface."
	INDEX {
		ifIndex,
		docsBpiMulticastServiceId,
		docsBpiMulticastCmMacAddress }
	-- 1.3.6.1.2.1.10.127.5.1.2.4.2.1
	::= { docsBpiMulticastAuthTable 1 }


DocsBpiMulticastAuthEntry ::= SEQUENCE {

	docsBpiMulticastServiceId    Integer32,
	docsBpiMulticastCmMacAddress MacAddress,
	docsBpiMulticastAuthControl  RowStatus }


docsBpiMulticastServiceId OBJECT-TYPE
	SYNTAX  Integer32 (8192..16368)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This object represents the multicast SID for authorization."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.2.1.1
	::= { docsBpiMulticastAuthEntry 1 }


docsBpiMulticastCmMacAddress OBJECT-TYPE
	SYNTAX  MacAddress
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This object represents the MAC address of the CM to which the
		multicast SID authorization applies."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.2.1.2
	::= { docsBpiMulticastAuthEntry 2 }


docsBpiMulticastAuthControl OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This object controls and reflects the CM authorization for each
		multicast SID. There is no restriction on the ability to change
		values in this row while the row is active."
	-- 1.3.6.1.2.1.10.127.5.1.2.4.2.1.3
	::= { docsBpiMulticastAuthEntry 3 }


--
-- The BPI MIB Conformance Statements (with a placeholder for
-- notifications)
--

docsBpiNotification OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.2
	::= { docsBpiMIB 2 }

docsBpiConformance OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.3
	::= { docsBpiMIB 3 }

docsBpiCompliances OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.3.1
	::= { docsBpiConformance 1 }

docsBpiGroups OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.10.127.5.3.2
	::= { docsBpiConformance 2 }


docsBpiBasicCompliance MODULE-COMPLIANCE
	STATUS  current
	DESCRIPTION
		"This is the compliance statement for devices which implement the
		DOCSIS Baseline Privacy Interface."

	MODULE 

	GROUP docsBpiCmGroup
	  DESCRIPTION
		"This group is implemented only in CMs, not in CMTSs."
	GROUP docsBpiCmtsGroup
	  DESCRIPTION
		"This group is implemented only in CMTSs, not in CMs."
	OBJECT docsBpiCmtsDefaultAuthLifetime
	  SYNTAX Integer32 (86400..6048000)
	  DESCRIPTION 
		"The refined range corresponds to the minimum and maximum values in
		operational networks, according to Appendix A.2 in [18]."
	OBJECT docsBpiCmtsDefaultTEKLifetime
	  SYNTAX Integer32 (1800..604800)
	  DESCRIPTION 
		"The refined range corresponds to the minimum and maximum values in
		operational networks, according to Appendix A.2 in [18]."
	OBJECT docsBpiCmtsAuthCmLifetime
	  SYNTAX Integer32 (86400..6048000)
	  DESCRIPTION 
		"The refined range corresponds to the minimum and maximum values in
		operational networks, according to Appendix A.2 in [18]."
	OBJECT docsBpiCmtsTEKLifetime
	  SYNTAX Integer32 (1800..604800)
	  DESCRIPTION 
		"The refined range corresponds to the minimum and maximum values in
		operational networks, according to Appendix A.2 in [18]."
	-- relaxation on mandatory range (unnecessary since object is read-only)
	-- OBJECT       docsBpiCmtsTEKGraceTime
	-- SYNTAX       Integer32 (300..1800)
	-- DESCRIPTION
	-- "The refined range corresponds to the minimum and maximum values in
	-- operational networks, according to Appendix A.2 in [18]."
	-- 1.3.6.1.2.1.10.127.5.3.1.1
	::= { docsBpiCompliances 1 }

docsBpiCmGroup OBJECT-GROUP
	OBJECTS {
		docsBpiCmPrivacyEnable,
		docsBpiCmPublicKey,
		docsBpiCmAuthState,
		docsBpiCmAuthKeySequenceNumber,
		docsBpiCmAuthExpires,
		docsBpiCmAuthReset,
		docsBpiCmAuthGraceTime,
		docsBpiCmTEKGraceTime,
		docsBpiCmAuthWaitTimeout,
		docsBpiCmReauthWaitTimeout,
		docsBpiCmOpWaitTimeout,
		docsBpiCmRekeyWaitTimeout,
		docsBpiCmAuthRejectWaitTimeout,
		docsBpiCmAuthRequests,
		docsBpiCmAuthReplies,
		docsBpiCmAuthRejects,
		docsBpiCmAuthInvalids,
		docsBpiCmAuthRejectErrorCode,
		docsBpiCmAuthRejectErrorString,
		docsBpiCmAuthInvalidErrorCode,
		docsBpiCmAuthInvalidErrorString,
		docsBpiCmTEKPrivacyEnable,
		docsBpiCmTEKState,
		docsBpiCmTEKExpiresOld,
		docsBpiCmTEKExpiresNew,
		docsBpiCmTEKKeyRequests,
		docsBpiCmTEKKeyReplies,
		docsBpiCmTEKKeyRejects,
		docsBpiCmTEKInvalids,
		docsBpiCmTEKAuthPends,
		docsBpiCmTEKKeyRejectErrorCode,
		docsBpiCmTEKKeyRejectErrorString,
		docsBpiCmTEKInvalidErrorCode,
		docsBpiCmTEKInvalidErrorString }
	STATUS  current
	DESCRIPTION
		"This collection of objects provides CM BPI status and control."
	-- 1.3.6.1.2.1.10.127.5.3.2.1
	::= { docsBpiGroups 1 }

docsBpiCmtsGroup OBJECT-GROUP
	OBJECTS {
		docsBpiCmtsDefaultAuthLifetime,
		docsBpiCmtsDefaultTEKLifetime,
		docsBpiCmtsAuthRequests,
		docsBpiCmtsAuthReplies,
		docsBpiCmtsAuthRejects,
		docsBpiCmtsAuthInvalids,
		docsBpiCmtsAuthCmPublicKey,
		docsBpiCmtsAuthCmKeySequenceNumber,
		docsBpiCmtsAuthCmExpires,
		docsBpiCmtsAuthCmLifetime,
		docsBpiCmtsAuthCmGraceTime,
		docsBpiCmtsAuthCmReset,
		docsBpiCmtsAuthCmRequests,
		docsBpiCmtsAuthCmReplies,
		docsBpiCmtsAuthCmRejects,
		docsBpiCmtsAuthCmInvalids,
		docsBpiCmtsAuthRejectErrorCode,
		docsBpiCmtsAuthRejectErrorString,
		docsBpiCmtsAuthInvalidErrorCode,
		docsBpiCmtsAuthInvalidErrorString,
		docsBpiCmtsTEKLifetime,
		docsBpiCmtsTEKGraceTime,
		docsBpiCmtsTEKExpiresOld,
		docsBpiCmtsTEKExpiresNew,
		docsBpiCmtsTEKReset,
		docsBpiCmtsKeyRequests,
		docsBpiCmtsKeyReplies,
		docsBpiCmtsKeyRejects,
		docsBpiCmtsTEKInvalids,
		docsBpiCmtsKeyRejectErrorCode,
		docsBpiCmtsKeyRejectErrorString,
		docsBpiCmtsTEKInvalidErrorCode,
		docsBpiCmtsTEKInvalidErrorString,
		docsBpiIpMulticastServiceId,
		docsBpiIpMulticastMapControl,
		docsBpiMulticastAuthControl }
	STATUS  current
	DESCRIPTION
		"This collection of objects provides CMTS BPI status and control."
	-- 1.3.6.1.2.1.10.127.5.3.2.2
	::= { docsBpiGroups 2 }

docsBpiObsoleteObjectsGroup OBJECT-GROUP
	OBJECTS {
		docsBpiCmtsDefaultAuthGraceTime,
		docsBpiCmtsDefaultTEKGraceTime }
	STATUS  obsolete
	DESCRIPTION
		"This is a collection of obsolete BPI objects."
	-- 1.3.6.1.2.1.10.127.5.3.2.3
	::= { docsBpiGroups 3 }

END
