SNMP/MIB Changes
This section summarizes the SNMP/MIB changes that appear in the ESBC version S-Cz9.0.0.
MIB Changes for STIR/SHAKEN Statistics
When the STIR/SHAKEN feature is enabled, the ESBC uses the apStirServerStats table, within
the ap.apps.mib, to monitor feature statistics.
This table contains the new apStirServerStats objects by which the user can monitor STIR/SHAKEN statistics using SNMP.
| MIB Object | Object ID 1.3.6.1.4.1.9148.3.16.1.4.2.1.4.x + | Description |
|---|---|---|
| apStirServerName | .1. | Server name as configured on the ESBC |
| apStirServerStats.recent.asQueries | .1.1 | Recent queries made to the named AS server |
| apStirServerStats.recent.asSuccessResponses | .1.2 | Recent successful responses received from the named AS server |
| apStirServerStats.recent.asFailResponses | .1.3 | Recent failed responses received from the named AS server |
| apStirServerStats.recent.asFailServiceException | .1.4 | Recent failed responses received from the named AS server caused by a service exception |
| apStirServerStats.recent.asFailPolicyException | .1.5 | Recent failed responses received from the named AS server caused by a policy exception |
| apStirServerStats.recent.vsQueries | .1.6 | Recent queries made to the named VS server |
| apStirServerStats.recent.vsSuccessResponses | .1.7 | Recent successful responses received from the named VS server |
| apStirServerStats.recent.vsFailResponses | .1.8 | Recent failed responses received from the named VS server |
| apStirServerStats.recent.vsFailVerification | .1.9 | Recent failed responses received from the named VS server indicating verification failure |
| apStirServerStats.recent.vsFailServiceException | .1.10 | Recent failed responses received from the named VS server caused by a service exception |
| apStirServerStats.recent.vsFailPolicyException | .1.11 | Recent failed responses received from the named VS server caused by a policy exception |
| apStirServerStats.recent.ServerUnreachable | .1.12 | N/A |
| apStirServerStats.total.asQueries | .2.1 | Recent queries made to the named AS server |
| apStirServerStats.total.asSuccessResponses | .2.2 | Total successful responses received from the named AS server |
| apStirServerStats.total.asFailResponses | .2.3 | Total failed responses received from the named AS server |
| apStirServerStats.total.asFailServiceException | .2.4 | Total failed responses received from the named AS server caused by a service exception |
| apStirServerStats.total.asFailPolicyException | .2.5 | Total failed responses received from the named AS server caused by a policy exception |
| apStirServerStats.total.vsQueries | .2.6 | Total queries made to the named VS server |
| apStirServerStats.total.vsSuccessResponses | .2.7 | Total successful responses received from the named VS server |
| apStirServerStats.total.vsFailResponses | .2.8 | Total failed responses received from the named VS server |
| apStirServerStats.total.vsFailVerification | .2.9 | Total failed responses received from the named VS server indicating verification failure |
| apStirServerStats.total.vsFailServiceException | .2.10 | Total failed responses received from the named VS server caused by a service exception |
| apStirServerStats.total.vsFailPolicyException | .2.11 | Total failed responses received from the named VS server caused by a policy exception |
| apStirServerStats.total.ServerUnreachable | .2.12 | N/A |
| apStirServerStats.permax.asQueries | .3.1 | Permax queries made to the named AS server |
| apStirServerStats.permax.asSuccessResponses | .3.2 | Permax successful responses received from the named AS server |
| apStirServerStats.permax.asFailResponses | .3.3 | Permax failed responses received from the named AS server |
| apStirServerStats.permax.asFailServiceException | .3.4 | Permax failed responses received from the named AS server caused by a service exception |
| apStirServerStats.permax.asFailPolicyException | .3.5 | Permax failed responses received from the named AS server caused by a policy exception |
| apStirServerStats.permax.vsQueries | .3.6 | Permax queries made to the named VS server |
| apStirServerStats.permax.vsSuccessResponses | .3.7 | Permax successful responses received from the named VS server |
| apStirServerStats.permax.vsFailResponses | .3.8 | Permax failed responses received from the named VS server |
| apStirServerStats.permax.vsFailVerification | .3.9 | Permax failed responses received from the named VS server indicating verification failure |
| apStirServerStats.permax.vsFailServiceException | .3.10 | Permax failed responses received from the named VS server caused by a service exception |
| apStirServerStats.permax.vsFailPolicyException | .3.11 | Recent failed responses received from the named VS server caused by a policy exception |
| apStirServerStats.permax.ServerUnreachable | .3.12 | N/A |
The ESBC sends two SNMP traps that alert you when traffic crosses each threshold, and clear when the traffic falls back below the threshold:
- apDosThresholdCrossTrap
- apDosThresholdClearTrap
See the Security chapter in the ACLI Configuration Guide for further information on how to read these traps.
DoS Counter Statistics
The ESBC uses the
apStirServerStats table, within the ap.apps.mib, to monitor
feature statistics.
This table contains the new apDosThresholdCountersGroup objects by which the user can monitor DoS statistics on a per-queue basis using SNMP.
| MIB Object | Object ID 1.3.6.1.4.1.9148.3.16.5 + | Description |
|---|---|---|
| apDosTrustedMinorCounter | .1 | Counter incremented, when trusted bandwidth crossed the minor threshold percentage |
| apDosTrustedMajorCounter | .2 | Counter incremented, when trusted bandwidth crossed the major threshold percentage |
| apDosTrustedCriticalCounter | .3 | Counter incremented, when trusted bandwidth crossed the critical threshold percentage |
| apDosUntrustedMinorCounter | .4 | Counter incremented, when untrusted bandwidth crossed the minor threshold percentage |
| apDosUntrustedMajorCounter | .5 | Counter incremented, when untrusted bandwidth crossed the major threshold percentage |
| apDosUntrustedCriticalCounter | .6 | Counter incremented, when untrusted bandwidth crossed the critical threshold percentage |
| apDosArpMinorCounter | .7 | Counter incremented, when ARP bandwidth crossed the minor threshold percentage |
| apDosArpMajorCounter | .8 | Counter incremented, when ARP bandwidth crossed the major threshold percentage |
| apDosArpCriticalCounter | .9 | Counter incremented, when ARP bandwidth crossed the critical threshold percentage |
OCSP Verification of Client X.509 Certificates
The following MIB is generated whenever any second-factor authentication fails, including when OCSP verification rejects an X.509 certificate because it is revoked.
| MIB Object | Object ID | Description |
|---|---|---|
| apSysMgmtAuthenticationFailedTrap | 1.3.6.1.4.1.9148.3.2.6.0.16 | Generated if an authentication attept fails. |