-- extracted from draft-kzm-imss-fc-fcsp-mib-00.txt -- at Wed Jun 13 06:08:27 2007 T11-FC-SP-SA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32, Counter32, Counter64, TimeTicks, Gauge32, mib-2 FROM SNMPv2-SMI -- [RFC2578] RowStatus, StorageType, AutonomousType, TimeStamp, TruthValue FROM SNMPv2-TC -- [RFC2579] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] InterfaceIndex, InterfaceIndexOrZero FROM IF-MIB -- [RFC2863] fcmInstanceIndex, FcAddressIdOrZero FROM FC-MGMT-MIB -- [RFC4044] T11FabricIndex FROM T11-TC-MIB -- [RFC4439] T11FcSpType, T11FcSpiIndex, T11FcRoutingControl, T11FcSaDirection, T11FcSpPrecedence, T11FcSpTransforms FROM T11-FC-SP-TC-MIB; t11FcSpSaMIB MODULE-IDENTITY LAST-UPDATED "200702190000Z" ORGANIZATION "T11" CONTACT-INFO " Claudio DeSanti Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA EMail: cds@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Email: kzm@cisco.com" DESCRIPTION "This MIB module specifies the management information required to manage Security Associations established via Fibre Channel's FC-SP specification. The MIB module consists of six parts: - a per-Fabric table, t11FcSpSaIfTable, of capabilities, parameters, status information and counters; the counters include non-transient aggregates of per-SA transient counters; - three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable and t11FcSpSaTransTable, specifying the proposals for an FC-SP entity acting as an SA_Initiator to present to the SA_Responder during the negotiation of Security Associations. The same information is also used by an FC-SP entity acting as an SA_Responder to decide what to accept during the negotiation of Security Associations. One of these tables, t11FcSpSaTransTable, is used not only for information about security transforms to propose and to accept, but also as agreed upon during the negotiation of Security Associations; - a table, t11FcSpSaTSelDrByTable, of Traffic Selectors having the security action of 'drop' or 'bypass' to be applied either to ingress traffic which is unprotected by FC-SP, or to all egress traffic; - four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable, t11FcSpSaTSelNegOutTable and t11FcSpSaTSelSpiTable, containing information about active bidirectional pairs of Security Associations; in particular, t11FcSpSaPairTable has one row per active bidirectional SA pair, t11FcSpSaTSelNegInTable and t11FcSpSaTSelNegOutTable contain information on the Traffic Selectors negotiated on the SAs, and the t11FcSpSaTSelSpiTable is an alternate lookup table such that the Traffic Selector(s) in use on a particular Security Association can be quickly determined based on the (ingress) SPI value; - a table, t11FcSpSaControlTable, of control and other information concerning the generation of notifications for events related to FC-SP Security Associations; - one notification, t11FcSpSaNotifyAuthFailure, generated on the occurrence of an Authentication failure for a received FC-2 or CT_IU frame. Copyright (C) The IETF Trust (2007). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- RFC Editor: replace yyyy with actual RFC number & remove this note REVISION "200702190000Z" DESCRIPTION "Initial version of this MIB module, published as RFCyyyy." -- RFC-Editor, replace yyyy with actual RFC number & remove this note ::= { mib-2 nnn } -- to be assigned by IANA -- RFC Editor: replace nnn with IANA-assigned number & remove this note t11FcSpSaMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpSaMIB 0 } t11FcSpSaMIBObjects OBJECT IDENTIFIER ::= { t11FcSpSaMIB 1 } t11FcSpSaMIBConformance OBJECT IDENTIFIER ::= { t11FcSpSaMIB 2 } t11FcSpSaBase OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 1 } t11FcSpSaConfig OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 2 } t11FcSpSaActive OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 3 } t11FcSpSaControl OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 4 } -- -- Base-level Per-Fabric Information -- t11FcSpSaIfTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing per-Fabric information related to FC-SP Security Associations." ::= { t11FcSpSaBase 1 } t11FcSpSaIfEntry OBJECT-TYPE SYNTAX T11FcSpSaIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information related to Security Associations on a particular Fabric, and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex." INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex } ::= { t11FcSpSaIfTable 1 } T11FcSpSaIfEntry ::= SEQUENCE { t11FcSpSaIfIndex InterfaceIndexOrZero, t11FcSpSaIfFabricIndex T11FabricIndex, -- capabilities t11FcSpSaIfEspHeaderCapab T11FcSpTransforms, t11FcSpSaIfCTAuthCapab T11FcSpTransforms, t11FcSpSaIfIKEv2Capab T11FcSpTransforms, t11FcSpSaIfIkev2AuthCapab TruthValue, -- parameters and status t11FcSpSaIfStorageType StorageType, t11FcSpSaIfReplayPrevention TruthValue, t11FcSpSaIfReplayWindowSize Unsigned32, t11FcSpSaIfDeadPeerDetections Counter32, t11FcSpSaIfTerminateAllSas INTEGER, -- summary frame counters t11FcSpSaIfOutDrops Counter64, t11FcSpSaIfOutBypasses Counter64, t11FcSpSaIfOutProcesses Counter64, t11FcSpSaIfOutUnMatcheds Counter64, t11FcSpSaIfInUnprotUnmtchDrops Counter64, -- aggregates of per-SA transient counters t11FcSpSaIfInDetReplays Counter64, t11FcSpSaIfInUnprotMtchDrops Counter64, t11FcSpSaIfInBadXforms Counter64, t11FcSpSaIfInGoodXforms Counter64, t11FcSpSaIfInProtUnmtchs Counter64 } t11FcSpSaIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object has a non-zero value to identify a particular interface, or the value zero to indicate that the information in this row applies to all (of the management instance's) interfaces to the particular Fabric. If any row has a non-zero value of t11FcSpSaIfIndex, then all rows for the same Fibre Channel management instance must also have a non-zero value of t11FcSpSaIfIndex and thereby be specific to a particular interface. As and when zero values of t11FcSpSaIfIndex are used in this table, then they must also be used in each other table which has t11FcSpSaIfIndex in its INDEX clause." ::= { t11FcSpSaIfEntry 1 } t11FcSpSaIfFabricIndex OBJECT-TYPE SYNTAX T11FabricIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which uniquely identifies a particular Fabric." ::= { t11FcSpSaIfEntry 2 } t11FcSpSaIfEspHeaderCapab OBJECT-TYPE SYNTAX T11FcSpTransforms MAX-ACCESS read-only STATUS current DESCRIPTION "A list of the standardized transforms supported by this entity on this interface for ESP_Header protection." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Appendix A.3.1, tables A.23, A.25." ::= { t11FcSpSaIfEntry 3 } t11FcSpSaIfCTAuthCapab OBJECT-TYPE SYNTAX T11FcSpTransforms MAX-ACCESS read-only STATUS current DESCRIPTION "A list of the standardized transforms supported by this entity on this interface for CT_Authentication protection." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Appendix A.3.1, tables A.23, A.25." ::= { t11FcSpSaIfEntry 4 } t11FcSpSaIfIKEv2Capab OBJECT-TYPE SYNTAX T11FcSpTransforms MAX-ACCESS read-only STATUS current DESCRIPTION "A list of the standardized transforms supported by this entity on this interface with IKEv2 protection." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Appendix A.3.1, tables A.23, A.24, A.25, A.26." ::= { t11FcSpSaIfEntry 5 } t11FcSpSaIfIkev2AuthCapab OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of whether the entity is capable of supporting the IKEv2-AUTH protocol on this interface, i.e., concatenation of Authentication and SA Management Transactions, such that an SA Management Transaction is used to perform both the authentication function and SA management." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.7.2, and table A.27." ::= { t11FcSpSaIfEntry 6 } t11FcSpSaIfStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the memory realization of information related to FC-SP Security Associations for interface(s) to a particular Fabric; specifically, for rows created and/or modified in these tables: t11FcSpSaPropTable t11FcSpSaTSelPropTable t11FcSpSaTransTable t11FcSpSaTSelDrByTable t11FcSpSaControlTable and, for modified information contained in the same row as an instance of this object. Even if an instance of this object has the value 'permanent(4)', none of the information defined in this MIB module for interface(s) to the given Fabric need to be writable." ::= { t11FcSpSaIfEntry 7 } t11FcSpSaIfReplayPrevention OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether anti-replay protection is enabled for frame reception on this interface." REFERENCE "IP Encapsulating Security Payload (ESP), RFC 4303, December 2005, section 3.3.3." ::= { t11FcSpSaIfEntry 8 } t11FcSpSaIfReplayWindowSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The size of the replay window to be used when anti-replay protection is enabled for frame reception on this interface." REFERENCE "IP Encapsulating Security Payload (ESP), RFC 4303, December 2005, section 3.4.3." ::= { t11FcSpSaIfEntry 9 } t11FcSpSaIfDeadPeerDetections OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a dead peer condition has been detected on this interface. This counter has no discontinuities other than those which all Counter32's have when sysUpTime=0." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 8.5.3.3." ::= { t11FcSpSaIfEntry 10 } t11FcSpSaIfTerminateAllSas OBJECT-TYPE SYNTAX INTEGER { noop(1), terminate(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to 'terminate' is a request to terminate all outsanding Security Associations on this interface. When read, the value of this object is always 'noop'. Setting this object to 'noop' has no effect." ::= { t11FcSpSaIfEntry 11 } t11FcSpSaIfOutDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of output frames which were dropped, instead of being transmitted on this interface, because they matched an active (at that time) Traffic Selector with an action of 'Drop'. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 12 } t11FcSpSaIfOutBypasses OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of output frames which were transmitted unchanged by FC-SP on this interface because they matched an active (at that time) Traffic Selector with an action of 'Bypass'. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 13 } t11FcSpSaIfOutProcesses OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of output frames which were protected by FC-SP before being transmitted on this interface because they matched an active (at that time) Traffic Selector with an action of 'Process'. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 14 } t11FcSpSaIfOutUnMatcheds OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of frames which were transmitted unchanged by FC-SP on this interface because they did not match any Traffic Selector active at that time. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 15 } t11FcSpSaIfInUnprotUnmtchDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of frames received on this interface which were dropped because they were unprotected and did not match any Traffic Selector active at that time. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 16 } t11FcSpSaIfInDetReplays OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a replay has been detected on a Security Association which is currently active or was previously active on this interface. Note that a frame which is discarded because it is 'behind' the window, i.e., too old, is counted as a replay. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 17 } t11FcSpSaIfInUnprotMtchDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a frame received on this interface was dropped because it matched with a Traffic Selector for a Security Association which was active at the time of receipt but the frame was not protected as negotiated for that Security Association. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 18 } t11FcSpSaIfInBadXforms OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a frame received on this interface was dropped because of a failure of one of the transforms negotiated for the Security Association on which it was received. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 19 } t11FcSpSaIfInGoodXforms OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of frames received on this interface on a Security Association for which the transforms negotiated for that Security Association were successfully applied, and which matched a Traffic Selector for that Security Association. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 20 } t11FcSpSaIfInProtUnmtchs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of frames received on this interface which were dropped because they did not match any of the Traffic Selectors negotiated for the Security Association on which they were received, even though the Security Association's transforms were successfully applied. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaIfEntry 21 } -- -- Proposals to present in Security Association negotiation -- t11FcSpSaPropTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaPropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of proposals for an FC-SP entity acting as an SA_Initiator to present to the SA_Responder during the negotiation of Security Associations. This information is also used by an FC-SP entity acting as an SA_Responder to decide what to accept during the negotiation of Security Associations." ::= { t11FcSpSaConfig 1 } t11FcSpSaPropEntry OBJECT-TYPE SYNTAX T11FcSpSaPropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information about one proposal for the FC-SP entity to present, or what to accept, during the negotiation of Security Associations on one or more interfaces (identified by t11FcSpSaIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType which is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex." INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex, t11FcSpSaPropIndex } ::= { t11FcSpSaPropTable 1 } T11FcSpSaPropEntry ::= SEQUENCE { t11FcSpSaPropIndex Unsigned32, t11FcSpSaPropSecurityProt INTEGER, t11FcSpSaPropTSelListIndex Unsigned32, t11FcSpSaPropTransListIndex Unsigned32, t11FcSpSaPropAcceptAlgorithm INTEGER, t11FcSpSaPropOutMatchSucceeds Counter64, t11FcSpSaPropRowStatus RowStatus } t11FcSpSaPropIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which uniquely identifies a particular proposal for use on one or more interfaces to a Fabric." ::= { t11FcSpSaPropEntry 1 } t11FcSpSaPropSecurityProt OBJECT-TYPE SYNTAX INTEGER { espHeader(1), ctAuth(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The Security Protocol identifier for this proposal, i.e., whether the proposal is for traffic to be protected using ESP_Header or CT_Authentication." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.3.2.2 and table 67." ::= { t11FcSpSaPropEntry 2 } t11FcSpSaPropTSelListIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "A pointer to the proposal's list of Traffic Selectors. The identified list is represented by all rows in the t11FcSpSaTSelPropTable for which t11FcSpSaTSelPropListIndex has the same value as this object (and with corresponding values of t11FcSpSaIfIndex and fcmInstanceIndex)." ::= { t11FcSpSaPropEntry 3 } t11FcSpSaPropTransListIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "A pointer to the proposal's list of Transforms. The identified list is represented by all rows in the t11FcSpSaTransTable for which t11FcSpSaTransListIndex has the same value as this object (and with corresponding values of t11FcSpSaIfIndex and fcmInstanceIndex)." ::= { t11FcSpSaPropEntry 4 } t11FcSpSaPropAcceptAlgorithm OBJECT-TYPE SYNTAX INTEGER { intersection(1), union(2), other(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The algorithm by which an SA_Responder in an SA negotiation decides on which Traffic Selectors to specify in a response to an IKE_Create_Child_SA request. This algorithm is used when the Traffic Selectors specified by an SA_Initiator in an IKE_Create_Child_SA request overlap with this proposal's list of Traffic Selectors: intersection(1) - the SA_Responder specifies the largest subset of what the SA_Initiator proposed which is also a subset of this proposal's Traffic Selectors. union(2) - the SA_Responder specifies the smallest superset of what the SA_Initiator proposed which is also a superset of this proposal's Traffic Selectors. other(3) - the SA_Responder uses some other algorithm. " ::= { t11FcSpSaPropEntry 5 } t11FcSpSaPropOutMatchSucceeds OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of egress frames that have matched a Traffic Selector which was negotiated to select traffic for an SA based on this proposal being accepted. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaPropEntry 6 } t11FcSpSaPropRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of a row. Values of object instances within an active row can be modified at any time. The status cannot be set to 'active' unless and until the instances of t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex in the row have been set to point to active rows in the t11FcSpSaTSelPropTable and t11FcSpSaTransTable tables, respectively. A row in this table is deleted if the active rows it points to are deleted." ::= { t11FcSpSaPropEntry 7 } -- -- Traffic Selector Proposals -- t11FcSpSaTSelPropTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaTSelPropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about Traffic Selectors to propose and/or to accept during the negotiation of Security Associations." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5. - Use of IKEv2 in FC-SP, RFC 4595, July 2006, section 4.4." ::= { t11FcSpSaConfig 2 } t11FcSpSaTSelPropEntry OBJECT-TYPE SYNTAX T11FcSpSaTSelPropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information about one Traffic Selector within a list of Traffic Selectors to propose, or for use in determining what to accept during Security Association negotiation. One such list is configured for use on a Fabric by configuring the list's value of t11FcSpSaTSelPropListIndex as the value of an instance of t11FcSpSaPropTSelListIndex, for corresponding values of t11FcSpSaIfIndex and fcmInstanceIndex. Further, the proposing and accepting of Traffic Selectors is only done as a part of a proposal specified by a row of the t11FcSpSaPropTable, i.e., in combination with the proposing and accepting of security transforms as specified by the combination of t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex in one row of the t11FcSpSaPropTable. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType which is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex." INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaTSelPropListIndex, t11FcSpSaTSelPropIndex } ::= { t11FcSpSaTSelPropTable 1 } T11FcSpSaTSelPropEntry ::= SEQUENCE { t11FcSpSaTSelPropListIndex Unsigned32, t11FcSpSaTSelPropIndex Unsigned32, t11FcSpSaTSelPropDirection T11FcSaDirection, t11FcSpSaTSelPropPrecedence T11FcSpPrecedence, t11FcSpSaTSelPropStartSrcAddr FcAddressIdOrZero, t11FcSpSaTSelPropEndSrcAddr FcAddressIdOrZero, t11FcSpSaTSelPropStartDstAddr FcAddressIdOrZero, t11FcSpSaTSelPropEndDstAddr FcAddressIdOrZero, t11FcSpSaTSelPropStartRCtl T11FcRoutingControl, t11FcSpSaTSelPropEndRCtl T11FcRoutingControl, t11FcSpSaTSelPropStartType T11FcSpType, t11FcSpSaTSelPropEndType T11FcSpType, t11FcSpSaTSelPropRowStatus RowStatus } t11FcSpSaTSelPropListIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which identifies a particular list of Traffic Selectors." ::= { t11FcSpSaTSelPropEntry 1 } t11FcSpSaTSelPropIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which identifies one Traffic Selector within of a list of Traffic Selectors." ::= { t11FcSpSaTSelPropEntry 2 } t11FcSpSaTSelPropDirection OBJECT-TYPE SYNTAX T11FcSaDirection MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of whether this Traffic Selector is to be proposed for ingress or egress traffic." DEFVAL { egress } ::= { t11FcSpSaTSelPropEntry 3 } t11FcSpSaTSelPropPrecedence OBJECT-TYPE SYNTAX T11FcSpPrecedence MAX-ACCESS read-create STATUS current DESCRIPTION "The precedence of this Traffic Selector. If an egress frame matches multiple Traffic Selectors, it should be transmitted on the SA associated with the Traffic Selector having the numerically smallest precedence value." ::= { t11FcSpSaTSelPropEntry 4 } t11FcSpSaTSelPropStartSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { '000000'h } ::= { t11FcSpSaTSelPropEntry 5 } t11FcSpSaTSelPropEndSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { 'FFFFFF'h } ::= { t11FcSpSaTSelPropEntry 6 } t11FcSpSaTSelPropStartDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { '000000'h } ::= { t11FcSpSaTSelPropEntry 7 } t11FcSpSaTSelPropEndDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { 'FFFFFF'h } ::= { t11FcSpSaTSelPropEntry 8 } t11FcSpSaTSelPropStartRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { '00'h } ::= { t11FcSpSaTSelPropEntry 9 } t11FcSpSaTSelPropEndRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { 'FF'h } ::= { t11FcSpSaTSelPropEntry 10 } t11FcSpSaTSelPropStartType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest of a range of possible 'type' values of frames which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { '0000'h } ::= { t11FcSpSaTSelPropEntry 11 } t11FcSpSaTSelPropEndType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest of a range of possible 'type' values of frames which will match with this Traffic Selector." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.4.5." DEFVAL { 'FFFF'h } ::= { t11FcSpSaTSelPropEntry 12 } t11FcSpSaTSelPropRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row. Values of object instances within the row can be modified at any time." ::= { t11FcSpSaTSelPropEntry 13 } -- -- Transform Proposals -- t11FcSpSaTransTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaTransEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about security transforms to propose, to accept and/or agreed upon during the negotiation of Security Associations." ::= { t11FcSpSaConfig 3 } t11FcSpSaTransEntry OBJECT-TYPE SYNTAX T11FcSpSaTransEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information about one proposal within a list of security transforms to be proposed, to be accepted, or already agreed upon, for use on a pair of Security Associations on one or more interfaces (identified by t11FcSpSaIfIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. One such list is configured to be proposed or accepted for use on a Fabric, by having the list's value of t11FcSpSaTransListIndex be the value of an instance of t11FcSpSaPropTransListIndex for that Fabric. Further, the proposing and accepting of security transforms is only done as a part of a proposal specified by a row of the t11FcSpSaPropTable, i.e., in combination with the proposing and accepting of Traffic Selectors as specified by the combination of t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex in one row of the t11FcSpSaPropTable. The security (encryption and integrity) transform in use on an SA pair is indicated by having the pair's values of t11FcSpSaPairTransListIndex and t11FcSpSaPairTransIndex contain the values of t11FcSpSaTransListIndex and t11FcSpSaTransListIndex for the transform's row in this table. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType which is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex." INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaTransListIndex, t11FcSpSaTransIndex } ::= { t11FcSpSaTransTable 1 } T11FcSpSaTransEntry ::= SEQUENCE { t11FcSpSaTransListIndex Unsigned32, t11FcSpSaTransIndex Unsigned32, t11FcSpSaTransSecurityProt INTEGER, t11FcSpSaTransEncryptAlg AutonomousType, t11FcSpSaTransEncryptKeyLen Unsigned32, t11FcSpSaTransIntegrityAlg AutonomousType, t11FcSpSaTransRowStatus RowStatus } t11FcSpSaTransListIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which uniquely identifies a particular list of security transforms to be proposed, to be accepted, or already agreed upon." ::= { t11FcSpSaTransEntry 1 } t11FcSpSaTransIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which uniquely identifies one security transform within a list identified by t11FcSpSaTransListIndex." ::= { t11FcSpSaTransEntry 2 } t11FcSpSaTransSecurityProt OBJECT-TYPE SYNTAX INTEGER { espHeader(1), ctAuth(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The Security Protocol identifier which indicates whether this transform is for traffic to be protected using ESP_Header or using CT_Authentication." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.3.2.2 and table 67." ::= { t11FcSpSaTransEntry 3 } t11FcSpSaTransEncryptAlg OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-create STATUS current DESCRIPTION "The Encryption Algorithm for this transform." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.3.2.3 and tables 69 & 70." ::= { t11FcSpSaTransEntry 4 } t11FcSpSaTransEncryptKeyLen OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The key length in bits to be used with an encryption algorithm which has a variable length key. This object is ignored when the corresponding instance of t11FcSpSaTransEncryptAlg specifies an algorithm with a fixed length key." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.3.2.5 and table 77." ::= { t11FcSpSaTransEntry 5 } t11FcSpSaTransIntegrityAlg OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-create STATUS current DESCRIPTION "The Integrity Algorithm for this transform." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 6.3.2.3 and tables 69 & 72." ::= { t11FcSpSaTransEntry 6 } t11FcSpSaTransRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row. When an instance of t11FcSpSaPairTransListIndex points to a row in this table, values of object instances in the row cannot be modified nor can the row be deleted. Otherwise, a row can be modified or deleted at any time." ::= { t11FcSpSaTransEntry 7 } -- -- Traffic Selectors for Drop & Bypass -- t11FcSpSaTSelDrByTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaTSelDrByEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing Traffic Selectors to select which traffic is to be dropped or is to bypass further security processing." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, sections 4.6, 4.7, and 6.4.5. - Use of IKEv2 in FC-SP, RFC 4595, July 2006, section 4.4." ::= { t11FcSpSaConfig 4 } t11FcSpSaTSelDrByEntry OBJECT-TYPE SYNTAX T11FcSpSaTSelDrByEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents one Traffic Selector having the security action of 'drop' or 'bypass' which is applied based on a precedence value, either to ingress traffic which is unprotected by FC-SP, or to all egress traffic on one or more interfaces (identified by t11FcSpSaIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType which is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex." INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex, t11FcSpSaTSelDrByDirection, t11FcSpSaTSelDrByPrecedence } ::= { t11FcSpSaTSelDrByTable 1 } T11FcSpSaTSelDrByEntry ::= SEQUENCE { t11FcSpSaTSelDrByDirection T11FcSaDirection, t11FcSpSaTSelDrByPrecedence T11FcSpPrecedence, t11FcSpSaTSelDrByAction INTEGER, t11FcSpSaTSelDrByStartSrcAddr FcAddressIdOrZero, t11FcSpSaTSelDrByEndSrcAddr FcAddressIdOrZero, t11FcSpSaTSelDrByStartDstAddr FcAddressIdOrZero, t11FcSpSaTSelDrByEndDstAddr FcAddressIdOrZero, t11FcSpSaTSelDrByStartRCtl T11FcRoutingControl, t11FcSpSaTSelDrByEndRCtl T11FcRoutingControl, t11FcSpSaTSelDrByStartType T11FcSpType, t11FcSpSaTSelDrByEndType T11FcSpType, t11FcSpSaTSelDrByMatches Counter64, t11FcSpSaTSelDrByRowStatus RowStatus } t11FcSpSaTSelDrByDirection OBJECT-TYPE SYNTAX T11FcSaDirection MAX-ACCESS not-accessible STATUS current DESCRIPTION "An indication of whether this Traffic Selector is for ingress or egress traffic." ::= { t11FcSpSaTSelDrByEntry 1 } t11FcSpSaTSelDrByPrecedence OBJECT-TYPE SYNTAX T11FcSpPrecedence MAX-ACCESS not-accessible STATUS current DESCRIPTION "The precedence of this Traffic Selector. If and when a frame is compared against multiple Traffic Selectors, and multiple of them have a match with the frame, the security action to be taken for the frame is that specified for the matching Traffic Selector having the numerically smallest precedence value." ::= { t11FcSpSaTSelDrByEntry 2 } t11FcSpSaTSelDrByAction OBJECT-TYPE SYNTAX INTEGER { drop(1), bypass(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The security action to be taken for a frame which matches this Traffic Selector." DEFVAL { drop } ::= { t11FcSpSaTSelDrByEntry 3 } t11FcSpSaTSelDrByStartSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." DEFVAL { '000000'h } ::= { t11FcSpSaTSelDrByEntry 4 } t11FcSpSaTSelDrByEndSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." DEFVAL { 'FFFFFF'h } ::= { t11FcSpSaTSelDrByEntry 5 } t11FcSpSaTSelDrByStartDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." DEFVAL { '000000'h } ::= { t11FcSpSaTSelDrByEntry 6 } t11FcSpSaTSelDrByEndDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." DEFVAL { 'FFFFFF'h } ::= { t11FcSpSaTSelDrByEntry 7 } t11FcSpSaTSelDrByStartRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." DEFVAL { '00'h } ::= { t11FcSpSaTSelDrByEntry 8 } t11FcSpSaTSelDrByEndRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." DEFVAL { 'FF'h } ::= { t11FcSpSaTSelDrByEntry 9 } t11FcSpSaTSelDrByStartType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically smallest of a range of possible 'type' values of frames which will match with this Traffic Selector." DEFVAL { '0000'h } ::= { t11FcSpSaTSelDrByEntry 10 } t11FcSpSaTSelDrByEndType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-create STATUS current DESCRIPTION "The numerically largest of a range of possible 'type' values of frames which will match with this Traffic Selector." DEFVAL { 'FFFF'h } ::= { t11FcSpSaTSelDrByEntry 11 } t11FcSpSaTSelDrByMatches OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of frames for which the action specified by the corresponding instance of t11FcSpSaTSelDrByAction was taken because of a match with this Traffic Selector. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaTSelDrByEntry 12 } t11FcSpSaTSelDrByRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row. Values of object instances within the row can be modified at any time." ::= { t11FcSpSaTSelDrByEntry 13 } -- -- Active Security Associations -- t11FcSpSaPairTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaPairEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about active bidirectional pairs of Security Associations." ::= { t11FcSpSaActive 1 } t11FcSpSaPairEntry OBJECT-TYPE SYNTAX T11FcSpSaPairEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information about one active bidirectional pair of Security Associations on an interface to a particular Fabric (identified by t11FcSpSaIfFabricIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex." INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex, t11FcSpSaIfFabricIndex, t11FcSpSaPairInboundSpi } ::= { t11FcSpSaPairTable 1 } T11FcSpSaPairEntry ::= SEQUENCE { t11FcSpSaPairIfIndex InterfaceIndex, t11FcSpSaPairInboundSpi T11FcSpiIndex, t11FcSpSaPairSecurityProt INTEGER, t11FcSpSaPairTransListIndex Unsigned32, t11FcSpSaPairTransIndex Unsigned32, t11FcSpSaPairLifetimeLeft Unsigned32, t11FcSpSaPairLifetimeLeftUnits INTEGER, t11FcSpSaPairTerminate INTEGER, t11FcSpSaPairInProtUnMatchs Counter64, t11FcSpSaPairInDetReplays Counter64, t11FcSpSaPairInBadXforms Counter64, t11FcSpSaPairInGoodXforms Counter64 } t11FcSpSaPairIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identifies the interface to the particular Fabric on which this SA pair is active." ::= { t11FcSpSaPairEntry 1 } t11FcSpSaPairInboundSpi OBJECT-TYPE SYNTAX T11FcSpiIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SPI value which is used to indicate that an incoming frame was received on the ingress SA of this SA pair." ::= { t11FcSpSaPairEntry 2 } t11FcSpSaPairSecurityProt OBJECT-TYPE SYNTAX INTEGER { espHeader(1), ctAuth(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether this SA uses ESP_Header to protect FC-2 frames, or CT_Authentication to protect Common Transport Information Units (CT_IUs)." ::= { t11FcSpSaPairEntry 3 } t11FcSpSaPairTransListIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The combination of this value and the value of the corresponding instance of t11FcSpSaPairTransIndex identify the row in the t11FcSpSaTransTable which contains the transforms which are in use on this SA pair." ::= { t11FcSpSaPairEntry 4 } t11FcSpSaPairTransIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The combination of this value and the value of the corresponding instance of t11FcSpSaPairTransListIndex identify the row in the t11FcSpSaTransTable which contains the transforms which are in use on this SA pair." ::= { t11FcSpSaPairEntry 5 } t11FcSpSaPairLifetimeLeft OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remaining lifetime of this SA pair, given in the units specified by the value of the corresponding instance of t11FcSpSaPairLifetimeLeft." ::= { t11FcSpSaPairEntry 6 } t11FcSpSaPairLifetimeLeftUnits OBJECT-TYPE SYNTAX INTEGER { seconds(1), -- seconds kiloBytes(2), -- 10^^3 bytes megaBytes(3), -- 10^^6 bytes gigaBytes(4), -- 10^^9 bytes teraBytes(5), -- 10^^12 bytes petaBytes(6), -- 10^^15 bytes exaBytes(7), -- 10^^18 bytes zettaBytes(8), -- 10^^21 bytes yottaBytes(9) -- 10^^24 bytes } MAX-ACCESS read-only STATUS current DESCRIPTION "The units in which the value of the corresponding instance of t11FcSpSaPairLifetimeLeft specifies the remaining lifetime of this SA pair." ::= { t11FcSpSaPairEntry 7 } t11FcSpSaPairTerminate OBJECT-TYPE SYNTAX INTEGER { noop(1), terminate(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to 'terminate' is a request to terminate this pair of Security Associations. When read, the value of this object is always 'noop'. Setting this object to 'noop' has no effect." ::= { t11FcSpSaPairEntry 8 } t11FcSpSaPairInProtUnMatchs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of frames received on this SA for which the SA's transforms were successfully applied to the frame, but the frame was still dropped because it did not match any of the SA's ingress Traffic Selectors. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaPairEntry 9 } t11FcSpSaPairInDetReplays OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a replay has been detected on this Security Association. Note that a frame which is discarded because it is 'behind' the window, i.e., too old, is counted as a replay. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaPairEntry 10 } t11FcSpSaPairInBadXforms OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a received frame was dropped because one of the transforms negotiated for this Security Association failed. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaPairEntry 11 } t11FcSpSaPairInGoodXforms OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received frames for which the transforms negotiated for this Security Association, were successfully applied. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaPairEntry 12 } -- -- Negotiated Ingress Traffic Selectors -- t11FcSpSaTSelNegInTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaTSelNegInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about ingress Traffic Selectors which are in use on active Security Associations." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, sections 4.6, 4.7, and 6.4.5. - Use of IKEv2 in FC-SP, RFC 4595, July 2006, section 4.4." ::= { t11FcSpSaActive 2 } t11FcSpSaTSelNegInEntry OBJECT-TYPE SYNTAX T11FcSpSaTSelNegInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information about one ingress Traffic Selector which is in use on an active Security Association on an interface (identified by t11FcSpSaPairIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex." INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex, t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegInIndex } ::= { t11FcSpSaTSelNegInTable 1 } T11FcSpSaTSelNegInEntry ::= SEQUENCE { t11FcSpSaTSelNegInIndex Unsigned32, t11FcSpSaTSelNegInInboundSpi T11FcSpiIndex, t11FcSpSaTSelNegInStartSrcAddr FcAddressIdOrZero, t11FcSpSaTSelNegInEndSrcAddr FcAddressIdOrZero, t11FcSpSaTSelNegInStartDstAddr FcAddressIdOrZero, t11FcSpSaTSelNegInEndDstAddr FcAddressIdOrZero, t11FcSpSaTSelNegInStartRCtl T11FcRoutingControl, t11FcSpSaTSelNegInEndRCtl T11FcRoutingControl, t11FcSpSaTSelNegInStartType T11FcSpType, t11FcSpSaTSelNegInEndType T11FcSpType, t11FcSpSaTSelNegInUnpMtchDrops Counter64 } t11FcSpSaTSelNegInIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value to distinguish an ingress Traffic Selector from all others currently in use by Security Associations on the same interface to a particular Fabric." ::= { t11FcSpSaTSelNegInEntry 1 } t11FcSpSaTSelNegInInboundSpi OBJECT-TYPE SYNTAX T11FcSpiIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The SPI of the ingress SA on which this Traffic Selector is in use. This value can be used to find the SA pair's row in the t11FcSpSaPairTable." ::= { t11FcSpSaTSelNegInEntry 2 } t11FcSpSaTSelNegInStartSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 3 } t11FcSpSaTSelNegInEndSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 4 } t11FcSpSaTSelNegInStartDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 5 } t11FcSpSaTSelNegInEndDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 6 } t11FcSpSaTSelNegInStartRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 7 } t11FcSpSaTSelNegInEndRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 8 } t11FcSpSaTSelNegInStartType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest of a range of possible 'type' values of frames which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 9 } t11FcSpSaTSelNegInEndType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest of a range of possible 'type' values of frames which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegInEntry 10 } t11FcSpSaTSelNegInUnpMtchDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that a received frame was dropped because it matched with this Traffic Selector but the frame was not protected as negotiated for the Security Association identified by t11FcSpSaTSelNegInInboundSpi. This counter has no discontinuities other than those which all Counter64's have when sysUpTime=0." ::= { t11FcSpSaTSelNegInEntry 11 } -- -- Negotiated Egress Traffic Selectors -- t11FcSpSaTSelNegOutTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaTSelNegOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about egress Traffic Selectors which are in use on active Security Associations." REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, sections 4.6, 4.7, and 6.4.5. - Use of IKEv2 in FC-SP, RFC 4595, July 2006, section 4.4." ::= { t11FcSpSaActive 3 } t11FcSpSaTSelNegOutEntry OBJECT-TYPE SYNTAX T11FcSpSaTSelNegOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains information about one egress Traffic Selector which is in use on an active Security Association on an interface (identified by t11FcSpSaPairIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex." INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex, t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegOutPrecedence } ::= { t11FcSpSaTSelNegOutTable 1 } T11FcSpSaTSelNegOutEntry ::= SEQUENCE { t11FcSpSaTSelNegOutPrecedence T11FcSpPrecedence, t11FcSpSaTSelNegOutInboundSpi T11FcSpiIndex, t11FcSpSaTSelNegOutStartSrcAddr FcAddressIdOrZero, t11FcSpSaTSelNegOutEndSrcAddr FcAddressIdOrZero, t11FcSpSaTSelNegOutStartDstAddr FcAddressIdOrZero, t11FcSpSaTSelNegOutEndDstAddr FcAddressIdOrZero, t11FcSpSaTSelNegOutStartRCtl T11FcRoutingControl, t11FcSpSaTSelNegOutEndRCtl T11FcRoutingControl, t11FcSpSaTSelNegOutStartType T11FcSpType, t11FcSpSaTSelNegOutEndType T11FcSpType } t11FcSpSaTSelNegOutPrecedence OBJECT-TYPE SYNTAX T11FcSpPrecedence MAX-ACCESS not-accessible STATUS current DESCRIPTION "The precedence of this Traffic Selector. If and when a frame is compared against multiple Traffic Selectors, and multiple of them have a match with the frame, the security action to be taken for the frame is that specified for the matching Traffic Selector having the numerically smallest precedence value." ::= { t11FcSpSaTSelNegOutEntry 1 } t11FcSpSaTSelNegOutInboundSpi OBJECT-TYPE SYNTAX T11FcSpiIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The SPI of the ingress SA of the SA pair for which this Traffic Selector is in use on the egress SA. This value can be used to find the SA pair's row in the t11FcSpSaPairTable." ::= { t11FcSpSaTSelNegOutEntry 2 } t11FcSpSaTSelNegOutStartSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 3 } t11FcSpSaTSelNegOutEndSrcAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest 24-bit value of a source address (S_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 4 } t11FcSpSaTSelNegOutStartDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 5 } t11FcSpSaTSelNegOutEndDstAddr OBJECT-TYPE SYNTAX FcAddressIdOrZero (SIZE (3)) MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest 24-bit value of a destination address (D_ID) of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 6 } t11FcSpSaTSelNegOutStartRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 7 } t11FcSpSaTSelNegOutEndRCtl OBJECT-TYPE SYNTAX T11FcRoutingControl MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 8 } t11FcSpSaTSelNegOutStartType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically smallest of a range of possible 'type' values of frames which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 9 } t11FcSpSaTSelNegOutEndType OBJECT-TYPE SYNTAX T11FcSpType MAX-ACCESS read-only STATUS current DESCRIPTION "The numerically largest of a range of possible 'type' values of frames which will match with this Traffic Selector." ::= { t11FcSpSaTSelNegOutEntry 10 } -- -- Traffic Selectors index-ed by SPI -- t11FcSpSaTSelSpiTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaTSelSpiEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table identifying the Traffic Selectors in use on particular Security Associations, index-ed by their (ingress) SPI values." ::= { t11FcSpSaActive 4 } t11FcSpSaTSelSpiEntry OBJECT-TYPE SYNTAX T11FcSpSaTSelSpiEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry identifies one Traffic Selector in use on an SA pair on the interface (identified by t11FcSpSaPairIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex." INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex, t11FcSpSaIfFabricIndex, t11FcSpSaTSelSpiInboundSpi, t11FcSpSaTSelSpiTrafSelIndex } ::= { t11FcSpSaTSelSpiTable 1 } T11FcSpSaTSelSpiEntry ::= SEQUENCE { t11FcSpSaTSelSpiInboundSpi T11FcSpiIndex, t11FcSpSaTSelSpiTrafSelIndex Unsigned32, t11FcSpSaTSelSpiDirection INTEGER, t11FcSpSaTSelSpiTrafSelPtr Unsigned32 } t11FcSpSaTSelSpiInboundSpi OBJECT-TYPE SYNTAX T11FcSpiIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "An SPI value which identifies the ingress Security Association of a particular SA pair." ::= { t11FcSpSaTSelSpiEntry 1 } t11FcSpSaTSelSpiTrafSelIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which distinguishes between the (potentially multiple) Traffic Selectors in use on this Security Association pair." ::= { t11FcSpSaTSelSpiEntry 2 } t11FcSpSaTSelSpiDirection OBJECT-TYPE SYNTAX T11FcSaDirection MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether this Traffic Selector is being used for ingress or for egress traffic." ::= { t11FcSpSaTSelSpiEntry 3 } t11FcSpSaTSelSpiTrafSelPtr OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains a pointer into another table which can be used to obtain more information about this Traffic Selector. If the corresponding instance of t11FcSpSaTSelSpiDirection has the value 'egress', then this object contains the the value of t11FcSpSaTSelNegOutPrecedence in the row of t11FcSpSaTSelNegOutTable which contains more information. If the corresponding instance of t11FcSpSaTSelSpiDirection has the value 'ingress', then this object contains the value of t11FcSpSaTSelNegInIndex which identifies the row in t11FcSpSaTSelNegInTable containing more information." ::= { t11FcSpSaTSelSpiEntry 4 } -- -- Notification information & control -- t11FcSpSaControlTable OBJECT-TYPE SYNTAX SEQUENCE OF T11FcSpSaControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of control and other information concerning the generation of notifications for events related to FC-SP Security Associations." ::= { t11FcSpSaControl 1 } t11FcSpSaControlEntry OBJECT-TYPE SYNTAX T11FcSpSaControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry identifies information for the one or more interfaces (identified by t11FcSpSaIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType which is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex." INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex } ::= { t11FcSpSaControlTable 1 } T11FcSpSaControlEntry ::= SEQUENCE { t11FcSpSaControlAuthFailEnable TruthValue, t11FcSpSaControlInboundSpi T11FcSpiIndex, t11FcSpSaControlSource FcAddressIdOrZero, t11FcSpSaControlDestination FcAddressIdOrZero, t11FcSpSaControlFrame OCTET STRING, t11FcSpSaControlElapsed TimeTicks, t11FcSpSaControlSuppressed Gauge32, t11FcSpSaControlWindow Unsigned32, t11FcSpSaControlLifeExcdEnable TruthValue, t11FcSpSaControlLifeExcdSpi T11FcSpiIndex, t11FcSpSaControlLifeExcdDir T11FcSaDirection, t11FcSpSaControlLifeExcdTime TimeStamp } t11FcSpSaControlAuthFailEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether a t11FcSpSaNotifyAuthFailure notification should be generated for the first occurrence of an Authentication failure within a time window for this Fabric." ::= { t11FcSpSaControlEntry 1 } t11FcSpSaControlInboundSpi OBJECT-TYPE SYNTAX T11FcSpiIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The SPI value of the ingress Security Association on which was received the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is zero." ::= { t11FcSpSaControlEntry 2 } t11FcSpSaControlSource OBJECT-TYPE SYNTAX FcAddressIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The S_ID contained in the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is the zero-length string." ::= { t11FcSpSaControlEntry 3 } t11FcSpSaControlDestination OBJECT-TYPE SYNTAX FcAddressIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The D_ID contained in the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is the zero-length string." ::= { t11FcSpSaControlEntry 4 } t11FcSpSaControlFrame OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..256)) MAX-ACCESS read-only STATUS current DESCRIPTION "The binary content of the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If more than 256 bytes of the frame are available, then this object contains the first 256 bytes. If less than 256 bytes of the frame are available, then this object contains the first N bytes, where N is greater or equal to zero. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is the zero-length string." ::= { t11FcSpSaControlEntry 5 } t11FcSpSaControlElapsed OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The elapsed time since the last generation of a t11FcSpSaNotifyAuthFailure notification on the same Fabric, or the value of sysUpTime if no t11FcSpSaNotifyAuthFailure notifications have been generated since the last restart." ::= { t11FcSpSaControlEntry 6 } t11FcSpSaControlSuppressed OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of occurrences of an Authentication failure on a Fabric which were suppressed because they occurred on the same Fabric within the same time window as a previous Authentication failure for which a t11FcSpSaNotifyAuthFailure notification was generated. The value of this object is reset to zero on a restart of the network management subsystem, and whenever a t11FcSpSaNotifyAuthFailure notification is generated. In the event that the value of this object reaches its maximum value, it remains at that value until it is reset on the generation of the next t11FcSpSaNotifyAuthFailure notification." ::= { t11FcSpSaControlEntry 7 } t11FcSpSaControlWindow OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The length of a time window which begins when a t11FcSpSaNotifyAuthFailure notification is generated. Subsequent Authentication failures occurring on the same Fabric in the same time window are counted but no t11FcSpSaNotifyAuthFailure notification is generated. When this object is modified before the end of a time window, that time window is immediately terminated, i.e., the next Authentication failure on the relevant Fabric after the modification will cause a new time window to begin with the new length." DEFVAL { 300 } ::= { t11FcSpSaControlEntry 8 } t11FcSpSaControlLifeExcdEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether t11FcSpSaNotifyLifeExceeded notifications should be generated for this Fabric." DEFVAL { true } ::= { t11FcSpSaControlEntry 9 } t11FcSpSaControlLifeExcdSpi OBJECT-TYPE SYNTAX T11FcSpiIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The SPI of the SA which was most recently terminated because its lifetime (in seconds or in passed bytes) was exceeded. Such terminations include those due to a failed attempt to renew an SA after its lifetime was exceeded." ::= { t11FcSpSaControlEntry 10 } t11FcSpSaControlLifeExcdDir OBJECT-TYPE SYNTAX T11FcSaDirection MAX-ACCESS read-only STATUS current DESCRIPTION "The direction of frame transmission on the SA which was most recently terminated because its lifetime (in seconds or in passed bytes) was exceeded." ::= { t11FcSpSaControlEntry 11 } t11FcSpSaControlLifeExcdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The time of the most recent termination of an SA due to its lifetime (in seconds or in passed bytes) being exceeded. Such terminations include those due to a failed attempt to renew an SA after its lifetime was exceeded." ::= { t11FcSpSaControlEntry 12 } -- -- Notification definitions -- t11FcSpSaNotifyAuthFailure NOTIFICATION-TYPE OBJECTS { t11FcSpSaControlInboundSpi, t11FcSpSaControlSource, t11FcSpSaControlDestination, t11FcSpSaControlFrame, t11FcSpSaControlElapsed, t11FcSpSaControlSuppressed } STATUS current DESCRIPTION "When this notification is generated, it indicates the occurrence of an Authentication failure for a received FC-2 or CT_IU frame. The t11FcSpSaControlInboundSpi, t11FcSpSaControlSource and t11FcSpSaControlDestination objects in the varbindlist are the frame's SPI, source and destination addresses, respectively. t11FcSpSaControlFrame provides the (beginning of the) frame's content if such is available. This notification is generated only for the first occurrence of an Authentication failure on a Fabric within a time window. Subsequent occurrences of an Authentication Failure on the same Fabric within the same time window are counted but suppressed. The value of t11FcSpSaControlElapsed contains (a lower bound on) the elapsed time since the last generation of this notification for the same Fabric. The value of t11FcSpSaControlSuppressed contains the number of generations which were suppressed in the time window after that last generation, or zero if unknown." ::= { t11FcSpSaMIBNotifications 1 } t11FcSpSaNotifyLifeExceeded NOTIFICATION-TYPE OBJECTS { t11FcSpSaControlLifeExcdSpi, t11FcSpSaControlLifeExcdDir } STATUS current DESCRIPTION "This notification is generated when the lifetime (in seconds or in passed bytes) of an SA is exceeded, and the SA is either immediately terminated or is terminated because an attempt to renew the SA fails. The values of t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir contain the SPI and direction of the terminated SA." ::= { t11FcSpSaMIBNotifications 2 } -- -- Conformance -- t11FcSpSaMIBCompliances OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 1 } t11FcSpSaMIBGroups OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 2 } t11FcSpSaMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement FC-SP Security Associations." MODULE -- this module MANDATORY-GROUPS { t11FcSpSaCapabilityGroup, t11FcSpSaParamStatusGroup, t11FcSpSaSummaryCountGroup, t11FcSpSaProposalGroup, t11FcSpSaDropBypassGroup, t11FcSpSaActiveGroup, t11FcSpSaNotifInfoGroup, t11FcSpSaNotificationGroup } -- The following is an auxiliary (listed in an INDEX clause) -- object for which the SMIv2 does not allow an OBJECT clause -- to be specified, but for which this MIB has the following -- compliance requirement: -- OBJECT t11FcSpSaIfIndex -- DESCRIPTION -- Compliance requires support for either one of: -- - individual interfaces using ifIndex values, or -- - the use of the zero value. -- Write access is not required for any objects in this MIB module: OBJECT t11FcSpSaIfStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaIfReplayPrevention MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaIfReplayWindowSize MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaIfTerminateAllSas MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaPropSecurityProt MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaPropTSelListIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaPropTransListIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaPropAcceptAlgorithm MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaPropRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropDirection MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropPrecedence MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropStartSrcAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropEndSrcAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropStartDstAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropEndDstAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropStartRCtl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropEndRCtl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropStartType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropEndType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelPropRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTransSecurityProt MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTransEncryptAlg MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTransEncryptKeyLen MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTransIntegrityAlg MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTransRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByStartSrcAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByEndSrcAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByStartDstAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByEndDstAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByStartRCtl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByEndRCtl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByStartType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByEndType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaTSelDrByRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaPairTerminate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaControlAuthFailEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaControlWindow MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11FcSpSaControlLifeExcdEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { t11FcSpSaMIBCompliances 1 } -- Units of Conformance t11FcSpSaCapabilityGroup OBJECT-GROUP OBJECTS { t11FcSpSaIfEspHeaderCapab, t11FcSpSaIfCTAuthCapab, t11FcSpSaIfIKEv2Capab, t11FcSpSaIfIkev2AuthCapab } STATUS current DESCRIPTION "A collection of objects containing information related to capabilities of FC-SP entities." ::= { t11FcSpSaMIBGroups 1 } t11FcSpSaParamStatusGroup OBJECT-GROUP OBJECTS { t11FcSpSaIfStorageType, t11FcSpSaIfReplayPrevention, t11FcSpSaIfReplayWindowSize, t11FcSpSaIfDeadPeerDetections, t11FcSpSaIfTerminateAllSas } STATUS current DESCRIPTION "A collection of objects containing parameters and status information related to FC-SP entities." ::= { t11FcSpSaMIBGroups 2 } t11FcSpSaSummaryCountGroup OBJECT-GROUP OBJECTS { t11FcSpSaIfOutDrops, t11FcSpSaIfOutBypasses, t11FcSpSaIfOutProcesses, t11FcSpSaIfOutUnMatcheds, t11FcSpSaIfInUnprotUnmtchDrops, t11FcSpSaIfInDetReplays, t11FcSpSaIfInUnprotMtchDrops, t11FcSpSaIfInBadXforms, t11FcSpSaIfInGoodXforms, t11FcSpSaIfInProtUnmtchs } STATUS current DESCRIPTION "A collection of objects containing summary counters for FC-SP Security Associations." ::= { t11FcSpSaMIBGroups 3 } t11FcSpSaProposalGroup OBJECT-GROUP OBJECTS { t11FcSpSaPropSecurityProt, t11FcSpSaPropTSelListIndex, t11FcSpSaPropTransListIndex, t11FcSpSaPropAcceptAlgorithm, t11FcSpSaPropOutMatchSucceeds, t11FcSpSaPropRowStatus, t11FcSpSaTSelPropDirection, t11FcSpSaTSelPropPrecedence, t11FcSpSaTSelPropStartSrcAddr, t11FcSpSaTSelPropEndSrcAddr, t11FcSpSaTSelPropStartDstAddr, t11FcSpSaTSelPropEndDstAddr, t11FcSpSaTSelPropStartRCtl, t11FcSpSaTSelPropEndRCtl, t11FcSpSaTSelPropStartType, t11FcSpSaTSelPropEndType, t11FcSpSaTSelPropRowStatus } STATUS current DESCRIPTION "A collection of objects containing information related to making and accepting proposals for FC-SP Security Associations." ::= { t11FcSpSaMIBGroups 4 } t11FcSpSaDropBypassGroup OBJECT-GROUP OBJECTS { t11FcSpSaTSelDrByAction, t11FcSpSaTSelDrByStartSrcAddr, t11FcSpSaTSelDrByEndSrcAddr, t11FcSpSaTSelDrByStartDstAddr, t11FcSpSaTSelDrByEndDstAddr, t11FcSpSaTSelDrByStartRCtl, t11FcSpSaTSelDrByEndRCtl, t11FcSpSaTSelDrByStartType, t11FcSpSaTSelDrByEndType, t11FcSpSaTSelDrByMatches, t11FcSpSaTSelDrByRowStatus } STATUS current DESCRIPTION "A collection of objects containing information about Traffic Selectors of traffic to drop or bypass for FC-SP Security." ::= { t11FcSpSaMIBGroups 5 } t11FcSpSaActiveGroup OBJECT-GROUP OBJECTS { t11FcSpSaPairSecurityProt, t11FcSpSaPairTransListIndex, t11FcSpSaPairTransIndex, t11FcSpSaPairLifetimeLeft, t11FcSpSaPairLifetimeLeftUnits, t11FcSpSaPairTerminate, t11FcSpSaPairInProtUnMatchs, t11FcSpSaPairInDetReplays, t11FcSpSaPairInBadXforms, t11FcSpSaPairInGoodXforms, t11FcSpSaTransSecurityProt, t11FcSpSaTransEncryptAlg, t11FcSpSaTransEncryptKeyLen, t11FcSpSaTransIntegrityAlg, t11FcSpSaTransRowStatus, t11FcSpSaTSelNegInInboundSpi, t11FcSpSaTSelNegInStartSrcAddr, t11FcSpSaTSelNegInEndSrcAddr, t11FcSpSaTSelNegInStartDstAddr, t11FcSpSaTSelNegInEndDstAddr, t11FcSpSaTSelNegInStartRCtl, t11FcSpSaTSelNegInEndRCtl, t11FcSpSaTSelNegInStartType, t11FcSpSaTSelNegInEndType, t11FcSpSaTSelNegInUnpMtchDrops, t11FcSpSaTSelNegOutInboundSpi, t11FcSpSaTSelNegOutStartSrcAddr, t11FcSpSaTSelNegOutEndSrcAddr, t11FcSpSaTSelNegOutStartDstAddr, t11FcSpSaTSelNegOutEndDstAddr, t11FcSpSaTSelNegOutStartRCtl, t11FcSpSaTSelNegOutEndRCtl, t11FcSpSaTSelNegOutStartType, t11FcSpSaTSelNegOutEndType, t11FcSpSaTSelSpiDirection, t11FcSpSaTSelSpiTrafSelPtr } STATUS current DESCRIPTION "A collection of objects containing information related to currently active FC-SP Security Associations." ::= { t11FcSpSaMIBGroups 6 } t11FcSpSaNotifInfoGroup OBJECT-GROUP OBJECTS { t11FcSpSaControlAuthFailEnable, t11FcSpSaControlInboundSpi, t11FcSpSaControlSource, t11FcSpSaControlDestination, t11FcSpSaControlFrame, t11FcSpSaControlElapsed, t11FcSpSaControlSuppressed, t11FcSpSaControlWindow, t11FcSpSaControlLifeExcdEnable, t11FcSpSaControlLifeExcdSpi, t11FcSpSaControlLifeExcdDir, t11FcSpSaControlLifeExcdTime } STATUS current DESCRIPTION "A collection of objects containing information related to notifications of events concerning FC-SP Security Associations." ::= { t11FcSpSaMIBGroups 7 } t11FcSpSaNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { t11FcSpSaNotifyAuthFailure, t11FcSpSaNotifyLifeExceeded } STATUS current DESCRIPTION "A collection of notifications of events concerning FC-SP Security Associations." ::= { t11FcSpSaMIBGroups 8 } END -- -- Copyright (C) The IETF Trust (2007). This document is subject to the -- rights, licenses and restrictions contained in BCP 78, and except as -- set forth therein, the authors retain all their rights. -- -- This document and the information contained herein are provided on an -- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS -- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND -- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS -- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- -- Disclaimer of validity -- -- The IETF takes no position regarding the validity or scope of any -- Intellectual Property Rights or other rights that might be claimed to -- pertain to the implementation or use of the technology described in -- this document or the extent to which any license under such rights -- might or might not be available; nor does it represent that it has -- made any independent effort to identify any such rights. Information -- on the procedures with respect to rights in RFC documents can be -- found in BCP 78 and BCP 79. -- -- Copies of IPR disclosures made to the IETF Secretariat and any -- assurances of licenses to be made available, or the result of an -- attempt made to obtain a general license or permission for the use of -- such proprietary rights by implementers or users of this -- specification can be obtained from the IETF on-line IPR repository at -- http://www.ietf.org/ipr. -- -- The IETF invites any interested party to bring to its attention any -- copyrights, patents or patent applications, or other proprietary -- rights that may cover technology that may be required to implement -- this standard. Please address the information to the IETF at -- ietf-ipr@ietf.org. -- -- Acknowledgment -- -- Funding for the RFC Editor function is currently provided by the -- Internet Society.