smilint output for ./T11-FC-SP-SA-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 1 |
| Message Types |
|---|
| Type | Count |
|---|
| object-identifier-not-prefix (error) | 1 |
Messages:
T11-FC-SP-SA-MIB
1: -- extracted from draft-kzm-imss-fc-fcsp-mib-00.txt
2: -- at Wed Jun 13 06:08:27 2007
3:
4: T11-FC-SP-SA-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
8: Unsigned32, Counter32, Counter64, TimeTicks, Gauge32,
9: mib-2 FROM SNMPv2-SMI -- [RFC2578]
10: RowStatus, StorageType, AutonomousType, TimeStamp,
11: TruthValue FROM SNMPv2-TC -- [RFC2579]
12: MODULE-COMPLIANCE, OBJECT-GROUP,
13: NOTIFICATION-GROUP
14: FROM SNMPv2-CONF -- [RFC2580]
15: InterfaceIndex,
16: InterfaceIndexOrZero FROM IF-MIB -- [RFC2863]
17: fcmInstanceIndex,
18: FcAddressIdOrZero FROM FC-MGMT-MIB -- [RFC4044]
19: T11FabricIndex FROM T11-TC-MIB -- [RFC4439]
20: T11FcSpType,
21: T11FcSpiIndex,
22: T11FcRoutingControl,
23: T11FcSaDirection,
24: T11FcSpPrecedence,
25: T11FcSpTransforms FROM T11-FC-SP-TC-MIB;
26:
27: t11FcSpSaMIB MODULE-IDENTITY
28: LAST-UPDATED "200702190000Z"
29: ORGANIZATION "T11"
30: CONTACT-INFO
31: " Claudio DeSanti
32: Cisco Systems, Inc.
33: 170 West Tasman Drive
34: San Jose, CA 95134 USA
35: EMail: cds@cisco.com
36:
37: Keith McCloghrie
38: Cisco Systems, Inc.
39: 170 West Tasman Drive
40: San Jose, CA 95134 USA
41: Email: kzm@cisco.com"
42:
43: DESCRIPTION
44: "This MIB module specifies the management information
45: required to manage Security Associations established via
46: Fibre Channel's FC-SP specification.
47:
48: The MIB module consists of six parts:
49:
50: - a per-Fabric table, t11FcSpSaIfTable, of capabilities,
51: parameters, status information and counters; the counters
52: include non-transient aggregates of per-SA transient
53: counters;
54:
55: - three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable
56: and t11FcSpSaTransTable, specifying the proposals for an
57: FC-SP entity acting as an SA_Initiator to present to the
58: SA_Responder during the negotiation of Security
59: Associations. The same information is also used by an
60: FC-SP entity acting as an SA_Responder to decide what to
61: accept during the negotiation of Security Associations.
62: One of these tables, t11FcSpSaTransTable, is used not only
63: for information about security transforms to propose and
64: to accept, but also as agreed upon during the negotiation
65: of Security Associations;
66:
67: - a table, t11FcSpSaTSelDrByTable, of Traffic Selectors
68: having the security action of 'drop' or 'bypass' to be
69: applied either to ingress traffic which is unprotected by
70: FC-SP, or to all egress traffic;
71:
72: - four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable,
73: t11FcSpSaTSelNegOutTable and t11FcSpSaTSelSpiTable,
74: containing information about active bidirectional pairs of
75: Security Associations; in particular, t11FcSpSaPairTable
76: has one row per active bidirectional SA pair,
77: t11FcSpSaTSelNegInTable and t11FcSpSaTSelNegOutTable
78: contain information on the Traffic Selectors negotiated on
79: the SAs, and the t11FcSpSaTSelSpiTable is an alternate
80: lookup table such that the Traffic Selector(s) in use on a
81: particular Security Association can be quickly determined
82: based on the (ingress) SPI value;
83:
84: - a table, t11FcSpSaControlTable, of control and other
85: information concerning the generation of notifications for
86: events related to FC-SP Security Associations;
87:
88: - one notification, t11FcSpSaNotifyAuthFailure, generated on
89: the occurrence of an Authentication failure for a received
90: FC-2 or CT_IU frame.
91:
92: Copyright (C) The IETF Trust (2007). This version
93: of this MIB module is part of RFC yyyy; see the RFC
94: itself for full legal notices."
95: -- RFC Editor: replace yyyy with actual RFC number & remove this note
96: REVISION "200702190000Z"
97: DESCRIPTION
98: "Initial version of this MIB module, published as RFCyyyy."
99: -- RFC-Editor, replace yyyy with actual RFC number & remove this note
100: ::= { mib-2 nnn } -- to be assigned by IANA
100: error -
Object identifier element `nnn' name only allowed as first element
101: -- RFC Editor: replace nnn with IANA-assigned number & remove this note
102:
103: t11FcSpSaMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpSaMIB 0 }
104: t11FcSpSaMIBObjects OBJECT IDENTIFIER ::= { t11FcSpSaMIB 1 }
105: t11FcSpSaMIBConformance OBJECT IDENTIFIER ::= { t11FcSpSaMIB 2 }
106: t11FcSpSaBase OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 1 }
107: t11FcSpSaConfig OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 2 }
108: t11FcSpSaActive OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 3 }
109: t11FcSpSaControl OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 4 }
110:
111:
112: --
113: -- Base-level Per-Fabric Information
114: --
115:
116: t11FcSpSaIfTable OBJECT-TYPE
117: SYNTAX SEQUENCE OF T11FcSpSaIfEntry
118: MAX-ACCESS not-accessible
119: STATUS current
120: DESCRIPTION
121: "A table containing per-Fabric information related to
122: FC-SP Security Associations."
123: ::= { t11FcSpSaBase 1 }
124:
125: t11FcSpSaIfEntry OBJECT-TYPE
126: SYNTAX T11FcSpSaIfEntry
127: MAX-ACCESS not-accessible
128: STATUS current
129: DESCRIPTION
130: "Each entry contains information related to Security
131: Associations on a particular Fabric, and managed as part
132: of the Fibre Channel management instance identified by
133: fcmInstanceIndex."
134: INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
135: t11FcSpSaIfFabricIndex }
136: ::= { t11FcSpSaIfTable 1 }
137:
138: T11FcSpSaIfEntry ::= SEQUENCE {
139: t11FcSpSaIfIndex InterfaceIndexOrZero,
140: t11FcSpSaIfFabricIndex T11FabricIndex,
141: -- capabilities
142: t11FcSpSaIfEspHeaderCapab T11FcSpTransforms,
143: t11FcSpSaIfCTAuthCapab T11FcSpTransforms,
144: t11FcSpSaIfIKEv2Capab T11FcSpTransforms,
145: t11FcSpSaIfIkev2AuthCapab TruthValue,
146: -- parameters and status
147: t11FcSpSaIfStorageType StorageType,
148: t11FcSpSaIfReplayPrevention TruthValue,
149: t11FcSpSaIfReplayWindowSize Unsigned32,
150: t11FcSpSaIfDeadPeerDetections Counter32,
151: t11FcSpSaIfTerminateAllSas INTEGER,
152: -- summary frame counters
153: t11FcSpSaIfOutDrops Counter64,
154: t11FcSpSaIfOutBypasses Counter64,
155: t11FcSpSaIfOutProcesses Counter64,
156: t11FcSpSaIfOutUnMatcheds Counter64,
157: t11FcSpSaIfInUnprotUnmtchDrops Counter64,
158: -- aggregates of per-SA transient counters
159: t11FcSpSaIfInDetReplays Counter64,
160: t11FcSpSaIfInUnprotMtchDrops Counter64,
161: t11FcSpSaIfInBadXforms Counter64,
162: t11FcSpSaIfInGoodXforms Counter64,
163: t11FcSpSaIfInProtUnmtchs Counter64
164: }
165:
166: t11FcSpSaIfIndex OBJECT-TYPE
167: SYNTAX InterfaceIndexOrZero
168: MAX-ACCESS not-accessible
169: STATUS current
170: DESCRIPTION
171: "This object has a non-zero value to identify a particular
172: interface, or the value zero to indicate that the
173: information in this row applies to all (of the management
174: instance's) interfaces to the particular Fabric.
175:
176: If any row has a non-zero value of t11FcSpSaIfIndex, then
177: all rows for the same Fibre Channel management instance must
178: also have a non-zero value of t11FcSpSaIfIndex and thereby
179: be specific to a particular interface.
180:
181: As and when zero values of t11FcSpSaIfIndex are used in
182: this table, then they must also be used in each other
183: table which has t11FcSpSaIfIndex in its INDEX clause."
184: ::= { t11FcSpSaIfEntry 1 }
185:
186: t11FcSpSaIfFabricIndex OBJECT-TYPE
187: SYNTAX T11FabricIndex
188: MAX-ACCESS not-accessible
189: STATUS current
190: DESCRIPTION
191: "An index value which uniquely identifies a particular
192: Fabric."
193: ::= { t11FcSpSaIfEntry 2 }
194:
195: t11FcSpSaIfEspHeaderCapab OBJECT-TYPE
196: SYNTAX T11FcSpTransforms
197: MAX-ACCESS read-only
198: STATUS current
199: DESCRIPTION
200: "A list of the standardized transforms supported by this
201: entity on this interface for ESP_Header protection."
202: REFERENCE
203: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
204: Fibre Channel - Security Protocols (FC-SP),
205: 13 June 2006, Appendix A.3.1, tables A.23, A.25."
206: ::= { t11FcSpSaIfEntry 3 }
207:
208: t11FcSpSaIfCTAuthCapab OBJECT-TYPE
209: SYNTAX T11FcSpTransforms
210: MAX-ACCESS read-only
211: STATUS current
212: DESCRIPTION
213: "A list of the standardized transforms supported by this
214: entity on this interface for CT_Authentication protection."
215: REFERENCE
216: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
217: Fibre Channel - Security Protocols (FC-SP),
218: 13 June 2006, Appendix A.3.1, tables A.23, A.25."
219: ::= { t11FcSpSaIfEntry 4 }
220:
221: t11FcSpSaIfIKEv2Capab OBJECT-TYPE
222: SYNTAX T11FcSpTransforms
223: MAX-ACCESS read-only
224: STATUS current
225: DESCRIPTION
226: "A list of the standardized transforms supported by this
227: entity on this interface with IKEv2 protection."
228: REFERENCE
229: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
230: Fibre Channel - Security Protocols (FC-SP),
231: 13 June 2006, Appendix A.3.1, tables A.23, A.24, A.25, A.26."
232: ::= { t11FcSpSaIfEntry 5 }
233:
234: t11FcSpSaIfIkev2AuthCapab OBJECT-TYPE
235: SYNTAX TruthValue
236: MAX-ACCESS read-only
237: STATUS current
238: DESCRIPTION
239: "An indication of whether the entity is capable of
240: supporting the IKEv2-AUTH protocol on this interface, i.e.,
241: concatenation of Authentication and SA Management
242: Transactions, such that an SA Management Transaction is
243: used to perform both the authentication function and
244: SA management."
245: REFERENCE
246: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
247: Fibre Channel - Security Protocols (FC-SP), 13 June 2006,
248: section 6.7.2, and table A.27."
249: ::= { t11FcSpSaIfEntry 6 }
250:
251: t11FcSpSaIfStorageType OBJECT-TYPE
252: SYNTAX StorageType
253: MAX-ACCESS read-write
254: STATUS current
255: DESCRIPTION
256: "This object specifies the memory realization of
257: information related to FC-SP Security Associations
258: for interface(s) to a particular Fabric; specifically,
259: for rows created and/or modified in these tables:
260:
261: t11FcSpSaPropTable
262: t11FcSpSaTSelPropTable
263: t11FcSpSaTransTable
264: t11FcSpSaTSelDrByTable
265: t11FcSpSaControlTable
266:
267: and, for modified information contained in the same
268: row as an instance of this object.
269:
270: Even if an instance of this object has the value
271: 'permanent(4)', none of the information defined in
272: this MIB module for interface(s) to the given Fabric
273: need to be writable."
274: ::= { t11FcSpSaIfEntry 7 }
275:
276: t11FcSpSaIfReplayPrevention OBJECT-TYPE
277: SYNTAX TruthValue
278: MAX-ACCESS read-write
279: STATUS current
280: DESCRIPTION
281: "This object indicates whether anti-replay protection is
282: enabled for frame reception on this interface."
283: REFERENCE
284: "IP Encapsulating Security Payload (ESP),
285: RFC 4303, December 2005, section 3.3.3."
286: ::= { t11FcSpSaIfEntry 8 }
287:
288: t11FcSpSaIfReplayWindowSize OBJECT-TYPE
289: SYNTAX Unsigned32
290: MAX-ACCESS read-write
291: STATUS current
292: DESCRIPTION
293: "The size of the replay window to be used when
294: anti-replay protection is enabled for frame reception
295: on this interface."
296: REFERENCE
297: "IP Encapsulating Security Payload (ESP),
298: RFC 4303, December 2005, section 3.4.3."
299: ::= { t11FcSpSaIfEntry 9 }
300:
301: t11FcSpSaIfDeadPeerDetections OBJECT-TYPE
302: SYNTAX Counter32
303: MAX-ACCESS read-only
304: STATUS current
305: DESCRIPTION
306: "The number of times that a dead peer condition has been
307: detected on this interface.
308:
309: This counter has no discontinuities other than those
310: which all Counter32's have when sysUpTime=0."
311: REFERENCE
312: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
313: Fibre Channel - Security Protocols (FC-SP),
314: 13 June 2006, section 8.5.3.3."
315: ::= { t11FcSpSaIfEntry 10 }
316:
317: t11FcSpSaIfTerminateAllSas OBJECT-TYPE
318: SYNTAX INTEGER { noop(1), terminate(2) }
319: MAX-ACCESS read-write
320: STATUS current
321: DESCRIPTION
322: "Setting this object to 'terminate' is a request to
323: terminate all outsanding Security Associations on this
324: interface.
325:
326: When read, the value of this object is always 'noop'.
327: Setting this object to 'noop' has no effect."
328: ::= { t11FcSpSaIfEntry 11 }
329:
330: t11FcSpSaIfOutDrops OBJECT-TYPE
331: SYNTAX Counter64
332: MAX-ACCESS read-only
333: STATUS current
334: DESCRIPTION
335: "The number of output frames which were dropped, instead
336: of being transmitted on this interface, because they matched
337: an active (at that time) Traffic Selector with an action of
338: 'Drop'.
339:
340: This counter has no discontinuities other than those
341: which all Counter64's have when sysUpTime=0."
342: ::= { t11FcSpSaIfEntry 12 }
343:
344: t11FcSpSaIfOutBypasses OBJECT-TYPE
345: SYNTAX Counter64
346: MAX-ACCESS read-only
347: STATUS current
348: DESCRIPTION
349: "The number of output frames which were transmitted
350: unchanged by FC-SP on this interface because they matched
351: an active (at that time) Traffic Selector with an action
352: of 'Bypass'.
353:
354: This counter has no discontinuities other than those
355: which all Counter64's have when sysUpTime=0."
356: ::= { t11FcSpSaIfEntry 13 }
357:
358: t11FcSpSaIfOutProcesses OBJECT-TYPE
359: SYNTAX Counter64
360: MAX-ACCESS read-only
361: STATUS current
362: DESCRIPTION
363: "The number of output frames which were protected by FC-SP
364: before being transmitted on this interface because they
365: matched an active (at that time) Traffic Selector with an
366: action of 'Process'.
367:
368: This counter has no discontinuities other than those
369: which all Counter64's have when sysUpTime=0."
370: ::= { t11FcSpSaIfEntry 14 }
371:
372: t11FcSpSaIfOutUnMatcheds OBJECT-TYPE
373: SYNTAX Counter64
374: MAX-ACCESS read-only
375: STATUS current
376: DESCRIPTION
377: "The number of frames which were transmitted unchanged by
378: FC-SP on this interface because they did not match any
379: Traffic Selector active at that time.
380:
381: This counter has no discontinuities other than those
382: which all Counter64's have when sysUpTime=0."
383: ::= { t11FcSpSaIfEntry 15 }
384:
385: t11FcSpSaIfInUnprotUnmtchDrops OBJECT-TYPE
386: SYNTAX Counter64
387: MAX-ACCESS read-only
388: STATUS current
389: DESCRIPTION
390: "The number of frames received on this interface which
391: were dropped because they were unprotected and did not
392: match any Traffic Selector active at that time.
393:
394: This counter has no discontinuities other than those
395: which all Counter64's have when sysUpTime=0."
396: ::= { t11FcSpSaIfEntry 16 }
397:
398: t11FcSpSaIfInDetReplays OBJECT-TYPE
399: SYNTAX Counter64
400: MAX-ACCESS read-only
401: STATUS current
402: DESCRIPTION
403: "The number of times that a replay has been detected on
404: a Security Association which is currently active or was
405: previously active on this interface. Note that a frame
406: which is discarded because it is 'behind' the window,
407: i.e., too old, is counted as a replay.
408:
409: This counter has no discontinuities other than those
410: which all Counter64's have when sysUpTime=0."
411: ::= { t11FcSpSaIfEntry 17 }
412:
413: t11FcSpSaIfInUnprotMtchDrops OBJECT-TYPE
414: SYNTAX Counter64
415: MAX-ACCESS read-only
416: STATUS current
417: DESCRIPTION
418: "The number of times that a frame received on this
419: interface was dropped because it matched with a Traffic
420: Selector for a Security Association which was active at
421: the time of receipt but the frame was not protected as
422: negotiated for that Security Association.
423:
424: This counter has no discontinuities other than those
425: which all Counter64's have when sysUpTime=0."
426: ::= { t11FcSpSaIfEntry 18 }
427:
428: t11FcSpSaIfInBadXforms OBJECT-TYPE
429: SYNTAX Counter64
430: MAX-ACCESS read-only
431: STATUS current
432: DESCRIPTION
433: "The number of times that a frame received on this
434: interface was dropped because of a failure of one of the
435: transforms negotiated for the Security Association on
436: which it was received.
437:
438: This counter has no discontinuities other than those
439: which all Counter64's have when sysUpTime=0."
440: ::= { t11FcSpSaIfEntry 19 }
441:
442: t11FcSpSaIfInGoodXforms OBJECT-TYPE
443: SYNTAX Counter64
444: MAX-ACCESS read-only
445: STATUS current
446: DESCRIPTION
447: "The number of frames received on this interface on a
448: Security Association for which the transforms negotiated
449: for that Security Association were successfully applied,
450: and which matched a Traffic Selector for that Security
451: Association.
452:
453: This counter has no discontinuities other than those
454: which all Counter64's have when sysUpTime=0."
455: ::= { t11FcSpSaIfEntry 20 }
456:
457: t11FcSpSaIfInProtUnmtchs OBJECT-TYPE
458: SYNTAX Counter64
459: MAX-ACCESS read-only
460: STATUS current
461: DESCRIPTION
462: "The number of frames received on this interface which
463: were dropped because they did not match any of the Traffic
464: Selectors negotiated for the Security Association on which
465: they were received, even though the Security Association's
466: transforms were successfully applied.
467:
468: This counter has no discontinuities other than those
469: which all Counter64's have when sysUpTime=0."
470: ::= { t11FcSpSaIfEntry 21 }
471:
472: --
473: -- Proposals to present in Security Association negotiation
474: --
475:
476: t11FcSpSaPropTable OBJECT-TYPE
477: SYNTAX SEQUENCE OF T11FcSpSaPropEntry
478: MAX-ACCESS not-accessible
479: STATUS current
480: DESCRIPTION
481: "A table of proposals for an FC-SP entity acting as an
482: SA_Initiator to present to the SA_Responder during the
483: negotiation of Security Associations. This information
484: is also used by an FC-SP entity acting as an SA_Responder
485: to decide what to accept during the negotiation of
486: Security Associations."
487: ::= { t11FcSpSaConfig 1 }
488:
489: t11FcSpSaPropEntry OBJECT-TYPE
490: SYNTAX T11FcSpSaPropEntry
491: MAX-ACCESS not-accessible
492: STATUS current
493: DESCRIPTION
494: "Each entry contains information about one proposal for
495: the FC-SP entity to present, or what to accept, during
496: the negotiation of Security Associations on one or more
497: interfaces (identified by t11FcSpSaIfIndex) to a
498: particular Fabric (identified by t11FcSpSaIfFabricIndex),
499: and managed as part of the Fibre Channel management
500: instance identified by fcmInstanceIndex.
501:
502: The StorageType of a row in this table is specified by
503: the instance of t11FcSpSaIfStorageType which is INDEX-ed
504: by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
505: and t11FcSpSaIfFabricIndex."
506: INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
507: t11FcSpSaIfFabricIndex,
508: t11FcSpSaPropIndex }
509: ::= { t11FcSpSaPropTable 1 }
510:
511: T11FcSpSaPropEntry ::= SEQUENCE {
512: t11FcSpSaPropIndex Unsigned32,
513: t11FcSpSaPropSecurityProt INTEGER,
514: t11FcSpSaPropTSelListIndex Unsigned32,
515: t11FcSpSaPropTransListIndex Unsigned32,
516: t11FcSpSaPropAcceptAlgorithm INTEGER,
517: t11FcSpSaPropOutMatchSucceeds Counter64,
518: t11FcSpSaPropRowStatus RowStatus
519: }
520:
521: t11FcSpSaPropIndex OBJECT-TYPE
522: SYNTAX Unsigned32
523: MAX-ACCESS not-accessible
524: STATUS current
525: DESCRIPTION
526: "An index value which uniquely identifies a particular
527: proposal for use on one or more interfaces to a Fabric."
528: ::= { t11FcSpSaPropEntry 1 }
529:
530: t11FcSpSaPropSecurityProt OBJECT-TYPE
531: SYNTAX INTEGER { espHeader(1), ctAuth(2) }
532: MAX-ACCESS read-create
533: STATUS current
534: DESCRIPTION
535: "The Security Protocol identifier for this proposal, i.e.,
536: whether the proposal is for traffic to be protected using
537: ESP_Header or CT_Authentication."
538:
539: REFERENCE
540: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
541: Fibre Channel - Security Protocols (FC-SP),
542: 13 June 2006, section 6.3.2.2 and table 67."
543: ::= { t11FcSpSaPropEntry 2 }
544:
545: t11FcSpSaPropTSelListIndex OBJECT-TYPE
546: SYNTAX Unsigned32
547: MAX-ACCESS read-create
548: STATUS current
549: DESCRIPTION
550: "A pointer to the proposal's list of Traffic Selectors.
551:
552: The identified list is represented by all rows in the
553: t11FcSpSaTSelPropTable for which t11FcSpSaTSelPropListIndex
554: has the same value as this object (and with corresponding
555: values of t11FcSpSaIfIndex and fcmInstanceIndex)."
556: ::= { t11FcSpSaPropEntry 3 }
557:
558: t11FcSpSaPropTransListIndex OBJECT-TYPE
559: SYNTAX Unsigned32
560: MAX-ACCESS read-create
561: STATUS current
562: DESCRIPTION
563: "A pointer to the proposal's list of Transforms.
564:
565: The identified list is represented by all rows in the
566: t11FcSpSaTransTable for which t11FcSpSaTransListIndex
567: has the same value as this object (and with corresponding
568: values of t11FcSpSaIfIndex and fcmInstanceIndex)."
569: ::= { t11FcSpSaPropEntry 4 }
570:
571: t11FcSpSaPropAcceptAlgorithm OBJECT-TYPE
572: SYNTAX INTEGER {
573: intersection(1),
574: union(2),
575: other(3)
576: }
577: MAX-ACCESS read-create
578: STATUS current
579: DESCRIPTION
580: "The algorithm by which an SA_Responder in an SA negotiation
581: decides on which Traffic Selectors to specify in a response
582: to an IKE_Create_Child_SA request. This algorithm is used
583: when the Traffic Selectors specified by an SA_Initiator in
584: an IKE_Create_Child_SA request overlap with this proposal's
585: list of Traffic Selectors:
586:
587: intersection(1) - the SA_Responder specifies the largest
588: subset of what the SA_Initiator proposed
589: which is also a subset of this proposal's
590: Traffic Selectors.
591:
592: union(2) - the SA_Responder specifies the smallest
593: superset of what the SA_Initiator proposed
594: which is also a superset of this proposal's
595: Traffic Selectors.
596:
597: other(3) - the SA_Responder uses some other algorithm.
598: "
599: ::= { t11FcSpSaPropEntry 5 }
600:
601: t11FcSpSaPropOutMatchSucceeds OBJECT-TYPE
602: SYNTAX Counter64
603: MAX-ACCESS read-only
604: STATUS current
605: DESCRIPTION
606: "The number of egress frames that have matched a Traffic
607: Selector which was negotiated to select traffic for an
608: SA based on this proposal being accepted.
609:
610: This counter has no discontinuities other than those
611: which all Counter64's have when sysUpTime=0."
612: ::= { t11FcSpSaPropEntry 6 }
613:
614: t11FcSpSaPropRowStatus OBJECT-TYPE
615: SYNTAX RowStatus
616: MAX-ACCESS read-create
617: STATUS current
618: DESCRIPTION
619: "The status of a row. Values of object instances
620: within an active row can be modified at any time.
621:
622: The status cannot be set to 'active' unless and
623: until the instances of t11FcSpSaPropTSelListIndex
624: and t11FcSpSaPropTransListIndex in the row have
625: been set to point to active rows in the
626: t11FcSpSaTSelPropTable and t11FcSpSaTransTable
627: tables, respectively. A row in this table is
628: deleted if the active rows it points to are deleted."
629: ::= { t11FcSpSaPropEntry 7 }
630:
631:
632: --
633: -- Traffic Selector Proposals
634: --
635:
636: t11FcSpSaTSelPropTable OBJECT-TYPE
637: SYNTAX SEQUENCE OF T11FcSpSaTSelPropEntry
638: MAX-ACCESS not-accessible
639: STATUS current
640: DESCRIPTION
641: "A table containing information about Traffic Selectors
642: to propose and/or to accept during the negotiation of
643: Security Associations."
644: REFERENCE
645: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
646: Fibre Channel - Security Protocols (FC-SP),
647: 13 June 2006, section 6.4.5.
648: - Use of IKEv2 in FC-SP, RFC 4595,
649: July 2006, section 4.4."
650: ::= { t11FcSpSaConfig 2 }
651:
652: t11FcSpSaTSelPropEntry OBJECT-TYPE
653: SYNTAX T11FcSpSaTSelPropEntry
654: MAX-ACCESS not-accessible
655: STATUS current
656: DESCRIPTION
657: "Each entry contains information about one Traffic
658: Selector within a list of Traffic Selectors to propose,
659: or for use in determining what to accept during Security
660: Association negotiation.
661:
662: One such list is configured for use on a Fabric by
663: configuring the list's value of t11FcSpSaTSelPropListIndex
664: as the value of an instance of t11FcSpSaPropTSelListIndex,
665: for corresponding values of t11FcSpSaIfIndex and
666: fcmInstanceIndex. Further, the proposing and accepting
667: of Traffic Selectors is only done as a part of a proposal
668: specified by a row of the t11FcSpSaPropTable, i.e.,
669: in combination with the proposing and accepting of security
670: transforms as specified by the combination of
671: t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex
672: in one row of the t11FcSpSaPropTable.
673: The StorageType of a row in this table is specified by
674: the instance of t11FcSpSaIfStorageType which is INDEX-ed
675: by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
676: and t11FcSpSaIfFabricIndex."
677: INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
678: t11FcSpSaTSelPropListIndex, t11FcSpSaTSelPropIndex }
679: ::= { t11FcSpSaTSelPropTable 1 }
680:
681: T11FcSpSaTSelPropEntry ::= SEQUENCE {
682: t11FcSpSaTSelPropListIndex Unsigned32,
683: t11FcSpSaTSelPropIndex Unsigned32,
684: t11FcSpSaTSelPropDirection T11FcSaDirection,
685: t11FcSpSaTSelPropPrecedence T11FcSpPrecedence,
686: t11FcSpSaTSelPropStartSrcAddr FcAddressIdOrZero,
687: t11FcSpSaTSelPropEndSrcAddr FcAddressIdOrZero,
688: t11FcSpSaTSelPropStartDstAddr FcAddressIdOrZero,
689: t11FcSpSaTSelPropEndDstAddr FcAddressIdOrZero,
690: t11FcSpSaTSelPropStartRCtl T11FcRoutingControl,
691: t11FcSpSaTSelPropEndRCtl T11FcRoutingControl,
692: t11FcSpSaTSelPropStartType T11FcSpType,
693: t11FcSpSaTSelPropEndType T11FcSpType,
694: t11FcSpSaTSelPropRowStatus RowStatus
695: }
696:
697: t11FcSpSaTSelPropListIndex OBJECT-TYPE
698: SYNTAX Unsigned32
699: MAX-ACCESS not-accessible
700: STATUS current
701: DESCRIPTION
702: "An index value which identifies a particular list of
703: Traffic Selectors."
704: ::= { t11FcSpSaTSelPropEntry 1 }
705:
706: t11FcSpSaTSelPropIndex OBJECT-TYPE
707: SYNTAX Unsigned32
708: MAX-ACCESS not-accessible
709: STATUS current
710: DESCRIPTION
711: "An index value which identifies one Traffic Selector
712: within of a list of Traffic Selectors."
713: ::= { t11FcSpSaTSelPropEntry 2 }
714:
715: t11FcSpSaTSelPropDirection OBJECT-TYPE
716: SYNTAX T11FcSaDirection
717: MAX-ACCESS read-create
718: STATUS current
719: DESCRIPTION
720: "An indication of whether this Traffic Selector is
721: to be proposed for ingress or egress traffic."
722: DEFVAL { egress }
723: ::= { t11FcSpSaTSelPropEntry 3 }
724:
725: t11FcSpSaTSelPropPrecedence OBJECT-TYPE
726: SYNTAX T11FcSpPrecedence
727: MAX-ACCESS read-create
728: STATUS current
729: DESCRIPTION
730: "The precedence of this Traffic Selector.
731:
732: If an egress frame matches multiple Traffic Selectors,
733: it should be transmitted on the SA associated with the
734: Traffic Selector having the numerically smallest
735: precedence value."
736: ::= { t11FcSpSaTSelPropEntry 4 }
737:
738: t11FcSpSaTSelPropStartSrcAddr OBJECT-TYPE
739: SYNTAX FcAddressIdOrZero (SIZE (3))
740: MAX-ACCESS read-create
741: STATUS current
742: DESCRIPTION
743: "The numerically smallest 24-bit value of a source address
744: (S_ID) of a frame which will match with this Traffic
745: Selector."
746: REFERENCE
747: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
748: Fibre Channel - Security Protocols (FC-SP),
749: 13 June 2006, section 6.4.5."
750: DEFVAL { '000000'h }
751: ::= { t11FcSpSaTSelPropEntry 5 }
752:
753: t11FcSpSaTSelPropEndSrcAddr OBJECT-TYPE
754: SYNTAX FcAddressIdOrZero (SIZE (3))
755: MAX-ACCESS read-create
756: STATUS current
757: DESCRIPTION
758: "The numerically largest 24-bit value of a source address
759: (S_ID) of a frame which will match with this Traffic
760: Selector."
761: REFERENCE
762: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
763: Fibre Channel - Security Protocols (FC-SP),
764: 13 June 2006, section 6.4.5."
765: DEFVAL { 'FFFFFF'h }
766: ::= { t11FcSpSaTSelPropEntry 6 }
767:
768: t11FcSpSaTSelPropStartDstAddr OBJECT-TYPE
769: SYNTAX FcAddressIdOrZero (SIZE (3))
770: MAX-ACCESS read-create
771: STATUS current
772: DESCRIPTION
773: "The numerically smallest 24-bit value of a destination
774: address (D_ID) of a frame which will match with this
775: Traffic Selector."
776: REFERENCE
777: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
778: Fibre Channel - Security Protocols (FC-SP),
779: 13 June 2006, section 6.4.5."
780: DEFVAL { '000000'h }
781: ::= { t11FcSpSaTSelPropEntry 7 }
782:
783: t11FcSpSaTSelPropEndDstAddr OBJECT-TYPE
784: SYNTAX FcAddressIdOrZero (SIZE (3))
785: MAX-ACCESS read-create
786: STATUS current
787: DESCRIPTION
788: "The numerically largest 24-bit value of a destination
789: address (D_ID) of a frame which will match with this
790: Traffic Selector."
791: REFERENCE
792: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
793: Fibre Channel - Security Protocols (FC-SP),
794: 13 June 2006, section 6.4.5."
795: DEFVAL { 'FFFFFF'h }
796: ::= { t11FcSpSaTSelPropEntry 8 }
797:
798: t11FcSpSaTSelPropStartRCtl OBJECT-TYPE
799: SYNTAX T11FcRoutingControl
800: MAX-ACCESS read-create
801: STATUS current
802: DESCRIPTION
803: "The numerically smallest 8-bit value contained within a
804: Routing Control (R_CTL) field of a frame which will match
805: with this Traffic Selector."
806: REFERENCE
807: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
808: Fibre Channel - Security Protocols (FC-SP),
809: 13 June 2006, section 6.4.5."
810: DEFVAL { '00'h }
811: ::= { t11FcSpSaTSelPropEntry 9 }
812:
813: t11FcSpSaTSelPropEndRCtl OBJECT-TYPE
814: SYNTAX T11FcRoutingControl
815: MAX-ACCESS read-create
816: STATUS current
817: DESCRIPTION
818: "The numerically largest 8-bit value contained within a
819: Routing Control (R_CTL) field of a frame which will match
820: with this Traffic Selector."
821: REFERENCE
822: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
823: Fibre Channel - Security Protocols (FC-SP),
824: 13 June 2006, section 6.4.5."
825: DEFVAL { 'FF'h }
826: ::= { t11FcSpSaTSelPropEntry 10 }
827:
828: t11FcSpSaTSelPropStartType OBJECT-TYPE
829: SYNTAX T11FcSpType
830: MAX-ACCESS read-create
831: STATUS current
832: DESCRIPTION
833: "The numerically smallest of a range of possible 'type'
834: values of frames which will match with this Traffic
835: Selector."
836: REFERENCE
837: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
838: Fibre Channel - Security Protocols (FC-SP),
839: 13 June 2006, section 6.4.5."
840: DEFVAL { '0000'h }
841: ::= { t11FcSpSaTSelPropEntry 11 }
842:
843: t11FcSpSaTSelPropEndType OBJECT-TYPE
844: SYNTAX T11FcSpType
845: MAX-ACCESS read-create
846: STATUS current
847: DESCRIPTION
848: "The numerically largest of a range of possible 'type'
849: values of frames which will match with this Traffic
850: Selector."
851: REFERENCE
852: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
853: Fibre Channel - Security Protocols (FC-SP),
854: 13 June 2006, section 6.4.5."
855: DEFVAL { 'FFFF'h }
856: ::= { t11FcSpSaTSelPropEntry 12 }
857:
858: t11FcSpSaTSelPropRowStatus OBJECT-TYPE
859: SYNTAX RowStatus
860: MAX-ACCESS read-create
861: STATUS current
862: DESCRIPTION
863: "The status of this row. Values of object instances
864: within the row can be modified at any time."
865: ::= { t11FcSpSaTSelPropEntry 13 }
866:
867:
868: --
869: -- Transform Proposals
870: --
871:
872: t11FcSpSaTransTable OBJECT-TYPE
873: SYNTAX SEQUENCE OF T11FcSpSaTransEntry
874: MAX-ACCESS not-accessible
875: STATUS current
876: DESCRIPTION
877: "A table containing information about security transforms
878: to propose, to accept and/or agreed upon during the
879: negotiation of Security Associations."
880: ::= { t11FcSpSaConfig 3 }
881:
882: t11FcSpSaTransEntry OBJECT-TYPE
883: SYNTAX T11FcSpSaTransEntry
884: MAX-ACCESS not-accessible
885: STATUS current
886: DESCRIPTION
887: "Each entry contains information about one proposal within a
888: list of security transforms to be proposed, to be accepted,
889: or already agreed upon, for use on a pair of Security
890: Associations on one or more interfaces (identified by
891: t11FcSpSaIfIndex), managed as part of the Fibre Channel
892: management instance identified by fcmInstanceIndex.
893:
894: One such list is configured to be proposed or accepted for
895: use on a Fabric, by having the list's value of
896: t11FcSpSaTransListIndex be the value of an instance of
897: t11FcSpSaPropTransListIndex for that Fabric. Further,
898: the proposing and accepting of security transforms is only
899: done as a part of a proposal specified by a row of the
900: t11FcSpSaPropTable, i.e., in combination with the proposing
901: and accepting of Traffic Selectors as specified by the
902: combination of t11FcSpSaPropTSelListIndex and
903: t11FcSpSaPropTransListIndex in one row of the
904: t11FcSpSaPropTable.
905:
906: The security (encryption and integrity) transform in use on
907: an SA pair is indicated by having the pair's values of
908: t11FcSpSaPairTransListIndex and t11FcSpSaPairTransIndex
909: contain the values of t11FcSpSaTransListIndex and
910: t11FcSpSaTransListIndex for the transform's row in this
911: table.
912:
913: The StorageType of a row in this table is specified by
914: the instance of t11FcSpSaIfStorageType which is INDEX-ed
915: by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
916: and t11FcSpSaIfFabricIndex."
917: INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
918: t11FcSpSaTransListIndex, t11FcSpSaTransIndex }
919: ::= { t11FcSpSaTransTable 1 }
920:
921: T11FcSpSaTransEntry ::= SEQUENCE {
922: t11FcSpSaTransListIndex Unsigned32,
923: t11FcSpSaTransIndex Unsigned32,
924: t11FcSpSaTransSecurityProt INTEGER,
925: t11FcSpSaTransEncryptAlg AutonomousType,
926: t11FcSpSaTransEncryptKeyLen Unsigned32,
927: t11FcSpSaTransIntegrityAlg AutonomousType,
928: t11FcSpSaTransRowStatus RowStatus
929: }
930:
931: t11FcSpSaTransListIndex OBJECT-TYPE
932: SYNTAX Unsigned32
933: MAX-ACCESS not-accessible
934: STATUS current
935: DESCRIPTION
936: "An index value which uniquely identifies a particular
937: list of security transforms to be proposed, to be accepted,
938: or already agreed upon."
939: ::= { t11FcSpSaTransEntry 1 }
940:
941: t11FcSpSaTransIndex OBJECT-TYPE
942: SYNTAX Unsigned32
943: MAX-ACCESS not-accessible
944: STATUS current
945: DESCRIPTION
946: "An index value which uniquely identifies one security
947: transform within a list identified by
948: t11FcSpSaTransListIndex."
949: ::= { t11FcSpSaTransEntry 2 }
950:
951: t11FcSpSaTransSecurityProt OBJECT-TYPE
952: SYNTAX INTEGER { espHeader(1), ctAuth(2) }
953: MAX-ACCESS read-create
954: STATUS current
955: DESCRIPTION
956: "The Security Protocol identifier which indicates
957: whether this transform is for traffic to be protected
958: using ESP_Header or using CT_Authentication."
959: REFERENCE
960: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
961: Fibre Channel - Security Protocols (FC-SP),
962: 13 June 2006, section 6.3.2.2 and table 67."
963: ::= { t11FcSpSaTransEntry 3 }
964:
965: t11FcSpSaTransEncryptAlg OBJECT-TYPE
966: SYNTAX AutonomousType
967: MAX-ACCESS read-create
968: STATUS current
969: DESCRIPTION
970: "The Encryption Algorithm for this transform."
971: REFERENCE
972: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
973: Fibre Channel - Security Protocols (FC-SP),
974: 13 June 2006, section 6.3.2.3 and tables 69 & 70."
975: ::= { t11FcSpSaTransEntry 4 }
976:
977: t11FcSpSaTransEncryptKeyLen OBJECT-TYPE
978: SYNTAX Unsigned32
979: MAX-ACCESS read-create
980: STATUS current
981: DESCRIPTION
982: "The key length in bits to be used with an encryption
983: algorithm which has a variable length key. This object
984: is ignored when the corresponding instance of
985: t11FcSpSaTransEncryptAlg specifies an algorithm with a
986: fixed length key."
987: REFERENCE
988: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
989: Fibre Channel - Security Protocols (FC-SP),
990: 13 June 2006, section 6.3.2.5 and table 77."
991: ::= { t11FcSpSaTransEntry 5 }
992:
993: t11FcSpSaTransIntegrityAlg OBJECT-TYPE
994: SYNTAX AutonomousType
995: MAX-ACCESS read-create
996: STATUS current
997: DESCRIPTION
998: "The Integrity Algorithm for this transform."
999: REFERENCE
1000: "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
1001: Fibre Channel - Security Protocols (FC-SP),
1002: 13 June 2006, section 6.3.2.3 and tables 69 & 72."
1003: ::= { t11FcSpSaTransEntry 6 }
1004:
1005: t11FcSpSaTransRowStatus OBJECT-TYPE
1006: SYNTAX RowStatus
1007: MAX-ACCESS read-create
1008: STATUS current
1009: DESCRIPTION
1010: "The status of this row.
1011:
1012: When an instance of t11FcSpSaPairTransListIndex points to
1013: a row in this table, values of object instances in the row
1014: cannot be modified nor can the row be deleted. Otherwise,
1015: a row can be modified or deleted at any time."
1016: ::= { t11FcSpSaTransEntry 7 }
1017:
1018: --
1019: -- Traffic Selectors for Drop & Bypass
1020: --
1021:
1022: t11FcSpSaTSelDrByTable OBJECT-TYPE
1023: SYNTAX SEQUENCE OF T11FcSpSaTSelDrByEntry
1024: MAX-ACCESS not-accessible
1025: STATUS current
1026: DESCRIPTION
1027: "A table containing Traffic Selectors to select which
1028: traffic is to be dropped or is to bypass further
1029: security processing."
1030: REFERENCE
1031: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
1032: Fibre Channel - Security Protocols (FC-SP),
1033: 13 June 2006, sections 4.6, 4.7, and 6.4.5.
1034: - Use of IKEv2 in FC-SP, RFC 4595,
1035: July 2006, section 4.4."
1036: ::= { t11FcSpSaConfig 4 }
1037:
1038: t11FcSpSaTSelDrByEntry OBJECT-TYPE
1039: SYNTAX T11FcSpSaTSelDrByEntry
1040: MAX-ACCESS not-accessible
1041: STATUS current
1042: DESCRIPTION
1043: "Each entry represents one Traffic Selector having the
1044: security action of 'drop' or 'bypass' which is applied
1045: based on a precedence value, either to ingress traffic
1046: which is unprotected by FC-SP, or to all egress
1047: traffic on one or more interfaces (identified by
1048: t11FcSpSaIfIndex) to a particular Fabric (identified
1049: by t11FcSpSaIfFabricIndex), and managed as part of the Fibre
1050: Channel management instance identified by fcmInstanceIndex.
1051:
1052: The StorageType of a row in this table is specified by
1053: the instance of t11FcSpSaIfStorageType which is INDEX-ed
1054: by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
1055: and t11FcSpSaIfFabricIndex."
1056: INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex,
1057: t11FcSpSaTSelDrByDirection, t11FcSpSaTSelDrByPrecedence }
1058: ::= { t11FcSpSaTSelDrByTable 1 }
1059:
1060: T11FcSpSaTSelDrByEntry ::= SEQUENCE {
1061: t11FcSpSaTSelDrByDirection T11FcSaDirection,
1062: t11FcSpSaTSelDrByPrecedence T11FcSpPrecedence,
1063: t11FcSpSaTSelDrByAction INTEGER,
1064: t11FcSpSaTSelDrByStartSrcAddr FcAddressIdOrZero,
1065: t11FcSpSaTSelDrByEndSrcAddr FcAddressIdOrZero,
1066: t11FcSpSaTSelDrByStartDstAddr FcAddressIdOrZero,
1067: t11FcSpSaTSelDrByEndDstAddr FcAddressIdOrZero,
1068: t11FcSpSaTSelDrByStartRCtl T11FcRoutingControl,
1069: t11FcSpSaTSelDrByEndRCtl T11FcRoutingControl,
1070: t11FcSpSaTSelDrByStartType T11FcSpType,
1071: t11FcSpSaTSelDrByEndType T11FcSpType,
1072: t11FcSpSaTSelDrByMatches Counter64,
1073: t11FcSpSaTSelDrByRowStatus RowStatus
1074: }
1075:
1076: t11FcSpSaTSelDrByDirection OBJECT-TYPE
1077: SYNTAX T11FcSaDirection
1078: MAX-ACCESS not-accessible
1079: STATUS current
1080: DESCRIPTION
1081: "An indication of whether this Traffic Selector is
1082: for ingress or egress traffic."
1083: ::= { t11FcSpSaTSelDrByEntry 1 }
1084:
1085: t11FcSpSaTSelDrByPrecedence OBJECT-TYPE
1086: SYNTAX T11FcSpPrecedence
1087: MAX-ACCESS not-accessible
1088: STATUS current
1089: DESCRIPTION
1090: "The precedence of this Traffic Selector. If and when a
1091: frame is compared against multiple Traffic Selectors, and
1092: multiple of them have a match with the frame, the security
1093: action to be taken for the frame is that specified for the
1094: matching Traffic Selector having the numerically smallest
1095: precedence value."
1096: ::= { t11FcSpSaTSelDrByEntry 2 }
1097:
1098: t11FcSpSaTSelDrByAction OBJECT-TYPE
1099: SYNTAX INTEGER { drop(1), bypass(2) }
1100: MAX-ACCESS read-create
1101: STATUS current
1102: DESCRIPTION
1103: "The security action to be taken for a frame which
1104: matches this Traffic Selector."
1105: DEFVAL { drop }
1106: ::= { t11FcSpSaTSelDrByEntry 3 }
1107:
1108: t11FcSpSaTSelDrByStartSrcAddr OBJECT-TYPE
1109: SYNTAX FcAddressIdOrZero (SIZE (3))
1110: MAX-ACCESS read-create
1111: STATUS current
1112: DESCRIPTION
1113: "The numerically smallest 24-bit value of a source address
1114: (S_ID) of a frame which will match with this Traffic
1115: Selector."
1116: DEFVAL { '000000'h }
1117: ::= { t11FcSpSaTSelDrByEntry 4 }
1118:
1119: t11FcSpSaTSelDrByEndSrcAddr OBJECT-TYPE
1120: SYNTAX FcAddressIdOrZero (SIZE (3))
1121: MAX-ACCESS read-create
1122: STATUS current
1123: DESCRIPTION
1124: "The numerically largest 24-bit value of a source address
1125: (S_ID) of a frame which will match with this Traffic
1126: Selector."
1127: DEFVAL { 'FFFFFF'h }
1128: ::= { t11FcSpSaTSelDrByEntry 5 }
1129:
1130: t11FcSpSaTSelDrByStartDstAddr OBJECT-TYPE
1131: SYNTAX FcAddressIdOrZero (SIZE (3))
1132: MAX-ACCESS read-create
1133: STATUS current
1134: DESCRIPTION
1135: "The numerically smallest 24-bit value of a destination
1136: address (D_ID) of a frame which will match with this
1137: Traffic Selector."
1138: DEFVAL { '000000'h }
1139: ::= { t11FcSpSaTSelDrByEntry 6 }
1140:
1141: t11FcSpSaTSelDrByEndDstAddr OBJECT-TYPE
1142: SYNTAX FcAddressIdOrZero (SIZE (3))
1143: MAX-ACCESS read-create
1144: STATUS current
1145: DESCRIPTION
1146: "The numerically largest 24-bit value of a destination
1147: address (D_ID) of a frame which will match with this
1148: Traffic Selector."
1149: DEFVAL { 'FFFFFF'h }
1150: ::= { t11FcSpSaTSelDrByEntry 7 }
1151:
1152: t11FcSpSaTSelDrByStartRCtl OBJECT-TYPE
1153: SYNTAX T11FcRoutingControl
1154: MAX-ACCESS read-create
1155: STATUS current
1156: DESCRIPTION
1157: "The numerically smallest 8-bit value contained within a
1158: Routing Control (R_CTL) field of a frame which will match
1159: with this Traffic Selector."
1160: DEFVAL { '00'h }
1161: ::= { t11FcSpSaTSelDrByEntry 8 }
1162:
1163: t11FcSpSaTSelDrByEndRCtl OBJECT-TYPE
1164: SYNTAX T11FcRoutingControl
1165: MAX-ACCESS read-create
1166: STATUS current
1167: DESCRIPTION
1168: "The numerically largest 8-bit value contained within a
1169: Routing Control (R_CTL) field of a frame which will match
1170: with this Traffic Selector."
1171: DEFVAL { 'FF'h }
1172: ::= { t11FcSpSaTSelDrByEntry 9 }
1173:
1174: t11FcSpSaTSelDrByStartType OBJECT-TYPE
1175: SYNTAX T11FcSpType
1176: MAX-ACCESS read-create
1177: STATUS current
1178: DESCRIPTION
1179: "The numerically smallest of a range of possible 'type'
1180: values of frames which will match with this Traffic
1181: Selector."
1182: DEFVAL { '0000'h }
1183: ::= { t11FcSpSaTSelDrByEntry 10 }
1184:
1185: t11FcSpSaTSelDrByEndType OBJECT-TYPE
1186: SYNTAX T11FcSpType
1187: MAX-ACCESS read-create
1188: STATUS current
1189: DESCRIPTION
1190: "The numerically largest of a range of possible 'type'
1191: values of frames which will match with this Traffic
1192: Selector."
1193: DEFVAL { 'FFFF'h }
1194: ::= { t11FcSpSaTSelDrByEntry 11 }
1195:
1196: t11FcSpSaTSelDrByMatches OBJECT-TYPE
1197: SYNTAX Counter64
1198: MAX-ACCESS read-only
1199: STATUS current
1200: DESCRIPTION
1201: "The number of frames for which the action specified by
1202: the corresponding instance of t11FcSpSaTSelDrByAction was
1203: taken because of a match with this Traffic Selector.
1204:
1205: This counter has no discontinuities other than those
1206: which all Counter64's have when sysUpTime=0."
1207: ::= { t11FcSpSaTSelDrByEntry 12 }
1208:
1209: t11FcSpSaTSelDrByRowStatus OBJECT-TYPE
1210: SYNTAX RowStatus
1211: MAX-ACCESS read-create
1212: STATUS current
1213: DESCRIPTION
1214: "The status of this row. Values of object instances
1215: within the row can be modified at any time."
1216: ::= { t11FcSpSaTSelDrByEntry 13 }
1217:
1218: --
1219: -- Active Security Associations
1220: --
1221:
1222: t11FcSpSaPairTable OBJECT-TYPE
1223: SYNTAX SEQUENCE OF T11FcSpSaPairEntry
1224: MAX-ACCESS not-accessible
1225: STATUS current
1226: DESCRIPTION
1227: "A table containing information about active
1228: bidirectional pairs of Security Associations."
1229: ::= { t11FcSpSaActive 1 }
1230:
1231: t11FcSpSaPairEntry OBJECT-TYPE
1232: SYNTAX T11FcSpSaPairEntry
1233: MAX-ACCESS not-accessible
1234: STATUS current
1235: DESCRIPTION
1236: "Each entry contains information about one active
1237: bidirectional pair of Security Associations on an
1238: interface to a particular Fabric (identified by
1239: t11FcSpSaIfFabricIndex), managed as part of the Fibre
1240: Channel management instance identified by
1241: fcmInstanceIndex."
1242: INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
1243: t11FcSpSaIfFabricIndex, t11FcSpSaPairInboundSpi }
1244: ::= { t11FcSpSaPairTable 1 }
1245:
1246: T11FcSpSaPairEntry ::= SEQUENCE {
1247: t11FcSpSaPairIfIndex InterfaceIndex,
1248: t11FcSpSaPairInboundSpi T11FcSpiIndex,
1249: t11FcSpSaPairSecurityProt INTEGER,
1250: t11FcSpSaPairTransListIndex Unsigned32,
1251: t11FcSpSaPairTransIndex Unsigned32,
1252: t11FcSpSaPairLifetimeLeft Unsigned32,
1253: t11FcSpSaPairLifetimeLeftUnits INTEGER,
1254: t11FcSpSaPairTerminate INTEGER,
1255: t11FcSpSaPairInProtUnMatchs Counter64,
1256: t11FcSpSaPairInDetReplays Counter64,
1257: t11FcSpSaPairInBadXforms Counter64,
1258: t11FcSpSaPairInGoodXforms Counter64
1259: }
1260:
1261: t11FcSpSaPairIfIndex OBJECT-TYPE
1262: SYNTAX InterfaceIndex
1263: MAX-ACCESS not-accessible
1264: STATUS current
1265: DESCRIPTION
1266: "This object identifies the interface to the particular
1267: Fabric on which this SA pair is active."
1268: ::= { t11FcSpSaPairEntry 1 }
1269:
1270: t11FcSpSaPairInboundSpi OBJECT-TYPE
1271: SYNTAX T11FcSpiIndex
1272: MAX-ACCESS not-accessible
1273: STATUS current
1274: DESCRIPTION
1275: "The SPI value which is used to indicate that an incoming
1276: frame was received on the ingress SA of this SA pair."
1277: ::= { t11FcSpSaPairEntry 2 }
1278:
1279: t11FcSpSaPairSecurityProt OBJECT-TYPE
1280: SYNTAX INTEGER { espHeader(1), ctAuth(2) }
1281: MAX-ACCESS read-only
1282: STATUS current
1283: DESCRIPTION
1284: "The object indicates whether this SA uses ESP_Header to
1285: protect FC-2 frames, or CT_Authentication to protect Common
1286: Transport Information Units (CT_IUs)."
1287: ::= { t11FcSpSaPairEntry 3 }
1288:
1289: t11FcSpSaPairTransListIndex OBJECT-TYPE
1290: SYNTAX Unsigned32
1291: MAX-ACCESS read-only
1292: STATUS current
1293: DESCRIPTION
1294: "The combination of this value and the value of the
1295: corresponding instance of t11FcSpSaPairTransIndex
1296: identify the row in the t11FcSpSaTransTable which
1297: contains the transforms which are in use on this SA pair."
1298: ::= { t11FcSpSaPairEntry 4 }
1299:
1300: t11FcSpSaPairTransIndex OBJECT-TYPE
1301: SYNTAX Unsigned32
1302: MAX-ACCESS read-only
1303: STATUS current
1304: DESCRIPTION
1305: "The combination of this value and the value of the
1306: corresponding instance of t11FcSpSaPairTransListIndex
1307: identify the row in the t11FcSpSaTransTable which
1308: contains the transforms which are in use on this SA pair."
1309: ::= { t11FcSpSaPairEntry 5 }
1310:
1311: t11FcSpSaPairLifetimeLeft OBJECT-TYPE
1312: SYNTAX Unsigned32
1313: MAX-ACCESS read-only
1314: STATUS current
1315: DESCRIPTION
1316: "The remaining lifetime of this SA pair, given in the
1317: units specified by the value of the corresponding
1318: instance of t11FcSpSaPairLifetimeLeft."
1319: ::= { t11FcSpSaPairEntry 6 }
1320:
1321: t11FcSpSaPairLifetimeLeftUnits OBJECT-TYPE
1322: SYNTAX INTEGER {
1323: seconds(1), -- seconds
1324: kiloBytes(2), -- 10^^3 bytes
1325: megaBytes(3), -- 10^^6 bytes
1326: gigaBytes(4), -- 10^^9 bytes
1327: teraBytes(5), -- 10^^12 bytes
1328: petaBytes(6), -- 10^^15 bytes
1329: exaBytes(7), -- 10^^18 bytes
1330: zettaBytes(8), -- 10^^21 bytes
1331: yottaBytes(9) -- 10^^24 bytes
1332: }
1333: MAX-ACCESS read-only
1334: STATUS current
1335: DESCRIPTION
1336: "The units in which the value of the corresponding
1337: instance of t11FcSpSaPairLifetimeLeft specifies the
1338: remaining lifetime of this SA pair."
1339: ::= { t11FcSpSaPairEntry 7 }
1340:
1341: t11FcSpSaPairTerminate OBJECT-TYPE
1342: SYNTAX INTEGER { noop(1), terminate(2) }
1343: MAX-ACCESS read-write
1344: STATUS current
1345: DESCRIPTION
1346: "Setting this object to 'terminate' is a request
1347: to terminate this pair of Security Associations.
1348:
1349: When read, the value of this object is always 'noop'.
1350: Setting this object to 'noop' has no effect."
1351: ::= { t11FcSpSaPairEntry 8 }
1352:
1353: t11FcSpSaPairInProtUnMatchs OBJECT-TYPE
1354: SYNTAX Counter64
1355: MAX-ACCESS read-only
1356: STATUS current
1357: DESCRIPTION
1358: "The number of frames received on this SA for which the
1359: SA's transforms were successfully applied to the frame,
1360: but the frame was still dropped because it did not match
1361: any of the SA's ingress Traffic Selectors.
1362:
1363: This counter has no discontinuities other than those
1364: which all Counter64's have when sysUpTime=0."
1365: ::= { t11FcSpSaPairEntry 9 }
1366:
1367: t11FcSpSaPairInDetReplays OBJECT-TYPE
1368: SYNTAX Counter64
1369: MAX-ACCESS read-only
1370: STATUS current
1371: DESCRIPTION
1372: "The number of times that a replay has been detected on
1373: this Security Association. Note that a frame which is
1374: discarded because it is 'behind' the window, i.e., too old,
1375: is counted as a replay.
1376:
1377: This counter has no discontinuities other than those
1378: which all Counter64's have when sysUpTime=0."
1379: ::= { t11FcSpSaPairEntry 10 }
1380:
1381: t11FcSpSaPairInBadXforms OBJECT-TYPE
1382: SYNTAX Counter64
1383: MAX-ACCESS read-only
1384: STATUS current
1385: DESCRIPTION
1386: "The number of times that a received frame was dropped
1387: because one of the transforms negotiated for this Security
1388: Association failed.
1389:
1390: This counter has no discontinuities other than those
1391: which all Counter64's have when sysUpTime=0."
1392: ::= { t11FcSpSaPairEntry 11 }
1393:
1394: t11FcSpSaPairInGoodXforms OBJECT-TYPE
1395: SYNTAX Counter64
1396: MAX-ACCESS read-only
1397: STATUS current
1398: DESCRIPTION
1399: "The number of received frames for which the transforms
1400: negotiated for this Security Association, were
1401: successfully applied.
1402:
1403: This counter has no discontinuities other than those
1404: which all Counter64's have when sysUpTime=0."
1405: ::= { t11FcSpSaPairEntry 12 }
1406:
1407: --
1408: -- Negotiated Ingress Traffic Selectors
1409: --
1410:
1411: t11FcSpSaTSelNegInTable OBJECT-TYPE
1412: SYNTAX SEQUENCE OF T11FcSpSaTSelNegInEntry
1413: MAX-ACCESS not-accessible
1414: STATUS current
1415: DESCRIPTION
1416: "A table containing information about ingress Traffic
1417: Selectors which are in use on active Security
1418: Associations."
1419: REFERENCE
1420: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
1421: Fibre Channel - Security Protocols (FC-SP),
1422: 13 June 2006, sections 4.6, 4.7, and 6.4.5.
1423: - Use of IKEv2 in FC-SP, RFC 4595,
1424: July 2006, section 4.4."
1425: ::= { t11FcSpSaActive 2 }
1426:
1427: t11FcSpSaTSelNegInEntry OBJECT-TYPE
1428: SYNTAX T11FcSpSaTSelNegInEntry
1429: MAX-ACCESS not-accessible
1430: STATUS current
1431: DESCRIPTION
1432: "Each entry contains information about one ingress Traffic
1433: Selector which is in use on an active Security Association
1434: on an interface (identified by t11FcSpSaPairIfIndex) to
1435: a particular Fabric (identified by t11FcSpSaIfFabricIndex),
1436: managed as part of the Fibre Channel management instance
1437: identified by fcmInstanceIndex."
1438: INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
1439: t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegInIndex }
1440: ::= { t11FcSpSaTSelNegInTable 1 }
1441:
1442: T11FcSpSaTSelNegInEntry ::= SEQUENCE {
1443: t11FcSpSaTSelNegInIndex Unsigned32,
1444: t11FcSpSaTSelNegInInboundSpi T11FcSpiIndex,
1445: t11FcSpSaTSelNegInStartSrcAddr FcAddressIdOrZero,
1446: t11FcSpSaTSelNegInEndSrcAddr FcAddressIdOrZero,
1447: t11FcSpSaTSelNegInStartDstAddr FcAddressIdOrZero,
1448: t11FcSpSaTSelNegInEndDstAddr FcAddressIdOrZero,
1449: t11FcSpSaTSelNegInStartRCtl T11FcRoutingControl,
1450: t11FcSpSaTSelNegInEndRCtl T11FcRoutingControl,
1451: t11FcSpSaTSelNegInStartType T11FcSpType,
1452: t11FcSpSaTSelNegInEndType T11FcSpType,
1453: t11FcSpSaTSelNegInUnpMtchDrops Counter64
1454: }
1455:
1456: t11FcSpSaTSelNegInIndex OBJECT-TYPE
1457: SYNTAX Unsigned32
1458: MAX-ACCESS not-accessible
1459: STATUS current
1460: DESCRIPTION
1461: "An index value to distinguish an ingress Traffic Selector
1462: from all others currently in use by Security Associations
1463: on the same interface to a particular Fabric."
1464: ::= { t11FcSpSaTSelNegInEntry 1 }
1465:
1466: t11FcSpSaTSelNegInInboundSpi OBJECT-TYPE
1467: SYNTAX T11FcSpiIndex
1468: MAX-ACCESS read-only
1469: STATUS current
1470: DESCRIPTION
1471: "The SPI of the ingress SA on which this Traffic Selector
1472: is in use.
1473:
1474: This value can be used to find the SA pair's row in the
1475: t11FcSpSaPairTable."
1476: ::= { t11FcSpSaTSelNegInEntry 2 }
1477:
1478: t11FcSpSaTSelNegInStartSrcAddr OBJECT-TYPE
1479: SYNTAX FcAddressIdOrZero (SIZE (3))
1480: MAX-ACCESS read-only
1481: STATUS current
1482: DESCRIPTION
1483: "The numerically smallest 24-bit value of a source address
1484: (S_ID) of a frame which will match with this Traffic
1485: Selector."
1486: ::= { t11FcSpSaTSelNegInEntry 3 }
1487:
1488: t11FcSpSaTSelNegInEndSrcAddr OBJECT-TYPE
1489: SYNTAX FcAddressIdOrZero (SIZE (3))
1490: MAX-ACCESS read-only
1491: STATUS current
1492: DESCRIPTION
1493: "The numerically largest 24-bit value of a source address
1494: (S_ID) of a frame which will match with this Traffic
1495: Selector."
1496: ::= { t11FcSpSaTSelNegInEntry 4 }
1497:
1498: t11FcSpSaTSelNegInStartDstAddr OBJECT-TYPE
1499: SYNTAX FcAddressIdOrZero (SIZE (3))
1500: MAX-ACCESS read-only
1501: STATUS current
1502: DESCRIPTION
1503: "The numerically smallest 24-bit value of a destination
1504: address (D_ID) of a frame which will match with this
1505: Traffic Selector."
1506: ::= { t11FcSpSaTSelNegInEntry 5 }
1507:
1508: t11FcSpSaTSelNegInEndDstAddr OBJECT-TYPE
1509: SYNTAX FcAddressIdOrZero (SIZE (3))
1510: MAX-ACCESS read-only
1511: STATUS current
1512: DESCRIPTION
1513: "The numerically largest 24-bit value of a destination
1514: address (D_ID) of a frame which will match with this
1515: Traffic Selector."
1516: ::= { t11FcSpSaTSelNegInEntry 6 }
1517:
1518: t11FcSpSaTSelNegInStartRCtl OBJECT-TYPE
1519: SYNTAX T11FcRoutingControl
1520: MAX-ACCESS read-only
1521: STATUS current
1522: DESCRIPTION
1523: "The numerically smallest 8-bit value contained within a
1524: Routing Control (R_CTL) field of a frame which will match
1525: with this Traffic Selector."
1526: ::= { t11FcSpSaTSelNegInEntry 7 }
1527:
1528: t11FcSpSaTSelNegInEndRCtl OBJECT-TYPE
1529: SYNTAX T11FcRoutingControl
1530: MAX-ACCESS read-only
1531: STATUS current
1532: DESCRIPTION
1533: "The numerically largest 8-bit value contained within a
1534: Routing Control (R_CTL) field of a frame which will match
1535: with this Traffic Selector."
1536: ::= { t11FcSpSaTSelNegInEntry 8 }
1537:
1538: t11FcSpSaTSelNegInStartType OBJECT-TYPE
1539: SYNTAX T11FcSpType
1540: MAX-ACCESS read-only
1541: STATUS current
1542: DESCRIPTION
1543: "The numerically smallest of a range of possible 'type'
1544: values of frames which will match with this Traffic
1545: Selector."
1546: ::= { t11FcSpSaTSelNegInEntry 9 }
1547:
1548: t11FcSpSaTSelNegInEndType OBJECT-TYPE
1549: SYNTAX T11FcSpType
1550: MAX-ACCESS read-only
1551: STATUS current
1552: DESCRIPTION
1553: "The numerically largest of a range of possible 'type'
1554: values of frames which will match with this Traffic
1555: Selector."
1556: ::= { t11FcSpSaTSelNegInEntry 10 }
1557:
1558: t11FcSpSaTSelNegInUnpMtchDrops OBJECT-TYPE
1559: SYNTAX Counter64
1560: MAX-ACCESS read-only
1561: STATUS current
1562: DESCRIPTION
1563: "The number of times that a received frame was dropped
1564: because it matched with this Traffic Selector but the
1565: frame was not protected as negotiated for the Security
1566: Association identified by t11FcSpSaTSelNegInInboundSpi.
1567:
1568: This counter has no discontinuities other than those
1569: which all Counter64's have when sysUpTime=0."
1570: ::= { t11FcSpSaTSelNegInEntry 11 }
1571:
1572: --
1573: -- Negotiated Egress Traffic Selectors
1574: --
1575:
1576: t11FcSpSaTSelNegOutTable OBJECT-TYPE
1577: SYNTAX SEQUENCE OF T11FcSpSaTSelNegOutEntry
1578: MAX-ACCESS not-accessible
1579: STATUS current
1580: DESCRIPTION
1581: "A table containing information about egress Traffic
1582: Selectors which are in use on active Security
1583: Associations."
1584: REFERENCE
1585: "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8,
1586: Fibre Channel - Security Protocols (FC-SP),
1587: 13 June 2006, sections 4.6, 4.7, and 6.4.5.
1588: - Use of IKEv2 in FC-SP, RFC 4595,
1589: July 2006, section 4.4."
1590: ::= { t11FcSpSaActive 3 }
1591:
1592: t11FcSpSaTSelNegOutEntry OBJECT-TYPE
1593: SYNTAX T11FcSpSaTSelNegOutEntry
1594: MAX-ACCESS not-accessible
1595: STATUS current
1596: DESCRIPTION
1597: "Each entry contains information about one egress Traffic
1598: Selector which is in use on an active Security Association
1599: on an interface (identified by t11FcSpSaPairIfIndex) to
1600: a particular Fabric (identified by t11FcSpSaIfFabricIndex),
1601: managed as part of the Fibre Channel management instance
1602: identified by fcmInstanceIndex."
1603: INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
1604: t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegOutPrecedence }
1605: ::= { t11FcSpSaTSelNegOutTable 1 }
1606:
1607: T11FcSpSaTSelNegOutEntry ::= SEQUENCE {
1608: t11FcSpSaTSelNegOutPrecedence T11FcSpPrecedence,
1609: t11FcSpSaTSelNegOutInboundSpi T11FcSpiIndex,
1610: t11FcSpSaTSelNegOutStartSrcAddr FcAddressIdOrZero,
1611: t11FcSpSaTSelNegOutEndSrcAddr FcAddressIdOrZero,
1612: t11FcSpSaTSelNegOutStartDstAddr FcAddressIdOrZero,
1613: t11FcSpSaTSelNegOutEndDstAddr FcAddressIdOrZero,
1614: t11FcSpSaTSelNegOutStartRCtl T11FcRoutingControl,
1615: t11FcSpSaTSelNegOutEndRCtl T11FcRoutingControl,
1616: t11FcSpSaTSelNegOutStartType T11FcSpType,
1617: t11FcSpSaTSelNegOutEndType T11FcSpType
1618: }
1619:
1620: t11FcSpSaTSelNegOutPrecedence OBJECT-TYPE
1621: SYNTAX T11FcSpPrecedence
1622: MAX-ACCESS not-accessible
1623: STATUS current
1624: DESCRIPTION
1625: "The precedence of this Traffic Selector. If and when a
1626: frame is compared against multiple Traffic Selectors, and
1627: multiple of them have a match with the frame, the security
1628: action to be taken for the frame is that specified for the
1629: matching Traffic Selector having the numerically smallest
1630: precedence value."
1631: ::= { t11FcSpSaTSelNegOutEntry 1 }
1632:
1633: t11FcSpSaTSelNegOutInboundSpi OBJECT-TYPE
1634: SYNTAX T11FcSpiIndex
1635: MAX-ACCESS read-only
1636: STATUS current
1637: DESCRIPTION
1638: "The SPI of the ingress SA of the SA pair for which this
1639: Traffic Selector is in use on the egress SA.
1640:
1641: This value can be used to find the SA pair's row in the
1642: t11FcSpSaPairTable."
1643: ::= { t11FcSpSaTSelNegOutEntry 2 }
1644:
1645: t11FcSpSaTSelNegOutStartSrcAddr OBJECT-TYPE
1646: SYNTAX FcAddressIdOrZero (SIZE (3))
1647: MAX-ACCESS read-only
1648: STATUS current
1649: DESCRIPTION
1650: "The numerically smallest 24-bit value of a source address
1651: (S_ID) of a frame which will match with this Traffic
1652: Selector."
1653: ::= { t11FcSpSaTSelNegOutEntry 3 }
1654:
1655: t11FcSpSaTSelNegOutEndSrcAddr OBJECT-TYPE
1656: SYNTAX FcAddressIdOrZero (SIZE (3))
1657: MAX-ACCESS read-only
1658: STATUS current
1659: DESCRIPTION
1660: "The numerically largest 24-bit value of a source address
1661: (S_ID) of a frame which will match with this Traffic
1662: Selector."
1663: ::= { t11FcSpSaTSelNegOutEntry 4 }
1664:
1665: t11FcSpSaTSelNegOutStartDstAddr OBJECT-TYPE
1666: SYNTAX FcAddressIdOrZero (SIZE (3))
1667: MAX-ACCESS read-only
1668: STATUS current
1669: DESCRIPTION
1670: "The numerically smallest 24-bit value of a destination
1671: address (D_ID) of a frame which will match with this
1672: Traffic Selector."
1673: ::= { t11FcSpSaTSelNegOutEntry 5 }
1674:
1675: t11FcSpSaTSelNegOutEndDstAddr OBJECT-TYPE
1676: SYNTAX FcAddressIdOrZero (SIZE (3))
1677: MAX-ACCESS read-only
1678: STATUS current
1679: DESCRIPTION
1680: "The numerically largest 24-bit value of a destination
1681: address (D_ID) of a frame which will match with this
1682: Traffic Selector."
1683: ::= { t11FcSpSaTSelNegOutEntry 6 }
1684:
1685: t11FcSpSaTSelNegOutStartRCtl OBJECT-TYPE
1686: SYNTAX T11FcRoutingControl
1687: MAX-ACCESS read-only
1688: STATUS current
1689: DESCRIPTION
1690: "The numerically smallest 8-bit value contained within a
1691: Routing Control (R_CTL) field of a frame which will match
1692: with this Traffic Selector."
1693: ::= { t11FcSpSaTSelNegOutEntry 7 }
1694:
1695: t11FcSpSaTSelNegOutEndRCtl OBJECT-TYPE
1696: SYNTAX T11FcRoutingControl
1697: MAX-ACCESS read-only
1698: STATUS current
1699: DESCRIPTION
1700: "The numerically largest 8-bit value contained within a
1701: Routing Control (R_CTL) field of a frame which will match
1702: with this Traffic Selector."
1703: ::= { t11FcSpSaTSelNegOutEntry 8 }
1704:
1705: t11FcSpSaTSelNegOutStartType OBJECT-TYPE
1706: SYNTAX T11FcSpType
1707: MAX-ACCESS read-only
1708: STATUS current
1709: DESCRIPTION
1710: "The numerically smallest of a range of possible 'type'
1711: values of frames which will match with this Traffic
1712: Selector."
1713: ::= { t11FcSpSaTSelNegOutEntry 9 }
1714:
1715: t11FcSpSaTSelNegOutEndType OBJECT-TYPE
1716: SYNTAX T11FcSpType
1717: MAX-ACCESS read-only
1718: STATUS current
1719: DESCRIPTION
1720: "The numerically largest of a range of possible 'type'
1721: values of frames which will match with this Traffic
1722: Selector."
1723: ::= { t11FcSpSaTSelNegOutEntry 10 }
1724:
1725: --
1726: -- Traffic Selectors index-ed by SPI
1727: --
1728:
1729: t11FcSpSaTSelSpiTable OBJECT-TYPE
1730: SYNTAX SEQUENCE OF T11FcSpSaTSelSpiEntry
1731: MAX-ACCESS not-accessible
1732: STATUS current
1733: DESCRIPTION
1734: "A table identifying the Traffic Selectors in use on
1735: particular Security Associations, index-ed by their
1736: (ingress) SPI values."
1737: ::= { t11FcSpSaActive 4 }
1738:
1739: t11FcSpSaTSelSpiEntry OBJECT-TYPE
1740: SYNTAX T11FcSpSaTSelSpiEntry
1741: MAX-ACCESS not-accessible
1742: STATUS current
1743: DESCRIPTION
1744: "Each entry identifies one Traffic Selector in use on an SA
1745: pair on the interface (identified by t11FcSpSaPairIfIndex)
1746: to a particular Fabric (identified by
1747: t11FcSpSaIfFabricIndex), and managed as part of the Fibre
1748: Channel management instance identified by fcmInstanceIndex."
1749: INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
1750: t11FcSpSaIfFabricIndex,
1751: t11FcSpSaTSelSpiInboundSpi, t11FcSpSaTSelSpiTrafSelIndex }
1752: ::= { t11FcSpSaTSelSpiTable 1 }
1753:
1754: T11FcSpSaTSelSpiEntry ::= SEQUENCE {
1755: t11FcSpSaTSelSpiInboundSpi T11FcSpiIndex,
1756: t11FcSpSaTSelSpiTrafSelIndex Unsigned32,
1757: t11FcSpSaTSelSpiDirection INTEGER,
1758: t11FcSpSaTSelSpiTrafSelPtr Unsigned32
1759: }
1760:
1761: t11FcSpSaTSelSpiInboundSpi OBJECT-TYPE
1762: SYNTAX T11FcSpiIndex
1763: MAX-ACCESS not-accessible
1764: STATUS current
1765: DESCRIPTION
1766: "An SPI value which identifies the ingress Security
1767: Association of a particular SA pair."
1768: ::= { t11FcSpSaTSelSpiEntry 1 }
1769:
1770: t11FcSpSaTSelSpiTrafSelIndex OBJECT-TYPE
1771: SYNTAX Unsigned32
1772: MAX-ACCESS not-accessible
1773: STATUS current
1774: DESCRIPTION
1775: "An index value which distinguishes between the
1776: (potentially multiple) Traffic Selectors in use on
1777: this Security Association pair."
1778: ::= { t11FcSpSaTSelSpiEntry 2 }
1779:
1780: t11FcSpSaTSelSpiDirection OBJECT-TYPE
1781: SYNTAX T11FcSaDirection
1782: MAX-ACCESS read-only
1783: STATUS current
1784: DESCRIPTION
1785: "This object indicates whether this Traffic Selector
1786: is being used for ingress or for egress traffic."
1787: ::= { t11FcSpSaTSelSpiEntry 3 }
1788:
1789: t11FcSpSaTSelSpiTrafSelPtr OBJECT-TYPE
1790: SYNTAX Unsigned32
1791: MAX-ACCESS read-only
1792: STATUS current
1793: DESCRIPTION
1794: "This object contains a pointer into another table which
1795: can be used to obtain more information about this Traffic
1796: Selector.
1797: If the corresponding instance of t11FcSpSaTSelSpiDirection
1798: has the value 'egress', then this object contains the
1799: the value of t11FcSpSaTSelNegOutPrecedence in the row of
1800: t11FcSpSaTSelNegOutTable which contains more information.
1801:
1802: If the corresponding instance of t11FcSpSaTSelSpiDirection
1803: has the value 'ingress', then this object contains the
1804: value of t11FcSpSaTSelNegInIndex which identifies the row
1805: in t11FcSpSaTSelNegInTable containing more information."
1806: ::= { t11FcSpSaTSelSpiEntry 4 }
1807:
1808: --
1809: -- Notification information & control
1810: --
1811:
1812: t11FcSpSaControlTable OBJECT-TYPE
1813: SYNTAX SEQUENCE OF T11FcSpSaControlEntry
1814: MAX-ACCESS not-accessible
1815: STATUS current
1816: DESCRIPTION
1817: "A table of control and other information concerning
1818: the generation of notifications for events related
1819: to FC-SP Security Associations."
1820: ::= { t11FcSpSaControl 1 }
1821:
1822: t11FcSpSaControlEntry OBJECT-TYPE
1823: SYNTAX T11FcSpSaControlEntry
1824: MAX-ACCESS not-accessible
1825: STATUS current
1826: DESCRIPTION
1827: "Each entry identifies information for the one or more
1828: interfaces (identified by t11FcSpSaIfIndex) to a
1829: particular Fabric (identified by t11FcSpSaIfFabricIndex),
1830: and managed as part of the Fibre Channel management
1831: instance identified by fcmInstanceIndex.
1832:
1833: The StorageType of a row in this table is specified by
1834: the instance of t11FcSpSaIfStorageType which is INDEX-ed
1835: by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
1836: and t11FcSpSaIfFabricIndex."
1837: INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
1838: t11FcSpSaIfFabricIndex }
1839: ::= { t11FcSpSaControlTable 1 }
1840:
1841: T11FcSpSaControlEntry ::= SEQUENCE {
1842: t11FcSpSaControlAuthFailEnable TruthValue,
1843: t11FcSpSaControlInboundSpi T11FcSpiIndex,
1844: t11FcSpSaControlSource FcAddressIdOrZero,
1845: t11FcSpSaControlDestination FcAddressIdOrZero,
1846: t11FcSpSaControlFrame OCTET STRING,
1847: t11FcSpSaControlElapsed TimeTicks,
1848: t11FcSpSaControlSuppressed Gauge32,
1849: t11FcSpSaControlWindow Unsigned32,
1850: t11FcSpSaControlLifeExcdEnable TruthValue,
1851: t11FcSpSaControlLifeExcdSpi T11FcSpiIndex,
1852: t11FcSpSaControlLifeExcdDir T11FcSaDirection,
1853: t11FcSpSaControlLifeExcdTime TimeStamp
1854: }
1855:
1856: t11FcSpSaControlAuthFailEnable OBJECT-TYPE
1857: SYNTAX TruthValue
1858: MAX-ACCESS read-write
1859: STATUS current
1860: DESCRIPTION
1861: "This object specifies whether a t11FcSpSaNotifyAuthFailure
1862: notification should be generated for the first occurrence
1863: of an Authentication failure within a time window for this
1864: Fabric."
1865: ::= { t11FcSpSaControlEntry 1 }
1866:
1867: t11FcSpSaControlInboundSpi OBJECT-TYPE
1868: SYNTAX T11FcSpiIndex
1869: MAX-ACCESS read-only
1870: STATUS current
1871: DESCRIPTION
1872: "The SPI value of the ingress Security Association on
1873: which was received the last frame for which a
1874: t11FcSpSaNotifyAuthFailure was generated.
1875:
1876: If no t11FcSpSaNotifyAuthFailure notifications have
1877: been generated, the value of this object is zero."
1878: ::= { t11FcSpSaControlEntry 2 }
1879:
1880: t11FcSpSaControlSource OBJECT-TYPE
1881: SYNTAX FcAddressIdOrZero
1882: MAX-ACCESS read-only
1883: STATUS current
1884: DESCRIPTION
1885: "The S_ID contained in the last frame for which a
1886: t11FcSpSaNotifyAuthFailure was generated.
1887:
1888: If no t11FcSpSaNotifyAuthFailure notifications have
1889: been generated, the value of this object is the
1890: zero-length string."
1891: ::= { t11FcSpSaControlEntry 3 }
1892:
1893: t11FcSpSaControlDestination OBJECT-TYPE
1894: SYNTAX FcAddressIdOrZero
1895: MAX-ACCESS read-only
1896: STATUS current
1897: DESCRIPTION
1898: "The D_ID contained in the last frame for which a
1899: t11FcSpSaNotifyAuthFailure was generated.
1900:
1901: If no t11FcSpSaNotifyAuthFailure notifications have
1902: been generated, the value of this object is the
1903: zero-length string."
1904: ::= { t11FcSpSaControlEntry 4 }
1905:
1906: t11FcSpSaControlFrame OBJECT-TYPE
1907: SYNTAX OCTET STRING (SIZE (0..256))
1908: MAX-ACCESS read-only
1909: STATUS current
1910: DESCRIPTION
1911: "The binary content of the last frame for which a
1912: t11FcSpSaNotifyAuthFailure was generated. If more than
1913: 256 bytes of the frame are available, then this object
1914: contains the first 256 bytes. If less than 256 bytes of
1915: the frame are available, then this object contains the
1916: first N bytes, where N is greater or equal to zero.
1917:
1918: If no t11FcSpSaNotifyAuthFailure notifications have
1919: been generated, the value of this object is the
1920: zero-length string."
1921: ::= { t11FcSpSaControlEntry 5 }
1922:
1923: t11FcSpSaControlElapsed OBJECT-TYPE
1924: SYNTAX TimeTicks
1925: MAX-ACCESS read-only
1926: STATUS current
1927: DESCRIPTION
1928: "The elapsed time since the last generation of a
1929: t11FcSpSaNotifyAuthFailure notification on the same
1930: Fabric, or the value of sysUpTime if no
1931: t11FcSpSaNotifyAuthFailure notifications have been
1932: generated since the last restart."
1933: ::= { t11FcSpSaControlEntry 6 }
1934:
1935: t11FcSpSaControlSuppressed OBJECT-TYPE
1936: SYNTAX Gauge32
1937: MAX-ACCESS read-only
1938: STATUS current
1939: DESCRIPTION
1940: "The number of occurrences of an Authentication failure
1941: on a Fabric which were suppressed because they occurred
1942: on the same Fabric within the same time window as a
1943: previous Authentication failure for which a
1944: t11FcSpSaNotifyAuthFailure notification was generated.
1945:
1946: The value of this object is reset to zero on a restart
1947: of the network management subsystem, and whenever a
1948: t11FcSpSaNotifyAuthFailure notification is generated.
1949: In the event that the value of this object reaches its
1950: maximum value, it remains at that value until it is
1951: reset on the generation of the next
1952: t11FcSpSaNotifyAuthFailure notification."
1953: ::= { t11FcSpSaControlEntry 7 }
1954:
1955: t11FcSpSaControlWindow OBJECT-TYPE
1956: SYNTAX Unsigned32
1957: UNITS "seconds"
1958: MAX-ACCESS read-write
1959: STATUS current
1960: DESCRIPTION
1961: "The length of a time window which begins when a
1962: t11FcSpSaNotifyAuthFailure notification is generated.
1963: Subsequent Authentication failures occurring on the
1964: same Fabric in the same time window are counted but no
1965: t11FcSpSaNotifyAuthFailure notification is generated.
1966:
1967: When this object is modified before the end of a time
1968: window, that time window is immediately terminated, i.e.,
1969: the next Authentication failure on the relevant Fabric
1970: after the modification will cause a new time window to
1971: begin with the new length."
1972: DEFVAL { 300 }
1973: ::= { t11FcSpSaControlEntry 8 }
1974:
1975: t11FcSpSaControlLifeExcdEnable OBJECT-TYPE
1976: SYNTAX TruthValue
1977: MAX-ACCESS read-write
1978: STATUS current
1979: DESCRIPTION
1980: "This object specifies whether t11FcSpSaNotifyLifeExceeded
1981: notifications should be generated for this Fabric."
1982: DEFVAL { true }
1983: ::= { t11FcSpSaControlEntry 9 }
1984:
1985: t11FcSpSaControlLifeExcdSpi OBJECT-TYPE
1986: SYNTAX T11FcSpiIndex
1987: MAX-ACCESS read-only
1988: STATUS current
1989: DESCRIPTION
1990: "The SPI of the SA which was most recently terminated
1991: because its lifetime (in seconds or in passed bytes)
1992: was exceeded. Such terminations include those due to
1993: a failed attempt to renew an SA after its lifetime was
1994: exceeded."
1995: ::= { t11FcSpSaControlEntry 10 }
1996:
1997: t11FcSpSaControlLifeExcdDir OBJECT-TYPE
1998: SYNTAX T11FcSaDirection
1999: MAX-ACCESS read-only
2000: STATUS current
2001: DESCRIPTION
2002: "The direction of frame transmission on the SA which was
2003: most recently terminated because its lifetime (in seconds
2004: or in passed bytes) was exceeded."
2005: ::= { t11FcSpSaControlEntry 11 }
2006:
2007: t11FcSpSaControlLifeExcdTime OBJECT-TYPE
2008: SYNTAX TimeStamp
2009: MAX-ACCESS read-only
2010: STATUS current
2011: DESCRIPTION
2012: "The time of the most recent termination of an SA
2013: due to its lifetime (in seconds or in passed bytes)
2014: being exceeded. Such terminations include those
2015: due to a failed attempt to renew an SA after its
2016: lifetime was exceeded."
2017: ::= { t11FcSpSaControlEntry 12 }
2018:
2019: --
2020: -- Notification definitions
2021: --
2022:
2023: t11FcSpSaNotifyAuthFailure NOTIFICATION-TYPE
2024: OBJECTS { t11FcSpSaControlInboundSpi,
2025: t11FcSpSaControlSource,
2026: t11FcSpSaControlDestination,
2027: t11FcSpSaControlFrame,
2028: t11FcSpSaControlElapsed,
2029: t11FcSpSaControlSuppressed }
2030: STATUS current
2031: DESCRIPTION
2032: "When this notification is generated, it indicates the
2033: occurrence of an Authentication failure for a received
2034: FC-2 or CT_IU frame. The t11FcSpSaControlInboundSpi,
2035: t11FcSpSaControlSource and t11FcSpSaControlDestination
2036: objects in the varbindlist are the frame's SPI, source and
2037: destination addresses, respectively. t11FcSpSaControlFrame
2038: provides the (beginning of the) frame's content if such is
2039: available.
2040:
2041: This notification is generated only for the first
2042: occurrence of an Authentication failure on a Fabric within
2043: a time window. Subsequent occurrences of an Authentication
2044: Failure on the same Fabric within the same time window
2045: are counted but suppressed.
2046:
2047: The value of t11FcSpSaControlElapsed contains (a lower bound
2048: on) the elapsed time since the last generation of this
2049: notification for the same Fabric. The value of
2050: t11FcSpSaControlSuppressed contains the number of
2051: generations which were suppressed in the time window after
2052: that last generation, or zero if unknown."
2053: ::= { t11FcSpSaMIBNotifications 1 }
2054:
2055: t11FcSpSaNotifyLifeExceeded NOTIFICATION-TYPE
2056: OBJECTS { t11FcSpSaControlLifeExcdSpi,
2057: t11FcSpSaControlLifeExcdDir }
2058: STATUS current
2059: DESCRIPTION
2060: "This notification is generated when the lifetime (in
2061: seconds or in passed bytes) of an SA is exceeded, and the
2062: SA is either immediately terminated or is terminated
2063: because an attempt to renew the SA fails. The values of
2064: t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir
2065: contain the SPI and direction of the terminated SA."
2066: ::= { t11FcSpSaMIBNotifications 2 }
2067:
2068:
2069: --
2070: -- Conformance
2071: --
2072:
2073: t11FcSpSaMIBCompliances
2074: OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 1 }
2075: t11FcSpSaMIBGroups OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 2 }
2076:
2077: t11FcSpSaMIBCompliance MODULE-COMPLIANCE
2078: STATUS current
2079: DESCRIPTION
2080: "The compliance statement for entities which implement
2081: FC-SP Security Associations."
2082:
2083: MODULE -- this module
2084: MANDATORY-GROUPS
2085: { t11FcSpSaCapabilityGroup,
2086: t11FcSpSaParamStatusGroup,
2087: t11FcSpSaSummaryCountGroup,
2088: t11FcSpSaProposalGroup,
2089: t11FcSpSaDropBypassGroup,
2090: t11FcSpSaActiveGroup,
2091: t11FcSpSaNotifInfoGroup,
2092: t11FcSpSaNotificationGroup
2093: }
2094:
2095: -- The following is an auxiliary (listed in an INDEX clause)
2096: -- object for which the SMIv2 does not allow an OBJECT clause
2097: -- to be specified, but for which this MIB has the following
2098: -- compliance requirement:
2099: -- OBJECT t11FcSpSaIfIndex
2100: -- DESCRIPTION
2101: -- Compliance requires support for either one of:
2102: -- - individual interfaces using ifIndex values, or
2103: -- - the use of the zero value.
2104:
2105: -- Write access is not required for any objects in this MIB module:
2106:
2107: OBJECT t11FcSpSaIfStorageType
2108: MIN-ACCESS read-only
2109: DESCRIPTION "Write access is not required."
2110:
2111: OBJECT t11FcSpSaIfReplayPrevention
2112: MIN-ACCESS read-only
2113: DESCRIPTION "Write access is not required."
2114:
2115: OBJECT t11FcSpSaIfReplayWindowSize
2116: MIN-ACCESS read-only
2117: DESCRIPTION "Write access is not required."
2118:
2119: OBJECT t11FcSpSaIfTerminateAllSas
2120: MIN-ACCESS read-only
2121: DESCRIPTION "Write access is not required."
2122:
2123: OBJECT t11FcSpSaPropSecurityProt
2124: MIN-ACCESS read-only
2125: DESCRIPTION "Write access is not required."
2126:
2127: OBJECT t11FcSpSaPropTSelListIndex
2128: MIN-ACCESS read-only
2129: DESCRIPTION "Write access is not required."
2130:
2131: OBJECT t11FcSpSaPropTransListIndex
2132: MIN-ACCESS read-only
2133: DESCRIPTION "Write access is not required."
2134:
2135: OBJECT t11FcSpSaPropAcceptAlgorithm
2136: MIN-ACCESS read-only
2137: DESCRIPTION "Write access is not required."
2138:
2139: OBJECT t11FcSpSaPropRowStatus
2140: MIN-ACCESS read-only
2141: DESCRIPTION "Write access is not required."
2142:
2143: OBJECT t11FcSpSaTSelPropDirection
2144: MIN-ACCESS read-only
2145: DESCRIPTION "Write access is not required."
2146:
2147: OBJECT t11FcSpSaTSelPropPrecedence
2148: MIN-ACCESS read-only
2149: DESCRIPTION "Write access is not required."
2150:
2151: OBJECT t11FcSpSaTSelPropStartSrcAddr
2152: MIN-ACCESS read-only
2153: DESCRIPTION "Write access is not required."
2154: OBJECT t11FcSpSaTSelPropEndSrcAddr
2155: MIN-ACCESS read-only
2156: DESCRIPTION "Write access is not required."
2157:
2158: OBJECT t11FcSpSaTSelPropStartDstAddr
2159: MIN-ACCESS read-only
2160: DESCRIPTION "Write access is not required."
2161:
2162: OBJECT t11FcSpSaTSelPropEndDstAddr
2163: MIN-ACCESS read-only
2164: DESCRIPTION "Write access is not required."
2165:
2166: OBJECT t11FcSpSaTSelPropStartRCtl
2167: MIN-ACCESS read-only
2168: DESCRIPTION "Write access is not required."
2169:
2170: OBJECT t11FcSpSaTSelPropEndRCtl
2171: MIN-ACCESS read-only
2172: DESCRIPTION "Write access is not required."
2173:
2174: OBJECT t11FcSpSaTSelPropStartType
2175: MIN-ACCESS read-only
2176: DESCRIPTION "Write access is not required."
2177:
2178: OBJECT t11FcSpSaTSelPropEndType
2179: MIN-ACCESS read-only
2180: DESCRIPTION "Write access is not required."
2181:
2182: OBJECT t11FcSpSaTSelPropRowStatus
2183: MIN-ACCESS read-only
2184: DESCRIPTION "Write access is not required."
2185:
2186: OBJECT t11FcSpSaTransSecurityProt
2187: MIN-ACCESS read-only
2188: DESCRIPTION "Write access is not required."
2189:
2190: OBJECT t11FcSpSaTransEncryptAlg
2191: MIN-ACCESS read-only
2192: DESCRIPTION "Write access is not required."
2193:
2194: OBJECT t11FcSpSaTransEncryptKeyLen
2195: MIN-ACCESS read-only
2196: DESCRIPTION "Write access is not required."
2197:
2198: OBJECT t11FcSpSaTransIntegrityAlg
2199: MIN-ACCESS read-only
2200: DESCRIPTION "Write access is not required."
2201:
2202: OBJECT t11FcSpSaTransRowStatus
2203: MIN-ACCESS read-only
2204: DESCRIPTION "Write access is not required."
2205:
2206: OBJECT t11FcSpSaTSelDrByAction
2207: MIN-ACCESS read-only
2208: DESCRIPTION "Write access is not required."
2209:
2210: OBJECT t11FcSpSaTSelDrByStartSrcAddr
2211: MIN-ACCESS read-only
2212: DESCRIPTION "Write access is not required."
2213:
2214: OBJECT t11FcSpSaTSelDrByEndSrcAddr
2215: MIN-ACCESS read-only
2216: DESCRIPTION "Write access is not required."
2217:
2218: OBJECT t11FcSpSaTSelDrByStartDstAddr
2219: MIN-ACCESS read-only
2220: DESCRIPTION "Write access is not required."
2221:
2222: OBJECT t11FcSpSaTSelDrByEndDstAddr
2223: MIN-ACCESS read-only
2224: DESCRIPTION "Write access is not required."
2225:
2226: OBJECT t11FcSpSaTSelDrByStartRCtl
2227: MIN-ACCESS read-only
2228: DESCRIPTION "Write access is not required."
2229:
2230: OBJECT t11FcSpSaTSelDrByEndRCtl
2231: MIN-ACCESS read-only
2232: DESCRIPTION "Write access is not required."
2233:
2234: OBJECT t11FcSpSaTSelDrByStartType
2235: MIN-ACCESS read-only
2236: DESCRIPTION "Write access is not required."
2237:
2238: OBJECT t11FcSpSaTSelDrByEndType
2239: MIN-ACCESS read-only
2240: DESCRIPTION "Write access is not required."
2241:
2242: OBJECT t11FcSpSaTSelDrByRowStatus
2243: MIN-ACCESS read-only
2244: DESCRIPTION "Write access is not required."
2245:
2246: OBJECT t11FcSpSaPairTerminate
2247: MIN-ACCESS read-only
2248: DESCRIPTION "Write access is not required."
2249:
2250: OBJECT t11FcSpSaControlAuthFailEnable
2251: MIN-ACCESS read-only
2252: DESCRIPTION "Write access is not required."
2253:
2254: OBJECT t11FcSpSaControlWindow
2255: MIN-ACCESS read-only
2256: DESCRIPTION "Write access is not required."
2257:
2258: OBJECT t11FcSpSaControlLifeExcdEnable
2259: MIN-ACCESS read-only
2260: DESCRIPTION "Write access is not required."
2261:
2262: ::= { t11FcSpSaMIBCompliances 1 }
2263:
2264: -- Units of Conformance
2265:
2266: t11FcSpSaCapabilityGroup OBJECT-GROUP
2267: OBJECTS { t11FcSpSaIfEspHeaderCapab,
2268: t11FcSpSaIfCTAuthCapab,
2269: t11FcSpSaIfIKEv2Capab,
2270: t11FcSpSaIfIkev2AuthCapab
2271: }
2272: STATUS current
2273: DESCRIPTION
2274: "A collection of objects containing information
2275: related to capabilities of FC-SP entities."
2276: ::= { t11FcSpSaMIBGroups 1 }
2277:
2278: t11FcSpSaParamStatusGroup OBJECT-GROUP
2279: OBJECTS { t11FcSpSaIfStorageType,
2280: t11FcSpSaIfReplayPrevention,
2281: t11FcSpSaIfReplayWindowSize,
2282: t11FcSpSaIfDeadPeerDetections,
2283: t11FcSpSaIfTerminateAllSas
2284: }
2285: STATUS current
2286: DESCRIPTION
2287: "A collection of objects containing parameters
2288: and status information related to FC-SP entities."
2289: ::= { t11FcSpSaMIBGroups 2 }
2290:
2291: t11FcSpSaSummaryCountGroup OBJECT-GROUP
2292: OBJECTS { t11FcSpSaIfOutDrops,
2293: t11FcSpSaIfOutBypasses,
2294: t11FcSpSaIfOutProcesses,
2295: t11FcSpSaIfOutUnMatcheds,
2296: t11FcSpSaIfInUnprotUnmtchDrops,
2297: t11FcSpSaIfInDetReplays,
2298: t11FcSpSaIfInUnprotMtchDrops,
2299: t11FcSpSaIfInBadXforms,
2300: t11FcSpSaIfInGoodXforms,
2301: t11FcSpSaIfInProtUnmtchs
2302: }
2303: STATUS current
2304: DESCRIPTION
2305: "A collection of objects containing summary
2306: counters for FC-SP Security Associations."
2307: ::= { t11FcSpSaMIBGroups 3 }
2308:
2309: t11FcSpSaProposalGroup OBJECT-GROUP
2310: OBJECTS { t11FcSpSaPropSecurityProt,
2311: t11FcSpSaPropTSelListIndex,
2312: t11FcSpSaPropTransListIndex,
2313: t11FcSpSaPropAcceptAlgorithm,
2314: t11FcSpSaPropOutMatchSucceeds,
2315: t11FcSpSaPropRowStatus,
2316: t11FcSpSaTSelPropDirection,
2317: t11FcSpSaTSelPropPrecedence,
2318: t11FcSpSaTSelPropStartSrcAddr,
2319: t11FcSpSaTSelPropEndSrcAddr,
2320: t11FcSpSaTSelPropStartDstAddr,
2321: t11FcSpSaTSelPropEndDstAddr,
2322: t11FcSpSaTSelPropStartRCtl,
2323: t11FcSpSaTSelPropEndRCtl,
2324: t11FcSpSaTSelPropStartType,
2325: t11FcSpSaTSelPropEndType,
2326: t11FcSpSaTSelPropRowStatus
2327: }
2328: STATUS current
2329: DESCRIPTION
2330: "A collection of objects containing information
2331: related to making and accepting proposals for
2332: FC-SP Security Associations."
2333: ::= { t11FcSpSaMIBGroups 4 }
2334:
2335: t11FcSpSaDropBypassGroup OBJECT-GROUP
2336: OBJECTS { t11FcSpSaTSelDrByAction,
2337: t11FcSpSaTSelDrByStartSrcAddr,
2338: t11FcSpSaTSelDrByEndSrcAddr,
2339: t11FcSpSaTSelDrByStartDstAddr,
2340: t11FcSpSaTSelDrByEndDstAddr,
2341: t11FcSpSaTSelDrByStartRCtl,
2342: t11FcSpSaTSelDrByEndRCtl,
2343: t11FcSpSaTSelDrByStartType,
2344: t11FcSpSaTSelDrByEndType,
2345: t11FcSpSaTSelDrByMatches,
2346: t11FcSpSaTSelDrByRowStatus
2347: }
2348: STATUS current
2349: DESCRIPTION
2350: "A collection of objects containing information
2351: about Traffic Selectors of traffic to drop or bypass
2352: for FC-SP Security."
2353: ::= { t11FcSpSaMIBGroups 5 }
2354:
2355: t11FcSpSaActiveGroup OBJECT-GROUP
2356: OBJECTS { t11FcSpSaPairSecurityProt,
2357: t11FcSpSaPairTransListIndex,
2358: t11FcSpSaPairTransIndex,
2359: t11FcSpSaPairLifetimeLeft,
2360: t11FcSpSaPairLifetimeLeftUnits,
2361: t11FcSpSaPairTerminate,
2362: t11FcSpSaPairInProtUnMatchs,
2363: t11FcSpSaPairInDetReplays,
2364: t11FcSpSaPairInBadXforms,
2365: t11FcSpSaPairInGoodXforms,
2366: t11FcSpSaTransSecurityProt,
2367: t11FcSpSaTransEncryptAlg,
2368: t11FcSpSaTransEncryptKeyLen,
2369: t11FcSpSaTransIntegrityAlg,
2370: t11FcSpSaTransRowStatus,
2371: t11FcSpSaTSelNegInInboundSpi,
2372: t11FcSpSaTSelNegInStartSrcAddr,
2373: t11FcSpSaTSelNegInEndSrcAddr,
2374: t11FcSpSaTSelNegInStartDstAddr,
2375: t11FcSpSaTSelNegInEndDstAddr,
2376: t11FcSpSaTSelNegInStartRCtl,
2377: t11FcSpSaTSelNegInEndRCtl,
2378: t11FcSpSaTSelNegInStartType,
2379: t11FcSpSaTSelNegInEndType,
2380: t11FcSpSaTSelNegInUnpMtchDrops,
2381: t11FcSpSaTSelNegOutInboundSpi,
2382: t11FcSpSaTSelNegOutStartSrcAddr,
2383: t11FcSpSaTSelNegOutEndSrcAddr,
2384: t11FcSpSaTSelNegOutStartDstAddr,
2385: t11FcSpSaTSelNegOutEndDstAddr,
2386: t11FcSpSaTSelNegOutStartRCtl,
2387: t11FcSpSaTSelNegOutEndRCtl,
2388: t11FcSpSaTSelNegOutStartType,
2389: t11FcSpSaTSelNegOutEndType,
2390: t11FcSpSaTSelSpiDirection,
2391: t11FcSpSaTSelSpiTrafSelPtr
2392: }
2393: STATUS current
2394: DESCRIPTION
2395: "A collection of objects containing information related
2396: to currently active FC-SP Security Associations."
2397: ::= { t11FcSpSaMIBGroups 6 }
2398:
2399: t11FcSpSaNotifInfoGroup OBJECT-GROUP
2400: OBJECTS { t11FcSpSaControlAuthFailEnable,
2401: t11FcSpSaControlInboundSpi,
2402: t11FcSpSaControlSource,
2403: t11FcSpSaControlDestination,
2404: t11FcSpSaControlFrame,
2405: t11FcSpSaControlElapsed,
2406: t11FcSpSaControlSuppressed,
2407: t11FcSpSaControlWindow,
2408: t11FcSpSaControlLifeExcdEnable,
2409: t11FcSpSaControlLifeExcdSpi,
2410: t11FcSpSaControlLifeExcdDir,
2411: t11FcSpSaControlLifeExcdTime
2412: }
2413: STATUS current
2414: DESCRIPTION
2415: "A collection of objects containing information
2416: related to notifications of events concerning
2417: FC-SP Security Associations."
2418: ::= { t11FcSpSaMIBGroups 7 }
2419:
2420: t11FcSpSaNotificationGroup NOTIFICATION-GROUP
2421: NOTIFICATIONS { t11FcSpSaNotifyAuthFailure,
2422: t11FcSpSaNotifyLifeExceeded
2423: }
2424: STATUS current
2425: DESCRIPTION
2426: "A collection of notifications of events concerning
2427: FC-SP Security Associations."
2428: ::= { t11FcSpSaMIBGroups 8 }
2429:
2430: END
2431:
2432: --
2433: -- Copyright (C) The IETF Trust (2007). This document is subject to the
2434: -- rights, licenses and restrictions contained in BCP 78, and except as
2435: -- set forth therein, the authors retain all their rights.
2436: --
2437: -- This document and the information contained herein are provided on an
2438: -- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
2439: -- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
2440: -- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
2441: -- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
2442: -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
2443: -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
2444: --
2445: -- Disclaimer of validity
2446: --
2447: -- The IETF takes no position regarding the validity or scope of any
2448: -- Intellectual Property Rights or other rights that might be claimed to
2449: -- pertain to the implementation or use of the technology described in
2450: -- this document or the extent to which any license under such rights
2451: -- might or might not be available; nor does it represent that it has
2452: -- made any independent effort to identify any such rights. Information
2453: -- on the procedures with respect to rights in RFC documents can be
2454: -- found in BCP 78 and BCP 79.
2455: --
2456: -- Copies of IPR disclosures made to the IETF Secretariat and any
2457: -- assurances of licenses to be made available, or the result of an
2458: -- attempt made to obtain a general license or permission for the use of
2459: -- such proprietary rights by implementers or users of this
2460: -- specification can be obtained from the IETF on-line IPR repository at
2461: -- http://www.ietf.org/ipr.
2462: --
2463: -- The IETF invites any interested party to bring to its attention any
2464: -- copyrights, patents or patent applications, or other proprietary
2465: -- rights that may cover technology that may be required to implement
2466: -- this standard. Please address the information to the IETF at
2467: -- ietf-ipr@ietf.org.
2468: --
2469: -- Acknowledgment
2470: --
2471: -- Funding for the RFC Editor function is currently provided by the
2472: -- Internet Society.
2473: