-- ============================================================================= -- Copyright (C) 2022 by HUAWEI SYMANTEC TECHNOLOGIES. All rights reserved. -- Description: The MIB is designed to get IPSec tunnels' statistic information. -- Reference: Huawei Enterprise MIB -- Version: V1.24 -- History: -- V1.0 The initial version created by LiShengbai 90004270. -- ============================================================================= HUAWEI-SECURITY-IPSEC-MIB DEFINITIONS ::= BEGIN IMPORTS Gauge32, IpAddress, Counter64, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF enterprises FROM RFC1155-SMI Ipv6Address FROM IPV6-TC; hwIpsec MODULE-IDENTITY LAST-UPDATED "202206131540Z" --June 13, 2022 at 15:48 GMT ORGANIZATION "Huawei Technologies Co.,Ltd." CONTACT-INFO "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com" DESCRIPTION "V1.24 fix hwIPSecTunnelStatusChange description." REVISION "202206131540Z" DESCRIPTION "V1.23 add hwIPSecTunnelPolicyAlias for hwIPSecTunnelStatusChange." REVISION "202110071449Z" DESCRIPTION "V1.22 add add hwIPSecTunnelStatusChange." REVISION "202110071449Z" DESCRIPTION "V1.21 add add hwIPSecTrapOprPri." REVISION "202106181210Z" DESCRIPTION "V1.20 add add hwIPSecLowSecurityLevel." REVISION "202105121000Z" DESCRIPTION "V1.19 add add hwIPSecGlobalBytesPerSecondIn, hwIPSecGlobalBytesPerSecondOut." REVISION "202103231000Z" DESCRIPTION "V1.18 fix syntax errors." REVISION "202008281500Z" DESCRIPTION "V1.17 fix syntax errors." REVISION "202007161500Z" DESCRIPTION "V1.16 add hwIPSecTrapTunnelDstIPMask, hwIPSecTrapRouteNextHope." REVISION "202004151500Z" DESCRIPTION "V1.15 add opr route miss warning." REVISION "202004141500Z" DESCRIPTION "V1.14 add hwIPSecTunnelBytesPerSecondIn, hwIPSecTunnelBytesPerSecondOut, hwIPSecTunnelPacketsPerSecondIn, hwIPSecTunnelPacketsPerSecondOut, hwIPSecTunnelErrPacketsPerSecondIn, hwIPSecTunnelErrPacketsPerSecondOut, hwIPSecTunnelErrPacketsIn, hwIPSecTunnelErrPacketsOut at 2018-08-08." REVISION "201808081500Z" DESCRIPTION "V1.13 add hwIPSecTunnelDstIPv6, hwIPSecTunnelInsideIPv6, hwIPSecTunnelSrcIPv6at 2018-07-24." REVISION "201807241500Z" DESCRIPTION "V1.12 add hwIPSecInitiator at 2018-05-21." REVISION "201805211500Z" DESCRIPTION "V1.10 add hwIPSecTunnelHaveReachMax at 2018-03-21." REVISION "201803211500Z" DESCRIPTION "V1.10 change the position of hwIPSecTunnelFlowInfo in hwIPSecTunnelStart and hwIPSecTunnnelStop at 2018-01-17." REVISION "201801171500Z" DESCRIPTION "V1.09 add hwIPSecSaStatisticsTable and add hwIPSecTunnelFlowInfo to hwIPSecTunnelStart and hwIPSecTunnnelStop at 2017-11-21." REVISION "201711211500Z" DESCRIPTION "V1.09 add hwIPSecTunnelSlotID at 2017-09-27." REVISION "201709291500Z" DESCRIPTION "V1.08 add hwIPSecIfName at 2017-05-10." REVISION "201705101500Z" DESCRIPTION "V1.07 add hwIPSec Vsys Name at 2016-12-06." REVISION "201612061500Z" DESCRIPTION "V1.06 add hwIPSecTrapTunnelOfflineReason and add this node to hwIPSecTunnelStop at 2016-10-25." REVISION "201610251500Z" DESCRIPTION "V1.05 modify hwIPSecNegoFail at 2016-06-23." REVISION "201606231500Z" DESCRIPTION "V1.04 modify hwIPSecTunnelLifeSize at 2015-07-13." REVISION "201507131500Z" DESCRIPTION "V1.03 The IPSec mib is for Eudemon and USG product series." REVISION "201505281500Z" DESCRIPTION "V1.00 The IPSec mib is for Eudemon and USG product series." REVISION "201505051900Z" DESCRIPTION "Modify hwIPSecNegoFail at 2015-05-05." REVISION "201504281900Z" DESCRIPTION "Add type of hwIPSecNegoFail at 2015-04-28." REVISION "200910100900Z" DESCRIPTION "Modify mib nodes OID.So that, eSAP V2R1 version mib nodes can be compatible to last version's mib nodes." ::= { hwSecurity 26 } -- =============================================== -- Node definitions -- =============================================== -- 1.3.6.1.4.1.2011 huawei OBJECT IDENTIFIER ::= { enterprises 2011 } -- 1.3.6.1.4.1.2011.6 huaweiUtility OBJECT IDENTIFIER ::= { huawei 6 } -- 1.3.6.1.4.1.2011.6.122 hwSecurity OBJECT IDENTIFIER ::= { huaweiUtility 122 } -- =============================================== -- Begin the hwIPSecGlobalStats. -- =============================================== hwIPSecGlobalStats OBJECT IDENTIFIER ::= { hwIpsec 1 } hwIPSecGlobalTotal OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of IPSec Phase2 tunnels." ::= { hwIPSecGlobalStats 1 } hwIPSecGlobalPacketInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received security packets." ::= { hwIPSecGlobalStats 2 } hwIPSecGlobalPacketOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent security packets." ::= { hwIPSecGlobalStats 3 } hwIPSecGlobalByteInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of bytes of received security packets." ::= { hwIPSecGlobalStats 4 } hwIPSecGlobalByteOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of bytes of sent security packets." ::= { hwIPSecGlobalStats 5 } hwIPSecGlobalDroppedPacketInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets that are received." ::= { hwIPSecGlobalStats 6 } hwIPSecGlobalDroppedPacketOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets that are sent." ::= { hwIPSecGlobalStats 7 } hwIPSecGlobalEncIntactPacket OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets that do not need to be fragmented." ::= { hwIPSecGlobalStats 8 } hwIPSecGlobalEncPacketFirstSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of initial packets to be encrypted." ::= { hwIPSecGlobalStats 9 } hwIPSecGlobalEncPacketAfterSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of follow-up packets to be encrypted." ::= { hwIPSecGlobalStats 10 } hwIPSecGlobalDecPacketReassFirstSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of initial packets that are fragmented and assembled." ::= { hwIPSecGlobalStats 11 } hwIPSecGlobalDecPacketReassAfterSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of follow-up packets that are fragmented and assembled." ::= { hwIPSecGlobalStats 12 } hwIPSecGlobalDecPacketReassLenErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets with incorrect length during reassembling." ::= { hwIPSecGlobalStats 13 } hwIPSecGlobalPacketHeaderWrong OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the packet header error." ::= { hwIPSecGlobalStats 14 } hwIPSecGlobalMemoryApplyFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by memory applying failure." ::= { hwIPSecGlobalStats 15 } hwIPSecGlobalCannotFindSA OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by no matched security associations." ::= { hwIPSecGlobalStats 16 } hwIPSecGlobalWrongSA OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by incorrect security associations." ::= { hwIPSecGlobalStats 17 } hwIPSecGlobalBadAuthentication OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the authentication failure." ::= { hwIPSecGlobalStats 18 } hwIPSecGlobalReplay OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the packet replay." ::= { hwIPSecGlobalStats 19 } hwIPSecGlobalPreRecheckErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the pre-check failure." ::= { hwIPSecGlobalStats 20 } hwIPSecGlobalPostRecheckErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the post-check failure" ::= { hwIPSecGlobalStats 21 } hwIPSecGlobalExceedByteLimit OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding of the byte limit." ::= { hwIPSecGlobalStats 22 } hwIPSecGlobalExceedPacketLimit OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding of the packet limit." ::= { hwIPSecGlobalStats 23 } hwIPSecGlobalProcessIpv4Err OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the plain-text forwarding failure." ::= { hwIPSecGlobalStats 24 } hwIPSecGlobalFibSearchErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the route check failure." ::= { hwIPSecGlobalStats 25 } hwIPSecGlobalIKEInboundOK OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received IKE negotiation packets that successfully enter the queue." ::= { hwIPSecGlobalStats 26 } hwIPSecGlobalIKEInboundErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received IKE negotiation packets that fail to enter the queue." ::= { hwIPSecGlobalStats 27 } hwIPSecGlobalIKEOutboundOK OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent IKE negotiation packets that successfully enter the queue." ::= { hwIPSecGlobalStats 28 } hwIPSecGlobalIKEOutboundErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent IKE negotiation packets that fail to enter the queue." ::= { hwIPSecGlobalStats 29 } hwIPSecGlobalSoftExpr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Soft timeout times." ::= { hwIPSecGlobalStats 30 } hwIPSecGlobalHardExpr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Hard timeout times." ::= { hwIPSecGlobalStats 31 } hwIPSecGlobalDPDOper OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "DPD operation and detection times." ::= { hwIPSecGlobalStats 32 } hwIPSecGlobalModpCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Modular exponentiation calculation." ::= { hwIPSecGlobalStats 33 } hwIPSecGlobalSaeSucc OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "SAE computing success." ::= { hwIPSecGlobalStats 34 } hwIPSecGlobalSoftwareSucc OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Software computing success." ::= { hwIPSecGlobalStats 35 } hwIPSecGlobalConnectionRate OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "New Connection Rate of IPSec tunnels." ::= { hwIPSecGlobalStats 36 } hwIPSecGlobalTotalPhase1Num OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total Number of IPSec Phase1 tunnels." ::= { hwIPSecGlobalStats 37 } hwIPSecGlobalBytesPerSecondIn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming encrypted IPsec packet rate, in bytes/s." ::= { hwIPSecGlobalStats 38 } hwIPSecGlobalBytesPerSecondOut OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing encrypted IPsec packet rate, in bytes/s." ::= { hwIPSecGlobalStats 39 } -- =============================================== -- Begin the table of hwIPSecTunnelConfigTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.2 hwIPSecTunnelConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecTunnelConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the configuration attributes for Huawei IPSec tunnel." ::= { hwIpsec 2 } -- 1.3.6.1.4.1.2011.6.122.26.2.1 hwIPSecTunnelConfigEntry OBJECT-TYPE SYNTAX HwIPSecTunnelConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring configuration parameters associated with an instance of IPSec tunnel." INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex } ::= { hwIPSecTunnelConfigTable 1 } HwIPSecTunnelConfigEntry ::= SEQUENCE { hwIPSecIfIndex Gauge32, hwIPSecTunnelPolicyNum Gauge32, hwIPSecTunnelIndex Gauge32, hwIPSecTunnelRuleId Gauge32, hwIPSecTunnelDstIP OCTET STRING, hwIPSecTunnelInsideIP OCTET STRING, hwIPSecTunnelRemotePort Gauge32, hwIPSecTunnelCpuID Gauge32, hwIPSecTunnelEncapMode INTEGER, hwIPSecTunnelNatTraver INTEGER, hwIPSecTunnelFromIKEV2 INTEGER, hwIPSecTunnelEncryptMode Gauge32, hwIPSecTunnelESPDigestMode Gauge32, hwIPSecTunnelAHDigestMode Gauge32, hwIPSecTunnelProto Gauge32, hwIPSecTunnelOutPortIndex Gauge32, hwIPSecTunnelSrcPort Gauge32, hwIPSecTunnelDstPort Gauge32, hwIPSecTunnelVrfIndex Gauge32, hwIPSecTunnelIfVrfIndex Gauge32, hwIPSecTunnelSrcIP OCTET STRING, hwIPSecTunnelSpeedLimitIn Gauge32, hwIPSecTunnelSpeedLimitOut Gauge32, hwIPSecTunnelInitiator INTEGER, hwIPSecTunnelLifeSize Gauge32, hwIPSecTunnelLifeTime Gauge32, hwIPSecTunnelPolicyName OCTET STRING, hwIPSecTunnelSaStatus INTEGER, hwIPSecTunnelSlotID Gauge32, hwIPSecTunnelFlowInfo OCTET STRING, hwIPSecTunnelPolicyAlias OCTET STRING, hwIPSecTunnelDstIPv6 OCTET STRING, hwIPSecTunnelInsideIPv6 OCTET STRING, hwIPSecTunnelSrcIPv6 OCTET STRING } -- 1.3.6.1.4.1.2011.6.122.26.2.1.1 hwIPSecIfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Index of the router interface corresponding to the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 1 } hwIPSecTunnelPolicyNum OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The tunnel number of IPSec policy." ::= { hwIPSecTunnelConfigEntry 2 } hwIPSecTunnelIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Index of the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 3 } hwIPSecTunnelRuleId OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "ID of the ACL rule in the current IPSec policy." ::= { hwIPSecTunnelConfigEntry 4 } hwIPSecTunnelDstIP OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination IP address of the tunnel (peer end)." ::= { hwIPSecTunnelConfigEntry 5 } hwIPSecTunnelInsideIP OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Intranet IP address of the peer end during remote access." ::= { hwIPSecTunnelConfigEntry 6 } hwIPSecTunnelRemotePort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Port number of the peer end of the tunnel." ::= { hwIPSecTunnelConfigEntry 7 } hwIPSecTunnelCpuID OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "CPU ID of the tunnel." ::= { hwIPSecTunnelConfigEntry 8 } hwIPSecTunnelEncapMode OBJECT-TYPE SYNTAX INTEGER { tunnel(0), transport(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Encapsulation mode of the tunnel (tunneling mode or transmission mode)." ::= { hwIPSecTunnelConfigEntry 9 } hwIPSecTunnelNatTraver OBJECT-TYPE SYNTAX INTEGER { noNatTraversal(0), natTraversal(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Whether the tunnel needs NAT traversal (If yes, the value is 1.)." ::= { hwIPSecTunnelConfigEntry 10 } hwIPSecTunnelFromIKEV2 OBJECT-TYPE SYNTAX INTEGER { noIkev2(0), ikev2(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Whether the tunnel adopts IKEv2 (If yes, the value is 1.)." ::= { hwIPSecTunnelConfigEntry 11 } hwIPSecTunnelEncryptMode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Encryption mode of the tunnel." ::= { hwIPSecTunnelConfigEntry 12 } hwIPSecTunnelESPDigestMode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "ESP check mode of the tunnel." ::= { hwIPSecTunnelConfigEntry 13 } hwIPSecTunnelAHDigestMode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "AH check mode of the tunnel." ::= { hwIPSecTunnelConfigEntry 14 } hwIPSecTunnelProto OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Protocol of the tunnel (ESP or AH, or both)." ::= { hwIPSecTunnelConfigEntry 15 } hwIPSecTunnelOutPortIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the egress of the tunnel." ::= { hwIPSecTunnelConfigEntry 16 } hwIPSecTunnelSrcPort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the source port number if NAT traversal is adopted." ::= { hwIPSecTunnelConfigEntry 17 } hwIPSecTunnelDstPort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the destination port number if NAT traversal is adopted." ::= { hwIPSecTunnelConfigEntry 18 } hwIPSecTunnelVrfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "VPN ID protected by the tunnel." ::= { hwIPSecTunnelConfigEntry 19 } hwIPSecTunnelIfVrfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "VPN ID of the sending interface of the tunnel." ::= { hwIPSecTunnelConfigEntry 20 } hwIPSecTunnelSrcIP OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Source IP address of the tunnel (local end)." ::= { hwIPSecTunnelConfigEntry 21 } hwIPSecTunnelSpeedLimitIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Rate limiting pre-configured in the incoming direction." ::= { hwIPSecTunnelConfigEntry 22 } hwIPSecTunnelSpeedLimitOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Rate limiting pre-configured in the outgoing direction." ::= { hwIPSecTunnelConfigEntry 23 } hwIPSecTunnelInitiator OBJECT-TYPE SYNTAX INTEGER { responder(0), ikev2Initiator(1), ikev1Initiator(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Initiator or responder of the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 24 } hwIPSecTunnelLifeSize OBJECT-TYPE SYNTAX Gauge32 (0..200000000) MAX-ACCESS read-only STATUS current DESCRIPTION "Life cycle of the IPSec tunnel (in kbytes)." ::= { hwIPSecTunnelConfigEntry 25 } hwIPSecTunnelLifeTime OBJECT-TYPE SYNTAX Gauge32 (1..604800) MAX-ACCESS read-only STATUS current DESCRIPTION "Life cycle of the IPSec tunnel (in seconds)." ::= { hwIPSecTunnelConfigEntry 26 } hwIPSecTunnelPolicyName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Security policy for the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 27 } hwIPSecTunnelSaStatus OBJECT-TYPE SYNTAX INTEGER { free(0), ocuppied(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of the SA." ::= { hwIPSecTunnelConfigEntry 28 } hwIPSecTunnelSlotID OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "SLOT ID of the tunnel." ::= { hwIPSecTunnelConfigEntry 29 } hwIPSecTunnelFlowInfo OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Data flow of the IPSec tunnel" ::= { hwIPSecTunnelConfigEntry 30 } hwIPSecTunnelPolicyAlias OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Security policy alias for the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 31 } hwIPSecTunnelDstIPv6 OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination IPv6 address of the tunnel (peer end)." ::= { hwIPSecTunnelConfigEntry 32 } hwIPSecTunnelInsideIPv6 OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Intranet IPv6 address of the peer end during remote access." ::= { hwIPSecTunnelConfigEntry 33 } hwIPSecTunnelSrcIPv6 OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Source IPv6 address of the tunnel (local end)." ::= { hwIPSecTunnelConfigEntry 34 } -- =============================================== -- Begin the table of hwIPSecTunnelStatsTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.3 hwIPSecTunnelStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecTunnelStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the status attributes for Huawei IPSec tunnel." ::= { hwIpsec 3 } -- 1.3.6.1.4.1.2011.6.122.26.3.1 hwIPSecTunnelStatsEntry OBJECT-TYPE SYNTAX HwIPSecTunnelStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring status parameters associated with an instance of IPSec tunnel." INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex } ::= { hwIPSecTunnelStatsTable 1 } HwIPSecTunnelStatsEntry ::= SEQUENCE { hwIPSecTunnelSaIDIn Gauge32, hwIPSecTunnelSaIDOut Gauge32, hwIPSecTunnelFlowSoftExpireIn Gauge32, hwIPSecTunnelFlowSoftExpireOut Gauge32, hwIPSecTunnelFlowHardExpireIn Gauge32, hwIPSecTunnelFlowHardExpireOut Gauge32, hwIPSecTunnelRemainTime Gauge32, hwIPSecTunnelRemainSize Gauge32, hwIPSecTunnelSpiIn Gauge32, hwIPSecTunnelSpiOut Gauge32, hwIPSecTunnelInSideSpiIn Gauge32, hwIPSecTunnelInSideSpiOut Gauge32, hwIPSecTunnelESPSequenceNumberIn Gauge32, hwIPSecTunnelESPSequenceNumberOut Gauge32, hwIPSecTunnellAHSequenceNumberIn Gauge32, hwIPSecTunnellAHSequenceNumberOut Gauge32, hwIPSecTunnelMemApplyFail Counter64, hwIPSecTunnelBadAuth Counter64, hwIPSecTunnelReplay Counter64, hwIPSecTunnelAfterReCheckErr Counter64, hwIPSecTunnelPktDropByteLimitIn Counter64, hwIPSecTunnelPktDropByteLimitOut Counter64, hwIPSecTunnelFIBSearchErr Counter64, hwIPSecTunnelBytesPerSecondIn Gauge32, hwIPSecTunnelBytesPerSecondOut Gauge32, hwIPSecTunnelPacketsPerSecondIn Gauge32, hwIPSecTunnelPacketsPerSecondOut Gauge32, hwIPSecTunnelErrPacketsPerSecondIn Gauge32, hwIPSecTunnelErrPacketsPerSecondOut Gauge32, hwIPSecTunnelErrPacketsIn Gauge32, hwIPSecTunnelErrPacketsOut Gauge32 } hwIPSecTunnelSaIDIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the incoming IPSec tunnel." ::= { hwIPSecTunnelStatsEntry 1 } hwIPSecTunnelSaIDOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the outgoing IPSec tunnel." ::= { hwIPSecTunnelStatsEntry 2 } hwIPSecTunnelFlowSoftExpireIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming soft timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 3 } hwIPSecTunnelFlowSoftExpireOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing soft timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 4 } hwIPSecTunnelFlowHardExpireIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming hard timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 5 } hwIPSecTunnelFlowHardExpireOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing hard timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 6 } hwIPSecTunnelRemainTime OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Remaining time of the IPSec tunnel (in seconds)." ::= { hwIPSecTunnelStatsEntry 7 } hwIPSecTunnelRemainSize OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Remaining bytes of the IPSec tunnel (in kbytes)." ::= { hwIPSecTunnelStatsEntry 8 } hwIPSecTunnelSpiIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming SPI." ::= { hwIPSecTunnelStatsEntry 9 } hwIPSecTunnelSpiOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing SPI." ::= { hwIPSecTunnelStatsEntry 10 } hwIPSecTunnelInSideSpiIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "SPI of the internal ESP header when both AH and ESP are adopted in the incoming direction." ::= { hwIPSecTunnelStatsEntry 11 } hwIPSecTunnelInSideSpiOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "SPI of the internal ESP header when both AH and ESP are adopted in the outgoing direction." ::= { hwIPSecTunnelStatsEntry 12 } hwIPSecTunnelESPSequenceNumberIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the incoming ESP protocol." ::= { hwIPSecTunnelStatsEntry 13 } hwIPSecTunnelESPSequenceNumberOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the outgoing ESP protocol." ::= { hwIPSecTunnelStatsEntry 14 } hwIPSecTunnellAHSequenceNumberIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the incoming AH protocol." ::= { hwIPSecTunnelStatsEntry 15 } hwIPSecTunnellAHSequenceNumberOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the outgoing AH protocol." ::= { hwIPSecTunnelStatsEntry 16 } hwIPSecTunnelMemApplyFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets because packets to be encrypted are too long." ::= { hwIPSecTunnelStatsEntry 17 } hwIPSecTunnelBadAuth OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the authentication failure of received packets." ::= { hwIPSecTunnelStatsEntry 18 } hwIPSecTunnelReplay OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by receiving replayed packets." ::= { hwIPSecTunnelStatsEntry 19 } hwIPSecTunnelAfterReCheckErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the decryption post-check failure." ::= { hwIPSecTunnelStatsEntry 20 } hwIPSecTunnelPktDropByteLimitIn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding the byte limit in the incoming direction." ::= { hwIPSecTunnelStatsEntry 21 } hwIPSecTunnelPktDropByteLimitOut OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding of the byte limit in the outgoing direction." ::= { hwIPSecTunnelStatsEntry 22 } hwIPSecTunnelFIBSearchErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the route check failure." ::= { hwIPSecTunnelStatsEntry 23 } hwIPSecTunnelBytesPerSecondIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Speed of inbound flow in bytes." ::= { hwIPSecTunnelStatsEntry 24 } hwIPSecTunnelBytesPerSecondOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Speed of outbound flow in bytes." ::= { hwIPSecTunnelStatsEntry 25 } hwIPSecTunnelPacketsPerSecondIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Speed of inbound flow in packets." ::= { hwIPSecTunnelStatsEntry 26 } hwIPSecTunnelPacketsPerSecondOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Speed of outbound flow in packets." ::= { hwIPSecTunnelStatsEntry 27 } hwIPSecTunnelErrPacketsPerSecondIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Speed of inbound error packets." ::= { hwIPSecTunnelStatsEntry 28 } hwIPSecTunnelErrPacketsPerSecondOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Speed of outbound error packets." ::= { hwIPSecTunnelStatsEntry 29 } hwIPSecTunnelErrPacketsIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of inbound error packets." ::= { hwIPSecTunnelStatsEntry 30 } hwIPSecTunnelErrPacketsOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of outbound error packets." ::= { hwIPSecTunnelStatsEntry 31 } -- =============================================== -- Begin the table of hwIPSecSaStatisticTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.4 hwIPSecSaStatisticTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecSaStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the SA numbers of policies which have been bound with interfaces." ::= { hwIpsec 4 } -- 1.3.6.1.4.1.2011.6.122.26.4.1 hwIPSecSaStatisticEntry OBJECT-TYPE SYNTAX HwIPSecSaStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum } ::= { hwIPSecSaStatisticTable 1 } HwIPSecSaStatisticEntry ::= SEQUENCE { hwIPSecSaStatisticTunnelPolicyName OCTET STRING, hwIPSecSaStatisticSaInCnt Gauge32, hwIPSecSaStatisticSaOutCnt Gauge32, hwIPSecTunnelByteInput Counter64, hwIPSecTunnelByteOutput Counter64, hwIPSecTunnelPacketInput Counter64, hwIPSecTunnelPacketOutput Counter64, hwIPSecTunnelDroppedPacketInput Counter64, hwIPSecTunnelDroppedPacketOutput Counter64, hwIPSecTunnelDialUserCount Gauge32 , hwIPSecSaStatisticTunnelPolicyAlias OCTET STRING } hwIPSecSaStatisticTunnelPolicyName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Security policy for the IPSec tunnel." ::= { hwIPSecSaStatisticEntry 1 } hwIPSecSaStatisticSaInCnt OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming SA number." ::= { hwIPSecSaStatisticEntry 2 } hwIPSecSaStatisticSaOutCnt OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing SA number." ::= { hwIPSecSaStatisticEntry 3 } hwIPSecTunnelByteInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Num of bytes received by the IPSec Tunnel." ::= { hwIPSecSaStatisticEntry 4 } hwIPSecTunnelByteOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Num of bytes sent by the IPSec Tunnel." ::= { hwIPSecSaStatisticEntry 5 } hwIPSecTunnelPacketInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Num of packets received by the IPSec Tunnel." ::= { hwIPSecSaStatisticEntry 6 } hwIPSecTunnelPacketOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Num of packets sent by the IPSec Tunnel." ::= { hwIPSecSaStatisticEntry 7 } hwIPSecTunnelDroppedPacketInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets discarded by the IPSec tunnel in the inbound direction" ::= { hwIPSecSaStatisticEntry 8 } hwIPSecTunnelDroppedPacketOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets discarded by the IPSec tunnel in the outbound direction" ::= { hwIPSecSaStatisticEntry 9 } hwIPSecTunnelDialUserCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "IPSec tunnel remote access users" ::= { hwIPSecSaStatisticEntry 10 } hwIPSecSaStatisticTunnelPolicyAlias OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Security policy alias for the IPSec tunnel." ::= { hwIPSecSaStatisticEntry 11 } -- =============================================== -- IPSecTrapObject. -- =============================================== hwIPSecTrapObject OBJECT IDENTIFIER ::= { hwIpsec 5 } hwIPSecTrapTunnelPolicyNum OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The sequence number of IPSec tunnel policy." ::= { hwIPSecTrapObject 1 } hwIPSecTrapIfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Index of the router interface corresponding to the IPSec tunnel." ::= { hwIPSecTrapObject 2 } hwIPSecTrapTunnelPolicyName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Security policy for the IPSec tunnel." ::= { hwIPSecTrapObject 3 } hwIPSecTrapAuthenticationMethod OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPSec tunnel authentication method." ::= { hwIPSecTrapObject 4 } hwIPSecTrapAuthenticationID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPSec tunnel authentication ID." ::= { hwIPSecTrapObject 5 } hwIPSecTrapAuthenticationIDType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..32)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPSec tunnel authentication ID type." ::= { hwIPSecTrapObject 6 } hwIPSecTrapTunnelDstIP OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Destination IP address of the tunnel (peer end)." ::= { hwIPSecTrapObject 7 } hwIPSecTrapTunnelSrcIP OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Source IP address of the tunnel." ::= { hwIPSecTrapObject 8 } hwIPSecTrapTunnelRemotePort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Port number of the peer end of the tunnel." ::= { hwIPSecTrapObject 9 } hwIPSecReason OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Fail reason of negotiation." ::= { hwIPSecTrapObject 10 } hwIPSecReasonCode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Fail reason code of negotiation." ::= { hwIPSecTrapObject 11 } hwIPSecTrapTunnelOfflineReason OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Offline reason of the IPSec tunnel." ::= { hwIPSecTrapObject 12 } hwIPSecVsysName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..31)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Virtual system name. The value Public indicates the public system. For products that do not support virtual systems, the value is fixed to Public." ::= { hwIPSecTrapObject 13 } hwIPSecTrapIfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..63)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The interface name corresponding to the IPSec tunnel." ::= { hwIPSecTrapObject 14 } hwIPSecInitiator OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..19)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The role in IKE negotiation." ::= { hwIPSecTrapObject 15 } hwIPSecTrapTunnelDstIPMask OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Destination IP address of the tunnel mask." ::= { hwIPSecTrapObject 16 } hwIPSecTrapRouteNextHope OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Ipsec opr route next hope." ::= { hwIPSecTrapObject 17 } hwIPSecTrapOprPri OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Ipsec opr route priority." ::= { hwIPSecTrapObject 18 } hwIPSecTunnelVpnName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..32)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Ipsec tunnel vpn name." ::= { hwIPSecTrapObject 19 } hwIPSecTunnelFlowVpnName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..32)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Ipsec flow vpn name." ::= { hwIPSecTrapObject 20 } hwIPSecTunnelStatus OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Status of the Tunnel." ::= { hwIPSecTrapObject 21 } hwIPSecTunnelStatusChangeReason OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPSec tunnel status change reason." ::= { hwIPSecTrapObject 22 } -- =============================================== -- definition of traps. -- =============================================== hwIPSecNotifications OBJECT IDENTIFIER ::= { hwIpsec 6 } hwIPSecTunnelStart NOTIFICATION-TYPE OBJECTS { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex, hwIPSecTunnelRuleId, hwIPSecTunnelDstIP, hwIPSecTunnelInsideIP, hwIPSecTunnelRemotePort, hwIPSecTunnelCpuID, hwIPSecTunnelSrcIP, hwIPSecTunnelFlowInfo, hwIPSecTunnelLifeSize, hwIPSecTunnelLifeTime, hwIPSecVsysName, hwIPSecTrapIfName, hwIPSecTunnelSlotID, hwIPSecInitiator } STATUS current DESCRIPTION "Send the message when the IPSec tunnel is established." ::= { hwIPSecNotifications 1 } hwIPSecTunnelStop NOTIFICATION-TYPE OBJECTS { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex, hwIPSecTunnelRuleId, hwIPSecTunnelDstIP, hwIPSecTunnelInsideIP, hwIPSecTunnelRemotePort, hwIPSecTunnelCpuID, hwIPSecTunnelSrcIP, hwIPSecTunnelFlowInfo, hwIPSecTrapTunnelOfflineReason, hwIPSecVsysName, hwIPSecTrapIfName, hwIPSecTunnelSlotID } STATUS current DESCRIPTION "Send the message when the IPSec tunnel is deleted." ::= { hwIPSecNotifications 2 } hwIPSecPolicyAdd NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelPolicyNum, hwIPSecTrapTunnelPolicyName, hwIPSecVsysName } STATUS current DESCRIPTION "Send the message when an IPSec policy is added." ::= { hwIPSecNotifications 3 } hwIPSecPolicyDel NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelPolicyNum, hwIPSecTrapTunnelPolicyName, hwIPSecVsysName } STATUS current DESCRIPTION "Send the message when an IPSec policy is deleted." ::= { hwIPSecNotifications 4 } hwIPSecPolicyAttach NOTIFICATION-TYPE OBJECTS { hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyName, hwIPSecVsysName, hwIPSecTrapIfName } STATUS current DESCRIPTION "Send the message when an IPSec policy is applied to an interface." ::= { hwIPSecNotifications 5 } hwIPSecPolicyDetach NOTIFICATION-TYPE OBJECTS { hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyName, hwIPSecVsysName, hwIPSecTrapIfName } STATUS current DESCRIPTION "Send the message when an IPSec policy is cancelled on an interface." ::= { hwIPSecNotifications 6 } hwIPSecIKEReset NOTIFICATION-TYPE OBJECTS { hwIPSecVsysName } STATUS current DESCRIPTION "Send the message when an IKE SA is reset." ::= { hwIPSecNotifications 7 } hwIPSecIPSecReset NOTIFICATION-TYPE OBJECTS { hwIPSecVsysName } STATUS current DESCRIPTION "Send the message when an IPSec SA is reset." ::= { hwIPSecNotifications 8 } hwIPSecTunnelReachMax NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when IPSec Tunnel Number will Be Reach Max." ::= { hwIPSecNotifications 9 } hwIPSecTunnelReachMaxAtOnce NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when IPSec Tunnel Number Reach Max At Once." ::= { hwIPSecNotifications 10 } hwIKEPeerReachMax NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when IKE Peer Number will Be Reach Max." ::= { hwIPSecNotifications 11 } hwIKEPeerReachMaxAtOnce NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when IKE Peer Number Reach Max At Once." ::= { hwIPSecNotifications 12 } hwIKESaPhase1Establish NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelDstIP, hwIPSecTrapTunnelRemotePort, hwIPSecTrapTunnelSrcIP, hwIPSecTrapAuthenticationMethod, hwIPSecTrapAuthenticationID, hwIPSecTrapAuthenticationIDType, hwIPSecVsysName, hwIPSecInitiator } STATUS current DESCRIPTION "Send the message when IKE SA phase1 establish ." ::= { hwIPSecNotifications 13 } hwIPSecNegoFail NOTIFICATION-TYPE OBJECTS { hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyNum, hwIPSecReason, hwIPSecReasonCode, hwIPSecTrapTunnelDstIP, hwIPSecTrapTunnelRemotePort, hwIPSecVsysName, hwIPSecTrapIfName } STATUS current DESCRIPTION "Send the message when IPSec tunnel negotiation fails." ::= { hwIPSecNotifications 14 } hwIPSecTunnelHaveReachMax NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when IPSec Tunnel Number Has Been Reached Max ." ::= { hwIPSecNotifications 15 } hwIPSecOPRRouteMissed NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelDstIP, hwIPSecTrapTunnelDstIPMask, hwIPSecTrapRouteNextHope, hwIPSecTrapIfIndex, hwIPSecVsysName, hwIPSecTrapOprPri} STATUS current DESCRIPTION "Send the message when opr route inject failed." ::= { hwIPSecNotifications 16 } hwIPSecLowSecurityLevel NOTIFICATION-TYPE STATUS current DESCRIPTION "The security level of pkcs1 is low." ::= { hwIPSecNotifications 17 } hwIPSecWeakEncr NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelDstIP, hwIPSecTrapIfName } STATUS current DESCRIPTION "The ipsec sa encryption-algorithm is not GCM mode." ::= { hwIPSecNotifications 18 } hwIPSecTunnelStatusChange NOTIFICATION-TYPE OBJECTS { hwIPSecVsysName, hwIPSecTrapIfName, hwIPSecTunnelPolicyName, hwIPSecTunnelPolicyNum, hwIPSecTunnelPolicyAlias, hwIPSecTunnelVpnName, hwIPSecTunnelFlowVpnName, hwIPSecTrapTunnelDstIP, hwIPSecTunnelDstPort, hwIPSecTrapTunnelSrcIP, hwIPSecTunnelSrcPort, hwIPSecTunnelFlowInfo, hwIPSecTunnelStatusChangeReason, hwIPSecTunnelStatus } STATUS current DESCRIPTION "Send the message when the IPSec tunnel is established or deleted." ::= { hwIPSecNotifications 19 } -- =============================================== -- Begin the table of hwIPSecGdoiStatsTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.8 hwIPSecGdoiStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecGdoiStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the status attributes for Huawei IPSec Gdoi." ::= { hwIpsec 8 } -- 1.3.6.1.4.1.2011.6.122.26.8.1 hwIPSecGdoiStatsEntry OBJECT-TYPE SYNTAX HwIPSecGdoiStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the hwIPSecGdoiStatsTable holds a set of monitoring status parameters associated with an instance of IPSec gdoi." INDEX { hwIPSecGdoiGroupID, hwIPSecGdoiRemoteAddress } ::= { hwIPSecGdoiStatsTable 1 } HwIPSecGdoiStatsEntry ::= SEQUENCE { hwIPSecGdoiGroupID Gauge32, hwIPSecGdoiRemoteAddress IpAddress, hwIPSecTunnelSendPacket Counter64, hwIPSecTunnelSendSize Counter64, hwIPSecTunnelSendErrorPacket Counter64, hwIPSecTunnelSendErrorSize Counter64, hwIPSecTunnelRecvPacket Counter64, hwIPSecTunnelRecvSize Counter64, hwIPSecTunnelRecvErrorPacket Counter64, hwIPSecTunnelRecvErrorSize Counter64 } -- 1.3.6.1.4.1.2011.6.122.26.8.1.1 hwIPSecGdoiGroupID OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "ID of the GM group corresponding to the GM and KMC." ::= { hwIPSecGdoiStatsEntry 1 } hwIPSecGdoiRemoteAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP Address where a GM points to." ::= { hwIPSecGdoiStatsEntry 2 } hwIPSecTunnelSendPacket OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the number of the sent packets." ::= { hwIPSecGdoiStatsEntry 3 } hwIPSecTunnelSendSize OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the total bytes of the sent packet." ::= { hwIPSecGdoiStatsEntry 4 } hwIPSecTunnelSendErrorPacket OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the error number of the sent packets." ::= { hwIPSecGdoiStatsEntry 5 } hwIPSecTunnelSendErrorSize OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the total Error bytes of the sent packets." ::= { hwIPSecGdoiStatsEntry 6 } hwIPSecTunnelRecvPacket OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the number of the recieved packets." ::= { hwIPSecGdoiStatsEntry 7 } hwIPSecTunnelRecvSize OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the total bytes of the recieved packets." ::= { hwIPSecGdoiStatsEntry 8 } hwIPSecTunnelRecvErrorPacket OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the error number of the recieved packets." ::= { hwIPSecGdoiStatsEntry 9 } hwIPSecTunnelRecvErrorSize OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Statistic the total error bytes of the recieved packets." ::= { hwIPSecGdoiStatsEntry 10 } -- =============================================== -- Begin the table of hwIPSecTEKSAStatusTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.9 hwIPSecTEKSAStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecTEKSAStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the status attributes for Huawei IPSec Gdoi TEK SA." ::= { hwIpsec 9 } -- 1.3.6.1.4.1.2011.6.122.26.9.1 hwIPSecTEKSAStatusEntry OBJECT-TYPE SYNTAX HwIPSecTEKSAStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the hwIPSecTEKSAStatusEntry holds a set of monitoring status parameters associated with an instance of IPSec gdoi." INDEX { hwIPSecGdoiGroupID, hwIPSecGdoiRemoteAddress } ::= { hwIPSecTEKSAStatusTable 1 } HwIPSecTEKSAStatusEntry ::= SEQUENCE{ hwIPSecTEKSAStatus INTEGER } -- 1.3.6.1.4.1.2011.6.122.26.9.1.1 hwIPSecTEKSAStatus OBJECT-TYPE SYNTAX INTEGER { teksa(0), noteksa(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Request for status of TEK-SA with the specified group-id and remote-address(If yes, the value is 0.)." ::= { hwIPSecTEKSAStatusEntry 1 } -- =============================================== -- Conformance Information -- =============================================== hwIPSecMibConformance OBJECT IDENTIFIER ::= { hwIpsec 7 } hwIPSecMibCompliances OBJECT IDENTIFIER ::= { hwIPSecMibConformance 1 } hwIPSecMibGroups OBJECT IDENTIFIER ::= { hwIPSecMibConformance 2 } -- =============================================== -- Compliance Statements -- =============================================== hwIPSecMibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " " MODULE -- this module MANDATORY-GROUPS { hwIPSecGlobalStatsGroup, hwIPSecTunnelConfigTableGroup, hwIPSecTunnelStatsTableGroup, hwIPSecSaStatisticTableGroup, hwIPSecTrapObjectGroup, hwIPSecNotificationsGroup } ::= { hwIPSecMibCompliances 1 } hwIPSecGlobalStatsGroup OBJECT-GROUP OBJECTS { hwIPSecGlobalTotal, hwIPSecGlobalPacketInput, hwIPSecGlobalPacketOutput, hwIPSecGlobalByteInput, hwIPSecGlobalByteOutput, hwIPSecGlobalDroppedPacketInput, hwIPSecGlobalDroppedPacketOutput, hwIPSecGlobalEncIntactPacket, hwIPSecGlobalEncPacketFirstSlice, hwIPSecGlobalEncPacketAfterSlice, hwIPSecGlobalDecPacketReassFirstSlice, hwIPSecGlobalDecPacketReassAfterSlice, hwIPSecGlobalDecPacketReassLenErr, hwIPSecGlobalPacketHeaderWrong, hwIPSecGlobalMemoryApplyFail, hwIPSecGlobalCannotFindSA, hwIPSecGlobalWrongSA, hwIPSecGlobalBadAuthentication, hwIPSecGlobalReplay, hwIPSecGlobalPreRecheckErr, hwIPSecGlobalPostRecheckErr, hwIPSecGlobalExceedByteLimit, hwIPSecGlobalExceedPacketLimit, hwIPSecGlobalProcessIpv4Err, hwIPSecGlobalFibSearchErr, hwIPSecGlobalIKEInboundOK, hwIPSecGlobalIKEInboundErr, hwIPSecGlobalIKEOutboundOK, hwIPSecGlobalIKEOutboundErr, hwIPSecGlobalSoftExpr, hwIPSecGlobalHardExpr, hwIPSecGlobalDPDOper, hwIPSecGlobalModpCnt, hwIPSecGlobalSaeSucc, hwIPSecGlobalSoftwareSucc, hwIPSecGlobalConnectionRate, hwIPSecGlobalTotalPhase1Num, hwIPSecGlobalBytesPerSecondIn, hwIPSecGlobalBytesPerSecondOut } STATUS current DESCRIPTION "This table specifies the global statistics information for Huawei IPSec tunnel." ::= { hwIPSecMibGroups 1 } hwIPSecTunnelConfigTableGroup OBJECT-GROUP OBJECTS { hwIPSecTunnelRuleId, hwIPSecTunnelDstIP, hwIPSecTunnelInsideIP, hwIPSecTunnelRemotePort, hwIPSecTunnelCpuID, hwIPSecTunnelEncapMode, hwIPSecTunnelNatTraver, hwIPSecTunnelFromIKEV2, hwIPSecTunnelEncryptMode, hwIPSecTunnelESPDigestMode, hwIPSecTunnelAHDigestMode, hwIPSecTunnelProto, hwIPSecTunnelOutPortIndex, hwIPSecTunnelSrcPort, hwIPSecTunnelDstPort, hwIPSecTunnelVrfIndex, hwIPSecTunnelIfVrfIndex, hwIPSecTunnelSrcIP, hwIPSecTunnelSpeedLimitIn, hwIPSecTunnelSpeedLimitOut, hwIPSecTunnelInitiator, hwIPSecTunnelLifeSize, hwIPSecTunnelLifeTime, hwIPSecTunnelPolicyName, hwIPSecTunnelSaStatus, hwIPSecTunnelSlotID, hwIPSecTunnelFlowInfo, hwIPSecTunnelPolicyAlias, hwIPSecTunnelDstIPv6, hwIPSecTunnelInsideIPv6, hwIPSecTunnelSrcIPv6 } STATUS current DESCRIPTION "This table specifies the monitoring IPSec tunnel configuration attributes for Huawei IPSec tunnel." ::= { hwIPSecMibGroups 2 } hwIPSecTunnelStatsTableGroup OBJECT-GROUP OBJECTS { hwIPSecTunnelSaIDIn, hwIPSecTunnelSaIDOut, hwIPSecTunnelFlowSoftExpireIn, hwIPSecTunnelFlowSoftExpireOut, hwIPSecTunnelFlowHardExpireIn, hwIPSecTunnelFlowHardExpireOut, hwIPSecTunnelRemainTime, hwIPSecTunnelRemainSize, hwIPSecTunnelSpiIn, hwIPSecTunnelSpiOut, hwIPSecTunnelInSideSpiIn, hwIPSecTunnelInSideSpiOut, hwIPSecTunnelESPSequenceNumberIn, hwIPSecTunnelESPSequenceNumberOut, hwIPSecTunnellAHSequenceNumberIn, hwIPSecTunnellAHSequenceNumberOut, hwIPSecTunnelMemApplyFail, hwIPSecTunnelBadAuth, hwIPSecTunnelReplay, hwIPSecTunnelAfterReCheckErr, hwIPSecTunnelPktDropByteLimitIn, hwIPSecTunnelPktDropByteLimitOut, hwIPSecTunnelFIBSearchErr, hwIPSecTunnelBytesPerSecondIn, hwIPSecTunnelBytesPerSecondOut, hwIPSecTunnelPacketsPerSecondIn, hwIPSecTunnelPacketsPerSecondOut, hwIPSecTunnelErrPacketsPerSecondIn, hwIPSecTunnelErrPacketsPerSecondOut, hwIPSecTunnelErrPacketsIn, hwIPSecTunnelErrPacketsOut } STATUS current DESCRIPTION "This table specifies the monitoring IPSec tunnel statistics attributes for Huawei IPSec tunnel." ::= { hwIPSecMibGroups 3 } hwIPSecSaStatisticTableGroup OBJECT-GROUP OBJECTS { hwIPSecSaStatisticTunnelPolicyName, hwIPSecSaStatisticSaInCnt, hwIPSecSaStatisticSaOutCnt, hwIPSecTunnelByteInput, hwIPSecTunnelByteOutput, hwIPSecTunnelPacketInput, hwIPSecTunnelPacketOutput, hwIPSecTunnelDroppedPacketInput, hwIPSecTunnelDroppedPacketOutput, hwIPSecTunnelDialUserCount, hwIPSecSaStatisticTunnelPolicyAlias } STATUS current DESCRIPTION "This table specifies the SA numbers of policies which have been bound with interfaces." ::= { hwIPSecMibGroups 4 } hwIPSecTrapObjectGroup OBJECT-GROUP OBJECTS { hwIPSecTrapTunnelPolicyNum, hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyName } STATUS current DESCRIPTION "IPSec trap objects." ::= { hwIPSecMibGroups 5 } hwIPSecNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { hwIPSecTunnelStart, hwIPSecTunnelStop, hwIPSecPolicyAdd, hwIPSecPolicyDel, hwIPSecPolicyAttach, hwIPSecPolicyDetach, hwIPSecIKEReset, hwIPSecIPSecReset, hwIPSecTunnelReachMax, hwIPSecTunnelReachMaxAtOnce, hwIKEPeerReachMax, hwIKEPeerReachMaxAtOnce, hwIKESaPhase1Establish, hwIPSecNegoFail, hwIPSecTunnelStatusChange } STATUS current DESCRIPTION "IPSec traps." ::= { hwIPSecMibGroups 6 } hwIPSecGdoiStatsTableGroup OBJECT-GROUP OBJECTS { hwIPSecTunnelSendPacket, hwIPSecTunnelSendSize, hwIPSecTunnelSendErrorPacket, hwIPSecTunnelSendErrorSize, hwIPSecTunnelRecvPacket, hwIPSecTunnelRecvSize, hwIPSecTunnelRecvErrorPacket, hwIPSecTunnelRecvErrorSize } STATUS current DESCRIPTION "Statistic the tunnel flow of the spcified IPSec policy group-id." ::= { hwIPSecMibGroups 7 } END