TIMETRA-MACSEC-MIB DEFINITIONS ::= BEGIN IMPORTS VlanIdOrNone FROM IEEE8021-CFM-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF Counter32, Counter64, Integer32, MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI DisplayString, MacAddress, RowStatus, TimeStamp, TruthValue FROM SNMPv2-TC timetraSRMIBModules, tmnxSRConfs, tmnxSRNotifyPrefix, tmnxSRObjs FROM TIMETRA-GLOBAL-MIB TItemDescription, TNamedItem, TNamedItemOrEmpty, TmnxAdminState, TmnxEncapVal, TmnxOperState, TmnxPortID FROM TIMETRA-TC-MIB ; timetraMacsecMIBModule MODULE-IDENTITY LAST-UPDATED "201702150000Z" ORGANIZATION "Nokia" CONTACT-INFO "Nokia SROS Support Web: http://www.nokia.com" DESCRIPTION "This document is the SNMP MIB module for the Nokia SROS implementation of Macsec. Copyright (c) 2014-2018 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This SNMP MIB module (Specification) embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the Specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this Specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This Specification is supplied `as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification." REVISION "201702150000Z" DESCRIPTION "Rev 0.1 15 Feb 2017 00:00 Initial Version of the TIMETRA-MACSEC-MIB." ::= { timetraSRMIBModules 114 } tmnxMacsecObjects OBJECT IDENTIFIER ::= { tmnxSRObjs 114 } tmnxMacsecConfigTimestamps OBJECT IDENTIFIER ::= { tmnxMacsecObjects 1 } tmnxMacsecConnAssocTableLstChngd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocTableLstChngd indicates the time, since system startup, when tmnxMacsecConnAssocTable last changed configuration." ::= { tmnxMacsecConfigTimestamps 1 } tmnxMacsecStaticCakTableLstChngd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecStaticCakTableLstChngd indicates the time, since system startup, when tmnxMacsecStaticCakTable last changed configuration." ::= { tmnxMacsecConfigTimestamps 2 } tmnxMacsecPreSharedKeyTblLstChng OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyTblLstChng indicates the time, since system startup, when tmnxMacsecPreSharedKeyTable last changed configuration." ::= { tmnxMacsecConfigTimestamps 3 } tmnxMacsecPortTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortTableLastChanged indicates the time, since system startup, when tmnxMacsecPortTable last changed configuration." ::= { tmnxMacsecConfigTimestamps 4 } tmnxMacsecConfigurations OBJECT IDENTIFIER ::= { tmnxMacsecObjects 2 } tmnxMacsecConfigurationObjects OBJECT IDENTIFIER ::= { tmnxMacsecConfigurations 1 } tmnxMacsecConnAssocTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecConnAssocEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecConnAssocTable contains configuration information for Connectivity Association (CA) entries." ::= { tmnxMacsecConfigurations 2 } tmnxMacsecConnAssocEntry OBJECT-TYPE SYNTAX TmnxMacsecConnAssocEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecConnAssocEntry represents a connectivity association in the system and contains its configuration information. Entries in this table are created and destroyed via SNMP set operations to tmnxMacsecConnAssocRowStatus." INDEX { tmnxMacsecConnAssocName } ::= { tmnxMacsecConnAssocTable 1 } TmnxMacsecConnAssocEntry ::= SEQUENCE { tmnxMacsecConnAssocName TNamedItem, tmnxMacsecConnAssocLastChanged TimeStamp, tmnxMacsecConnAssocRowStatus RowStatus, tmnxMacsecConnAssocAdminState TmnxAdminState, tmnxMacsecConnAssocDescription TItemDescription, tmnxMacsecConnAssocMacsecEncrypt TruthValue, tmnxMacsecConnAssocClearTagMode INTEGER, tmnxMacsecConnAssocReplayWndwSz Unsigned32, tmnxMacsecConnAssocReplayProtect TruthValue, tmnxMacsecConnAssocCipherSuite INTEGER, tmnxMacsecConnAssocEncrptnOffset Unsigned32, tmnxMacsecConnAssocDelayProtectn TruthValue } tmnxMacsecConnAssocName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocName specifies the ID of the connectivity association." ::= { tmnxMacsecConnAssocEntry 1 } tmnxMacsecConnAssocLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocLastChanged indicates the time, since system startup, that the configuration of the row was last modified." ::= { tmnxMacsecConnAssocEntry 2 } tmnxMacsecConnAssocRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocRowStatus specifies the status of the row. It also controls the creation and deletion of the row." ::= { tmnxMacsecConnAssocEntry 3 } tmnxMacsecConnAssocAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocAdminState specifies the admin state of the connectivity association." DEFVAL { outOfService } ::= { tmnxMacsecConnAssocEntry 4 } tmnxMacsecConnAssocDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocDescription specifies the description of the connectivity association." DEFVAL { "" } ::= { tmnxMacsecConnAssocEntry 5 } tmnxMacsecConnAssocMacsecEncrypt OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocMacsecEncrypt specifies whether all PDUs will be encrypted and authenticated." DEFVAL { true } ::= { tmnxMacsecConnAssocEntry 6 } tmnxMacsecConnAssocClearTagMode OBJECT-TYPE SYNTAX INTEGER { none (0), single-tag (1), dual-tag (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocClearTagMode specifies the clear tag mode." DEFVAL { none } ::= { tmnxMacsecConnAssocEntry 7 } tmnxMacsecConnAssocReplayWndwSz OBJECT-TYPE SYNTAX Unsigned32 (0..4294967294) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocReplayWndwSz specifies the size of the replay protection window." REFERENCE "IEEE 802.1AE-2006 'Media Access Control (MAC) Security', Section 10.6, 'Secure frame verification', 2006." DEFVAL { 0 } ::= { tmnxMacsecConnAssocEntry 10 } tmnxMacsecConnAssocReplayProtect OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocReplayProtect specifies whether replay protection is enabled." REFERENCE "IEEE 802.1AE-2006 'Media Access Control (MAC) Security', Section 10.6, 'Secure frame verification', 2006." DEFVAL { false } ::= { tmnxMacsecConnAssocEntry 11 } tmnxMacsecConnAssocCipherSuite OBJECT-TYPE SYNTAX INTEGER { gcm-aes-128 (1), gcm-aes-256 (2), gcm-aes-xpn-128 (3), gcm-aes-xpn-256 (4) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocCipherSuite specifies the encryption algorithm used for datapath PDUs when all parties in the CA have the Security Association Key (SAK)." DEFVAL { gcm-aes-128 } ::= { tmnxMacsecConnAssocEntry 12 } tmnxMacsecConnAssocEncrptnOffset OBJECT-TYPE SYNTAX Unsigned32 (0 | 30 | 50) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocEncrptnOffset specifies the encryption offset of the connectivity association. When tmnxMacsecConnAssocEncrptnOffset has a value of 0, the entire payload will be encrypted. When tmnxMacsecConnAssocEncrptnOffset has a value of 30, the IPv4 header will be left unencrypted. When tmnxMacsecConnAssocEncrptnOffset has a value of 50, the IPv6 header will be left unencrypted." DEFVAL { 0 } ::= { tmnxMacsecConnAssocEntry 13 } tmnxMacsecConnAssocDelayProtectn OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecConnAssocDelayProtectn specifies whether data delay protection is enabled. Data delay protection allows MKA participants to ensure that the data frames protected by MACsec are not delayed by more than 2 seconds" DEFVAL { false } ::= { tmnxMacsecConnAssocEntry 14 } tmnxMacsecStaticCakTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecStaticCakEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecStaticCakTable augments the tmnxMacsecConnAssocTable. It contains configuration information for static Connectivity Association Key (CAK)." ::= { tmnxMacsecConfigurations 3 } tmnxMacsecStaticCakEntry OBJECT-TYPE SYNTAX TmnxMacsecStaticCakEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecStaticCakEntry represents a static CAK in the system and contains its configuration information. Entries in this table are created and destroyed automatically by the system." AUGMENTS { tmnxMacsecConnAssocEntry } ::= { tmnxMacsecStaticCakTable 1 } TmnxMacsecStaticCakEntry ::= SEQUENCE { tmnxMacsecStaticCakLastChanged TimeStamp, tmnxMacsecStaticCakKeyServerPrio Unsigned32, tmnxMacsecStaticCakActivePsk Unsigned32, tmnxMacsecStaticCakMkaHelloInt Unsigned32 } tmnxMacsecStaticCakLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecStaticCakLastChanged indicates the time, since system startup, that the configuration of the row was last modified." ::= { tmnxMacsecStaticCakEntry 1 } tmnxMacsecStaticCakKeyServerPrio OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecStaticCakKeyServerPrio specifies the key server priority used by the MACsec Key Agreement (MKA) protocol to select the key server when MACsec is enabled using static CAK security mode." DEFVAL { 16 } ::= { tmnxMacsecStaticCakEntry 2 } tmnxMacsecStaticCakActivePsk OBJECT-TYPE SYNTAX Unsigned32 (1..2) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecStaticCakActivePsk specifies the active pre-shared-key for encrypting outgoing MKA PDUs. Pre-shared-keys are defined in the tmnxMacsecPreSharedKeyTable." DEFVAL { 1 } ::= { tmnxMacsecStaticCakEntry 3 } tmnxMacsecStaticCakMkaHelloInt OBJECT-TYPE SYNTAX Unsigned32 (1..6 | 500) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecStaticCakMkaHelloInt specifies the time interval between each MKA hello. When the value is 1 to 6, the time interval is specified in seconds. When the value is 500, the time interval is 500 milliseconds." DEFVAL { 2 } ::= { tmnxMacsecStaticCakEntry 4 } tmnxMacsecPreSharedKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecPreSharedKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecPreSharedKeyTable contains configuration information for preshared keys." ::= { tmnxMacsecConfigurations 4 } tmnxMacsecPreSharedKeyEntry OBJECT-TYPE SYNTAX TmnxMacsecPreSharedKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecPreSharedKeyEntry represents a preshared key in the system and contains its configuration information. Entries in this table are created and destroyed via SNMP set operations to the tmnxMacsecPreSharedKeyRowStatus." INDEX { tmnxMacsecConnAssocName, tmnxMacsecPreSharedKeyIndex } ::= { tmnxMacsecPreSharedKeyTable 1 } TmnxMacsecPreSharedKeyEntry ::= SEQUENCE { tmnxMacsecPreSharedKeyIndex Unsigned32, tmnxMacsecPreSharedKeyLastChangd TimeStamp, tmnxMacsecPreSharedKeyRowStatus RowStatus, tmnxMacsecPreSharedKeyEncrptType INTEGER, tmnxMacsecPreSharedKeyCak DisplayString, tmnxMacsecPreSharedKeyCakName DisplayString } tmnxMacsecPreSharedKeyIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyIndex specifies the index of this pre-shared-key." ::= { tmnxMacsecPreSharedKeyEntry 1 } tmnxMacsecPreSharedKeyLastChangd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyLastChangd indicates the time, since system startup, that the configuration of the row was last modified." ::= { tmnxMacsecPreSharedKeyEntry 2 } tmnxMacsecPreSharedKeyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyRowStatus specifies the status of the row. It also controls the creation and deletion of the row." ::= { tmnxMacsecPreSharedKeyEntry 3 } tmnxMacsecPreSharedKeyEncrptType OBJECT-TYPE SYNTAX INTEGER { aes-128-cmac (1), aes-256-cmac (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyEncrptType specifies the encryption type used for encrypting the MKA packets." DEFVAL { aes-128-cmac } ::= { tmnxMacsecPreSharedKeyEntry 4 } tmnxMacsecPreSharedKeyCak OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyCak specifies the CAK for this pre-shared-key. This value is used to derive the KEK (key encryption key) and the ICK (integrity check value). This value is write-only and will appear empty when checking from SNMP." DEFVAL { ''H } ::= { tmnxMacsecPreSharedKeyEntry 5 } tmnxMacsecPreSharedKeyCakName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPreSharedKeyCakName specifies the name of the CAK (CKN) for this pre-shared-key." DEFVAL { ''H } ::= { tmnxMacsecPreSharedKeyEntry 6 } tmnxMacsecPortTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecPortTable contains the configuration information for MACsec on Ethernet ports in the system." ::= { tmnxMacsecConfigurations 5 } tmnxMacsecPortEntry OBJECT-TYPE SYNTAX TmnxMacsecPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecPortEntry represents a subport on an Ethernet port in the system and contains its MACsec configuration information. Entries in this table are created and destroyed via SNMP set operations to tmnxMacsecPortRowStatus." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId } ::= { tmnxMacsecPortTable 1 } TmnxMacsecPortEntry ::= SEQUENCE { tmnxMacsecPortId TmnxPortID, tmnxMacsecVlanId Integer32, tmnxMacsecPortLastChanged TimeStamp, tmnxMacsecPortEapolDestAddress MacAddress, tmnxMacsecPortCaName TNamedItemOrEmpty, tmnxMacsecPortAdminState TmnxAdminState, tmnxMacsecPortMaxPeers Unsigned32, tmnxMacsecPortExcludeLacp TruthValue, tmnxMacsecPortExcludeLldp TruthValue, tmnxMacsecPortExcludeCdp TruthValue, tmnxMacsecPortExcludeEapolStart TruthValue, tmnxMacsecPortRxTrafficEncrption TruthValue, tmnxMacsecPortRowStatus RowStatus, tmnxMacsecPortEncapType INTEGER, tmnxMacsecPortEncapMatch TmnxEncapVal } tmnxMacsecPortId OBJECT-TYPE SYNTAX TmnxPortID MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecPortId specifies the port identifier of the MACsec port." ::= { tmnxMacsecPortEntry 1 } tmnxMacsecVlanId OBJECT-TYPE SYNTAX Integer32 (1..1023) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecVlanId specifies ID of the sub port on the system. Only a value of '1' is supported in SROS release 16.0." ::= { tmnxMacsecPortEntry 2 } tmnxMacsecPortLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortLastChanged indicates the time, since system startup, that the confirmation of the row was last modified." ::= { tmnxMacsecPortEntry 3 } tmnxMacsecPortEapolDestAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortEapolDestAddress specifies the MAC address of the destination Extensible Authentication Protocol over LAN (EAPoL)." DEFVAL { '000000000000'H } ::= { tmnxMacsecPortEntry 4 } tmnxMacsecPortCaName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortCaName specifies the connectivity association (CA) name in use on this port." DEFVAL { ''H } ::= { tmnxMacsecPortEntry 5 } tmnxMacsecPortAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortAdminState specifies the operational state of MACsec on this port." DEFVAL { outOfService } ::= { tmnxMacsecPortEntry 6 } tmnxMacsecPortMaxPeers OBJECT-TYPE SYNTAX Unsigned32 (0..32) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortMaxPeers specifies the maximum number of peers supported on this port." DEFVAL { 0 } ::= { tmnxMacsecPortEntry 7 } tmnxMacsecPortExcludeLacp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMacsecPortExcludeLacp specifies whether packets with Link Aggregation Control Protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortEntry 8 } tmnxMacsecPortExcludeLldp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMacsecPortExcludeLldp specifies whether packets with Link Layer Discovery Protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortEntry 9 } tmnxMacsecPortExcludeCdp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMacsecPortExcludeCdp specifies whether packets with Cisco Discovery Protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortEntry 10 } tmnxMacsecPortExcludeEapolStart OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMacsecPortExcludeEapolStart specifies whether packets with Extensible Authentication Protocol over Lan will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortEntry 11 } tmnxMacsecPortRxTrafficEncrption OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMacsecPortRxTrafficEncrption specifies whether received traffic must be encrypted. When the value of tmnxMacsecPortRxTrafficEncrption is 'true', all received traffic that is not MACsec-secured will be dropped. When the value of tmnxMacsecPortRxTrafficEncrption is 'false', all received traffic will be accepted whether MACsec secured or not." DEFVAL { false } ::= { tmnxMacsecPortEntry 12 } tmnxMacsecPortRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortRowStatus specifies the status of the row. It also controls the creation and deletion of the row." ::= { tmnxMacsecPortEntry 13 } tmnxMacsecPortEncapType OBJECT-TYPE SYNTAX INTEGER { all-match (1), untagged (2), single-tag (3), double-tag (4) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortEncapType specifies the type of the encap value." DEFVAL { all-match } ::= { tmnxMacsecPortEntry 14 } tmnxMacsecPortEncapMatch OBJECT-TYPE SYNTAX TmnxEncapVal MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecPortEncapMatch specifies the encapsulateion value of this subport. This value is only used when tmnxMacsecPortEncapType is set to single-tag (3) or double-tag (4)." ::= { tmnxMacsecPortEntry 15 } tmnxMacsecPortGlobalTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecPortGlobalEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecPortGlobalTable contains the configuration information for MACsec on Ethernet ports in the system." ::= { tmnxMacsecConfigurations 6 } tmnxMacsecPortGlobalEntry OBJECT-TYPE SYNTAX TmnxMacsecPortGlobalEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecPortGlobalEntry represents a port in the sytem and contains its MACsec configuration information. Entries in this table are created automaticall by the system and cannot be created or destroyed via SNMP SET operations." INDEX { tmnxMacsecPortId } ::= { tmnxMacsecPortGlobalTable 1 } TmnxMacsecPortGlobalEntry ::= SEQUENCE { tmnxMacsecPortGlobalRxTrafEncrpt TruthValue, tmnxMacsecPortGlobalExcludeLacp TruthValue, tmnxMacsecPortGlobalExcludeLldp TruthValue, tmnxMacsecPortGlobalExcludeCdp TruthValue, tmnxMacsecPortGlblExcldEaplStart TruthValue, tmnxMacsecPortGlobalExcldeEfmOam TruthValue, tmnxMacsecPortGlobalExcldeEthCfm TruthValue, tmnxMacsecPortGlobalExcludePtp TruthValue, tmnxMacsecPortGlobalExcludeUbfd TruthValue, tmnxMacsecPortGlblExcldMacPolicy Unsigned32 } tmnxMacsecPortGlobalRxTrafEncrpt OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalRxTrafEncrpt specifies whether received traffic must be encrypted. When the value of tmnxMacsecPortGlobalRxTrafEncrpt is 'true', all received traffic that is not MACsec-secured will be dropped. When the value of tmnxMacsecPortGlobalRxTrafEncrpt is 'false', all received traffic will be accepted whether MACsec secured or not." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 1 } tmnxMacsecPortGlobalExcludeLacp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcludeLacp specifies whether packets with Link Aggregation Control Protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 2 } tmnxMacsecPortGlobalExcludeLldp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcludeLldp specifies whether packets with Link Layer Discovery Protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 3 } tmnxMacsecPortGlobalExcludeCdp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcludeCdp specifies whether packets with Cisco Discovery Protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 4 } tmnxMacsecPortGlblExcldEaplStart OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlblExcldEaplStart specifies whether packets with Extensible Authentication Protocol over Lan will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 5 } tmnxMacsecPortGlobalExcldeEfmOam OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcldeEfmOam specifies whether packets with ethernet OAM will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 6 } tmnxMacsecPortGlobalExcldeEthCfm OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcldeEthCfm specifies whether packets with Ethernet Connectivity Fault Management will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 7 } tmnxMacsecPortGlobalExcludePtp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcludePtp specifies whether peer to peer packets will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 8 } tmnxMacsecPortGlobalExcludeUbfd OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlobalExcludeUbfd specifies whether packets with micro Bidirectional Forwarding Detection protocol will be excluded from MACsec on this port." DEFVAL { false } ::= { tmnxMacsecPortGlobalEntry 9 } tmnxMacsecPortGlblExcldMacPolicy OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..1024) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMacsecPortGlblExcldMacPolicy specifies the mac policy to be used for excluding destination mac addresses for MACsec on this port." DEFVAL { 0 } ::= { tmnxMacsecPortGlobalEntry 10 } tmnxMacsecMacPolicyGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecMacPolicyGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecMacPolicyGroupTable contains the configuration information for MACsec mac address policy groups in the system" ::= { tmnxMacsecConfigurations 7 } tmnxMacsecMacPolicyGroupEntry OBJECT-TYPE SYNTAX TmnxMacsecMacPolicyGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecMacPolicyGroupEntry represents a mac policy group in the system. Entries in this table are created and destroyed via SNMP set operations to tmnxMacsecPortRowStatus." INDEX { tmnxMacsecMacPolicyId } ::= { tmnxMacsecMacPolicyGroupTable 1 } TmnxMacsecMacPolicyGroupEntry ::= SEQUENCE { tmnxMacsecMacPolicyId Unsigned32, tmnxMacsecMacPolicyGrpRowStatus RowStatus } tmnxMacsecMacPolicyId OBJECT-TYPE SYNTAX Unsigned32 (1..1024) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecMacPolicyId specifies the policy ID of this row and is referenced by tmnxMacsecPortGlblExcldMacPolicy." ::= { tmnxMacsecMacPolicyGroupEntry 1 } tmnxMacsecMacPolicyGrpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecMacPolicyGrpRowStatus specifies the status of the row. It also controls the creation and deletion of the row." ::= { tmnxMacsecMacPolicyGroupEntry 2 } tmnxMacsecDestMacAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecDestMacAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecDestMacAddressTable contains the configuration information for destination mac addresses in mac policies." ::= { tmnxMacsecConfigurations 8 } tmnxMacsecDestMacAddressEntry OBJECT-TYPE SYNTAX TmnxMacsecDestMacAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecDestMacAddressEntry represents a destination mac address in a policy group in the system. Entries in this table are created and destroyed via SNMP set operations to tmnxMacsecPortRowStatus." INDEX { tmnxMacsecMacPolicyId, tmnxMacsecDestMacAddress } ::= { tmnxMacsecDestMacAddressTable 2 } TmnxMacsecDestMacAddressEntry ::= SEQUENCE { tmnxMacsecDestMacAddress MacAddress, tmnxMacsecDestMacAddrRowStatus RowStatus } tmnxMacsecDestMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecDestMacAddress specifies the destination mac address of this row." ::= { tmnxMacsecDestMacAddressEntry 1 } tmnxMacsecDestMacAddrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacsecDestMacAddrRowStatus specifies the status of the row. It also controls the creation and deletion of the row." ::= { tmnxMacsecDestMacAddressEntry 2 } tmnxMacsecStats OBJECT IDENTIFIER ::= { tmnxMacsecObjects 3 } tmnxMacsecStatsObjects OBJECT IDENTIFIER ::= { tmnxMacsecStats 1 } tmnxMacsecMkaStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecMkaStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecMkaStatsTable contains stats information for MKA on a subport on a port in the system." ::= { tmnxMacsecStats 2 } tmnxMacsecMkaStatsEntry OBJECT-TYPE SYNTAX TmnxMacsecMkaStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecMkaStatsEntry represents an MKA for a subport on a port in the system and contains MKA statistical information for that MKA. Entries in this table are created automatically by the system and cannot be created or destroyed via SNMP SET operations." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId, tmnxMacsecCkn } ::= { tmnxMacsecMkaStatsTable 1 } TmnxMacsecMkaStatsEntry ::= SEQUENCE { tmnxMacsecCkn OCTET STRING, tmnxMacsecMkaStatsMemberId OCTET STRING, tmnxMacsecMkaStatsCakName DisplayString, tmnxMacsecMkaStatsTransmitInt Unsigned32, tmnxMacsecMkaStatsOutboundSci OCTET STRING, tmnxMacsecMkaStatsMessageNumber Unsigned32, tmnxMacsecMkaStatsKeyNumber Unsigned32, tmnxMacsecMkaStatsKeyServer TruthValue, tmnxMacsecMkaStatsKeyServerPrio Unsigned32, tmnxMacsecMkaStatsLatestSakAn Unsigned32, tmnxMacsecMkaStatsLatestSakKi OCTET STRING, tmnxMacsecMkaStatsPreviousSakAn Unsigned32, tmnxMacsecMkaStatsPreviousSakKi OCTET STRING, tmnxMacsecMkaStatsPeerRemTimeout Counter64, tmnxMacsecMkaStatsCknNotFound Counter64, tmnxMacsecMkaStatsNewLivePeer Counter64, tmnxMacsecMkaStatsSakGenerated Counter64, tmnxMacsecMkaStatsSakInstalledTx Counter64, tmnxMacsecMkaStatsSakInstalledRx Counter64, tmnxMacsecMkaStatsPduTooSmall Counter64, tmnxMacsecMkaStatsPduTooBig Counter64, tmnxMacsecMkaStatsPduNotQuadSize Counter64, tmnxMacsecMkaStatsPduInvalidNum Counter64, tmnxMacsecMkaStatsParamSzInvalid Counter64, tmnxMacsecMkaStatsLvnessChckFail Counter64, tmnxMacsecMkaStatsParamNotQuadSz Counter64, tmnxMacsecMkaStatsUnsupportedAgi Counter64, tmnxMacsecMkaStatsInvldCknLength Counter64, tmnxMacsecMkaStatsIcvCheckFailed Counter64, tmnxMacsecMkaStatsPeerSameMid Counter64, tmnxMacsecMkaStatsSakNonLivePeer Counter64, tmnxMacsecMkaStatsSakNoKeyServer Counter64, tmnxMacsecMkaStatsSakDecryptFail Counter64, tmnxMacsecMkaStatsSakEncryptFail Counter64, tmnxMacsecMkaStatsKeyNumInvalid Counter64, tmnxMacsecMkaStatsSakInstallFail Counter64, tmnxMacsecMkaStatsCakInfoMissing Counter64, tmnxMacsecMkaStatsMxPeersSetZero Counter64, tmnxMacsecMkaStatsOperState TmnxOperState, tmnxMacsecMkaStatsOperOffset Unsigned32, tmnxMacsecMkaStatsOperCipher INTEGER, tmnxMacsecMkaStatsLatestSakLpn Counter64, tmnxMacsecMkaStatsPreviousSakLpn Counter64, tmnxMacsecMkaStatsEncapType INTEGER, tmnxMacsecMkaStatsEncapMatch TmnxEncapVal } tmnxMacsecCkn OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecCkn specifies the CKN information for this MKA." REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" ::= { tmnxMacsecMkaStatsEntry 1 } tmnxMacsecMkaStatsMemberId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (12)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsMemberId indicates the Member Identifier (MI) for the MKA instance." REFERENCE "IEEE 802.1X Clause 9.4.2" ::= { tmnxMacsecMkaStatsEntry 2 } tmnxMacsecMkaStatsCakName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsCakName indicates the name of the CAK in use by this MKA." ::= { tmnxMacsecMkaStatsEntry 3 } tmnxMacsecMkaStatsTransmitInt OBJECT-TYPE SYNTAX Unsigned32 UNITS "milliseconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsTransmitInt indicates the time interval at which the MKA broadcasts its liveliness to its peers." ::= { tmnxMacsecMkaStatsEntry 4 } tmnxMacsecMkaStatsOutboundSci OBJECT-TYPE SYNTAX OCTET STRING (SIZE (8)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsOutboundSci indicates the Secure Channel Identifier (SCI) information for transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 7.1.2, 10.7.1 and figure 7.7" ::= { tmnxMacsecMkaStatsEntry 5 } tmnxMacsecMkaStatsMessageNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsMessageNumber indicates the current count of MKA messages that is attached to MKA PDUs." ::= { tmnxMacsecMkaStatsEntry 6 } tmnxMacsecMkaStatsKeyNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsKeyNumber indicates the number of the currently assigned CAK. When a new CAK is generated, this number is incremented." ::= { tmnxMacsecMkaStatsEntry 7 } tmnxMacsecMkaStatsKeyServer OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsKeyServer indicates whether this server is the highest priority server in the peer group." ::= { tmnxMacsecMkaStatsEntry 8 } tmnxMacsecMkaStatsKeyServerPrio OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsKeyServerPrio indicates the priority of this MKA." ::= { tmnxMacsecMkaStatsEntry 9 } tmnxMacsecMkaStatsLatestSakAn OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsLatestSakAn indicates the Association Number (AN) of the latest Secure Association Key (SAK). This number is concatenated with an SCI to identify a Secure Association (SA)." ::= { tmnxMacsecMkaStatsEntry 10 } tmnxMacsecMkaStatsLatestSakKi OBJECT-TYPE SYNTAX OCTET STRING (SIZE (16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsLatestSakKi indicates the Key Identifier (KI) of the latest SAK. This number is derived from the MI of the key server and the key number." ::= { tmnxMacsecMkaStatsEntry 11 } tmnxMacsecMkaStatsPreviousSakAn OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPreviousSakAn indicates the AN of the previous SAK. This number is concatenated with an SCI to identify an SA." ::= { tmnxMacsecMkaStatsEntry 12 } tmnxMacsecMkaStatsPreviousSakKi OBJECT-TYPE SYNTAX OCTET STRING (SIZE (16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPreviousSakKi indicates the KI of the previous SAK. This number is derived from the MI of the key server and the key number." ::= { tmnxMacsecMkaStatsEntry 13 } tmnxMacsecMkaStatsPeerRemTimeout OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPeerRemTimeout indicates the number of peers removed from the live/potential peer list due to not receiving an MKPDU within the MKA Live Time (6.0 sec)." ::= { tmnxMacsecMkaStatsEntry 14 } tmnxMacsecMkaStatsCknNotFound OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsCknNotFound indicates the number of MKPDUs received with a CKN that does not match the CA configured for the port." ::= { tmnxMacsecMkaStatsEntry 15 } tmnxMacsecMkaStatsNewLivePeer OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsNewLivePeer indicates the number of validated peers that have been added to the live peer list." ::= { tmnxMacsecMkaStatsEntry 16 } tmnxMacsecMkaStatsSakGenerated OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakGenerated indicates the number of SAKs generated by this MKA instance." ::= { tmnxMacsecMkaStatsEntry 17 } tmnxMacsecMkaStatsSakInstalledTx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakInstalledTx indicates the number of SAKs installed for transmitting." ::= { tmnxMacsecMkaStatsEntry 18 } tmnxMacsecMkaStatsSakInstalledRx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakInstalledRx indicates the number of SAKs installed for receiving." ::= { tmnxMacsecMkaStatsEntry 19 } tmnxMacsecMkaStatsPduTooSmall OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPduTooSmall indicates the number of MKPDUs received that are less than 32 octets." ::= { tmnxMacsecMkaStatsEntry 20 } tmnxMacsecMkaStatsPduTooBig OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPduTooBig indicates the number of MKPDUs received where the EAPOL header indicates a size larger than the received packet." ::= { tmnxMacsecMkaStatsEntry 21 } tmnxMacsecMkaStatsPduNotQuadSize OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPduNotQuadSize indicates the number of MKPDUs received with a size that is not a multiple of 4 octets long." ::= { tmnxMacsecMkaStatsEntry 22 } tmnxMacsecMkaStatsPduInvalidNum OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPduInvalidNum indicates the number of MKPDUs received out of order as indicated by the Message Number." ::= { tmnxMacsecMkaStatsEntry 23 } tmnxMacsecMkaStatsParamSzInvalid OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsParamSzInvalid indicates the number of MKPDUs received which contain a parameter set body length that exceeds the remaining length of the MKPDU." ::= { tmnxMacsecMkaStatsEntry 24 } tmnxMacsecMkaStatsLvnessChckFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsLvnessChckFail indicates the number of MKPDUs received which contain an MN that is not acceptably recent." ::= { tmnxMacsecMkaStatsEntry 25 } tmnxMacsecMkaStatsParamNotQuadSz OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsParamNotQuadSz indicates the number of MKPDUs received which contain a parameter set that is not a multiple of 4 octets long." ::= { tmnxMacsecMkaStatsEntry 26 } tmnxMacsecMkaStatsUnsupportedAgi OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsUnsupportedAgi indicates the number of MKPDUs received which contain an unsupported Algorithm Agility value." ::= { tmnxMacsecMkaStatsEntry 27 } tmnxMacsecMkaStatsInvldCknLength OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsInvldCknLength indicates the number of MKPDUs received which contain a CAK name that exceeds the maximum CAK name length." ::= { tmnxMacsecMkaStatsEntry 28 } tmnxMacsecMkaStatsIcvCheckFailed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsIcvCheckFailed indicates the number of MKPDUs received which contain an ICV value that does not authenticate." ::= { tmnxMacsecMkaStatsEntry 29 } tmnxMacsecMkaStatsPeerSameMid OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPeerSameMid indicates the number of MKPDUs received which contain a peerlist with an MI entry which conflicts with the local MI." ::= { tmnxMacsecMkaStatsEntry 30 } tmnxMacsecMkaStatsSakNonLivePeer OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakNonLivePeer indicates the number of SAKs received from peer that is not a member of the Live Peers List." ::= { tmnxMacsecMkaStatsEntry 31 } tmnxMacsecMkaStatsSakNoKeyServer OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakNoKeyServer indicates the number of SAKs received from an MKA participant that has not been designated as the Key Server." ::= { tmnxMacsecMkaStatsEntry 32 } tmnxMacsecMkaStatsSakDecryptFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakDecryptFail indicates the number of AES Key Wrap SAK decryption failures that have occurred." ::= { tmnxMacsecMkaStatsEntry 33 } tmnxMacsecMkaStatsSakEncryptFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakEncryptFail indicates the number of AES Key Wrap SAK encryption failures that have occurred." ::= { tmnxMacsecMkaStatsEntry 34 } tmnxMacsecMkaStatsKeyNumInvalid OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsKeyNumInvalid indicates the number of SAKs received with an invalid Key Number." ::= { tmnxMacsecMkaStatsEntry 35 } tmnxMacsecMkaStatsSakInstallFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsSakInstallFail indicates the number of Secy SAK installation failures that have occurred." ::= { tmnxMacsecMkaStatsEntry 36 } tmnxMacsecMkaStatsCakInfoMissing OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsCakInfoMissing indicates the number of times internal CAK data is not available for the generation of the SAK." ::= { tmnxMacsecMkaStatsEntry 37 } tmnxMacsecMkaStatsMxPeersSetZero OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsMxPeersSetZero indicates the number of Secy SAK installations that have failed due to the max peer entry being set to 0." ::= { tmnxMacsecMkaStatsEntry 38 } tmnxMacsecMkaStatsOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsOperState indicates the operational state of the MKA participant on this port." ::= { tmnxMacsecMkaStatsEntry 39 } tmnxMacsecMkaStatsOperOffset OBJECT-TYPE SYNTAX Unsigned32 (0 | 30 | 50) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsOperOffset indicates the operational encryption offset used for the datapath PDUs when all parties in the CA have the SAK. This value is specified by the key server." ::= { tmnxMacsecMkaStatsEntry 40 } tmnxMacsecMkaStatsOperCipher OBJECT-TYPE SYNTAX INTEGER { gcm-aes-128 (1), gcm-aes-256 (2), gcm-aes-xpn-128 (3), gcm-aes-xpn-256 (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsOperCipher indicates the operational encryption algorithm used for datapath PDUs when all parties in the CA have the (SAK). This value is specified by the key server." ::= { tmnxMacsecMkaStatsEntry 41 } tmnxMacsecMkaStatsLatestSakLpn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsLatestSakLpn indicates the Lowest Acceptable Packet Number of the latest SAK." ::= { tmnxMacsecMkaStatsEntry 42 } tmnxMacsecMkaStatsPreviousSakLpn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsPreviousSakLpn indicates the Lowest Acceptable Packet Number of the latest SAK." ::= { tmnxMacsecMkaStatsEntry 43 } tmnxMacsecMkaStatsEncapType OBJECT-TYPE SYNTAX INTEGER { all-match (1), untagged (2), single-tag (3), double-tag (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsEncapType indicates the type of the encap value." ::= { tmnxMacsecMkaStatsEntry 44 } tmnxMacsecMkaStatsEncapMatch OBJECT-TYPE SYNTAX TmnxEncapVal MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaStatsEncapMatch indicates the encapsulation value. This value is only used when tmnxMacsecMkaStatsEncapType is set to single-tag (3) or double-tag (4)." ::= { tmnxMacsecMkaStatsEntry 45 } tmnxMacsecMkaPeerListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecMkaPeerListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecMkaPeerListTable contains information for MKA peer lists on a subport or a port in the system." ::= { tmnxMacsecStats 3 } tmnxMacsecMkaPeerListEntry OBJECT-TYPE SYNTAX TmnxMacsecMkaPeerListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecMkaPeerListEntry represents a peer of the MKA instance for a subport or a port in the system." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId, tmnxMacsecCkn, tmnxMacsecMkaPeerListMi } ::= { tmnxMacsecMkaPeerListTable 1 } TmnxMacsecMkaPeerListEntry ::= SEQUENCE { tmnxMacsecMkaPeerListMi OCTET STRING, tmnxMacsecMkaPeerListMn Counter64, tmnxMacsecMkaPeerListType INTEGER, tmnxMacsecMkaPeerListSci OCTET STRING, tmnxMacsecMkaPeerListKeyServPrio Counter64, tmnxMacsecMkaPeerListLowstAcptPn Counter64 } tmnxMacsecMkaPeerListMi OBJECT-TYPE SYNTAX OCTET STRING (SIZE (12)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecMkaPeerListMi specifies the MI of the peer entry." REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" ::= { tmnxMacsecMkaPeerListEntry 1 } tmnxMacsecMkaPeerListMn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaPeerListMn indicates the latest Member Number of the peer entry." REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" ::= { tmnxMacsecMkaPeerListEntry 2 } tmnxMacsecMkaPeerListType OBJECT-TYPE SYNTAX INTEGER { livePeerList (1), potentialPeerList (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaPeerListType indicates the type of the peer entry. livePeerList : the peer entry is in the Live Peer List. potentialPeerList : the peer entry is in the Potential Peer List." REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" ::= { tmnxMacsecMkaPeerListEntry 3 } tmnxMacsecMkaPeerListSci OBJECT-TYPE SYNTAX OCTET STRING (SIZE (8)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaPeerListSci indicates the SCI information of this peer list entry." REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" ::= { tmnxMacsecMkaPeerListEntry 4 } tmnxMacsecMkaPeerListKeyServPrio OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaPeerListKeyServPrio indicates the priority of this MKA peer." ::= { tmnxMacsecMkaPeerListEntry 5 } tmnxMacsecMkaPeerListLowstAcptPn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecMkaPeerListLowstAcptPn indicates the lowest acceptable packet number of this MKA peer." ::= { tmnxMacsecMkaPeerListEntry 6 } tmnxMacsecPortStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecPortStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecPortStatsTable augments the tmnxMacsecPortTable and contains MACsec statistic information for subportss or ports in the system." REFERENCE "IEEE 802.1AE Clause 10.7.9, 10.7.18, figure 10.4, 10.5" ::= { tmnxMacsecStats 4 } tmnxMacsecPortStatsEntry OBJECT-TYPE SYNTAX TmnxMacsecPortStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecPortStatsEntry represents a subport or an Ethernet port in the system and contains its MACsec statistic information. Entries in this table are created automatically by the system and cannot be created or destroyed via SNMP SET operations." AUGMENTS { tmnxMacsecPortEntry } ::= { tmnxMacsecPortStatsTable 1 } TmnxMacsecPortStatsEntry ::= SEQUENCE { tmnxMacsecPortStatsTxUntaggdPkts Counter64, tmnxMacsecPortStatsTxTooLongPkts Counter64, tmnxMacsecPortStatsRxNoTagPkts Counter64, tmnxMacsecPortStatsRxBadTagPkts Counter64, tmnxMacsecPortStatsRxNoSciPkts Counter64, tmnxMacsecPortStatsRxOverrunPkts Counter64 } tmnxMacsecPortStatsTxUntaggdPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortStatsTxUntaggdPkts indicates the number of transmitted packets without the MAC security tag (SecTAG) when the value of tmnxMacsecConnAssocReplayProtect for the configured CA is set to 'false'." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecPortStatsEntry 1 } tmnxMacsecPortStatsTxTooLongPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortStatsTxTooLongPkts indicates the number of transmitted packets discarded because the packet length is greater than the Maximum Transmission Unit (MTU) of the Ethernet physical interface." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecPortStatsEntry 2 } tmnxMacsecPortStatsRxNoTagPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortStatsRxNoTagPkts indicates the number of received packets discarded without the MAC security tag (SecTAG)." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { tmnxMacsecPortStatsEntry 3 } tmnxMacsecPortStatsRxBadTagPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The the value of tmnxMacsecPortStatsRxBadTagPkts indicates the number of received packets discarded with an invalid SecTAG or a zero value Packet Number (PN) or an invalid Integrity Check Value (ICV)." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { tmnxMacsecPortStatsEntry 4 } tmnxMacsecPortStatsRxNoSciPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortStatsRxNoSciPkts indicates the number of received packets discarded with unknown SCI information when the C bit in the SecTAG is set." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { tmnxMacsecPortStatsEntry 7 } tmnxMacsecPortStatsRxOverrunPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecPortStatsRxOverrunPkts indicates the number of packets discarded because the number of received packets exceeded the cryptographic performance capabilities." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { tmnxMacsecPortStatsEntry 8 } tmnxMacsecTxSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecTxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecTxSAStatsTable contains the stats information for each transmitting SA in the subport or port in the system." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecStats 5 } tmnxMacsecTxSAStatsEntry OBJECT-TYPE SYNTAX TmnxMacsecTxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecTxSAStatsEntry represents a transmitting SA on a subport or a port in the system and contains statistical information for that transmitting SA. Entries in this table are created automatically by the system and cannot be created or destroyed via SNMP SET operations." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId, tmnxMacsecTxSAAn } ::= { tmnxMacsecTxSAStatsTable 1 } TmnxMacsecTxSAStatsEntry ::= SEQUENCE { tmnxMacsecTxSAAn Unsigned32, tmnxMacsecTxSAStatsProtectedPkts Counter32, tmnxMacsecTxSAStatsEncryptedPkts Counter32 } tmnxMacsecTxSAAn OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecTxSAAn indicates the AN for identifying the transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { tmnxMacsecTxSAStatsEntry 1 } tmnxMacsecTxSAStatsProtectedPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecTxSAStatsProtectedPkts indicates the number of packets that are integrity protected but not encrypted for this transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecTxSAStatsEntry 2 } tmnxMacsecTxSAStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecTxSAStatsEncryptedPkts indicates the number of packets that are integrity protected and encrypted for this transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecTxSAStatsEntry 3 } tmnxMacsecTxSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecTxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecTxSCStatsTable contains transmitting Secure Channel (SC) MACsec statistic information for subports or ports in the system." REFERENCE "IEEE 802.1AE Clause 10.7.18, 10.7.19, figure 10.4" ::= { tmnxMacsecStats 6 } tmnxMacsecTxSCStatsEntry OBJECT-TYPE SYNTAX TmnxMacsecTxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecTxSCStatsEntry represents a transmitting SC and contains its counters. Entries in this table are created automatically by the system and cannot be created or destroyed via SNMP SET operations." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId } ::= { tmnxMacsecTxSCStatsTable 1 } TmnxMacsecTxSCStatsEntry ::= SEQUENCE { tmnxMacsecTxSCStatsProtectedPkts Counter64, tmnxMacsecTxSCStatsEncryptedPkts Counter64, tmnxMacsecTxSCStatsOctetsProtctd Counter64, tmnxMacsecTxSCStatsOctetsEncrptd Counter64 } tmnxMacsecTxSCStatsProtectedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecTxSCStatsProtectedPkts indicates the number of integrity protected but not encrypted packets for this transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecTxSCStatsEntry 1 } tmnxMacsecTxSCStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecTxSCStatsEncryptedPkts indicates the number of integrity protected and encrypted packets for this transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { tmnxMacsecTxSCStatsEntry 4 } tmnxMacsecTxSCStatsOctetsProtctd OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecTxSCStatsOctetsProtctd indicates the number of plain text octets that are integrity protected but not encrypted on the transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.19, figure 10.4" ::= { tmnxMacsecTxSCStatsEntry 5 } tmnxMacsecTxSCStatsOctetsEncrptd OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecTxSCStatsOctetsEncrptd indicates the number of plain text octets that are integrity protected and encrypted on the transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.19, figure 10.4" ::= { tmnxMacsecTxSCStatsEntry 6 } tmnxMacsecRxSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecRxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecRxSAStatsTable contains the stats information for each receiving SA in the subport or port in the system." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecStats 7 } tmnxMacsecRxSAStatsEntry OBJECT-TYPE SYNTAX TmnxMacsecRxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecRxSAStatsEntry represents a receiving SA on a subport or a port in the system and contains statistical information for that receiving SA. Entries in this table are created automatically by the system and cannot be created or destroyed via SNMP SET operations." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId, tmnxMacsecRxSci, tmnxMacsecRxSAAn } ::= { tmnxMacsecRxSAStatsTable 1 } TmnxMacsecRxSAStatsEntry ::= SEQUENCE { tmnxMacsecRxSci OCTET STRING, tmnxMacsecRxSAAn Unsigned32, tmnxMacsecRxSAStatsNoUsingSAPkts Counter32, tmnxMacsecRxSAStatsNotValidPkts Counter32, tmnxMacsecRxSAStatsOKPkts Counter32 } tmnxMacsecRxSci OBJECT-TYPE SYNTAX OCTET STRING (SIZE (8)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecRxSci indicates the SCI for identifying the receiving SC." REFERENCE "IEEE 802.1AE Clause 10.7.11" ::= { tmnxMacsecRxSAStatsEntry 1 } tmnxMacsecRxSAAn OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacsecRxSAAn indicates the AN for identifying the receiving SA." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { tmnxMacsecRxSAStatsEntry 2 } tmnxMacsecRxSAStatsNoUsingSAPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSAStatsNoUsingSAPkts indicates the number of received packets that have been discarded on this SA which is not currently in use." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSAStatsEntry 3 } tmnxMacsecRxSAStatsNotValidPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSAStatsNotValidPkts indicates the number of not valid packets that have been discarded on this active SA." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSAStatsEntry 4 } tmnxMacsecRxSAStatsOKPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSAStatsOKPkts indicates the number of validated packets on this SA." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSAStatsEntry 5 } tmnxMacsecRxSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacsecRxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxMacsecRxSCStatsTable contains the stats information for each receiving SC supported by the subport or port in the system." REFERENCE "IEEE 802.1AE Clause 10.7.9, 10.7.10, figure 10.5" ::= { tmnxMacsecStats 8 } tmnxMacsecRxSCStatsEntry OBJECT-TYPE SYNTAX TmnxMacsecRxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxMacsecRxSCStatsEntry represents a receiving SC. Some counters in the receiving SA will be reset while the SA is reused, and in order to maintain complete statistical information for the SC, some counter information on the SAs are kept in the SC. Each counter for an SC is a summation of the corresponding counter information for all the SAs, current and prior, belonging to this SC." INDEX { tmnxMacsecPortId, tmnxMacsecVlanId, tmnxMacsecRxSci } ::= { tmnxMacsecRxSCStatsTable 1 } TmnxMacsecRxSCStatsEntry ::= SEQUENCE { tmnxMacsecRxSCStatsNoUsingSAPkts Counter64, tmnxMacsecRxSCStatsLatePkts Counter64, tmnxMacsecRxSCStatsNotValidPkts Counter64, tmnxMacsecRxSCStatsDelayedPkts Counter64, tmnxMacsecRxSCStatsUncheckedPkts Counter64, tmnxMacsecRxSCStatsOKPkts Counter64, tmnxMacsecRxSCStatsOctsValidated Counter64, tmnxMacsecRxSCStatsOctsDecrypted Counter64 } tmnxMacsecRxSCStatsNoUsingSAPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsNoUsingSAPkts indicates the summation of counter tmnxMacsecRxSAStatsNoUsingSAPkts information for all the SAs which belong to this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 1 } tmnxMacsecRxSCStatsLatePkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsLatePkts indicates the number of received packets that have been discarded due to replay window protection on this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 2 } tmnxMacsecRxSCStatsNotValidPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsNotValidPkts indicates the summation of counter tmnxMacsecRxSAStatsNotValidPkts information for all the SAs which belong to this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 3 } tmnxMacsecRxSCStatsDelayedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsDelayedPkts indicates the number of received packets with the condition a PN lower than the lower bound of the replay protection on this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 4 } tmnxMacsecRxSCStatsUncheckedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsUncheckedPkts indicates the number of packets that have failed the integrity check on this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 5 } tmnxMacsecRxSCStatsOKPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsOKPkts indicates the summation of counter tmnxMacsecRxSAStatsOKPkts information for all the SAs which belong to this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 6 } tmnxMacsecRxSCStatsOctsValidated OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsOctsValidated indicate the number of octets of plain text recovered from received packets that were integrity protected but not encrypted." REFERENCE "IEEE 802.1AE Clause 10.7.10, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 7 } tmnxMacsecRxSCStatsOctsDecrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacsecRxSCStatsOctsDecrypted indicates the number of octets of plain text recovered from received packets that were integrity protected and encrypted." REFERENCE "IEEE 802.1AE Clause 10.7.10, figure 10.5" ::= { tmnxMacsecRxSCStatsEntry 8 } tmnxMacsecNotifyObjects OBJECT IDENTIFIER ::= { tmnxMacsecObjects 4 } tmnxMacsecNotifyPortId OBJECT-TYPE SYNTAX TmnxPortID MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Used by traps to indicated the port identifier of the MACsec port." ::= { tmnxMacsecNotifyObjects 1 } tmnxMacsecNotifyVlanId OBJECT-TYPE SYNTAX VlanIdOrNone MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Used by traps to indicated the subport ID on the MACsec port." ::= { tmnxMacsecNotifyObjects 2 } tmnxMacsecNotifyPeerMi OBJECT-TYPE SYNTAX OCTET STRING (SIZE (12)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Used by traps to indicated the MI of the peer entry." REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" ::= { tmnxMacsecNotifyObjects 3 } tmnxMacsecNotifySecurityZone OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Used by traps to indicated the Security Zone." ::= { tmnxMacsecNotifyObjects 4 } tmnxMacsecNotifyAssociationNum OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Used by traps to indicate the Association Number of the SAK." ::= { tmnxMacsecNotifyObjects 5 } tmnxMacsecConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 114 } tmnxMacsecCompliances OBJECT IDENTIFIER ::= { tmnxMacsecConformance 1 } tmnxMacsecComplianceV15v0 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of MACsec features for SROS release 15.0 in the timetra-macsec-mib." MODULE MANDATORY-GROUPS { tmnxMacsecGroup, tmnxMacsecStatsGroup, tmnxMacsecNotificationObjsGroup, tmnxMacsecNotificationGroup } ::= { tmnxMacsecCompliances 1 } tmnxMacsecComplianceV19v0 MODULE-COMPLIANCE STATUS current DESCRIPTION "" MODULE MANDATORY-GROUPS { tmnxMacsecDestMacAddrGroup } ::= { tmnxMacsecCompliances 2 } tmnxMacsecComplianceV20v0 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of MACsec features for SROS release 20 in the timetra-macsec-mib." MODULE MANDATORY-GROUPS { tmnxMacsecNiapsNotificationGroup, tmnxMacsecDdpObjectGroup } ::= { tmnxMacsecCompliances 3 } tmnxMacsecGroups OBJECT IDENTIFIER ::= { tmnxMacsecConformance 2 } tmnxMacsecGroup OBJECT-GROUP OBJECTS { tmnxMacsecConnAssocLastChanged, tmnxMacsecConnAssocRowStatus, tmnxMacsecConnAssocAdminState, tmnxMacsecConnAssocDescription, tmnxMacsecConnAssocMacsecEncrypt, tmnxMacsecConnAssocClearTagMode, tmnxMacsecConnAssocReplayWndwSz, tmnxMacsecConnAssocCipherSuite, tmnxMacsecConnAssocReplayProtect, tmnxMacsecConnAssocEncrptnOffset, tmnxMacsecStaticCakLastChanged, tmnxMacsecStaticCakKeyServerPrio, tmnxMacsecStaticCakActivePsk, tmnxMacsecPreSharedKeyLastChangd, tmnxMacsecPreSharedKeyRowStatus, tmnxMacsecPreSharedKeyEncrptType, tmnxMacsecPreSharedKeyCak, tmnxMacsecPreSharedKeyCakName, tmnxMacsecConnAssocTableLstChngd, tmnxMacsecStaticCakTableLstChngd, tmnxMacsecPreSharedKeyTblLstChng, tmnxMacsecPortTableLastChanged, tmnxMacsecPortLastChanged, tmnxMacsecPortEapolDestAddress, tmnxMacsecPortCaName, tmnxMacsecPortAdminState, tmnxMacsecPortMaxPeers, tmnxMacsecPortRowStatus, tmnxMacsecPortGlobalRxTrafEncrpt, tmnxMacsecPortGlobalExcludeLacp, tmnxMacsecPortGlobalExcludeLldp, tmnxMacsecPortGlobalExcludeCdp, tmnxMacsecPortGlblExcldEaplStart, tmnxMacsecPortGlobalExcldeEfmOam, tmnxMacsecPortGlobalExcldeEthCfm, tmnxMacsecPortEncapType, tmnxMacsecPortEncapMatch, tmnxMacsecStaticCakMkaHelloInt, tmnxMacsecPortGlobalExcludePtp, tmnxMacsecPortGlobalExcludeUbfd, tmnxMacsecPortGlblExcldMacPolicy } STATUS current DESCRIPTION "The group of objects for MACsec support on Nokia systems." ::= { tmnxMacsecGroups 1 } tmnxMacsecStatsGroup OBJECT-GROUP OBJECTS { tmnxMacsecMkaStatsMemberId, tmnxMacsecMkaStatsCakName, tmnxMacsecMkaStatsTransmitInt, tmnxMacsecMkaStatsOutboundSci, tmnxMacsecMkaStatsMessageNumber, tmnxMacsecMkaStatsKeyNumber, tmnxMacsecMkaStatsKeyServer, tmnxMacsecMkaStatsKeyServerPrio, tmnxMacsecMkaStatsLatestSakAn, tmnxMacsecMkaStatsLatestSakKi, tmnxMacsecMkaStatsPreviousSakAn, tmnxMacsecMkaStatsPreviousSakKi, tmnxMacsecMkaStatsPeerRemTimeout, tmnxMacsecMkaStatsCknNotFound, tmnxMacsecMkaStatsNewLivePeer, tmnxMacsecMkaStatsSakGenerated, tmnxMacsecMkaStatsSakInstalledTx, tmnxMacsecMkaStatsSakInstalledRx, tmnxMacsecMkaStatsPduTooSmall, tmnxMacsecMkaStatsPduTooBig, tmnxMacsecMkaStatsPduNotQuadSize, tmnxMacsecMkaStatsPduInvalidNum, tmnxMacsecMkaStatsParamSzInvalid, tmnxMacsecMkaStatsLvnessChckFail, tmnxMacsecMkaStatsParamNotQuadSz, tmnxMacsecMkaStatsUnsupportedAgi, tmnxMacsecMkaStatsInvldCknLength, tmnxMacsecMkaStatsIcvCheckFailed, tmnxMacsecMkaStatsPeerSameMid, tmnxMacsecMkaStatsSakNonLivePeer, tmnxMacsecMkaStatsSakNoKeyServer, tmnxMacsecMkaStatsSakDecryptFail, tmnxMacsecMkaStatsSakEncryptFail, tmnxMacsecMkaStatsKeyNumInvalid, tmnxMacsecMkaStatsSakInstallFail, tmnxMacsecMkaStatsCakInfoMissing, tmnxMacsecMkaStatsMxPeersSetZero, tmnxMacsecMkaStatsOperState, tmnxMacsecMkaStatsOperOffset, tmnxMacsecMkaStatsOperCipher, tmnxMacsecMkaPeerListMn, tmnxMacsecMkaPeerListType, tmnxMacsecMkaPeerListSci, tmnxMacsecMkaPeerListKeyServPrio, tmnxMacsecMkaPeerListLowstAcptPn, tmnxMacsecPortStatsTxUntaggdPkts, tmnxMacsecPortStatsTxTooLongPkts, tmnxMacsecPortStatsRxNoTagPkts, tmnxMacsecPortStatsRxBadTagPkts, tmnxMacsecPortStatsRxNoSciPkts, tmnxMacsecPortStatsRxOverrunPkts, tmnxMacsecTxSAStatsProtectedPkts, tmnxMacsecTxSAStatsEncryptedPkts, tmnxMacsecTxSCStatsProtectedPkts, tmnxMacsecTxSCStatsEncryptedPkts, tmnxMacsecTxSCStatsOctetsProtctd, tmnxMacsecTxSCStatsOctetsEncrptd, tmnxMacsecRxSAStatsNoUsingSAPkts, tmnxMacsecRxSAStatsNotValidPkts, tmnxMacsecRxSAStatsOKPkts, tmnxMacsecRxSCStatsNoUsingSAPkts, tmnxMacsecRxSCStatsLatePkts, tmnxMacsecRxSCStatsNotValidPkts, tmnxMacsecRxSCStatsDelayedPkts, tmnxMacsecRxSCStatsUncheckedPkts, tmnxMacsecRxSCStatsOKPkts, tmnxMacsecRxSCStatsOctsValidated, tmnxMacsecRxSCStatsOctsDecrypted, tmnxMacsecMkaStatsLatestSakLpn, tmnxMacsecMkaStatsPreviousSakLpn, tmnxMacsecMkaStatsEncapType, tmnxMacsecMkaStatsEncapMatch } STATUS current DESCRIPTION "The group of objects for MACsec stats support on Nokia systems." ::= { tmnxMacsecGroups 2 } tmnxMacsecNotificationObjsGroup OBJECT-GROUP OBJECTS { tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId, tmnxMacsecNotifyPeerMi, tmnxMacsecNotifySecurityZone, tmnxMacsecNotifyAssociationNum } STATUS current DESCRIPTION "The group of objects for MACsec notifications on Nokia systems." ::= { tmnxMacsecGroups 3 } tmnxMacsecNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxMacsecConfiguredPortCA, tmnxMacsecUnconfiguredPortCA, tmnxMacsecEnabledPort, tmnxMacsecDisabledPort, tmnxMacsecMaxPeerLimitExceeded, tmnxMkaSessionEstablished, tmnxMkaPskRollover, tmnxMkaSessionEnded, tmnxMkaOperStateChanged, tmnxMacsecMaxPeerLimitCleared } STATUS current DESCRIPTION "The group of notifications for MACsec on Nokia systems." ::= { tmnxMacsecGroups 4 } tmnxMacsecObsoletedObjectsGroup OBJECT-GROUP OBJECTS { tmnxMacsecPortRxTrafficEncrption, tmnxMacsecPortExcludeLacp, tmnxMacsecPortExcludeLldp, tmnxMacsecPortExcludeCdp, tmnxMacsecPortExcludeEapolStart } STATUS current DESCRIPTION "The group of MACsec objects obsoleted on Nokia systems." ::= { tmnxMacsecGroups 5 } tmnxMacsecDestMacAddrGroup OBJECT-GROUP OBJECTS { tmnxMacsecMacPolicyGrpRowStatus, tmnxMacsecDestMacAddrRowStatus } STATUS current DESCRIPTION "" ::= { tmnxMacsecGroups 6 } tmnxMacsecNiapsNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxMacsecCaCreate, tmnxMacsecSakCreate, tmnxMacsecSakInstalledRx, tmnxMacsecSakInstalledTx, tmnxMacsecMkaReplayAttemptDisc, tmnxMacsecDpReplayAttempt, tmnxMacsecSakDelete } STATUS current DESCRIPTION "The group of notifications for MACsec NIAPs support on Nokia systems." ::= { tmnxMacsecGroups 8 } tmnxMacsecDdpObjectGroup OBJECT-GROUP OBJECTS { tmnxMacsecConnAssocDelayProtectn } STATUS current DESCRIPTION "The group of objects for MACsec data delay protection support on Nokia systems." ::= { tmnxMacsecGroups 9 } tmnxMacsecNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 114 } tmnxMacsecNofitications OBJECT IDENTIFIER ::= { tmnxMacsecNotifyPrefix 1 } tmnxMacsecConfiguredPortCA NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId, tmnxMacsecPreSharedKeyCakName } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecConfiguredPortCA notification is generated when a CA is associated with a port." ::= { tmnxMacsecNofitications 1 } tmnxMacsecUnconfiguredPortCA NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId, tmnxMacsecPreSharedKeyCakName } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecUnconfiguredPortCA notification is generated when a CA is unassociated from a port." ::= { tmnxMacsecNofitications 2 } tmnxMacsecEnabledPort NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId, tmnxMacsecPortCaName } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecEnabledPort notification is generated when a port is admin enabled and the associated CA is enabled." ::= { tmnxMacsecNofitications 3 } tmnxMacsecDisabledPort NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId, tmnxMacsecPortCaName } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecDisabledPort notification is generated when a port is admin disabled or the associated CA is disabled." ::= { tmnxMacsecNofitications 4 } tmnxMacsecMaxPeerLimitExceeded NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifySecurityZone, tmnxMacsecNotifyPeerMi, tmnxMacsecMkaPeerListSci } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecMaxPeerLimitExceeded notification is generated when an MKA session exceeds the maximum number of allowable peers." ::= { tmnxMacsecNofitications 5 } tmnxMkaSessionEstablished NOTIFICATION-TYPE OBJECTS { tmnxMacsecMkaPeerListSci, tmnxMacsecPortCaName, tmnxMacsecPortEapolDestAddress, tmnxMacsecMkaStatsKeyServerPrio, tmnxMacsecStaticCakKeyServerPrio, tmnxMacsecConnAssocCipherSuite, tmnxMacsecConnAssocEncrptnOffset } STATUS current DESCRIPTION "[CAUSE] A tmnxMkaSessionEstablished notification is generated when an MKA session is established." ::= { tmnxMacsecNofitications 6 } tmnxMkaPskRollover NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId, tmnxMacsecStaticCakActivePsk } STATUS current DESCRIPTION "[CAUSE] A tmnxMkaPskRollover notification is generated when a PSK rollover occurs." ::= { tmnxMacsecNofitications 7 } tmnxMkaSessionEnded NOTIFICATION-TYPE OBJECTS { tmnxMacsecMkaPeerListSci, tmnxMacsecPortCaName } STATUS current DESCRIPTION "[CAUSE] A tmnxMkaSessionEnded notification is generated when an MKA session is ended." ::= { tmnxMacsecNofitications 8 } tmnxMkaOperStateChanged NOTIFICATION-TYPE OBJECTS { tmnxMacsecMkaStatsOperState, tmnxMacsecPortCaName } STATUS current DESCRIPTION "[CAUSE] A tmnxMkaOperStateChanged notification is generated when an MKA changes operational state." ::= { tmnxMacsecNofitications 9 } tmnxMacsecMaxPeerLimitCleared NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifySecurityZone, tmnxMacsecNotifyPeerMi, tmnxMacsecMkaPeerListSci } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecMaxPeerLimitCleared notification is generated when an MKA session no longer exceeds the maximum number of allowable peers." ::= { tmnxMacsecNofitications 10 } tmnxMacsecCaCreate NOTIFICATION-TYPE OBJECTS { tmnxMacsecPreSharedKeyCakName } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecCaCreate notification is generated when a connectivity association is created." ::= { tmnxMacsecNofitications 11 } tmnxMacsecSakCreate NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyAssociationNum, tmnxMacsecPreSharedKeyCakName, tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecSakCreate notification is generated when a SAK has been created as a key server." ::= { tmnxMacsecNofitications 12 } tmnxMacsecSakInstalledRx NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyAssociationNum, tmnxMacsecPreSharedKeyCakName, tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecSakInstalledRx notification is generated when a new SAK is installed for receiving" ::= { tmnxMacsecNofitications 13 } tmnxMacsecSakInstalledTx NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyAssociationNum, tmnxMacsecPreSharedKeyCakName, tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecSakInstalledTx notification is generated when a new SAK is installed for transmitting" ::= { tmnxMacsecNofitications 14 } tmnxMacsecMkaReplayAttemptDisc NOTIFICATION-TYPE OBJECTS { tmnxMacsecPortCaName, tmnxMacsecMkaStatsPduInvalidNum } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecMkaReplayAttemptDisc notification is generated when the replay packet counter increments" ::= { tmnxMacsecNofitications 15 } tmnxMacsecDpReplayAttempt NOTIFICATION-TYPE OBJECTS { tmnxMacsecRxSCStatsLatePkts } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecDpReplayAttempt notification is generated every 10 seconds if the counter for detected replay attempts is different from the last time this notification was raised. If the counter has not changed, it will be checked again in 10 seconds." ::= { tmnxMacsecNofitications 16 } tmnxMacsecSakDelete NOTIFICATION-TYPE OBJECTS { tmnxMacsecNotifyAssociationNum, tmnxMacsecPreSharedKeyCakName, tmnxMacsecNotifyPortId, tmnxMacsecNotifyVlanId } STATUS current DESCRIPTION "[CAUSE] A tmnxMacsecSakDelete notification is generated when a SAK has been deleted." ::= { tmnxMacsecNofitications 17 } END