-- Copyright (C) 2008-2014 Super Micro Computer Inc. All Rights Reserved -- $Id: fssecv6.mib,v 1.13 2012/09/07 09:52:06 siva Exp $ SUPERMICRO-IPSECV6-MIB DEFINITIONS ::= BEGIN IMPORTS enterprises, MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32 FROM SNMPv2-SMI RowStatus, DisplayString,TEXTUAL-CONVENTION FROM SNMPv2-TC; fsipv6Sec MODULE-IDENTITY LAST-UPDATED "201209050000Z" ORGANIZATION "Super Micro Computer Inc." CONTACT-INFO "support@Supermicro.com" DESCRIPTION "The MIB module that describes managed objects of general use by the IPSEC Protocol." REVISION "201209050000Z" DESCRIPTION "The MIB module that describes managed objects of general use by the IPSEC Protocol." ::= { enterprises supermicro-computer-inc(10876) super-switch(101) basic(1) 29 } fsipv6SecScalars OBJECT IDENTIFIER ::= { fsipv6Sec 1 } fsipv6SecConfig OBJECT IDENTIFIER ::= { fsipv6Sec 2 } fsipv6SecStats OBJECT IDENTIFIER ::= { fsipv6Sec 3 } -- -- IPSEC group -- Ipv6IfIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero for each internetwork-layer interface in the managed system. It is recommended that values are assigned contiguously starting from 1. The value for each internetwork-layer interface must remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." SYNTAX Integer32 (1..2147483647) -- definition of textual conventions -- fsipv6SecScalars Scalars BEGIN fsipv6SecGlobalStatus OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables/disables the IPSEC processing administratively.By Default it is set to disable" ::= { fsipv6SecScalars 1 } fsipv6SecVersion OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Version number of this IPSEC module running on the stack." ::= { fsipv6SecScalars 2 } fsipv6SecGlobalDebug OBJECT-TYPE SYNTAX INTEGER { disableall (0), enableall (1), initshut (2), manageMent (3), dataPath (4), ctrlPath (5), pktDump (6), osresource (7), allfailure (8), buffer (9) } MAX-ACCESS read-write STATUS current DESCRIPTION " The mask which is used to enable selective debug levels in IPSec module. disableall : disable all the traces. enableall : enable all tarce levels. management : traces for configuration datapath : traces for data packets ctrlplane : all control packet related traces dump : ppp packet decode resourceError : trace for os resource failure genError : unexpected error condition semTrc : PPP State Event Machine Trace alarmTrc : enable PPP Alarms All values except disableall and enableall will add a particular trace level to the existing trace levels. If we want to have only a particular trace level (say 'ctrlplane' do the following: (i) configure the value as disableall (ii) configure the particular trace level('ctrlplane')." ::= { fsipv6SecScalars 3 } fsipv6SecMaxSA OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS deprecated DESCRIPTION "Specifies the maximum number of security associations present in the system. This sizable parameter determines the number of selector, policy, access list and security association entries in the system" ::= { fsipv6SecScalars 4 } --fsipv6SecScalars Scalars END --fsipv6SecConfig Tables BEGIN -- Selector Table. fsipv6SecSelectorTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIpv6SecSelectorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of selectors for the interface." ::= { fsipv6SecConfig 1 } fsIpv6SecSelectorEntry OBJECT-TYPE SYNTAX FsIpv6SecSelectorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Selector Table. Each entry is a set of IP or Upper layer protocol fields used by security policy database to map to security association entry or bundle." INDEX { fsipv6SelIfIndex, fsipv6SelProtoIndex, fsipv6SelAccessIndex, fsipv6SelPort, fsipv6SelPktDirection } ::= { fsipv6SecSelectorTable 1 } FsIpv6SecSelectorEntry ::= SEQUENCE { fsipv6SelIfIndex Integer32, fsipv6SelProtoIndex INTEGER, fsipv6SelAccessIndex Integer32, fsipv6SelPort Integer32, fsipv6SelPktDirection INTEGER, fsipv6SelFilterFlag INTEGER, fsipv6SelPolicyIndex Integer32, fsipv6SelIfIpAddress OCTET STRING, fsipv6SelStatus RowStatus } fsipv6SelIfIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index value which uniquely identifies the IPv6 interface on which this Selector Table entry exists. The interface indentified by a particular value of this index is the same interface as identified by the value of ipv6IfIndex." ::= { fsIpv6SecSelectorEntry 1 } fsipv6SelProtoIndex OBJECT-TYPE SYNTAX INTEGER { tcp (6), udp (17), icmpv6 (58), ahproto (51), espproto (50), any (9000) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Proto index value which uniquely identifies the protocol for which this Selector Table entry exists.In case of no specific protocol any can be used whose value is assigned as 9000" ::= { fsIpv6SecSelectorEntry 2 } fsipv6SelAccessIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This value of the object is same as that of the index of the access table. This index can be used to get a range of source and destination IPv6 addresses from the access table for validating the src and destination addr of the packets." ::= { fsIpv6SecSelectorEntry 3 } fsipv6SelPort OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Port to Specify the user application for a given protocol.In case of no specific port any can be used whose value is assigned to 9000" ::= { fsIpv6SecSelectorEntry 4 } fsipv6SelPktDirection OBJECT-TYPE SYNTAX INTEGER { inbound (1), outbound (2), any (3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Decides the Packet Direction" ::= { fsIpv6SecSelectorEntry 5 } fsipv6SelFilterFlag OBJECT-TYPE SYNTAX INTEGER { filter (1), allow (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Flag to specify the filtering of the packets based on the protocol field." ::= { fsIpv6SecSelectorEntry 6 } fsipv6SelPolicyIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of this object is same as that of the index of the security policy table. This object can be configured only when there is a corresponding entry for the specified value in the policy table.This object cannot be configured if for the given value there is an entry in the policy table which in turn points to the secassoc entries in transport mode." ::= { fsIpv6SecSelectorEntry 7 } fsipv6SelIfIpAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "A unique non-zero value identifying the local tunnel termination address. This object should be set when working with IKE" ::= { fsIpv6SecSelectorEntry 8 } fsipv6SelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows from the fsipv6SecSelectorTable. It can be set to the value of createAndGo(4),createAndWait(5), notInService(2),active(1) and destroy(6). This object can be configured only when the ipsec admin status is disable." ::= { fsIpv6SecSelectorEntry 9 } -- Access Table fsipv6SecAccessTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIpv6SecAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Range of Ip addresses allowed for a domain" ::= { fsipv6SecConfig 2 } fsIpv6SecAccessEntry OBJECT-TYPE SYNTAX FsIpv6SecAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the access Table that specifies the range of address allowed for a domain" INDEX { fsipv6SecAccessIndex } ::= { fsipv6SecAccessTable 1 } FsIpv6SecAccessEntry ::= SEQUENCE { fsipv6SecAccessIndex Integer32, fsipv6SecAccessStatus RowStatus, fsipv6SecSrcNet OCTET STRING, fsipv6SecSrcAddrPrefixLen Integer32, fsipv6SecDestNet OCTET STRING, fsipv6SecDestAddrPrefixLen Integer32 } fsipv6SecAccessIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This value of the object is used to get a unique entry in the access table. This index is used by the selector table to get an entry from the access table. This index is used to get a range of source IPv6 addresses from the access table for validating the src addr and destination address of the packets" ::= { fsIpv6SecAccessEntry 1 } fsipv6SecAccessStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows from the fsipv6SecAccessTable. It can be set to the value of createAndGo(4),createAndWait(5), notInService(2),active(1) and destroy(6). This object can be configured only when the ipsec admin status is disable" ::= { fsIpv6SecAccessEntry 2 } fsipv6SecSrcNet OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "A unique non-zero value identifying the source IPv6 network for a given access index." ::= { fsIpv6SecAccessEntry 3 } fsipv6SecSrcAddrPrefixLen OBJECT-TYPE SYNTAX Integer32 (1..128) MAX-ACCESS read-write STATUS current DESCRIPTION "The length of the prefix (in bits) associated with the IPv6 source address of this entry." ::= { fsIpv6SecAccessEntry 4 } fsipv6SecDestNet OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "A unique non-zero value identifying the destination IPv6 network for a given access index." ::= { fsIpv6SecAccessEntry 5 } fsipv6SecDestAddrPrefixLen OBJECT-TYPE SYNTAX Integer32 (1..128) MAX-ACCESS read-write STATUS current DESCRIPTION "The length of the prefix (in bits) associated with the IPv6 destination address of this entry." ::= { fsIpv6SecAccessEntry 6 } -- Security Policy Database fsipv6SecPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIpv6SecPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "List of policies that determine the disposition of all IP traffic" ::= { fsipv6SecConfig 3 } fsIpv6SecPolicyEntry OBJECT-TYPE SYNTAX FsIpv6SecPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Security Policy Table that specifies what services are to be offered to IP datagrams and in what fashion. " INDEX { fsipv6SecPolicyIndex } ::= { fsipv6SecPolicyTable 1 } FsIpv6SecPolicyEntry ::= SEQUENCE { fsipv6SecPolicyIndex Integer32, fsipv6SecPolicyFlag INTEGER, fsipv6SecPolicyMode INTEGER, fsipv6SecPolicySaBundle DisplayString, fsipv6SecPolicyOptionsIndex Integer32, fsipv6SecPolicyStatus RowStatus } fsipv6SecPolicyIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique non-zero value identifying the particular security policy entry.This index is used by the the selector table to get the policy entry for a given selector entry" ::= { fsIpv6SecPolicyEntry 1 } fsipv6SecPolicyFlag OBJECT-TYPE SYNTAX INTEGER { apply (3), -- applies IPSEC on the packet bypass (4) -- bypasses the IPSEC for the packet } MAX-ACCESS read-write STATUS current DESCRIPTION "The choices that can be applied on any outbound/inbound datagrams." ::= { fsIpv6SecPolicyEntry 2 } fsipv6SecPolicyMode OBJECT-TYPE SYNTAX INTEGER { manual (1), automatic (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The mode of creation of security association entries." ::= { fsIpv6SecPolicyEntry 3 } fsipv6SecPolicySaBundle OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to associate Security association entries with each policy entry. The Policy entry is mapped to the secassoc entries by specifying the secassoc indicies in the format (1.2.3.4) where (1,2,3,4) are the indicies of the 4 Independent secassoc entries.If only one secassoc is to be mapped then the index of that particular secassoc alone can be specified" ::= { fsIpv6SecPolicyEntry 4 } fsipv6SecPolicyOptionsIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "Refers to the IKE Options." ::= { fsIpv6SecPolicyEntry 5 } fsipv6SecPolicyStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows from the fsipv6SecPolicyTable. It can be set to the value of createAndGo(4),createAndWait(5), notInService(2),active(1) and destroy(6). This object can be configured only when the ipsec admin status is disable" ::= { fsIpv6SecPolicyEntry 6 } -- Security Association Table. -- The IPv6 Security Association table contains the security -- association between a source and destination. This table -- is consulted for authenticating and encrypting incoming -- and outgoing datagrams. Each entry represents a security -- mapping between a source and destination and specifies the -- Authentication algorithm and key, the Security Parameter -- Index (SPI) value and the direction of the mapping. -- Entries created/deleted from SNMP. fsipv6SecAssocTable OBJECT-TYPE SYNTAX SEQUENCE OF Fsipv6SecAssocEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the security association between a source and destination. It is consulted for authentication and Ciphering of inbound and outbound datagrams.Datagrams which are forwarded by this entity are not authenticated." ::= { fsipv6SecConfig 4 } fsipv6SecAssocEntry OBJECT-TYPE SYNTAX Fsipv6SecAssocEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the IPv6 Security Association Table. Each entry specifies the mapping between a particular source and destination address. The entry specifies the authentication algorithm and key to use, the direction of authentication (inbound or outbound) and a Security Parameter Index (SPI)." INDEX { fsipv6SecAssocIndex } ::= { fsipv6SecAssocTable 1 } Fsipv6SecAssocEntry ::= SEQUENCE { fsipv6SecAssocIndex Integer32, fsipv6SecAssocDstAddr OCTET STRING, fsipv6SecAssocProtocol INTEGER, fsipv6SecAssocSpi Integer32, fsipv6SecAssocMode INTEGER, fsipv6SecAssocAhAlgo INTEGER, fsipv6SecAssocAhKey OCTET STRING, fsipv6SecAssocEspAlgo INTEGER, fsipv6SecAssocEspKey OCTET STRING, fsipv6SecAssocEspKey2 OCTET STRING, fsipv6SecAssocEspKey3 OCTET STRING, fsipv6SecAssocLifetimeInBytes INTEGER, fsipv6SecAssocLifetime Integer32, fsipv6SecAssocAntiReplay INTEGER, fsipv6SecAssocStatus RowStatus } fsipv6SecAssocIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique non-zero value identifying the particular Security Association. This index value is used by the object fsipv6SecPolicySaBundle of the policy table to associate the policy entries to the secassoc entries" ::= { fsipv6SecAssocEntry 1 } fsipv6SecAssocDstAddr OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "This destination address is matched with the destination address in the packet during authentication of inbound and outbound datagrams." ::= { fsipv6SecAssocEntry 2 } fsipv6SecAssocProtocol OBJECT-TYPE SYNTAX INTEGER { espproto(50), ahproto(51) } MAX-ACCESS read-write STATUS current DESCRIPTION "Security header used for either authentication (AH) or encryption (ESP)." ::= { fsipv6SecAssocEntry 3 } fsipv6SecAssocSpi OBJECT-TYPE SYNTAX Integer32 (256..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This is an arbitrary 32-bit value identifying the security association for this datagram. The Security Parameter Index value 0 is reserved to Indicate that 'no security association exists'. The set of Security Parameters Index values In the range 1 through 255 are reserved to the IANA for future use. Any SPI value greater than 255 can be configured." ::= { fsipv6SecAssocEntry 4 } fsipv6SecAssocMode OBJECT-TYPE SYNTAX INTEGER { tunnel (1), -- tunnel mode transport (2) -- transport mode } MAX-ACCESS read-write STATUS current DESCRIPTION "The supporting security association mode. The secassoc mode is configured as Transport or Tunnel when the router is acting as a host. A Security gateway can be configured only in tunnel mode" ::= { fsipv6SecAssocEntry 5 } fsipv6SecAssocAhAlgo OBJECT-TYPE SYNTAX INTEGER { null (0), hmacmd5 (1), hmacsha1 (2), keyedmd5 (3), md5 (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication algorithm configured for the particular security association entry. This object is not mandatory for creation of an entry.Setting the algorithm to keyed-md5(2) or hmac-md5 (3),hmacsha1(4) requires a key for authentication." ::= { fsipv6SecAssocEntry 6 } fsipv6SecAssocAhKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "This is the key used for authentication when the algorithm configured is either keyed-md5 or hmac-md5 or hmach-sha1 . This object is not mandatory for creation of an entry. If the algorithm is md5, no key needs to be specified.For KeyedMd5 and HmacMd5 the key size must be 16 bytes and for HmacSha1 the key size must be 20 bytes " ::= { fsipv6SecAssocEntry 7 } fsipv6SecAssocEspAlgo OBJECT-TYPE SYNTAX INTEGER { descbc (2), threedescbc (3), null (11), aes (12) } MAX-ACCESS read-write STATUS current DESCRIPTION "The type of algorithm used for Encapsulation Security Palyload (ESP) Header.This object is to be configured only if the Security protocol to be used is ESP" ::= { fsipv6SecAssocEntry 8 } fsipv6SecAssocEspKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..8)) MAX-ACCESS read-write STATUS current DESCRIPTION "ESP authentication key.This must be of 8 Bytes only " ::= { fsipv6SecAssocEntry 9 } fsipv6SecAssocEspKey2 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..8)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used for configuring the second key of 3des-cbc.This key must be 8 Bytes only " ::= { fsipv6SecAssocEntry 10 } fsipv6SecAssocEspKey3 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..8)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used for configuring the third key of 3des-cbc.This key must be 8 Bytes only" ::= { fsipv6SecAssocEntry 11 } fsipv6SecAssocLifetimeInBytes OBJECT-TYPE SYNTAX INTEGER(0 .. 2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The timer interval interms of number of bytes. IPSEC counts the number of bytes to which the IPSEC algorithm is applied. This object specifies the allowed maximum number of bytes. If the value is 0, it signifies that the lifetime is infinity. By default it is set to infinity." ::= { fsipv6SecAssocEntry 12 } fsipv6SecAssocLifetime OBJECT-TYPE SYNTAX Integer32 (0|300 .. 2592000) MAX-ACCESS read-write STATUS current DESCRIPTION " This specifies the duration in seconds for which this Security Association remains active. After this time interval, the entry becomes inactive and has to be manually made active again. If the value is 0, it signifies that the lifetime is infinity. By default it is set to infinity. Valid values are in the range 300 to 2592000." ::= { fsipv6SecAssocEntry 13 } fsipv6SecAssocAntiReplay OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The object is used for activating the anti repaly functionality of the security protocols" ::= { fsipv6SecAssocEntry 14 } fsipv6SecAssocStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows from the fsipv6SecAssocTable. It can be set to the value of createAndGo(4),createAndWait(5), notInService(2),active(1) and destroy(6). This object can be configured only when the ipsec admin status is disable" ::= { fsipv6SecAssocEntry 15 } --fsipv6SecConfig Tables END -- fsipv6SecStats Tables BEGIN -- Interface Specific IPSEC Statistics table fsipv6SecIfStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIpv6SecIfStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IPSEC statistics table based on per interface." ::= { fsipv6SecStats 1 } fsIpv6SecIfStatsEntry OBJECT-TYPE SYNTAX FsIpv6SecIfStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Interface Statistics table." INDEX { fsipv6SecIfIndex } ::= { fsipv6SecIfStatsTable 1 } FsIpv6SecIfStatsEntry ::= SEQUENCE { fsipv6SecIfIndex Integer32, fsipv6SecIfInPkts Counter32, fsipv6SecIfOutPkts Counter32, fsipv6SecIfPktsApply Counter32, fsipv6SecIfPktsDiscard Counter32, fsipv6SecIfPktsBypass Counter32 } fsipv6SecIfIndex OBJECT-TYPE SYNTAX Integer32 (1..100) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index value which uniquely identifies the IPv6 interface on which this interface statistics table entry exists. The interface identified by a particular value of this index is the same interface as identified by the same value of ipv6IfIndex." ::= { fsIpv6SecIfStatsEntry 1 } fsipv6SecIfInPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets recieved on the specified interface." ::= { fsIpv6SecIfStatsEntry 2 } fsipv6SecIfOutPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets sent on the specified interface." ::= { fsIpv6SecIfStatsEntry 3 } fsipv6SecIfPktsApply OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets for which security is applied which are of either inbound or outbound." ::= { fsIpv6SecIfStatsEntry 4 } fsipv6SecIfPktsDiscard OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets dropped either of inbound or outbound." ::= { fsIpv6SecIfStatsEntry 5 } fsipv6SecIfPktsBypass OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets for which IPSEC is not applied which are of either inbound or outbound." ::= { fsIpv6SecIfStatsEntry 6 } -- AH/ESP Specific IPSEC Statistics table fsipv6SecAhEspStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIpv6SecAhEspStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "AH/ESP related statistics table." ::= { fsipv6SecStats 2 } fsIpv6SecAhEspStatsEntry OBJECT-TYPE SYNTAX FsIpv6SecAhEspStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the AH/ESP statistics Table. " INDEX { fsipv6SecAhEspIfIndex } ::= { fsipv6SecAhEspStatsTable 1 } FsIpv6SecAhEspStatsEntry ::= SEQUENCE { fsipv6SecAhEspIfIndex INTEGER, fsipv6SecInAhPkts Counter32, fsipv6SecOutAhPkts Counter32, fsipv6SecAhPktsAllow Counter32, fsipv6SecAhPktsDiscard Counter32, fsipv6SecInEspPkts Counter32, fsipv6SecOutEspPkts Counter32, fsipv6SecEspPktsAllow Counter32, fsipv6SecEspPktsDiscard Counter32 } fsipv6SecAhEspIfIndex OBJECT-TYPE SYNTAX INTEGER (1..100) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index value which uniquely identifies the IPv6 interface on which this statistics table entry exists. The interface identified by a particular value of this index is the same interface as identified by the same value of ipv6IfIndex." ::= { fsIpv6SecAhEspStatsEntry 1 } fsipv6SecInAhPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of AH packets recieved." ::= { fsIpv6SecAhEspStatsEntry 2 } fsipv6SecOutAhPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of AH packets sent." ::= { fsIpv6SecAhEspStatsEntry 3 } fsipv6SecAhPktsAllow OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of AH packets allowed." ::= { fsIpv6SecAhEspStatsEntry 4 } fsipv6SecAhPktsDiscard OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of AH packets discarded." ::= { fsIpv6SecAhEspStatsEntry 5 } fsipv6SecInEspPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ESP packets received." ::= { fsIpv6SecAhEspStatsEntry 6 } fsipv6SecOutEspPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ESP packets sent." ::= { fsIpv6SecAhEspStatsEntry 7 } fsipv6SecEspPktsAllow OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ESP packets allowed." ::= { fsIpv6SecAhEspStatsEntry 8 } fsipv6SecEspPktsDiscard OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ESP packets discarded." ::= { fsIpv6SecAhEspStatsEntry 9 } -- AH/ESP Specific IPSEC Intru table fsipv6SecAhEspIntruTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIpv6SecAhEspIntruEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "AH/ESP related Intru table." ::= { fsipv6SecStats 3} fsIpv6SecAhEspIntruEntry OBJECT-TYPE SYNTAX FsIpv6SecAhEspIntruEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the AH/ESP intruder Table. " INDEX { fsipv6SecAhEspIntruIndex } ::= { fsipv6SecAhEspIntruTable 1 } FsIpv6SecAhEspIntruEntry ::= SEQUENCE { fsipv6SecAhEspIntruIndex Integer32, fsipv6SecAhEspIntruIfIndex Integer32, fsipv6SecAhEspIntruSrcAddr OCTET STRING, fsipv6SecAhEspIntruDestAddr OCTET STRING, fsipv6SecAhEspIntruProto INTEGER, fsipv6SecAhEspIntruTime Counter32 } fsipv6SecAhEspIntruIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the index of the entry in the table." ::= { fsIpv6SecAhEspIntruEntry 1 } fsipv6SecAhEspIntruIfIndex OBJECT-TYPE SYNTAX Integer32 (1..100) MAX-ACCESS read-only STATUS current DESCRIPTION "The index value which uniquely identifies the IPv6 interface on which this statistics table entry exists. The interface identified by a particular value of this index is the same interface as identified by the same value of ipv6IfIndex." ::= { fsIpv6SecAhEspIntruEntry 2 } fsipv6SecAhEspIntruSrcAddr OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "Intru's source address." ::= { fsIpv6SecAhEspIntruEntry 3 } fsipv6SecAhEspIntruDestAddr OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "Intru's destination address." ::= { fsIpv6SecAhEspIntruEntry 4 } fsipv6SecAhEspIntruProto OBJECT-TYPE SYNTAX INTEGER { ahproto (51), espproto (50) } MAX-ACCESS read-only STATUS current DESCRIPTION "Intru's Protocol." ::= { fsIpv6SecAhEspIntruEntry 5 } fsipv6SecAhEspIntruTime OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Time of intruders attack." ::= { fsIpv6SecAhEspIntruEntry 6 } -- fsipv6SecStats Tables END END