-- ============================================================================= -- Copyright (C) 2009 by HUAWEI SYMANTEC TECHNOLOGIES. All rights reserved. -- Description: The MIB is designed to get IPSec tunnels' statistic information. -- Reference: Huawei Enterprise MIB -- Version: 1.0 -- History: -- V1.0 The initial version created by LiShengbai 90004270. -- ============================================================================= HUAWEI-SECURITY-IPSEC-MIB DEFINITIONS ::= BEGIN IMPORTS Gauge32, IpAddress, Counter64, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF enterprises FROM RFC1155-SMI; hwIpsec MODULE-IDENTITY LAST-UPDATED "200910100900Z" -- October 10, 2009 at 09:00 GMT ORGANIZATION "Huawei Symantec Technologies Co., Ltd." CONTACT-INFO "3rd Floor,Section D, Keshi Building, No.28, Xinxi Rd., Shangdi, Hai-Dian District Beijing P.R. China Zip:100085 Http://www.huaweisymantec.com " DESCRIPTION "V1.00 The IPSec mib is for Eudemon and USG product series." ::= { hwSecurity 26 } -- =============================================== -- Node definitions -- =============================================== -- 1.3.6.1.4.1.2011 huawei OBJECT IDENTIFIER ::= { enterprises 2011 } -- 1.3.6.1.4.1.2011.6 huaweiUtility OBJECT IDENTIFIER ::= { huawei 6 } -- 1.3.6.1.4.1.2011.6.122 hwSecurity OBJECT IDENTIFIER ::= { huaweiUtility 122 } -- =============================================== -- Begin the hwIPSecGlobalStats. -- =============================================== hwIPSecGlobalStats OBJECT IDENTIFIER ::= { hwIpsec 1 } hwIPSecGlobalTotal OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of IPSec tunnels." ::= { hwIPSecGlobalStats 1 } hwIPSecGlobalPacketInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received security packets." ::= { hwIPSecGlobalStats 2 } hwIPSecGlobalPacketOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent security packets." ::= { hwIPSecGlobalStats 3 } hwIPSecGlobalByteInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of bytes of received security packets." ::= { hwIPSecGlobalStats 4 } hwIPSecGlobalByteOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of bytes of sent security packets." ::= { hwIPSecGlobalStats 5 } hwIPSecGlobalDroppedPacketInput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets that are received." ::= { hwIPSecGlobalStats 6 } hwIPSecGlobalDroppedPacketOutput OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets that are sent." ::= { hwIPSecGlobalStats 7 } hwIPSecGlobalEncIntactPacket OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets that do not need to be fragmented." ::= { hwIPSecGlobalStats 8 } hwIPSecGlobalEncPacketFirstSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of initial packets to be encrypted." ::= { hwIPSecGlobalStats 9 } hwIPSecGlobalEncPacketAfterSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of follow-up packets to be encrypted." ::= { hwIPSecGlobalStats 10 } hwIPSecGlobalDecPacketReassFirstSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of initial packets that are fragmented and assembled." ::= { hwIPSecGlobalStats 11 } hwIPSecGlobalDecPacketReassAfterSlice OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of follow-up packets that are fragmented and assembled." ::= { hwIPSecGlobalStats 12 } hwIPSecGlobalDecPacketReassLenErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets with incorrect length during reassembling." ::= { hwIPSecGlobalStats 13 } hwIPSecGlobalPacketHeaderWrong OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the packet header error." ::= { hwIPSecGlobalStats 14 } hwIPSecGlobalMemoryApplyFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by memory applying failure." ::= { hwIPSecGlobalStats 15 } hwIPSecGlobalCannotFindSA OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by no matched security associations." ::= { hwIPSecGlobalStats 16 } hwIPSecGlobalWrongSA OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by incorrect security associations." ::= { hwIPSecGlobalStats 17 } hwIPSecGlobalBadAuthentication OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the authentication failure." ::= { hwIPSecGlobalStats 18 } hwIPSecGlobalReplay OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the packet replay." ::= { hwIPSecGlobalStats 19 } hwIPSecGlobalPreRecheckErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the pre-check failure." ::= { hwIPSecGlobalStats 20 } hwIPSecGlobalPostRecheckErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the post-check failure" ::= { hwIPSecGlobalStats 21 } hwIPSecGlobalExceedByteLimit OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding of the byte limit." ::= { hwIPSecGlobalStats 22 } hwIPSecGlobalExceedPacketLimit OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding of the packet limit." ::= { hwIPSecGlobalStats 23 } hwIPSecGlobalProcessIpv4Err OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the plain-text forwarding failure." ::= { hwIPSecGlobalStats 24 } hwIPSecGlobalFibSearchErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the route check failure." ::= { hwIPSecGlobalStats 25 } hwIPSecGlobalIKEInboundOK OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received IKE negotiation packets that successfully enter the queue." ::= { hwIPSecGlobalStats 26 } hwIPSecGlobalIKEInboundErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received IKE negotiation packets that fail to enter the queue." ::= { hwIPSecGlobalStats 27 } hwIPSecGlobalIKEOutboundOK OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent IKE negotiation packets that successfully enter the queue." ::= { hwIPSecGlobalStats 28 } hwIPSecGlobalIKEOutboundErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent IKE negotiation packets that fail to enter the queue." ::= { hwIPSecGlobalStats 29 } hwIPSecGlobalSoftExpr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Soft timeout times." ::= { hwIPSecGlobalStats 30 } hwIPSecGlobalHardExpr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Hard timeout times." ::= { hwIPSecGlobalStats 31 } hwIPSecGlobalDPDOper OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "DPD operation and detection times." ::= { hwIPSecGlobalStats 32 } hwIPSecGlobalModpCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Modular exponentiation calculation." ::= { hwIPSecGlobalStats 33 } hwIPSecGlobalSaeSucc OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "SAE computing success." ::= { hwIPSecGlobalStats 34 } hwIPSecGlobalSoftwareSucc OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Software computing success." ::= { hwIPSecGlobalStats 35 } -- =============================================== -- Begin the table of hwIPSecTunnelConfigTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.2 hwIPSecTunnelConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecTunnelConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the configuration attributes for Huawei IPSec tunnel." ::= { hwIpsec 2 } -- 1.3.6.1.4.1.2011.6.122.26.2.1 hwIPSecTunnelConfigEntry OBJECT-TYPE SYNTAX HwIPSecTunnelConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring configuration parameters associated with an instance of IPSec tunnel." INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex } ::= { hwIPSecTunnelConfigTable 1 } HwIPSecTunnelConfigEntry ::= SEQUENCE { hwIPSecIfIndex Gauge32, hwIPSecTunnelPolicyNum Gauge32, hwIPSecTunnelIndex Gauge32, hwIPSecTunnelRuleId Gauge32, hwIPSecTunnelDstIP IpAddress, hwIPSecTunnelInsideIP IpAddress, hwIPSecTunnelRemotePort Gauge32, hwIPSecTunnelCpuID Gauge32, hwIPSecTunnelEncapMode INTEGER, hwIPSecTunnelNatTraver INTEGER, hwIPSecTunnelFromIKEV2 INTEGER, hwIPSecTunnelEncryptMode Gauge32, hwIPSecTunnelESPDigestMode Gauge32, hwIPSecTunnelAHDigestMode Gauge32, hwIPSecTunnelProto Gauge32, hwIPSecTunnelOutPortIndex Gauge32, hwIPSecTunnelSrcPort Gauge32, hwIPSecTunnelDstPort Gauge32, hwIPSecTunnelVrfIndex Gauge32, hwIPSecTunnelIfVrfIndex Gauge32, hwIPSecTunnelSrcIP IpAddress, hwIPSecTunnelSpeedLimitIn Gauge32, hwIPSecTunnelSpeedLimitOut Gauge32, hwIPSecTunnelInitiator INTEGER, hwIPSecTunnelLifeSize Gauge32, hwIPSecTunnelLifeTime Gauge32, hwIPSecTunnelPolicyName OCTET STRING, hwIPSecTunnelSaStatus INTEGER } -- 1.3.6.1.4.1.2011.6.122.26.2.1.1 hwIPSecIfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Index of the router interface corresponding to the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 1 } hwIPSecTunnelPolicyNum OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "ID of the ACL rule in the current IPSec policy." ::= { hwIPSecTunnelConfigEntry 2 } hwIPSecTunnelIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Index of the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 3 } hwIPSecTunnelRuleId OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "ID of the ACL rule in the current IPSec policy." ::= { hwIPSecTunnelConfigEntry 4 } hwIPSecTunnelDstIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Destination IP address of the tunnel (peer end)." ::= { hwIPSecTunnelConfigEntry 5 } hwIPSecTunnelInsideIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Intranet IP address of the peer end during remote access." ::= { hwIPSecTunnelConfigEntry 6 } hwIPSecTunnelRemotePort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Port number of the peer end of the tunnel." ::= { hwIPSecTunnelConfigEntry 7 } hwIPSecTunnelCpuID OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "CPU ID of the tunnel." ::= { hwIPSecTunnelConfigEntry 8 } hwIPSecTunnelEncapMode OBJECT-TYPE SYNTAX INTEGER { tunnel(0), transport(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Encapsulation mode of the tunnel (tunneling mode or transmission mode)." ::= { hwIPSecTunnelConfigEntry 9 } hwIPSecTunnelNatTraver OBJECT-TYPE SYNTAX INTEGER { noNatTraversal(0), natTraversal(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Whether the tunnel needs NAT traversal (If yes, the value is 1.)." ::= { hwIPSecTunnelConfigEntry 10 } hwIPSecTunnelFromIKEV2 OBJECT-TYPE SYNTAX INTEGER { noIkev2(0), ikev2(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Whether the tunnel adopts IKEv2 (If yes, the value is 1.)." ::= { hwIPSecTunnelConfigEntry 11 } hwIPSecTunnelEncryptMode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Encryption mode of the tunnel." ::= { hwIPSecTunnelConfigEntry 12 } hwIPSecTunnelESPDigestMode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "ESP check mode of the tunnel." ::= { hwIPSecTunnelConfigEntry 13 } hwIPSecTunnelAHDigestMode OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "AH check mode of the tunnel." ::= { hwIPSecTunnelConfigEntry 14 } hwIPSecTunnelProto OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Protocol of the tunnel (ESP or AH, or both)." ::= { hwIPSecTunnelConfigEntry 15 } hwIPSecTunnelOutPortIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the egress of the tunnel." ::= { hwIPSecTunnelConfigEntry 16 } hwIPSecTunnelSrcPort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the source port number if NAT traversal is adopted." ::= { hwIPSecTunnelConfigEntry 17 } hwIPSecTunnelDstPort OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the destination port number if NAT traversal is adopted." ::= { hwIPSecTunnelConfigEntry 18 } hwIPSecTunnelVrfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "VPN ID protected by the tunnel." ::= { hwIPSecTunnelConfigEntry 19 } hwIPSecTunnelIfVrfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "VPN ID of the sending interface of the tunnel." ::= { hwIPSecTunnelConfigEntry 20 } hwIPSecTunnelSrcIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source IP address of the tunnel (local end)." ::= { hwIPSecTunnelConfigEntry 21 } hwIPSecTunnelSpeedLimitIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Rate limiting pre-configured in the incoming direction." ::= { hwIPSecTunnelConfigEntry 22 } hwIPSecTunnelSpeedLimitOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Rate limiting pre-configured in the outgoing direction." ::= { hwIPSecTunnelConfigEntry 23 } hwIPSecTunnelInitiator OBJECT-TYPE SYNTAX INTEGER { responder(0), ikev2Initiator(1), ikev1Initiator(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Initiator or responder of the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 24 } hwIPSecTunnelLifeSize OBJECT-TYPE SYNTAX Gauge32 (8000..4194303) MAX-ACCESS read-only STATUS current DESCRIPTION "Life cycle of the IPSec tunnel (in kbytes)." ::= { hwIPSecTunnelConfigEntry 25 } hwIPSecTunnelLifeTime OBJECT-TYPE SYNTAX Gauge32 (480..604800) MAX-ACCESS read-only STATUS current DESCRIPTION "Life cycle of the IPSec tunnel (in seconds)." ::= { hwIPSecTunnelConfigEntry 26 } hwIPSecTunnelPolicyName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Security policy for the IPSec tunnel." ::= { hwIPSecTunnelConfigEntry 27 } hwIPSecTunnelSaStatus OBJECT-TYPE SYNTAX INTEGER { free(0), ocuppied(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of the SA." ::= { hwIPSecTunnelConfigEntry 28 } -- =============================================== -- Begin the table of hwIPSecTunnelStatsTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.3 hwIPSecTunnelStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecTunnelStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the status attributes for Huawei IPSec tunnel." ::= { hwIpsec 3 } -- 1.3.6.1.4.1.2011.6.122.26.3.1 hwIPSecTunnelStatsEntry OBJECT-TYPE SYNTAX HwIPSecTunnelStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring status parameters associated with an instance of IPSec tunnel." INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex } ::= { hwIPSecTunnelStatsTable 1 } HwIPSecTunnelStatsEntry ::= SEQUENCE { hwIPSecTunnelSaIDIn Gauge32, hwIPSecTunnelSaIDOut Gauge32, hwIPSecTunnelFlowSoftExpireIn Gauge32, hwIPSecTunnelFlowSoftExpireOut Gauge32, hwIPSecTunnelFlowHardExpireIn Gauge32, hwIPSecTunnelFlowHardExpireOut Gauge32, hwIPSecTunnelRemainTime Gauge32, hwIPSecTunnelRemainSize Gauge32, hwIPSecTunnelSpiIn Gauge32, hwIPSecTunnelSpiOut Gauge32, hwIPSecTunnelInSideSpiIn Gauge32, hwIPSecTunnelInSideSpiOut Gauge32, hwIPSecTunnelESPSequenceNumberIn Gauge32, hwIPSecTunnelESPSequenceNumberOut Gauge32, hwIPSecTunnellAHSequenceNumberIn Gauge32, hwIPSecTunnellAHSequenceNumberOut Gauge32, hwIPSecTunnelMemApplyFail Counter64, hwIPSecTunnelBadAuth Counter64, hwIPSecTunnelReplay Counter64, hwIPSecTunnelAfterReCheckErr Counter64, hwIPSecTunnelPktDropByteLimitIn Counter64, hwIPSecTunnelPktDropByteLimitOut Counter64, hwIPSecTunnelFIBSearchErr Counter64 } hwIPSecTunnelSaIDIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the incoming IPSec tunnel." ::= { hwIPSecTunnelStatsEntry 1 } hwIPSecTunnelSaIDOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the outgoing IPSec tunnel." ::= { hwIPSecTunnelStatsEntry 2 } hwIPSecTunnelFlowSoftExpireIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming soft timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 3 } hwIPSecTunnelFlowSoftExpireOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing soft timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 4 } hwIPSecTunnelFlowHardExpireIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming hard timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 5 } hwIPSecTunnelFlowHardExpireOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing hard timeout traffic (in bytes)." ::= { hwIPSecTunnelStatsEntry 6 } hwIPSecTunnelRemainTime OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Remaining time of the IPSec tunnel (in seconds)." ::= { hwIPSecTunnelStatsEntry 7 } hwIPSecTunnelRemainSize OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Remaining bytes of the IPSec tunnel (in kbytes)." ::= { hwIPSecTunnelStatsEntry 8 } hwIPSecTunnelSpiIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming SPI." ::= { hwIPSecTunnelStatsEntry 9 } hwIPSecTunnelSpiOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing SPI." ::= { hwIPSecTunnelStatsEntry 10 } hwIPSecTunnelInSideSpiIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "SPI of the internal ESP header when both AH and ESP are adopted in the incoming direction." ::= { hwIPSecTunnelStatsEntry 11 } hwIPSecTunnelInSideSpiOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "SPI of the internal ESP header when both AH and ESP are adopted in the outgoing direction." ::= { hwIPSecTunnelStatsEntry 12 } hwIPSecTunnelESPSequenceNumberIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the incoming ESP protocol." ::= { hwIPSecTunnelStatsEntry 13 } hwIPSecTunnelESPSequenceNumberOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the outgoing ESP protocol." ::= { hwIPSecTunnelStatsEntry 14 } hwIPSecTunnellAHSequenceNumberIn OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the incoming AH protocol." ::= { hwIPSecTunnelStatsEntry 15 } hwIPSecTunnellAHSequenceNumberOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Serial number of the outgoing AH protocol." ::= { hwIPSecTunnelStatsEntry 16 } hwIPSecTunnelMemApplyFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets because packets to be encrypted are too long." ::= { hwIPSecTunnelStatsEntry 17 } hwIPSecTunnelBadAuth OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the authentication failure of received packets." ::= { hwIPSecTunnelStatsEntry 18 } hwIPSecTunnelReplay OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by receiving replayed packets." ::= { hwIPSecTunnelStatsEntry 19 } hwIPSecTunnelAfterReCheckErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the decryption post-check failure." ::= { hwIPSecTunnelStatsEntry 20 } hwIPSecTunnelPktDropByteLimitIn OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding the byte limit in the incoming direction." ::= { hwIPSecTunnelStatsEntry 21 } hwIPSecTunnelPktDropByteLimitOut OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the exceeding of the byte limit in the outgoing direction." ::= { hwIPSecTunnelStatsEntry 22 } hwIPSecTunnelFIBSearchErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of discarded packets caused by the route check failure." ::= { hwIPSecTunnelStatsEntry 23 } -- =============================================== -- Begin the table of hwIPSecSaStatisticTable. -- =============================================== -- 1.3.6.1.4.1.2011.6.122.26.4 hwIPSecSaStatisticTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIPSecSaStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the SA numbers of policies which have been bound with interfaces." ::= { hwIpsec 4 } -- 1.3.6.1.4.1.2011.6.122.26.4.1 hwIPSecSaStatisticEntry OBJECT-TYPE SYNTAX HwIPSecSaStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum } ::= { hwIPSecSaStatisticTable 1 } HwIPSecSaStatisticEntry ::= SEQUENCE { hwIPSecSaStatisticTunnelPolicyName OCTET STRING, hwIPSecSaStatisticSaInCnt Gauge32, hwIPSecSaStatisticSaOutCnt Gauge32, hwIPSecTunnelByteInput Gauge32, hwIPSecTunnelByteOutput Gauge32, hwIPSecTunnelPacketInput Gauge32, hwIPSecTunnelPacketOutput Gauge32, hwIPSecTunnelDroppedPacketInput Gauge32, hwIPSecTunnelDroppedPacketOutput Gauge32, hwIPSecTunnelDialUserCount Gauge32 } hwIPSecSaStatisticTunnelPolicyName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Security policy for the IPSec tunnel." ::= { hwIPSecSaStatisticEntry 1 } hwIPSecSaStatisticSaInCnt OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Incoming SA number." ::= { hwIPSecSaStatisticEntry 2 } hwIPSecSaStatisticSaOutCnt OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Outgoing SA number." ::= { hwIPSecSaStatisticEntry 3 } hwIPSecTunnelByteInput OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of bytes of received security packets" ::= { hwIPSecSaStatisticEntry 4 } hwIPSecTunnelByteOutput OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of bytes of sent security packets" ::= { hwIPSecSaStatisticEntry 5 } hwIPSecTunnelPacketInput OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of received security packets" ::= { hwIPSecSaStatisticEntry 6 } hwIPSecTunnelPacketOutput OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of sent security packets" ::= { hwIPSecSaStatisticEntry 7 } hwIPSecTunnelDroppedPacketInput OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets received but discarded by the IPSec tunnel" ::= { hwIPSecSaStatisticEntry 8 } hwIPSecTunnelDroppedPacketOutput OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of packets encrypted but discarded by the IPSec tunnel" ::= { hwIPSecSaStatisticEntry 9 } hwIPSecTunnelDialUserCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of remote access users" ::= { hwIPSecSaStatisticEntry 10 } -- =============================================== -- IPSecTrapObject. -- =============================================== hwIPSecTrapObject OBJECT IDENTIFIER ::= { hwIpsec 5 } hwIPSecTrapTunnelPolicyNum OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "ID of the ACL rule in the current IPSec policy." ::= { hwIPSecTrapObject 1 } hwIPSecTrapIfIndex OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Index of the router interface corresponding to the IPSec tunnel." ::= { hwIPSecTrapObject 2 } hwIPSecTrapTunnelPolicyName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Security policy for the IPSec tunnel." ::= { hwIPSecTrapObject 3 } hwIPSecNegoFailReason OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Reason of an unsuccessful negotiation" ::= { hwIPSecTrapObject 4 } -- =============================================== -- definition of traps. -- =============================================== hwIPSecNotifications OBJECT IDENTIFIER ::= { hwIpsec 6 } hwIPSecTunnelStart NOTIFICATION-TYPE OBJECTS { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex, hwIPSecTunnelRuleId, hwIPSecTunnelDstIP, hwIPSecTunnelInsideIP, hwIPSecTunnelRemotePort, hwIPSecTunnelCpuID, hwIPSecTunnelSrcIP, hwIPSecTunnelLifeSize, hwIPSecTunnelLifeTime } STATUS current DESCRIPTION "Send the message when the IPSec tunnel is established." ::= { hwIPSecNotifications 1 } hwIPSecTunnelStop NOTIFICATION-TYPE OBJECTS { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex, hwIPSecTunnelRuleId, hwIPSecTunnelDstIP, hwIPSecTunnelInsideIP, hwIPSecTunnelRemotePort, hwIPSecTunnelCpuID, hwIPSecTunnelSrcIP } STATUS current DESCRIPTION "Send the message when the IPSec tunnel is deleted." ::= { hwIPSecNotifications 2 } hwIPSecPolicyAdd NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelPolicyNum, hwIPSecTrapTunnelPolicyName } STATUS current DESCRIPTION "Send the message when an IPSec policy is added." ::= { hwIPSecNotifications 3 } hwIPSecPolicyDel NOTIFICATION-TYPE OBJECTS { hwIPSecTrapTunnelPolicyNum, hwIPSecTrapTunnelPolicyName } STATUS current DESCRIPTION "Send the message when an IPSec policy is deleted." ::= { hwIPSecNotifications 4 } hwIPSecPolicyAttach NOTIFICATION-TYPE OBJECTS { hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyName } STATUS current DESCRIPTION "Send the message when an IPSec policy is applied to an interface." ::= { hwIPSecNotifications 5 } hwIPSecPolicyDetach NOTIFICATION-TYPE OBJECTS { hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyName } STATUS current DESCRIPTION "Send the message when an IPSec policy is cancelled on an interface." ::= { hwIPSecNotifications 6 } hwIPSecIKEReset NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when an IKE SA is reset ." ::= { hwIPSecNotifications 7 } hwIPSecIPSecReset NOTIFICATION-TYPE STATUS current DESCRIPTION "Send the message when an IPSec SA is reset ." ::= { hwIPSecNotifications 8 } hwIPSecNegoFail NOTIFICATION-TYPE OBJECTS { hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyNum, hwIPSecNegoFailReason } STATUS current DESCRIPTION "The alarm is generated when the IPSec tunnel negotiation fails." ::= { hwIPSecNotifications 9 } -- =============================================== -- Conformance Information -- =============================================== hwIPSecMibConformance OBJECT IDENTIFIER ::= { hwIpsec 7 } hwIPSecMibCompliances OBJECT IDENTIFIER ::= { hwIPSecMibConformance 1 } hwIPSecMibGroups OBJECT IDENTIFIER ::= { hwIPSecMibConformance 2 } -- =============================================== -- Compliance Statements -- =============================================== hwIPSecMibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " " MODULE -- this module MANDATORY-GROUPS { hwIPSecGlobalStatsGroup, hwIPSecTunnelConfigTableGroup, hwIPSecTunnelStatsTableGroup, hwIPSecSaStatisticTableGroup, hwIPSecTrapObjectGroup, hwIPSecNotificationsGroup } ::= { hwIPSecMibCompliances 1 } hwIPSecGlobalStatsGroup OBJECT-GROUP OBJECTS { hwIPSecGlobalTotal, hwIPSecGlobalPacketInput, hwIPSecGlobalPacketOutput, hwIPSecGlobalByteInput, hwIPSecGlobalByteOutput, hwIPSecGlobalDroppedPacketInput, hwIPSecGlobalDroppedPacketOutput, hwIPSecGlobalEncIntactPacket, hwIPSecGlobalEncPacketFirstSlice, hwIPSecGlobalEncPacketAfterSlice, hwIPSecGlobalDecPacketReassFirstSlice, hwIPSecGlobalDecPacketReassAfterSlice, hwIPSecGlobalDecPacketReassLenErr, hwIPSecGlobalPacketHeaderWrong, hwIPSecGlobalMemoryApplyFail, hwIPSecGlobalCannotFindSA, hwIPSecGlobalWrongSA, hwIPSecGlobalBadAuthentication, hwIPSecGlobalReplay, hwIPSecGlobalPreRecheckErr, hwIPSecGlobalPostRecheckErr, hwIPSecGlobalExceedByteLimit, hwIPSecGlobalExceedPacketLimit, hwIPSecGlobalProcessIpv4Err, hwIPSecGlobalFibSearchErr, hwIPSecGlobalIKEInboundOK, hwIPSecGlobalIKEInboundErr, hwIPSecGlobalIKEOutboundOK, hwIPSecGlobalIKEOutboundErr, hwIPSecGlobalSoftExpr, hwIPSecGlobalHardExpr, hwIPSecGlobalDPDOper, hwIPSecGlobalModpCnt, hwIPSecGlobalSaeSucc, hwIPSecGlobalSoftwareSucc } STATUS current DESCRIPTION "This table specifies the global statistics information for Huawei IPSec tunnel." ::= { hwIPSecMibGroups 1 } hwIPSecTunnelConfigTableGroup OBJECT-GROUP OBJECTS { hwIPSecTunnelRuleId, hwIPSecTunnelDstIP, hwIPSecTunnelInsideIP, hwIPSecTunnelRemotePort, hwIPSecTunnelCpuID, hwIPSecTunnelEncapMode, hwIPSecTunnelNatTraver, hwIPSecTunnelFromIKEV2, hwIPSecTunnelEncryptMode, hwIPSecTunnelESPDigestMode, hwIPSecTunnelAHDigestMode, hwIPSecTunnelProto, hwIPSecTunnelOutPortIndex, hwIPSecTunnelSrcPort, hwIPSecTunnelDstPort, hwIPSecTunnelVrfIndex, hwIPSecTunnelIfVrfIndex, hwIPSecTunnelSrcIP, hwIPSecTunnelSpeedLimitIn, hwIPSecTunnelSpeedLimitOut, hwIPSecTunnelInitiator, hwIPSecTunnelLifeSize, hwIPSecTunnelLifeTime, hwIPSecTunnelPolicyName, hwIPSecTunnelSaStatus } STATUS current DESCRIPTION "This table specifies the monitoring IPSec tunnel configuration attributes for Huawei IPSec tunnel." ::= { hwIPSecMibGroups 2 } hwIPSecTunnelStatsTableGroup OBJECT-GROUP OBJECTS { hwIPSecTunnelSaIDIn, hwIPSecTunnelSaIDOut, hwIPSecTunnelFlowSoftExpireIn, hwIPSecTunnelFlowSoftExpireOut, hwIPSecTunnelFlowHardExpireIn, hwIPSecTunnelFlowHardExpireOut, hwIPSecTunnelRemainTime, hwIPSecTunnelRemainSize, hwIPSecTunnelSpiIn, hwIPSecTunnelSpiOut, hwIPSecTunnelInSideSpiIn, hwIPSecTunnelInSideSpiOut, hwIPSecTunnelESPSequenceNumberIn, hwIPSecTunnelESPSequenceNumberOut, hwIPSecTunnellAHSequenceNumberIn, hwIPSecTunnellAHSequenceNumberOut, hwIPSecTunnelMemApplyFail, hwIPSecTunnelBadAuth, hwIPSecTunnelReplay, hwIPSecTunnelAfterReCheckErr, hwIPSecTunnelPktDropByteLimitIn, hwIPSecTunnelPktDropByteLimitOut, hwIPSecTunnelFIBSearchErr } STATUS current DESCRIPTION "This table specifies the monitoring IPSec tunnel statistics attributes for Huawei IPSec tunnel." ::= { hwIPSecMibGroups 3 } hwIPSecSaStatisticTableGroup OBJECT-GROUP OBJECTS { hwIPSecSaStatisticTunnelPolicyName, hwIPSecSaStatisticSaInCnt, hwIPSecSaStatisticSaOutCnt, hwIPSecTunnelByteInput, hwIPSecTunnelByteOutput, hwIPSecTunnelPacketInput, hwIPSecTunnelPacketOutput, hwIPSecTunnelDroppedPacketInput, hwIPSecTunnelDroppedPacketOutput, hwIPSecTunnelDialUserCount } STATUS current DESCRIPTION "This table specifies the SA numbers of policies which have been bound with interfaces." ::= { hwIPSecMibGroups 4 } hwIPSecTrapObjectGroup OBJECT-GROUP OBJECTS { hwIPSecTrapTunnelPolicyNum, hwIPSecTrapIfIndex, hwIPSecTrapTunnelPolicyName, hwIPSecNegoFailReason } STATUS current DESCRIPTION "IPSec trap objects." ::= { hwIPSecMibGroups 5 } hwIPSecNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { hwIPSecTunnelStart, hwIPSecTunnelStop, hwIPSecPolicyAdd, hwIPSecPolicyDel, hwIPSecPolicyAttach, hwIPSecPolicyDetach, hwIPSecIKEReset, hwIPSecIPSecReset, hwIPSecNegoFail } STATUS current DESCRIPTION "IPSec traps." ::= { hwIPSecMibGroups 6 } END