LUM-CRYPTO-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64 FROM SNMPv2-SMI OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF TEXTUAL-CONVENTION, DateAndTime, DisplayString FROM SNMPv2-TC lumModules, lumCryptoMIB FROM LUM-REG SignalStatusWithNA, FaultStatusWithNA, MgmtNameString, CommandString, Unsigned32WithNA, OperStatusWithNA, OnOff, ResetWithNA, OperStatusWithNA, AdminStatusWithNA FROM LUM-TC; lumCryptoMIBModule MODULE-IDENTITY LAST-UPDATED "201810310000Z" -- Oct 31st 2018 ORGANIZATION "Infinera Corporation" CONTACT-INFO "techsupport@infinera.com" DESCRIPTION "This module describes the traffic encryption. The tables contained in this MIB are: (1) The General group contains some general attributes as time stamps and tables sizes. (2) Crypto Auth. (3) Crypto Peer. (4) Crypto Pmadmin (5) Performance. " REVISION "201810310000Z" -- Oct 31st 2018 DESCRIPTION "The initial revision of this module." ::= { lumModules 71 } CryptoPeriodWithNA ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The period time for performance data. period15minutes - 15 minutes period24hours - 24 hours" SYNTAX INTEGER { period15minutes (1), period24hours (2), notApplicable (2147483647) } CryptoMeasurementTypeWithNA ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The direction type. rx - receiver, only ingoing signal tx - transmitter, only outgoing signal both - rx and tx both" SYNTAX INTEGER { rx (1), tx (2), both (3), notApplicable (2147483647) } BooleanWithNA ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Defines a value that can be true, false or not available true - The condition is true false - The condition is false notAvailable (2147483646) is used when attribute is not available under current circumstances. This value is only used when used for a state. notApplicable (2147483647) is used when attribute is not used in current configuration." SYNTAX INTEGER { true (1), false (2), notAvailable (2147483646), notApplicable (2147483647) } -- ---------------------------------------------------- -- Compliance area, containing groups and compliance -- specifications. -- ---------------------------------------------------- lumCryptoConfs OBJECT IDENTIFIER ::= { lumCryptoMIB 1 } lumCryptoGroups OBJECT IDENTIFIER ::= { lumCryptoConfs 1 } lumCryptoCompl OBJECT IDENTIFIER ::= { lumCryptoConfs 2 } -- ---------------------------------------------------- -- Root for objects in the CRYPTO MIB -- ---------------------------------------------------- lumCryptoMIBObjects OBJECT IDENTIFIER ::= { lumCryptoMIB 2 } -- ---------------------------------------------------- -- This MIB contains the following groups: -- ---------------------------------------------------- cryptoGeneral OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 1 } cryptoAuthList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 2 } cryptoIKEPeerList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 3 } cryptoDataplaneEncryptionList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 4 } cryptoPmadminList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 5 } cryptoPerformanceList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 6 } -- ---------------------------------------------------- -- General group -- ---------------------------------------------------- cryptoGeneralConfigLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the configuration of the MIB was last changed. " ::= { cryptoGeneral 1 } cryptoGeneralStateLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the state and/or configuration of the MIB was last changed. " ::= { cryptoGeneral 2 } cryptoGeneralCryptoAuthTableSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Size of table. " ::= { cryptoGeneral 3 } cryptoGeneralCryptoAuthConfigLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the configuration of the table was last changed. " ::= { cryptoGeneral 4 } cryptoGeneralCryptoAuthStateLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the state and/or configuration of the table was last changed. " ::= { cryptoGeneral 5 } cryptoGeneralCryptoIKEPeerTableSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Size of table. " ::= { cryptoGeneral 6 } cryptoGeneralCryptoIKEPeerConfigLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the configuration of the table was last changed. " ::= { cryptoGeneral 7 } cryptoGeneralCryptoIKEPeerStateLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the state and/or configuration of the table was last changed. " ::= { cryptoGeneral 8 } cryptoGeneralCryptoDataplaneEncryptionTableSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Size of table. " ::= { cryptoGeneral 9 } cryptoGeneralCryptoDataplaneEncryptionConfigLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the configuration of the table was last changed. " ::= { cryptoGeneral 10 } cryptoGeneralCryptoDataplaneEncryptionStateLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the state and/or configuration of the table was last changed. " ::= { cryptoGeneral 11 } cryptoGeneralCryptoPmadminTableSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Size of cryptoPmadmin table. " ::= { cryptoGeneral 12 } cryptoGeneralCryptoPmadminConfigLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the configuration of the table was last changed. " ::= { cryptoGeneral 13 } cryptoGeneralCryptoPmadminStateLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the state and/or configuration of the table was last changed. " ::= { cryptoGeneral 14 } cryptoGeneralCryptoPerformanceTableSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Size of cryptoPerformance performance table. " ::= { cryptoGeneral 15 } cryptoGeneralCryptoPerformanceConfigLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the configuration of the table was last changed. " ::= { cryptoGeneral 16 } cryptoGeneralCryptoPerformanceStateLastChangeTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the state and/or configuration of the table was last changed. " ::= { cryptoGeneral 17 } -- ---------------------------------------------------- -- Crypto Auth group -- ---------------------------------------------------- cryptoAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF CryptoAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The crypto auth group contains information and configuration for the crypto authentication." ::= { cryptoAuthList 1 } cryptoAuthEntry OBJECT-TYPE SYNTAX CryptoAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the crypto auth list. " INDEX { cryptoAuthIndex } ::= { cryptoAuthTable 1 } CryptoAuthEntry ::= SEQUENCE { cryptoAuthIndex Unsigned32, cryptoAuthUId Unsigned32, cryptoAuthName MgmtNameString, cryptoAuthIdentity MgmtNameString, cryptoAuthReAuthInterval Unsigned32, cryptoAuthReAuth CommandString, cryptoAuthCreateIKEPeer CommandString, cryptoAuthenticationGenerateUniqueID CommandString, cryptoGeneratedUniqueIdentity MgmtNameString} cryptoAuthIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index assigned to each entry. " ::= { cryptoAuthEntry 1 } cryptoAuthUId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique identifier assigned to each entry. " ::= { cryptoAuthEntry 2 } cryptoAuthName OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "The management name of the object, in the format 'authentication:subrack:slot:Id' " ::= { cryptoAuthEntry 3 } cryptoAuthIdentity OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "A globally unique authentication identifier for this board. This is unique identity for communication, if found blank please generate it using Generate Authentication Identity Option. " ::= { cryptoAuthEntry 4 } cryptoAuthReAuthInterval OBJECT-TYPE SYNTAX Unsigned32 (1..1000) MAX-ACCESS read-write STATUS current DESCRIPTION "Denotes the interval after which reauthentication will be triggered to ensure message integrity. " DEFVAL { 24 } ::= { cryptoAuthEntry 5 } cryptoAuthReAuth OBJECT-TYPE SYNTAX CommandString MAX-ACCESS read-only STATUS current DESCRIPTION "Action to initiate reauthentication for all IKE peers. " ::= { cryptoAuthEntry 6 } cryptoAuthCreateIKEPeer OBJECT-TYPE SYNTAX CommandString MAX-ACCESS read-only STATUS current DESCRIPTION "Command for creating an IKE peer entry. " ::= { cryptoAuthEntry 7 } cryptoAuthenticationGenerateUniqueID OBJECT-TYPE SYNTAX CommandString MAX-ACCESS read-only STATUS current DESCRIPTION "Use this option to generate unique ID for IKE authentication. " ::= { cryptoAuthEntry 8 } cryptoGeneratedUniqueIdentity OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-create STATUS current DESCRIPTION "A generated unique identifier which will be used, in case backplane serial number is not present for node. " DEFVAL { "" } ::= { cryptoAuthEntry 9 } -- ---------------------------------------------------- -- Crypto IKE Peer group -- ---------------------------------------------------- cryptoIKEPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF CryptoIKEPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The crypto peer group contains information and configuration for the crypto peer." ::= { cryptoIKEPeerList 1 } cryptoIKEPeerEntry OBJECT-TYPE SYNTAX CryptoIKEPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the crypto peer list. " INDEX { cryptoIKEPeerIndex } ::= { cryptoIKEPeerTable 1 } CryptoIKEPeerEntry ::= SEQUENCE { cryptoIKEPeerIndex Unsigned32, cryptoIKEPeerUId Unsigned32, cryptoIKEPeerName MgmtNameString, cryptoIKEPeerIdentity MgmtNameString, cryptoIKEPeerExpectedIKEPeerIdentity MgmtNameString, cryptoIKEPeerAuthScheme INTEGER, cryptoIKEPeerPSK DisplayString, cryptoIKEPeerAdminStatus INTEGER, cryptoIKEPeerOperStatus OperStatusWithNA, cryptoIKEPeerLastReAuthTime DateAndTime, cryptoIKEPeerReKeyInterval Unsigned32, cryptoIKEPeerLastReKeyTime DateAndTime, cryptoIKEPeerReKey CommandString, cryptoIKEPeerConfigMismatch FaultStatusWithNA, cryptoIKEPeerUnreachable FaultStatusWithNA, cryptoIKEPeerAuthenticationFailure FaultStatusWithNA, cryptoIKEPeerReKeyFailure FaultStatusWithNA } cryptoIKEPeerIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index assigned to each entry. " ::= { cryptoIKEPeerEntry 1 } cryptoIKEPeerUId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An unique identifier assigned to each entry. " ::= { cryptoIKEPeerEntry 2 } cryptoIKEPeerName OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "The management name of the object, in the format 'ikePeer:subrack:slot:Id.' " ::= { cryptoIKEPeerEntry 3 } cryptoIKEPeerIdentity OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "A globally unique authentication identifier for this IKE peer. " DEFVAL { "" } ::= { cryptoIKEPeerEntry 4 } cryptoIKEPeerExpectedIKEPeerIdentity OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-write STATUS current DESCRIPTION "Denotes the user configured expected identifier of the IKE peer. " DEFVAL { "" } ::= { cryptoIKEPeerEntry 5 } cryptoIKEPeerAuthScheme OBJECT-TYPE SYNTAX INTEGER { psk (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication scheme to use for this IKE peer. " DEFVAL { 1 } ::= { cryptoIKEPeerEntry 6 } cryptoIKEPeerPSK OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The pre-shared key(PSK) used to authenticate the IKE peer. PSK should be in the below format: - text string - valid length: 64-128 characters " DEFVAL { "" } ::= { cryptoIKEPeerEntry 7 } cryptoIKEPeerAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), service (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative state for the IKE peer. service - the object is activated but alarms are suppressed. Intended for use during service or reconfiguration. When service is concluded adminStatus should be set to 'up' again. up - the object is active and alarms are not suppressed. " DEFVAL { 1 } ::= { cryptoIKEPeerEntry 8 } cryptoIKEPeerOperStatus OBJECT-TYPE SYNTAX OperStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "The operational state of this object. This attribute is required to automatically suppress (or not) the alarms from admin status attribute. " ::= { cryptoIKEPeerEntry 9 } cryptoIKEPeerLastReAuthTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The last time this IKE peer was reauthenticated. " ::= { cryptoIKEPeerEntry 10 } cryptoIKEPeerReKeyInterval OBJECT-TYPE SYNTAX Unsigned32 (600..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "The value denotes the remaining time interval beyond which the system will initiate re-key for this IKE peer. " DEFVAL { 3600 } ::= { cryptoIKEPeerEntry 11 } cryptoIKEPeerLastReKeyTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The last time the peer was rekeyed. " ::= { cryptoIKEPeerEntry 12 } cryptoIKEPeerReKey OBJECT-TYPE SYNTAX CommandString MAX-ACCESS read-only STATUS current DESCRIPTION "Action to initiate rekey for this IKE peer. " ::= { cryptoIKEPeerEntry 13 } cryptoIKEPeerConfigMismatch OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "IKE SA cannot be negotiated due to mismatch in SA proposal. alarm: configured peer identity wrong or un-configured. ok: the encryption configuration matches. " ::= { cryptoIKEPeerEntry 14 } cryptoIKEPeerUnreachable OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Unable to reach the IKE Peer. alarm: communication failure. ok: IKE peer communication successfull. " ::= { cryptoIKEPeerEntry 15 } cryptoIKEPeerAuthenticationFailure OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Re-authentication with the peer instance failed. alarm: re-authentication with the peer instance failed. ok: the IKE authentication is successfull. " ::= { cryptoIKEPeerEntry 16 } cryptoIKEPeerReKeyFailure OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "The rekey of the IKE SA fails. alarm: IKE SA rekey is unsuccessfull. ok: IKE SA rekey is successfull. " ::= { cryptoIKEPeerEntry 17 } -- ---------------------------------------------------- -- Crypto Dataplane Encryption group -- ---------------------------------------------------- cryptoDataplaneEncryptionTable OBJECT-TYPE SYNTAX SEQUENCE OF CryptoDataplaneEncryptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The crypto dataplane encryption contains information and configuration for the crypto dataplane encryption." ::= { cryptoDataplaneEncryptionList 1 } cryptoDataplaneEncryptionEntry OBJECT-TYPE SYNTAX CryptoDataplaneEncryptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the crypto dataplane encryption list. " INDEX { cryptoDataplaneEncryptionIndex } ::= { cryptoDataplaneEncryptionTable 1 } CryptoDataplaneEncryptionEntry ::= SEQUENCE { cryptoDataplaneEncryptionIndex Unsigned32, cryptoDataplaneEncryptionUId Unsigned32, cryptoDataplaneEncryptionName MgmtNameString, cryptoDataplaneEncryptionLocalDataplaneId MgmtNameString, cryptoDataplaneEncryptionExpectedPeerDataplaneId MgmtNameString, cryptoDataplaneEncryptionDiscoveredPeerDataplaneId MgmtNameString, cryptoDataplaneEncryptionOTNOHAllocation INTEGER, cryptoDataplaneEncryptionIKEPeerIdentity INTEGER, cryptoDataplaneEncryptionReKeyInterval Unsigned32, cryptoDataplaneEncryptionFailurePolicy INTEGER, cryptoDataplaneEncryptionTrafficKillTimeOffset Unsigned32, cryptoDataplaneEncryptionEncryptionMode INTEGER, cryptoDataplaneEncryptionLastReKeyTimeTx DateAndTime, cryptoDataplaneEncryptionLastReKeyTimeRx DateAndTime, cryptoDataplaneEncryptionPeerDpIdMismatch FaultStatusWithNA, cryptoDataplaneEncryptionConfigMismatch FaultStatusWithNA, cryptoDataplaneEncryptionReKeyFailure FaultStatusWithNA, cryptoDataplaneEncryptionRXKeyRotationFailure FaultStatusWithNA, cryptoDataplaneEncryptionIVExhausted FaultStatusWithNA, cryptoDataplaneEncryptionFunctionBlocked FaultStatusWithNA, cryptoDataplaneEncryptionUnexpectedRxKeyId FaultStatusWithNA, cryptoDataplaneEncryptionReKey CommandString } cryptoDataplaneEncryptionIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index assigned to each entry. " ::= { cryptoDataplaneEncryptionEntry 1 } cryptoDataplaneEncryptionUId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An unique identifier assigned to each entry. " ::= { cryptoDataplaneEncryptionEntry 2 } cryptoDataplaneEncryptionName OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "The management name of the Dataplane Link, in the format 'dpEncr:subrack:slot:portNumber'. " ::= { cryptoDataplaneEncryptionEntry 3 } cryptoDataplaneEncryptionLocalDataplaneId OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes the unique local unique identifier for the dataplane link " ::= { cryptoDataplaneEncryptionEntry 4 } cryptoDataplaneEncryptionExpectedPeerDataplaneId OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-write STATUS current DESCRIPTION "Denotes the user configured expected Dataplane link peer unique identifier. " DEFVAL { "" } ::= { cryptoDataplaneEncryptionEntry 5 } cryptoDataplaneEncryptionDiscoveredPeerDataplaneId OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes the actual peer Dataplane link identifier discovered by the system. " ::= { cryptoDataplaneEncryptionEntry 6 } cryptoDataplaneEncryptionOTNOHAllocation OBJECT-TYPE SYNTAX INTEGER { apspcctcm3 (1), apspcctcm1 (2), tcm1 (3), tcm3 (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Denotes the OTN overhead chosen by the user for Dataplane link. " DEFVAL { 1 } ::= { cryptoDataplaneEncryptionEntry 7 } cryptoDataplaneEncryptionIKEPeerIdentity OBJECT-TYPE SYNTAX INTEGER { none (0), ikePeer1 (1), ikePeer2 (2), ikePeer3 (3), ikePeer4 (4), ikePeer5 (5), ikePeer6 (6), ikePeer7 (7), ikePeer8 (8), ikePeer9 (9), ikePeer10 (10), ikePeer11 (11), ikePeer12 (12), ikePeer13 (13), ikePeer14 (14), ikePeer15 (15), ikePeer16 (16), notApplicable (2147483647) } MAX-ACCESS read-write STATUS current DESCRIPTION "Denotes the corresponding IKE Peer associated to the data plane link. " DEFVAL { 0 } ::= { cryptoDataplaneEncryptionEntry 8 } cryptoDataplaneEncryptionReKeyInterval OBJECT-TYPE SYNTAX Unsigned32 (60..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "The value denotes the remaining time interval beyond which the system will initiate re-key. " DEFVAL { 300 } ::= { cryptoDataplaneEncryptionEntry 9 } cryptoDataplaneEncryptionFailurePolicy OBJECT-TYPE SYNTAX INTEGER { continueop (1), killtraffic (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The value denotes which policy is applied on rekey or re-auth failure scenarios. continueop - indicates continue operation killtraffic - indicates stop the traffic after Kill Time offset. " DEFVAL { 1 } ::= { cryptoDataplaneEncryptionEntry 10 } cryptoDataplaneEncryptionTrafficKillTimeOffset OBJECT-TYPE SYNTAX Unsigned32 (0..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "Represents, how long to hold-off before traffic should be killed. Applies if failure policy is set to kill traffic. " DEFVAL { 900 } ::= { cryptoDataplaneEncryptionEntry 11 } cryptoDataplaneEncryptionEncryptionMode OBJECT-TYPE SYNTAX INTEGER { bypass (1), gcm (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Denotes the encryption mode selected by user for Dataplane link " DEFVAL { 1 } ::= { cryptoDataplaneEncryptionEntry 12 } cryptoDataplaneEncryptionLastReKeyTimeTx OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes the last time the dataplane was rekeyed in tx direction. " ::= { cryptoDataplaneEncryptionEntry 13 } cryptoDataplaneEncryptionLastReKeyTimeRx OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes the last time the dataplane was rekeyed in rx direction. " ::= { cryptoDataplaneEncryptionEntry 14 } cryptoDataplaneEncryptionPeerDpIdMismatch OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "The expected peer dataplane identity does not match with what is discovered. alarm: expected peer dataplane identity does not match with what is discovered. ok: peer dataplane matches with what is discovered. " ::= { cryptoDataplaneEncryptionEntry 15 } cryptoDataplaneEncryptionConfigMismatch OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "The CHILD SA cannot be negotiated due to config mismatch. alarm: CHILD SA cannot be negotiated due to config mismatch. ok: encryption config matches successfully. " ::= { cryptoDataplaneEncryptionEntry 16 } cryptoDataplaneEncryptionReKeyFailure OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "The rekey of the CHILD SA fails. alarm: rekey of the CHILD SA fails. ok: rekey of child SA successfull. " ::= { cryptoDataplaneEncryptionEntry 17 } cryptoDataplaneEncryptionRXKeyRotationFailure OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Rx key rotation failure. alarm: rx key rotation failure. ok: new key handshake successfull. " ::= { cryptoDataplaneEncryptionEntry 18 } cryptoDataplaneEncryptionIVExhausted OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "IV has been used too many times and is about to wrap back to zero. alarm: data plane has detected that the IV has been used too many times. ok: IV exhaustion condition cleared. " ::= { cryptoDataplaneEncryptionEntry 19 } cryptoDataplaneEncryptionFunctionBlocked OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "This alarm is applicable when encryption mode = gcm but encryption is not in affect due to other alarms or admin status. alarm: encryption function blocked traffic. ok: encryption function enabled successfully. " ::= { cryptoDataplaneEncryptionEntry 20 } cryptoDataplaneEncryptionUnexpectedRxKeyId OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Unexpected rx key identifier. alarm: rx key identifier in the dataplane does not match with what has been programmed. ok: rx key Identifier matches successfully. " ::= { cryptoDataplaneEncryptionEntry 21 } cryptoDataplaneEncryptionReKey OBJECT-TYPE SYNTAX CommandString MAX-ACCESS read-only STATUS current DESCRIPTION "Action to initiate rekey for this Dataplane entity. " ::= { cryptoDataplaneEncryptionEntry 22 } -- ---------------------------------------------------- -- CryptoPmadmin group -- This is a dummy table created to group objects of -- cryptoPerformance table. -- ---------------------------------------------------- cryptoPmadminTable OBJECT-TYPE SYNTAX SEQUENCE OF CryptoPmadminEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The cryptoPmadmin group contains information and configuration for all cryptoPmadmin objects." ::= { cryptoPmadminList 1 } cryptoPmadminEntry OBJECT-TYPE SYNTAX CryptoPmadminEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the cryptoPmadmin list. " INDEX { cryptoPmadminIndex } ::= { cryptoPmadminTable 1 } CryptoPmadminEntry ::= SEQUENCE { cryptoPmadminIndex Unsigned32, cryptoPmadminName MgmtNameString, cryptoPmadminUId Unsigned32, cryptoPmadminConnAdminIfIndex Unsigned32WithNA, cryptoPmadminUpId Unsigned32} cryptoPmadminIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index assigned to each entry. " ::= { cryptoPmadminEntry 1 } cryptoPmadminName OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-create STATUS current DESCRIPTION "The management name of the pmadmin object, for example 'cryptoPmadmin:1:2:1-2', where the first number indicates subrack, the second slot number and the third/fourth are the physical port numbers. " ::= { cryptoPmadminEntry 2 } cryptoPmadminUId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An unique identifier assigned to each entry. " ::= { cryptoPmadminEntry 3 } cryptoPmadminConnAdminIfIndex OBJECT-TYPE SYNTAX Unsigned32WithNA MAX-ACCESS read-create STATUS current DESCRIPTION "An index that describes to which index in cryptoPmadmin table this object is related. " ::= { cryptoPmadminEntry 4 } cryptoPmadminUpId OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "Identity in the UP for the cryptoPmadmin entry " DEFVAL { 0 } ::= { cryptoPmadminEntry 5 } -- ---------------------------------------------------- -- CryptoPerformance group -- ---------------------------------------------------- cryptoPerformanceTable OBJECT-TYPE SYNTAX SEQUENCE OF CryptoPerformanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The cryptoPerformance performance group contains information and configuration for all cryptoPerformance performance objects." ::= { cryptoPerformanceList 1 } cryptoPerformanceEntry OBJECT-TYPE SYNTAX CryptoPerformanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the cryptoPerformance list. " INDEX { cryptoPerformanceIndex } ::= { cryptoPerformanceTable 1 } CryptoPerformanceEntry ::= SEQUENCE { cryptoPerformanceIndex Unsigned32, cryptoPerformanceName MgmtNameString, cryptoPerformanceUId Unsigned32, cryptoPerformanceConnAdminIfIndex Unsigned32WithNA, cryptoPerformancePeriod CryptoPeriodWithNA, cryptoPerformanceType CryptoMeasurementTypeWithNA, cryptoPerformanceCounterNulledFrames Counter64, cryptoPerformanceCounterAuthFail Counter64, cryptoPerformanceCounterIvTrouble Counter64, cryptoPerformanceCounterReplayErr Counter64, cryptoPerformanceCounterTotalFrames Counter64, cryptoPerformanceCounterAuthFrames Counter64, cryptoPerformanceCounterEncryptedFrames Counter64, cryptoPerformanceThresholdNulledFrames Counter64, cryptoPerformanceThresholdAuthFail Counter64, cryptoPerformanceThresholdIvTrouble Counter64, cryptoPerformanceThresholdReplayErr Counter64, cryptoPerformanceFaultStatusNulledFrames FaultStatusWithNA, cryptoPerformanceFaultStatusAuthFail FaultStatusWithNA, cryptoPerformanceFaultStatusIvTrouble FaultStatusWithNA, cryptoPerformanceFaultStatusReplayErr FaultStatusWithNA, cryptoPerformanceUpId Unsigned32} cryptoPerformanceIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index assigned to each entry. " ::= { cryptoPerformanceEntry 1 } cryptoPerformanceName OBJECT-TYPE SYNTAX MgmtNameString MAX-ACCESS read-create STATUS current DESCRIPTION "The management name of the performance object, for example 'cryptoPerformance:1:2:1-2', where the first number indicates subrack, the second slot number and the third/fourth are the physical port numbers. " ::= { cryptoPerformanceEntry 2 } cryptoPerformanceUId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "An unique identifier assigned to each entry. " ::= { cryptoPerformanceEntry 3 } cryptoPerformanceConnAdminIfIndex OBJECT-TYPE SYNTAX Unsigned32WithNA MAX-ACCESS read-create STATUS current DESCRIPTION "An index that describes to which index in cryptoPerformance table this object is related. " ::= { cryptoPerformanceEntry 4 } cryptoPerformancePeriod OBJECT-TYPE SYNTAX CryptoPeriodWithNA MAX-ACCESS read-create STATUS current DESCRIPTION "Period, 15 minute or 24 hour. - 15 minute interval measurements per measurement point - 24 hour interval measurements per measurement point " ::= { cryptoPerformanceEntry 5 } cryptoPerformanceType OBJECT-TYPE SYNTAX CryptoMeasurementTypeWithNA MAX-ACCESS read-create STATUS current DESCRIPTION "The direction type of signal the interface expects. rx - Only ingoing signal. tx - Only outgoing signal. both - Ingoing and outgoing signal on the same port. " ::= { cryptoPerformanceEntry 6 } cryptoPerformanceCounterNulledFrames OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of nulled frames in traffic. " ::= { cryptoPerformanceEntry 7 } cryptoPerformanceCounterAuthFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Authentication fail count. " ::= { cryptoPerformanceEntry 8 } cryptoPerformanceCounterIvTrouble OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "IV trouble count. " ::= { cryptoPerformanceEntry 9 } cryptoPerformanceCounterReplayErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Replay Error count. " ::= { cryptoPerformanceEntry 10 } cryptoPerformanceCounterTotalFrames OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Total frames count. " ::= { cryptoPerformanceEntry 11 } cryptoPerformanceCounterAuthFrames OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Autheticated frames count. " ::= { cryptoPerformanceEntry 12 } cryptoPerformanceCounterEncryptedFrames OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Encrypted frames count. " ::= { cryptoPerformanceEntry 13 } cryptoPerformanceThresholdNulledFrames OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-write STATUS current DESCRIPTION "Nulled frames threshold. " DEFVAL { 20 } ::= { cryptoPerformanceEntry 14 } cryptoPerformanceThresholdAuthFail OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-write STATUS current DESCRIPTION "Auth failed threshold. " DEFVAL { 20 } ::= { cryptoPerformanceEntry 15 } cryptoPerformanceThresholdIvTrouble OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-write STATUS current DESCRIPTION "IV trouble threshold. " DEFVAL { 20 } ::= { cryptoPerformanceEntry 16 } cryptoPerformanceThresholdReplayErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-write STATUS current DESCRIPTION "Replay Error threshold. " DEFVAL { 20 } ::= { cryptoPerformanceEntry 17 } cryptoPerformanceFaultStatusNulledFrames OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Nulled frames threshold exceeded. alarm: The number of errors during a period exceeds the associated threshold. ok: The number of errors during a period is below the threshold. " ::= { cryptoPerformanceEntry 18 } cryptoPerformanceFaultStatusAuthFail OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Auth fail threshold exceeded. alarm: The number of errors during a period exceeds the associated threshold. ok: The number of errors during a period is below the threshold. " ::= { cryptoPerformanceEntry 19} cryptoPerformanceFaultStatusIvTrouble OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "IV trouble threshold exceeded. alarm: The number of errors during a period exceeds the associated threshold. ok: The number of errors during a period is below the threshold. " ::= { cryptoPerformanceEntry 20 } cryptoPerformanceFaultStatusReplayErr OBJECT-TYPE SYNTAX FaultStatusWithNA MAX-ACCESS read-only STATUS current DESCRIPTION "Replay error threshold exceeded. alarm: The number of errors during a period exceeds the associated threshold. ok: The number of errors during a period is below the threshold. " ::= { cryptoPerformanceEntry 21 } cryptoPerformanceUpId OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "Identity in the UP for the cryptoPerf entry " DEFVAL { 0 } ::= { cryptoPerformanceEntry 22 } -- ---------------------------------------------------- -- Notifications -- ---------------------------------------------------- -- ---------------------------------------------------- -- Object and event groups -- ---------------------------------------------------- cryptoGeneralGroupV1 OBJECT-GROUP OBJECTS { cryptoGeneralConfigLastChangeTime, cryptoGeneralStateLastChangeTime, cryptoGeneralCryptoAuthTableSize, cryptoGeneralCryptoAuthConfigLastChangeTime, cryptoGeneralCryptoAuthStateLastChangeTime, cryptoGeneralCryptoIKEPeerTableSize, cryptoGeneralCryptoIKEPeerConfigLastChangeTime, cryptoGeneralCryptoIKEPeerStateLastChangeTime, cryptoGeneralCryptoDataplaneEncryptionTableSize, cryptoGeneralCryptoDataplaneEncryptionConfigLastChangeTime, cryptoGeneralCryptoDataplaneEncryptionStateLastChangeTime, cryptoGeneralCryptoPmadminTableSize, cryptoGeneralCryptoPmadminConfigLastChangeTime, cryptoGeneralCryptoPmadminStateLastChangeTime, cryptoGeneralCryptoPerformanceTableSize, cryptoGeneralCryptoPerformanceConfigLastChangeTime, cryptoGeneralCryptoPerformanceStateLastChangeTime } STATUS current DESCRIPTION "The general objects." ::= { lumCryptoGroups 1 } cryptoAuthGroupV1 OBJECT-GROUP OBJECTS { cryptoAuthIndex, cryptoAuthUId, cryptoAuthName, cryptoAuthIdentity, cryptoAuthReAuthInterval, cryptoAuthReAuth, cryptoAuthCreateIKEPeer, cryptoAuthenticationGenerateUniqueID, cryptoGeneratedUniqueIdentity} STATUS current DESCRIPTION "The crypto auth objects." ::= { lumCryptoGroups 2 } cryptoIKEPeerGroupV1 OBJECT-GROUP OBJECTS { cryptoIKEPeerIndex, cryptoIKEPeerUId, cryptoIKEPeerName, cryptoIKEPeerIdentity, cryptoIKEPeerExpectedIKEPeerIdentity, cryptoIKEPeerAuthScheme, cryptoIKEPeerPSK, cryptoIKEPeerAdminStatus, cryptoIKEPeerOperStatus, cryptoIKEPeerLastReAuthTime, cryptoIKEPeerReKeyInterval, cryptoIKEPeerLastReKeyTime, cryptoIKEPeerReKey, cryptoIKEPeerConfigMismatch, cryptoIKEPeerUnreachable, cryptoIKEPeerAuthenticationFailure, cryptoIKEPeerReKeyFailure } STATUS current DESCRIPTION "The crypto peer objects." ::= { lumCryptoGroups 3 } cryptoDataplaneEncryptionGroupV1 OBJECT-GROUP OBJECTS { cryptoDataplaneEncryptionIndex, cryptoDataplaneEncryptionUId, cryptoDataplaneEncryptionName, cryptoDataplaneEncryptionLocalDataplaneId, cryptoDataplaneEncryptionExpectedPeerDataplaneId, cryptoDataplaneEncryptionDiscoveredPeerDataplaneId, cryptoDataplaneEncryptionOTNOHAllocation, cryptoDataplaneEncryptionIKEPeerIdentity, cryptoDataplaneEncryptionReKeyInterval, cryptoDataplaneEncryptionFailurePolicy, cryptoDataplaneEncryptionTrafficKillTimeOffset, cryptoDataplaneEncryptionEncryptionMode, cryptoDataplaneEncryptionLastReKeyTimeTx, cryptoDataplaneEncryptionLastReKeyTimeRx, cryptoDataplaneEncryptionPeerDpIdMismatch, cryptoDataplaneEncryptionConfigMismatch, cryptoDataplaneEncryptionReKeyFailure, cryptoDataplaneEncryptionRXKeyRotationFailure, cryptoDataplaneEncryptionIVExhausted, cryptoDataplaneEncryptionFunctionBlocked, cryptoDataplaneEncryptionUnexpectedRxKeyId, cryptoDataplaneEncryptionReKey } STATUS current DESCRIPTION "The dataplane encryption objects." ::= { lumCryptoGroups 4 } cryptoPmadminGroupV1 OBJECT-GROUP OBJECTS { cryptoPmadminIndex, cryptoPmadminName, cryptoPmadminUId, cryptoPmadminConnAdminIfIndex, cryptoPmadminUpId} STATUS current DESCRIPTION "The cryptoPerformance objects" ::= { lumCryptoGroups 5 } cryptoPerformanceGroupV1 OBJECT-GROUP OBJECTS { cryptoPerformanceIndex, cryptoPerformanceName, cryptoPerformanceUId, cryptoPerformanceConnAdminIfIndex, cryptoPerformancePeriod, cryptoPerformanceType, cryptoPerformanceCounterNulledFrames, cryptoPerformanceCounterAuthFail, cryptoPerformanceCounterIvTrouble, cryptoPerformanceCounterReplayErr, cryptoPerformanceCounterTotalFrames, cryptoPerformanceCounterAuthFrames, cryptoPerformanceCounterEncryptedFrames, cryptoPerformanceThresholdNulledFrames, cryptoPerformanceThresholdAuthFail, cryptoPerformanceThresholdIvTrouble, cryptoPerformanceThresholdReplayErr, cryptoPerformanceFaultStatusNulledFrames, cryptoPerformanceFaultStatusAuthFail, cryptoPerformanceFaultStatusIvTrouble , cryptoPerformanceFaultStatusReplayErr, cryptoPerformanceUpId} STATUS current DESCRIPTION "The cryptoPerformance objects" ::= { lumCryptoGroups 6 } -- ---------------------------------------------------- -- Compliance -- ---------------------------------------------------- lumCryptoComplV1 MODULE-COMPLIANCE STATUS current DESCRIPTION "Basic implementation requirements for the crypto MIB. (R31.0)" MODULE MANDATORY-GROUPS { cryptoGeneralGroupV1, cryptoAuthGroupV1, cryptoIKEPeerGroupV1, cryptoDataplaneEncryptionGroupV1, cryptoPmadminGroupV1, cryptoPerformanceGroupV1 } ::= { lumCryptoCompl 1 } END