WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/brocade/BROCADE-IPSEC-MIB

465 lines
16 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

BROCADE-IPSEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, IpAddress
FROM SNMPv2-SMI -- [RFC2578]
DisplayString, DateAndTime
FROM SNMPv2-TC -- [RFC2579]
spdIPSourceType, spdIPSourceAddress, spdIPDestinationType,
spdIPDestinationAddress, spdPacketDirection
FROM IPSEC-SPD-MIB -- [RFC4807-IPSEC-SPD-MIB]
brcdIPSec
FROM FOUNDRY-SN-ROOT-MIB;
brocadeIPSecMIB MODULE-IDENTITY
LAST-UPDATED "201708070000Z" -- Aug 7, 2017
ORGANIZATION "Ruckus Wireless, Inc."
CONTACT-INFO
"Technical Support Center
350 West Java Drive,
Sunnyvale, CA 94089, USA
Support URL: https://support.ruckuswireless.com
Phone: +1-855-782-5871
ROW TF Numbers: https://support.ruckuswireless.com/contact-us"
DESCRIPTION
"This Ruckus Wireless, Inc' proprietery MIB module describes
SNMP Objects and Traps for IPSec support on router/switch
product.
Supported Platforms:
- supported on NI XMR/MLX platforms.
- supported on FI ICX7450 platforms.
Copyright 1996-2017 Ruckus Wireless, Inc.
All rights reserved.
This Ruckus Wireless, Inc SNMP Management Information
Base Specification embodies Ruckus Wireless, Inc'
confidential and proprietary intellectual property.
Ruckus Wireless, Inc retains all title and ownership
in the Specification, including any revisions.
This Specification is supplied AS IS, and Ruckus Wireless, Inc
Systems makes no warranty, either express or implied, as to the
use, operation, condition, or performance of the specification,
and any unintended consequence it may on the user environment."
REVISION "201404210000Z" -- 21 April 2014
DESCRIPTION
"Initial version"
REVISION "201708070000Z" -- Aug 7, 2017
DESCRIPTION
"Modified contact Info, Organization and Description"
::= { brcdIPSec 1 }
--
-- high level object identifiers
--
brcdIPSecMIBNotification OBJECT IDENTIFIER ::= { brocadeIPSecMIB 0 }
brcdIPSecMIBObjects OBJECT IDENTIFIER ::= { brocadeIPSecMIB 1 }
-- Below objects are used only by notifications as varbinds.
--No other SNMP operations are supported on these.
brcdIPSecSPIValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"It's a 4-byte field at the beginning of Encapsulating
Security Payload Packet. It's value will be displayed in
hex."
::= { brcdIPSecMIBObjects 1 }
brcdIPSecSequenceNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This denotes the ESP sequence number used for
anti-replay check."
::= { brcdIPSecMIBObjects 2 }
brcdIKEMessageType OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Specifies the type of notification message.
Only IKE_SA_INIT(34), IKE_AUTH(35), CREATE_CHILD_SA(36)
and INFORMATIONAL(37) are currently supported as per
RFC5996."
::= { brcdIPSecMIBObjects 3 }
brcdIKEPayloadType OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Specifies the type of IKE payload. As per RFC5996 current
valid values are {0, 32 to 48}."
::= { brcdIPSecMIBObjects 4 }
brcdIPSecSlotNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the Slot id of the IPsec module."
::= { brcdIPSecMIBObjects 5 }
brcdIPSecUnitNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the unit number."
::= { brcdIPSecMIBObjects 6 }
brcdIPSecVRFValue OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the VRF value."
::= { brcdIPSecMIBObjects 7 }
brcdIPSecSessionState OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the state of IPsec/IKE session."
::= { brcdIPSecMIBObjects 8 }
brcdIPSecModuleState OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the state of IPsec module."
::= { brcdIPSecMIBObjects 9 }
---Notifications
brcdIPSecInvalidSANotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when no valid Security
Association exists for a session."
--#TYPE "Ruckus Wireless Trap: No valid Security Association exists for a session."
--#SUMMARY "I:ESP: No IPsec SA Found for Received Packet with Source
-- address type %u Source %s Destination address type %u Destination %s
-- SPI %s."
--#ARGUMENTS {0, 1, 2, 3, 4}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 1 }
brcdIPSecFragmentedPacketNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when a packet offered to ESP
for processing appears to be an IP fragment, i.e., the OFFSET
field is non-zero or the MORE FRAGMENTS flag is set."
--#TYPE "Ruckus Wireless Trap: Received Fragmented Packet with SPI ."
--#SUMMARY "I:ESP: Received Fragmented Packet with Source
-- Address type %u Source %s Destination address type %u
-- Destination %s SPI %s."
--#ARGUMENTS {0, 1, 2, 3, 4}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 2 }
brcdIPSecSequenceOverflowNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when there is an attempt to
transmit a packet that would result in Sequence Number
overflow."
--#TYPE "Ruckus Wireless Trap: Sequence Number Overflow."
--#SUMMARY "I:ESP: Sequence Number Overflow when Trying to Send Packet
-- with with SPI %s Source address type %u Source %s Destination
-- address type %u Destination %s."
--#ARGUMENTS { 4, 0, 1, 2, 3}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 3 }
brcdIPSecFailedAntiReplayCheckNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue,
brcdIPSecSequenceNumber
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when the received packet
fails the anti-replay checks."
--#TYPE "Ruckus Wireless Trap: received packet fails the anti-replay check."
--#SUMMARY "I:ESP: Anti-Replay Check Failed for Received Packet with
-- Source address type %u Source %s Destination address type %u
-- Destination %s SPI %s Sequence Number %u."
--#ARGUMENTS {0, 1, 2, 3, 4, 5}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 4 }
brcdIPSecFailedIntegrityCheckNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue,
brcdIPSecSequenceNumber
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when the received packet
fails integrity check."
--#TYPE "Ruckus Wireless Trap: received packet fails integrity check."
--#SUMMARY "I:ESP: Integrity Check Failed for Received Packet with
-- Source address type %u Source %s Destination address type %u
-- Destination %s SPI %s Sequence Number %u."
--#ARGUMENTS {0, 1, 2, 3, 4, 5}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 5 }
brcdIPSecDeencapsulationFailedNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue,
brcdIPSecSequenceNumber
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when the deencapsulation of
received packet failed."
--#TYPE "Ruckus Wireless Trap: deencapsulation of received packet failed."
--#SUMMARY "I:ESP: Deencapsulation Failed for Received Packet with
-- Source address type %u Source %s Destination address type %u
-- Destination %s SPI %s Sequence Number %u."
--#ARGUMENTS { 0, 1, 2, 3, 4, 5}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 6 }
brcdIPSecLengthErrorNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when the check on IP packet
length fails for the received packet."
--#TYPE "Ruckus Wireless Trap: Length Error Detected."
--#SUMMARY "I:ESP: Length Error Detected for
-- Received Packet with SPI %s Source address type %u
-- Source %s Destination address type %u Destination %s."
--#ARGUMENTS {4, 0, 1, 2, 3}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 7 }
brcdIKEInvalidMsgTypeNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue,
brcdIKEMessageType
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when an invalid IKE message
Type is received."
--#TYPE "Ruckus Wireless Trap: Invalid IKE Message Type received."
--#SUMMARY "I:IKEv2: Invalid Message Type Received with
-- Source address type %u Source %s Destination address type %u
-- Destination %s SPI %s Message Type %u.
--#ARGUMENTS {0, 1, 2, 3, 4, 5}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 8 }
brcdIKEInvalidPayloadNotification NOTIFICATION-TYPE
OBJECTS {
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecSPIValue,
brcdIKEPayloadType
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when an invalid IKE payload
is received."
--#TYPE "Ruckus Wireless Trap: Invalid IKE Payload Received."
--#SUMMARY "I:IKEv2: Invalid Payload Type Received with
-- Source address type %u Source %s Destination address type %u
-- Destination %s SPI %s Payload Type %u."
--#ARGUMENTS {0, 1, 2, 3, 4, 5}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 9 }
brcdIKEMaxPeerReachedNotification NOTIFICATION-TYPE
OBJECTS {
brcdIPSecSlotNumber
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when maximum IKE peer limit
is reached."
--#TYPE "Ruckus Wireless Trap: Max IKE peers limit reached."
--#SUMMARY "W:IKEv2: Maximum IKE Peers Limit Reached."
--#ARGUMENTS {0}
--#SEVERITY WARNING
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 10 }
brcdIKERecoveredMaxPeerLimitNotification NOTIFICATION-TYPE
OBJECTS {
brcdIPSecSlotNumber
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when the system recovers from
the maximum IKE peer limit condition."
--#TYPE "Ruckus Wireless Trap: Recovered Max IKE peers limit condition."
--#SUMMARY "W:IKEv2: Recovered from Maximum IKE Peers Limit
-- Condition."
--#ARGUMENTS {0}
--#SEVERITY WARNING
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 11 }
brcdIPSecSessionNotification NOTIFICATION-TYPE
OBJECTS {
brcdIPSecSessionState,
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecVRFValue,
brcdIPSecSPIValue,
spdPacketDirection
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when IPsec session state
is changed."
--#TYPE "Ruckus Wireless Trap: IPsec session state."
--#SUMMARY "I:IPsec: IPsec session Source address type %u
-- Source %s Destination address type %u Destination %s
-- VRF %u SPI %u Direction %s.”
--#ARGUMENTS {0, 1, 2, 3, 4, 5, 6, 7}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 12 }
brcdIKESessionNotification NOTIFICATION-TYPE
OBJECTS {
brcdIPSecSessionState,
spdIPSourceType,
spdIPSourceAddress,
spdIPDestinationType,
spdIPDestinationAddress,
brcdIPSecVRFValue,
brcdIPSecSPIValue
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when IKEv2 session state
is changed."
--#TYPE "Ruckus Wireless Trap: IKEv2 session state."
--#SUMMARY "I:IKEv2: IKEv2 session %s Source address type %u
-- Source %s Destination address type %u Destination %s
-- VRF %u SPI %u.”
--#ARGUMENTS {0, 1, 2, 3, 4, 5, 6}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 13 }
brcdIPSecModuleNotification NOTIFICATION-TYPE
OBJECTS {
brcdIPSecSlotNumber,
brcdIPSecUnitNumber,
brcdIPSecModuleState
}
STATUS current
DESCRIPTION
"The SNMP trap that is generated when IPsec module state
is changed."
--#TYPE "Ruckus Wireless Trap: IPsec module state."
--#SUMMARY "I:IPsec: IPsec module %u on unit %u is %s.”
--#ARGUMENTS {0, 1, 2}
--#SEVERITY INFORMATIONAL
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 14 }
brcdIKEMaxPeerReachedStackingNotification NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"The SNMP trap that is generated when maximum IKE peer limit
is reached."
--#TYPE "Ruckus Wireless Trap: Max IKE peers limit reached."
--#SUMMARY "W:IKEv2: Maximum IKE Peers Limit Reached."
--#ARGUMENTS { }
--#SEVERITY WARNING
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 15 }
brcdIKERecoveredMaxPeerLimitStackingNotification NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"The SNMP trap that is generated when the system recovers from
the maximum IKE peer limit condition."
--#TYPE "Ruckus Wireless Trap: Recovered Max IKE peers limit condition."
--#SUMMARY "W:IKEv2: Recovered from Maximum IKE Peers LimitCondition."
--#ARGUMENTS { }
--#SEVERITY WARNING
--#STATE OPERATIONAL
::= {brcdIPSecMIBNotification 16 }
END
View Git Blame Copy Permalink