2121 lines
64 KiB
Plaintext
2121 lines
64 KiB
Plaintext
-- =============================================================================
|
|
-- Copyright (C) 2022 by HUAWEI SYMANTEC TECHNOLOGIES. All rights reserved.
|
|
-- Description: The MIB is designed to get IPSec tunnels' statistic information.
|
|
-- Reference: Huawei Enterprise MIB
|
|
-- Version: V1.24
|
|
-- History:
|
|
-- V1.0 The initial version created by LiShengbai 90004270.
|
|
-- =============================================================================
|
|
|
|
HUAWEI-SECURITY-IPSEC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Gauge32, IpAddress, Counter64, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
enterprises
|
|
FROM RFC1155-SMI
|
|
Ipv6Address
|
|
FROM IPV6-TC;
|
|
|
|
|
|
hwIpsec MODULE-IDENTITY
|
|
LAST-UPDATED "202206131540Z" --June 13, 2022 at 15:48 GMT
|
|
ORGANIZATION
|
|
"Huawei Technologies Co.,Ltd."
|
|
CONTACT-INFO
|
|
"Huawei Industrial Base
|
|
Bantian, Longgang
|
|
Shenzhen 518129
|
|
People's Republic of China
|
|
Website: http://www.huawei.com
|
|
Email: support@huawei.com"
|
|
DESCRIPTION
|
|
"V1.24 fix hwIPSecTunnelStatusChange description."
|
|
REVISION "202206131540Z"
|
|
DESCRIPTION
|
|
"V1.23 add hwIPSecTunnelPolicyAlias for hwIPSecTunnelStatusChange."
|
|
REVISION "202110071449Z"
|
|
DESCRIPTION
|
|
"V1.22 add add hwIPSecTunnelStatusChange."
|
|
REVISION "202110071449Z"
|
|
DESCRIPTION
|
|
"V1.21 add add hwIPSecTrapOprPri."
|
|
REVISION "202106181210Z"
|
|
DESCRIPTION
|
|
"V1.20 add add hwIPSecLowSecurityLevel."
|
|
REVISION "202105121000Z"
|
|
DESCRIPTION
|
|
"V1.19 add add hwIPSecGlobalBytesPerSecondIn, hwIPSecGlobalBytesPerSecondOut."
|
|
REVISION "202103231000Z"
|
|
DESCRIPTION
|
|
"V1.18 fix syntax errors."
|
|
REVISION "202008281500Z"
|
|
DESCRIPTION
|
|
"V1.17 fix syntax errors."
|
|
REVISION "202007161500Z"
|
|
DESCRIPTION
|
|
"V1.16 add hwIPSecTrapTunnelDstIPMask, hwIPSecTrapRouteNextHope."
|
|
REVISION "202004151500Z"
|
|
|
|
DESCRIPTION
|
|
"V1.15 add opr route miss warning."
|
|
REVISION "202004141500Z"
|
|
DESCRIPTION
|
|
"V1.14 add hwIPSecTunnelBytesPerSecondIn, hwIPSecTunnelBytesPerSecondOut, hwIPSecTunnelPacketsPerSecondIn, hwIPSecTunnelPacketsPerSecondOut, hwIPSecTunnelErrPacketsPerSecondIn, hwIPSecTunnelErrPacketsPerSecondOut, hwIPSecTunnelErrPacketsIn, hwIPSecTunnelErrPacketsOut at 2018-08-08."
|
|
REVISION "201808081500Z"
|
|
|
|
DESCRIPTION
|
|
"V1.13 add hwIPSecTunnelDstIPv6, hwIPSecTunnelInsideIPv6, hwIPSecTunnelSrcIPv6at 2018-07-24."
|
|
REVISION "201807241500Z"
|
|
DESCRIPTION
|
|
"V1.12 add hwIPSecInitiator at 2018-05-21."
|
|
REVISION "201805211500Z"
|
|
DESCRIPTION
|
|
"V1.10 add hwIPSecTunnelHaveReachMax at 2018-03-21."
|
|
REVISION "201803211500Z"
|
|
DESCRIPTION
|
|
"V1.10 change the position of hwIPSecTunnelFlowInfo in hwIPSecTunnelStart and hwIPSecTunnnelStop at 2018-01-17."
|
|
REVISION "201801171500Z"
|
|
DESCRIPTION
|
|
"V1.09 add hwIPSecSaStatisticsTable and add hwIPSecTunnelFlowInfo to hwIPSecTunnelStart and hwIPSecTunnnelStop at 2017-11-21."
|
|
REVISION "201711211500Z"
|
|
DESCRIPTION
|
|
"V1.09 add hwIPSecTunnelSlotID at 2017-09-27."
|
|
REVISION "201709291500Z"
|
|
DESCRIPTION
|
|
"V1.08 add hwIPSecIfName at 2017-05-10."
|
|
REVISION "201705101500Z"
|
|
|
|
DESCRIPTION
|
|
"V1.07 add hwIPSec Vsys Name at 2016-12-06."
|
|
REVISION "201612061500Z"
|
|
|
|
DESCRIPTION
|
|
"V1.06 add hwIPSecTrapTunnelOfflineReason and add this node to hwIPSecTunnelStop at 2016-10-25."
|
|
REVISION "201610251500Z"
|
|
|
|
DESCRIPTION
|
|
"V1.05 modify hwIPSecNegoFail at 2016-06-23."
|
|
REVISION "201606231500Z"
|
|
|
|
DESCRIPTION
|
|
"V1.04 modify hwIPSecTunnelLifeSize at 2015-07-13."
|
|
REVISION "201507131500Z"
|
|
DESCRIPTION
|
|
"V1.03 The IPSec mib is for Eudemon and USG product series."
|
|
REVISION "201505281500Z"
|
|
DESCRIPTION
|
|
"V1.00 The IPSec mib is for Eudemon and USG product series."
|
|
REVISION "201505051900Z"
|
|
|
|
DESCRIPTION
|
|
"Modify hwIPSecNegoFail at 2015-05-05."
|
|
REVISION "201504281900Z"
|
|
DESCRIPTION
|
|
"Add type of hwIPSecNegoFail at 2015-04-28."
|
|
|
|
REVISION "200910100900Z"
|
|
DESCRIPTION
|
|
"Modify mib nodes OID.So that, eSAP V2R1 version mib nodes
|
|
can be compatible to last version's mib nodes."
|
|
|
|
|
|
::= { hwSecurity 26 }
|
|
|
|
-- ===============================================
|
|
-- Node definitions
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011
|
|
huawei OBJECT IDENTIFIER ::= { enterprises 2011 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6
|
|
huaweiUtility OBJECT IDENTIFIER ::= { huawei 6 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122
|
|
hwSecurity OBJECT IDENTIFIER ::= { huaweiUtility 122 }
|
|
|
|
-- ===============================================
|
|
-- Begin the hwIPSecGlobalStats.
|
|
-- ===============================================
|
|
|
|
hwIPSecGlobalStats OBJECT IDENTIFIER ::= { hwIpsec 1 }
|
|
|
|
hwIPSecGlobalTotal OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of IPSec Phase2 tunnels."
|
|
::= { hwIPSecGlobalStats 1 }
|
|
|
|
hwIPSecGlobalPacketInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received security packets."
|
|
::= { hwIPSecGlobalStats 2 }
|
|
|
|
hwIPSecGlobalPacketOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent security packets."
|
|
::= { hwIPSecGlobalStats 3 }
|
|
|
|
hwIPSecGlobalByteInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes of received security packets."
|
|
::= { hwIPSecGlobalStats 4 }
|
|
|
|
hwIPSecGlobalByteOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes of sent security packets."
|
|
::= { hwIPSecGlobalStats 5 }
|
|
|
|
hwIPSecGlobalDroppedPacketInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets that are received."
|
|
::= { hwIPSecGlobalStats 6 }
|
|
|
|
hwIPSecGlobalDroppedPacketOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets that are sent."
|
|
::= { hwIPSecGlobalStats 7 }
|
|
|
|
hwIPSecGlobalEncIntactPacket OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets that do not need to be fragmented."
|
|
::= { hwIPSecGlobalStats 8 }
|
|
|
|
hwIPSecGlobalEncPacketFirstSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of initial packets to be encrypted."
|
|
::= { hwIPSecGlobalStats 9 }
|
|
|
|
hwIPSecGlobalEncPacketAfterSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of follow-up packets to be encrypted."
|
|
::= { hwIPSecGlobalStats 10 }
|
|
|
|
hwIPSecGlobalDecPacketReassFirstSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of initial packets that are fragmented and assembled."
|
|
::= { hwIPSecGlobalStats 11 }
|
|
|
|
hwIPSecGlobalDecPacketReassAfterSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of follow-up packets that are fragmented and assembled."
|
|
::= { hwIPSecGlobalStats 12 }
|
|
|
|
hwIPSecGlobalDecPacketReassLenErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets with incorrect length during reassembling."
|
|
::= { hwIPSecGlobalStats 13 }
|
|
|
|
hwIPSecGlobalPacketHeaderWrong OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the packet header error."
|
|
::= { hwIPSecGlobalStats 14 }
|
|
|
|
hwIPSecGlobalMemoryApplyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by memory applying failure."
|
|
::= { hwIPSecGlobalStats 15 }
|
|
|
|
hwIPSecGlobalCannotFindSA OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by no matched security associations."
|
|
::= { hwIPSecGlobalStats 16 }
|
|
|
|
hwIPSecGlobalWrongSA OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by incorrect security associations."
|
|
::= { hwIPSecGlobalStats 17 }
|
|
|
|
hwIPSecGlobalBadAuthentication OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the authentication failure."
|
|
::= { hwIPSecGlobalStats 18 }
|
|
|
|
hwIPSecGlobalReplay OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the packet replay."
|
|
::= { hwIPSecGlobalStats 19 }
|
|
|
|
hwIPSecGlobalPreRecheckErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the pre-check failure."
|
|
::= { hwIPSecGlobalStats 20 }
|
|
|
|
hwIPSecGlobalPostRecheckErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the post-check failure"
|
|
::= { hwIPSecGlobalStats 21 }
|
|
|
|
hwIPSecGlobalExceedByteLimit OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding of the byte limit."
|
|
::= { hwIPSecGlobalStats 22 }
|
|
|
|
hwIPSecGlobalExceedPacketLimit OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding of the packet limit."
|
|
::= { hwIPSecGlobalStats 23 }
|
|
|
|
hwIPSecGlobalProcessIpv4Err OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the plain-text forwarding failure."
|
|
::= { hwIPSecGlobalStats 24 }
|
|
|
|
hwIPSecGlobalFibSearchErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the route check failure."
|
|
::= { hwIPSecGlobalStats 25 }
|
|
|
|
hwIPSecGlobalIKEInboundOK OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received IKE negotiation packets that successfully enter the queue."
|
|
::= { hwIPSecGlobalStats 26 }
|
|
|
|
hwIPSecGlobalIKEInboundErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received IKE negotiation packets that fail to enter the queue."
|
|
::= { hwIPSecGlobalStats 27 }
|
|
|
|
hwIPSecGlobalIKEOutboundOK OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent IKE negotiation packets that successfully enter the queue."
|
|
::= { hwIPSecGlobalStats 28 }
|
|
|
|
hwIPSecGlobalIKEOutboundErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent IKE negotiation packets that fail to enter the queue."
|
|
::= { hwIPSecGlobalStats 29 }
|
|
|
|
hwIPSecGlobalSoftExpr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Soft timeout times."
|
|
::= { hwIPSecGlobalStats 30 }
|
|
|
|
hwIPSecGlobalHardExpr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hard timeout times."
|
|
::= { hwIPSecGlobalStats 31 }
|
|
|
|
hwIPSecGlobalDPDOper OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DPD operation and detection times."
|
|
::= { hwIPSecGlobalStats 32 }
|
|
|
|
hwIPSecGlobalModpCnt OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Modular exponentiation calculation."
|
|
::= { hwIPSecGlobalStats 33 }
|
|
|
|
hwIPSecGlobalSaeSucc OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SAE computing success."
|
|
::= { hwIPSecGlobalStats 34 }
|
|
|
|
hwIPSecGlobalSoftwareSucc OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Software computing success."
|
|
::= { hwIPSecGlobalStats 35 }
|
|
|
|
hwIPSecGlobalConnectionRate OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"New Connection Rate of IPSec tunnels."
|
|
::= { hwIPSecGlobalStats 36 }
|
|
|
|
hwIPSecGlobalTotalPhase1Num OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total Number of IPSec Phase1 tunnels."
|
|
::= { hwIPSecGlobalStats 37 }
|
|
hwIPSecGlobalBytesPerSecondIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming encrypted IPsec packet rate, in bytes/s."
|
|
::= { hwIPSecGlobalStats 38 }
|
|
|
|
hwIPSecGlobalBytesPerSecondOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing encrypted IPsec packet rate, in bytes/s."
|
|
::= { hwIPSecGlobalStats 39 }
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecTunnelConfigTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.2
|
|
hwIPSecTunnelConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecTunnelConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the configuration attributes for Huawei IPSec tunnel."
|
|
::= { hwIpsec 2 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.2.1
|
|
hwIPSecTunnelConfigEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecTunnelConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring configuration parameters associated with an instance of IPSec tunnel."
|
|
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex }
|
|
::= { hwIPSecTunnelConfigTable 1 }
|
|
|
|
HwIPSecTunnelConfigEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecIfIndex
|
|
Gauge32,
|
|
hwIPSecTunnelPolicyNum
|
|
Gauge32,
|
|
hwIPSecTunnelIndex
|
|
Gauge32,
|
|
hwIPSecTunnelRuleId
|
|
Gauge32,
|
|
hwIPSecTunnelDstIP
|
|
OCTET STRING,
|
|
hwIPSecTunnelInsideIP
|
|
OCTET STRING,
|
|
hwIPSecTunnelRemotePort
|
|
Gauge32,
|
|
hwIPSecTunnelCpuID
|
|
Gauge32,
|
|
hwIPSecTunnelEncapMode
|
|
INTEGER,
|
|
hwIPSecTunnelNatTraver
|
|
INTEGER,
|
|
hwIPSecTunnelFromIKEV2
|
|
INTEGER,
|
|
hwIPSecTunnelEncryptMode
|
|
Gauge32,
|
|
hwIPSecTunnelESPDigestMode
|
|
Gauge32,
|
|
hwIPSecTunnelAHDigestMode
|
|
Gauge32,
|
|
hwIPSecTunnelProto
|
|
Gauge32,
|
|
hwIPSecTunnelOutPortIndex
|
|
Gauge32,
|
|
hwIPSecTunnelSrcPort
|
|
Gauge32,
|
|
hwIPSecTunnelDstPort
|
|
Gauge32,
|
|
hwIPSecTunnelVrfIndex
|
|
Gauge32,
|
|
hwIPSecTunnelIfVrfIndex
|
|
Gauge32,
|
|
hwIPSecTunnelSrcIP
|
|
OCTET STRING,
|
|
hwIPSecTunnelSpeedLimitIn
|
|
Gauge32,
|
|
hwIPSecTunnelSpeedLimitOut
|
|
Gauge32,
|
|
hwIPSecTunnelInitiator
|
|
INTEGER,
|
|
hwIPSecTunnelLifeSize
|
|
Gauge32,
|
|
hwIPSecTunnelLifeTime
|
|
Gauge32,
|
|
hwIPSecTunnelPolicyName
|
|
OCTET STRING,
|
|
hwIPSecTunnelSaStatus
|
|
INTEGER,
|
|
hwIPSecTunnelSlotID
|
|
Gauge32,
|
|
hwIPSecTunnelFlowInfo
|
|
OCTET STRING,
|
|
hwIPSecTunnelPolicyAlias
|
|
OCTET STRING,
|
|
hwIPSecTunnelDstIPv6
|
|
OCTET STRING,
|
|
hwIPSecTunnelInsideIPv6
|
|
OCTET STRING,
|
|
hwIPSecTunnelSrcIPv6
|
|
OCTET STRING
|
|
}
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.2.1.1
|
|
hwIPSecIfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the router interface corresponding to the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 1 }
|
|
|
|
hwIPSecTunnelPolicyNum OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The tunnel number of IPSec policy."
|
|
::= { hwIPSecTunnelConfigEntry 2 }
|
|
|
|
hwIPSecTunnelIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 3 }
|
|
|
|
hwIPSecTunnelRuleId OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ID of the ACL rule in the current IPSec policy."
|
|
::= { hwIPSecTunnelConfigEntry 4 }
|
|
|
|
hwIPSecTunnelDstIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address of the tunnel (peer end)."
|
|
::= { hwIPSecTunnelConfigEntry 5 }
|
|
|
|
hwIPSecTunnelInsideIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Intranet IP address of the peer end during remote access."
|
|
::= { hwIPSecTunnelConfigEntry 6 }
|
|
|
|
hwIPSecTunnelRemotePort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port number of the peer end of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 7 }
|
|
|
|
hwIPSecTunnelCpuID OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"CPU ID of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 8 }
|
|
|
|
hwIPSecTunnelEncapMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tunnel(0),
|
|
transport(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encapsulation mode of the tunnel (tunneling mode or transmission mode)."
|
|
::= { hwIPSecTunnelConfigEntry 9 }
|
|
|
|
hwIPSecTunnelNatTraver OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
noNatTraversal(0),
|
|
natTraversal(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the tunnel needs NAT traversal (If yes, the value is 1.)."
|
|
::= { hwIPSecTunnelConfigEntry 10 }
|
|
|
|
hwIPSecTunnelFromIKEV2 OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noIkev2(0),
|
|
ikev2(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the tunnel adopts IKEv2 (If yes, the value is 1.)."
|
|
::= { hwIPSecTunnelConfigEntry 11 }
|
|
|
|
hwIPSecTunnelEncryptMode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encryption mode of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 12 }
|
|
|
|
hwIPSecTunnelESPDigestMode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ESP check mode of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 13 }
|
|
|
|
hwIPSecTunnelAHDigestMode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"AH check mode of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 14 }
|
|
|
|
hwIPSecTunnelProto OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Protocol of the tunnel (ESP or AH, or both)."
|
|
::= { hwIPSecTunnelConfigEntry 15 }
|
|
|
|
hwIPSecTunnelOutPortIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the egress of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 16 }
|
|
|
|
hwIPSecTunnelSrcPort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the source port number if NAT traversal is adopted."
|
|
::= { hwIPSecTunnelConfigEntry 17 }
|
|
|
|
hwIPSecTunnelDstPort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the destination port number if NAT traversal is adopted."
|
|
::= { hwIPSecTunnelConfigEntry 18 }
|
|
|
|
hwIPSecTunnelVrfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN ID protected by the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 19 }
|
|
|
|
hwIPSecTunnelIfVrfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN ID of the sending interface of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 20 }
|
|
|
|
hwIPSecTunnelSrcIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of the tunnel (local end)."
|
|
::= { hwIPSecTunnelConfigEntry 21 }
|
|
|
|
hwIPSecTunnelSpeedLimitIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rate limiting pre-configured in the incoming direction."
|
|
::= { hwIPSecTunnelConfigEntry 22 }
|
|
|
|
hwIPSecTunnelSpeedLimitOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rate limiting pre-configured in the outgoing direction."
|
|
::= { hwIPSecTunnelConfigEntry 23 }
|
|
|
|
hwIPSecTunnelInitiator OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
responder(0),
|
|
ikev2Initiator(1),
|
|
ikev1Initiator(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Initiator or responder of the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 24 }
|
|
|
|
hwIPSecTunnelLifeSize OBJECT-TYPE
|
|
SYNTAX Gauge32 (0..200000000)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Life cycle of the IPSec tunnel (in kbytes)."
|
|
::= { hwIPSecTunnelConfigEntry 25 }
|
|
|
|
hwIPSecTunnelLifeTime OBJECT-TYPE
|
|
SYNTAX Gauge32 (1..604800)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Life cycle of the IPSec tunnel (in seconds)."
|
|
::= { hwIPSecTunnelConfigEntry 26 }
|
|
|
|
hwIPSecTunnelPolicyName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy for the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 27 }
|
|
|
|
hwIPSecTunnelSaStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
free(0),
|
|
ocuppied(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of the SA."
|
|
::= { hwIPSecTunnelConfigEntry 28 }
|
|
hwIPSecTunnelSlotID OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SLOT ID of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 29 }
|
|
hwIPSecTunnelFlowInfo OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Data flow of the IPSec tunnel"
|
|
::= { hwIPSecTunnelConfigEntry 30 }
|
|
|
|
hwIPSecTunnelPolicyAlias OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy alias for the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 31 }
|
|
|
|
hwIPSecTunnelDstIPv6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IPv6 address of the tunnel (peer end)."
|
|
::= { hwIPSecTunnelConfigEntry 32 }
|
|
|
|
hwIPSecTunnelInsideIPv6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Intranet IPv6 address of the peer end during remote access."
|
|
::= { hwIPSecTunnelConfigEntry 33 }
|
|
|
|
hwIPSecTunnelSrcIPv6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv6 address of the tunnel (local end)."
|
|
::= { hwIPSecTunnelConfigEntry 34 }
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecTunnelStatsTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.3
|
|
hwIPSecTunnelStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecTunnelStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the status attributes for Huawei IPSec tunnel."
|
|
::= { hwIpsec 3 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.3.1
|
|
hwIPSecTunnelStatsEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecTunnelStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring status parameters associated with an instance of IPSec tunnel."
|
|
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex }
|
|
::= { hwIPSecTunnelStatsTable 1 }
|
|
|
|
HwIPSecTunnelStatsEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecTunnelSaIDIn
|
|
Gauge32,
|
|
hwIPSecTunnelSaIDOut
|
|
Gauge32,
|
|
hwIPSecTunnelFlowSoftExpireIn
|
|
Gauge32,
|
|
hwIPSecTunnelFlowSoftExpireOut
|
|
Gauge32,
|
|
hwIPSecTunnelFlowHardExpireIn
|
|
Gauge32,
|
|
hwIPSecTunnelFlowHardExpireOut
|
|
Gauge32,
|
|
hwIPSecTunnelRemainTime
|
|
Gauge32,
|
|
hwIPSecTunnelRemainSize
|
|
Gauge32,
|
|
hwIPSecTunnelSpiIn
|
|
Gauge32,
|
|
hwIPSecTunnelSpiOut
|
|
Gauge32,
|
|
hwIPSecTunnelInSideSpiIn
|
|
Gauge32,
|
|
hwIPSecTunnelInSideSpiOut
|
|
Gauge32,
|
|
hwIPSecTunnelESPSequenceNumberIn
|
|
Gauge32,
|
|
hwIPSecTunnelESPSequenceNumberOut
|
|
Gauge32,
|
|
hwIPSecTunnellAHSequenceNumberIn
|
|
Gauge32,
|
|
hwIPSecTunnellAHSequenceNumberOut
|
|
Gauge32,
|
|
hwIPSecTunnelMemApplyFail
|
|
Counter64,
|
|
hwIPSecTunnelBadAuth
|
|
Counter64,
|
|
hwIPSecTunnelReplay
|
|
Counter64,
|
|
hwIPSecTunnelAfterReCheckErr
|
|
Counter64,
|
|
hwIPSecTunnelPktDropByteLimitIn
|
|
Counter64,
|
|
hwIPSecTunnelPktDropByteLimitOut
|
|
Counter64,
|
|
hwIPSecTunnelFIBSearchErr
|
|
Counter64,
|
|
|
|
hwIPSecTunnelBytesPerSecondIn
|
|
Gauge32,
|
|
hwIPSecTunnelBytesPerSecondOut
|
|
Gauge32,
|
|
hwIPSecTunnelPacketsPerSecondIn
|
|
Gauge32,
|
|
hwIPSecTunnelPacketsPerSecondOut
|
|
Gauge32,
|
|
hwIPSecTunnelErrPacketsPerSecondIn
|
|
Gauge32,
|
|
hwIPSecTunnelErrPacketsPerSecondOut
|
|
Gauge32,
|
|
hwIPSecTunnelErrPacketsIn
|
|
Gauge32,
|
|
hwIPSecTunnelErrPacketsOut
|
|
Gauge32
|
|
}
|
|
|
|
hwIPSecTunnelSaIDIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the incoming IPSec tunnel."
|
|
::= { hwIPSecTunnelStatsEntry 1 }
|
|
|
|
hwIPSecTunnelSaIDOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the outgoing IPSec tunnel."
|
|
::= { hwIPSecTunnelStatsEntry 2 }
|
|
|
|
hwIPSecTunnelFlowSoftExpireIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming soft timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 3 }
|
|
|
|
hwIPSecTunnelFlowSoftExpireOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing soft timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 4 }
|
|
|
|
hwIPSecTunnelFlowHardExpireIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming hard timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 5 }
|
|
|
|
hwIPSecTunnelFlowHardExpireOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing hard timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 6 }
|
|
|
|
hwIPSecTunnelRemainTime OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remaining time of the IPSec tunnel (in seconds)."
|
|
::= { hwIPSecTunnelStatsEntry 7 }
|
|
|
|
hwIPSecTunnelRemainSize OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remaining bytes of the IPSec tunnel (in kbytes)."
|
|
::= { hwIPSecTunnelStatsEntry 8 }
|
|
|
|
hwIPSecTunnelSpiIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming SPI."
|
|
::= { hwIPSecTunnelStatsEntry 9 }
|
|
|
|
hwIPSecTunnelSpiOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing SPI."
|
|
::= { hwIPSecTunnelStatsEntry 10 }
|
|
|
|
hwIPSecTunnelInSideSpiIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SPI of the internal ESP header when both AH and ESP are adopted in the incoming direction."
|
|
::= { hwIPSecTunnelStatsEntry 11 }
|
|
|
|
hwIPSecTunnelInSideSpiOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SPI of the internal ESP header when both AH and ESP are adopted in the outgoing direction."
|
|
::= { hwIPSecTunnelStatsEntry 12 }
|
|
|
|
hwIPSecTunnelESPSequenceNumberIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the incoming ESP protocol."
|
|
::= { hwIPSecTunnelStatsEntry 13 }
|
|
|
|
hwIPSecTunnelESPSequenceNumberOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the outgoing ESP protocol."
|
|
::= { hwIPSecTunnelStatsEntry 14 }
|
|
|
|
hwIPSecTunnellAHSequenceNumberIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the incoming AH protocol."
|
|
::= { hwIPSecTunnelStatsEntry 15 }
|
|
|
|
hwIPSecTunnellAHSequenceNumberOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the outgoing AH protocol."
|
|
::= { hwIPSecTunnelStatsEntry 16 }
|
|
|
|
hwIPSecTunnelMemApplyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets because packets to be encrypted are too long."
|
|
::= { hwIPSecTunnelStatsEntry 17 }
|
|
|
|
hwIPSecTunnelBadAuth OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the authentication failure of received packets."
|
|
::= { hwIPSecTunnelStatsEntry 18 }
|
|
|
|
hwIPSecTunnelReplay OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by receiving replayed packets."
|
|
::= { hwIPSecTunnelStatsEntry 19 }
|
|
|
|
hwIPSecTunnelAfterReCheckErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the decryption post-check failure."
|
|
::= { hwIPSecTunnelStatsEntry 20 }
|
|
|
|
hwIPSecTunnelPktDropByteLimitIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding the byte limit in the incoming direction."
|
|
::= { hwIPSecTunnelStatsEntry 21 }
|
|
|
|
hwIPSecTunnelPktDropByteLimitOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding of the byte limit in the outgoing direction."
|
|
::= { hwIPSecTunnelStatsEntry 22 }
|
|
|
|
hwIPSecTunnelFIBSearchErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the route check failure."
|
|
::= { hwIPSecTunnelStatsEntry 23 }
|
|
|
|
hwIPSecTunnelBytesPerSecondIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Speed of inbound flow in bytes."
|
|
::= { hwIPSecTunnelStatsEntry 24 }
|
|
|
|
hwIPSecTunnelBytesPerSecondOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Speed of outbound flow in bytes."
|
|
::= { hwIPSecTunnelStatsEntry 25 }
|
|
|
|
hwIPSecTunnelPacketsPerSecondIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Speed of inbound flow in packets."
|
|
::= { hwIPSecTunnelStatsEntry 26 }
|
|
|
|
hwIPSecTunnelPacketsPerSecondOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Speed of outbound flow in packets."
|
|
::= { hwIPSecTunnelStatsEntry 27 }
|
|
|
|
hwIPSecTunnelErrPacketsPerSecondIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Speed of inbound error packets."
|
|
::= { hwIPSecTunnelStatsEntry 28 }
|
|
|
|
hwIPSecTunnelErrPacketsPerSecondOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Speed of outbound error packets."
|
|
::= { hwIPSecTunnelStatsEntry 29 }
|
|
|
|
hwIPSecTunnelErrPacketsIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of inbound error packets."
|
|
::= { hwIPSecTunnelStatsEntry 30 }
|
|
|
|
hwIPSecTunnelErrPacketsOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outbound error packets."
|
|
::= { hwIPSecTunnelStatsEntry 31 }
|
|
|
|
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecSaStatisticTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.4
|
|
hwIPSecSaStatisticTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecSaStatisticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the SA numbers of policies which have been bound with interfaces."
|
|
::= { hwIpsec 4 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.4.1
|
|
hwIPSecSaStatisticEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecSaStatisticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum }
|
|
::= { hwIPSecSaStatisticTable 1 }
|
|
|
|
HwIPSecSaStatisticEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecSaStatisticTunnelPolicyName
|
|
OCTET STRING,
|
|
hwIPSecSaStatisticSaInCnt
|
|
Gauge32,
|
|
hwIPSecSaStatisticSaOutCnt
|
|
Gauge32,
|
|
hwIPSecTunnelByteInput
|
|
Counter64,
|
|
hwIPSecTunnelByteOutput
|
|
Counter64,
|
|
hwIPSecTunnelPacketInput
|
|
Counter64,
|
|
hwIPSecTunnelPacketOutput
|
|
Counter64,
|
|
hwIPSecTunnelDroppedPacketInput
|
|
Counter64,
|
|
hwIPSecTunnelDroppedPacketOutput
|
|
Counter64,
|
|
hwIPSecTunnelDialUserCount
|
|
Gauge32 ,
|
|
hwIPSecSaStatisticTunnelPolicyAlias
|
|
OCTET STRING
|
|
}
|
|
|
|
hwIPSecSaStatisticTunnelPolicyName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy for the IPSec tunnel."
|
|
::= { hwIPSecSaStatisticEntry 1 }
|
|
|
|
hwIPSecSaStatisticSaInCnt OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming SA number."
|
|
::= { hwIPSecSaStatisticEntry 2 }
|
|
|
|
hwIPSecSaStatisticSaOutCnt OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing SA number."
|
|
::= { hwIPSecSaStatisticEntry 3 }
|
|
hwIPSecTunnelByteInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Num of bytes received by the IPSec Tunnel."
|
|
::= { hwIPSecSaStatisticEntry 4 }
|
|
hwIPSecTunnelByteOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Num of bytes sent by the IPSec Tunnel."
|
|
::= { hwIPSecSaStatisticEntry 5 }
|
|
hwIPSecTunnelPacketInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Num of packets received by the IPSec Tunnel."
|
|
::= { hwIPSecSaStatisticEntry 6 }
|
|
hwIPSecTunnelPacketOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Num of packets sent by the IPSec Tunnel."
|
|
::= { hwIPSecSaStatisticEntry 7 }
|
|
hwIPSecTunnelDroppedPacketInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets discarded by the IPSec tunnel in the inbound direction"
|
|
::= { hwIPSecSaStatisticEntry 8 }
|
|
hwIPSecTunnelDroppedPacketOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets discarded by the IPSec tunnel in the outbound direction"
|
|
::= { hwIPSecSaStatisticEntry 9 }
|
|
hwIPSecTunnelDialUserCount OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec tunnel remote access users"
|
|
::= { hwIPSecSaStatisticEntry 10 }
|
|
hwIPSecSaStatisticTunnelPolicyAlias OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy alias for the IPSec tunnel."
|
|
::= { hwIPSecSaStatisticEntry 11 }
|
|
|
|
|
|
-- ===============================================
|
|
-- IPSecTrapObject.
|
|
-- ===============================================
|
|
|
|
hwIPSecTrapObject OBJECT IDENTIFIER ::= { hwIpsec 5 }
|
|
|
|
hwIPSecTrapTunnelPolicyNum OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sequence number of IPSec tunnel policy."
|
|
::= { hwIPSecTrapObject 1 }
|
|
|
|
hwIPSecTrapIfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the router interface corresponding to the IPSec tunnel."
|
|
::= { hwIPSecTrapObject 2 }
|
|
|
|
hwIPSecTrapTunnelPolicyName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy for the IPSec tunnel."
|
|
::= { hwIPSecTrapObject 3 }
|
|
|
|
hwIPSecTrapAuthenticationMethod OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec tunnel authentication method."
|
|
::= { hwIPSecTrapObject 4 }
|
|
|
|
hwIPSecTrapAuthenticationID OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec tunnel authentication ID."
|
|
::= { hwIPSecTrapObject 5 }
|
|
|
|
hwIPSecTrapAuthenticationIDType OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..32))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec tunnel authentication ID type."
|
|
::= { hwIPSecTrapObject 6 }
|
|
|
|
hwIPSecTrapTunnelDstIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address of the tunnel (peer end)."
|
|
::= { hwIPSecTrapObject 7 }
|
|
|
|
hwIPSecTrapTunnelSrcIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of the tunnel."
|
|
::= { hwIPSecTrapObject 8 }
|
|
|
|
hwIPSecTrapTunnelRemotePort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port number of the peer end of the tunnel."
|
|
::= { hwIPSecTrapObject 9 }
|
|
|
|
hwIPSecReason OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fail reason of negotiation."
|
|
::= { hwIPSecTrapObject 10 }
|
|
|
|
hwIPSecReasonCode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fail reason code of negotiation."
|
|
::= { hwIPSecTrapObject 11 }
|
|
|
|
hwIPSecTrapTunnelOfflineReason OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Offline reason of the IPSec tunnel."
|
|
::= { hwIPSecTrapObject 12 }
|
|
hwIPSecVsysName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..31))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Virtual system name. The value Public indicates the public system. For products that do not support virtual systems, the value is fixed to Public."
|
|
::= { hwIPSecTrapObject 13 }
|
|
|
|
hwIPSecTrapIfName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..63))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface name corresponding to the IPSec tunnel."
|
|
::= { hwIPSecTrapObject 14 }
|
|
|
|
hwIPSecInitiator OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..19))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The role in IKE negotiation."
|
|
::= { hwIPSecTrapObject 15 }
|
|
|
|
hwIPSecTrapTunnelDstIPMask OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address of the tunnel mask."
|
|
::= { hwIPSecTrapObject 16 }
|
|
|
|
hwIPSecTrapRouteNextHope OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ipsec opr route next hope."
|
|
::= { hwIPSecTrapObject 17 }
|
|
|
|
hwIPSecTrapOprPri OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ipsec opr route priority."
|
|
::= { hwIPSecTrapObject 18 }
|
|
|
|
hwIPSecTunnelVpnName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..32))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ipsec tunnel vpn name."
|
|
::= { hwIPSecTrapObject 19 }
|
|
|
|
hwIPSecTunnelFlowVpnName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..32))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ipsec flow vpn name."
|
|
::= { hwIPSecTrapObject 20 }
|
|
|
|
hwIPSecTunnelStatus OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of the Tunnel."
|
|
::= { hwIPSecTrapObject 21 }
|
|
|
|
hwIPSecTunnelStatusChangeReason OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..128))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec tunnel status change reason."
|
|
::= { hwIPSecTrapObject 22 }
|
|
-- ===============================================
|
|
-- definition of traps.
|
|
-- ===============================================
|
|
|
|
hwIPSecNotifications OBJECT IDENTIFIER ::= { hwIpsec 6 }
|
|
|
|
hwIPSecTunnelStart NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecIfIndex,
|
|
hwIPSecTunnelPolicyNum,
|
|
hwIPSecTunnelIndex,
|
|
hwIPSecTunnelRuleId,
|
|
hwIPSecTunnelDstIP,
|
|
hwIPSecTunnelInsideIP,
|
|
hwIPSecTunnelRemotePort,
|
|
hwIPSecTunnelCpuID,
|
|
hwIPSecTunnelSrcIP,
|
|
hwIPSecTunnelFlowInfo,
|
|
hwIPSecTunnelLifeSize,
|
|
hwIPSecTunnelLifeTime,
|
|
hwIPSecVsysName,
|
|
hwIPSecTrapIfName,
|
|
hwIPSecTunnelSlotID,
|
|
hwIPSecInitiator
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when the IPSec tunnel is established."
|
|
::= { hwIPSecNotifications 1 }
|
|
|
|
hwIPSecTunnelStop NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecIfIndex,
|
|
hwIPSecTunnelPolicyNum,
|
|
hwIPSecTunnelIndex,
|
|
hwIPSecTunnelRuleId,
|
|
hwIPSecTunnelDstIP,
|
|
hwIPSecTunnelInsideIP,
|
|
hwIPSecTunnelRemotePort,
|
|
hwIPSecTunnelCpuID,
|
|
hwIPSecTunnelSrcIP,
|
|
hwIPSecTunnelFlowInfo,
|
|
hwIPSecTrapTunnelOfflineReason,
|
|
hwIPSecVsysName,
|
|
hwIPSecTrapIfName,
|
|
hwIPSecTunnelSlotID
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when the IPSec tunnel is deleted."
|
|
::= { hwIPSecNotifications 2 }
|
|
|
|
hwIPSecPolicyAdd NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecTrapTunnelPolicyName,
|
|
hwIPSecVsysName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is added."
|
|
::= { hwIPSecNotifications 3 }
|
|
|
|
hwIPSecPolicyDel NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecTrapTunnelPolicyName,
|
|
hwIPSecVsysName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is deleted."
|
|
::= { hwIPSecNotifications 4 }
|
|
|
|
hwIPSecPolicyAttach NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyName,
|
|
hwIPSecVsysName,
|
|
hwIPSecTrapIfName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is applied to an interface."
|
|
::= { hwIPSecNotifications 5 }
|
|
|
|
hwIPSecPolicyDetach NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyName,
|
|
hwIPSecVsysName,
|
|
hwIPSecTrapIfName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is cancelled on an interface."
|
|
::= { hwIPSecNotifications 6 }
|
|
|
|
hwIPSecIKEReset NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecVsysName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IKE SA is reset."
|
|
::= { hwIPSecNotifications 7 }
|
|
|
|
hwIPSecIPSecReset NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecVsysName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec SA is reset."
|
|
::= { hwIPSecNotifications 8 }
|
|
|
|
hwIPSecTunnelReachMax NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IPSec Tunnel Number will Be Reach Max."
|
|
::= { hwIPSecNotifications 9 }
|
|
|
|
hwIPSecTunnelReachMaxAtOnce NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IPSec Tunnel Number Reach Max At Once."
|
|
::= { hwIPSecNotifications 10 }
|
|
|
|
hwIKEPeerReachMax NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IKE Peer Number will Be Reach Max."
|
|
::= { hwIPSecNotifications 11 }
|
|
|
|
hwIKEPeerReachMaxAtOnce NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IKE Peer Number Reach Max At Once."
|
|
::= { hwIPSecNotifications 12 }
|
|
|
|
hwIKESaPhase1Establish NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelDstIP,
|
|
hwIPSecTrapTunnelRemotePort,
|
|
hwIPSecTrapTunnelSrcIP,
|
|
hwIPSecTrapAuthenticationMethod,
|
|
hwIPSecTrapAuthenticationID,
|
|
hwIPSecTrapAuthenticationIDType,
|
|
hwIPSecVsysName,
|
|
hwIPSecInitiator
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IKE SA phase1 establish ."
|
|
::= { hwIPSecNotifications 13 }
|
|
|
|
hwIPSecNegoFail NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecReason,
|
|
hwIPSecReasonCode,
|
|
hwIPSecTrapTunnelDstIP,
|
|
hwIPSecTrapTunnelRemotePort,
|
|
hwIPSecVsysName,
|
|
hwIPSecTrapIfName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IPSec tunnel negotiation fails."
|
|
::= { hwIPSecNotifications 14 }
|
|
|
|
hwIPSecTunnelHaveReachMax NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when IPSec Tunnel Number Has Been Reached Max ."
|
|
::= { hwIPSecNotifications 15 }
|
|
|
|
hwIPSecOPRRouteMissed NOTIFICATION-TYPE
|
|
OBJECTS { hwIPSecTrapTunnelDstIP, hwIPSecTrapTunnelDstIPMask, hwIPSecTrapRouteNextHope, hwIPSecTrapIfIndex, hwIPSecVsysName, hwIPSecTrapOprPri}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when opr route inject failed."
|
|
::= { hwIPSecNotifications 16 }
|
|
|
|
hwIPSecLowSecurityLevel NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security level of pkcs1 is low."
|
|
::= { hwIPSecNotifications 17 }
|
|
|
|
hwIPSecWeakEncr NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelDstIP,
|
|
hwIPSecTrapIfName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ipsec sa encryption-algorithm is not GCM mode."
|
|
::= { hwIPSecNotifications 18 }
|
|
|
|
hwIPSecTunnelStatusChange NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecVsysName,
|
|
hwIPSecTrapIfName,
|
|
hwIPSecTunnelPolicyName,
|
|
hwIPSecTunnelPolicyNum,
|
|
hwIPSecTunnelPolicyAlias,
|
|
hwIPSecTunnelVpnName,
|
|
hwIPSecTunnelFlowVpnName,
|
|
hwIPSecTrapTunnelDstIP,
|
|
hwIPSecTunnelDstPort,
|
|
hwIPSecTrapTunnelSrcIP,
|
|
hwIPSecTunnelSrcPort,
|
|
hwIPSecTunnelFlowInfo,
|
|
hwIPSecTunnelStatusChangeReason,
|
|
hwIPSecTunnelStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when the IPSec tunnel is established or deleted."
|
|
::= { hwIPSecNotifications 19 }
|
|
|
|
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecGdoiStatsTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.8
|
|
hwIPSecGdoiStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecGdoiStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the status attributes for Huawei IPSec Gdoi."
|
|
::= { hwIpsec 8 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.8.1
|
|
hwIPSecGdoiStatsEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecGdoiStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in the hwIPSecGdoiStatsTable holds a set of monitoring status parameters associated with an instance of IPSec gdoi."
|
|
INDEX { hwIPSecGdoiGroupID, hwIPSecGdoiRemoteAddress }
|
|
::= { hwIPSecGdoiStatsTable 1 }
|
|
|
|
HwIPSecGdoiStatsEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecGdoiGroupID
|
|
Gauge32,
|
|
hwIPSecGdoiRemoteAddress
|
|
IpAddress,
|
|
hwIPSecTunnelSendPacket
|
|
Counter64,
|
|
hwIPSecTunnelSendSize
|
|
Counter64,
|
|
hwIPSecTunnelSendErrorPacket
|
|
Counter64,
|
|
hwIPSecTunnelSendErrorSize
|
|
Counter64,
|
|
hwIPSecTunnelRecvPacket
|
|
Counter64,
|
|
hwIPSecTunnelRecvSize
|
|
Counter64,
|
|
hwIPSecTunnelRecvErrorPacket
|
|
Counter64,
|
|
hwIPSecTunnelRecvErrorSize
|
|
Counter64
|
|
}
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.8.1.1
|
|
hwIPSecGdoiGroupID OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ID of the GM group corresponding to the GM and KMC."
|
|
::= { hwIPSecGdoiStatsEntry 1 }
|
|
|
|
hwIPSecGdoiRemoteAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Address where a GM points to."
|
|
::= { hwIPSecGdoiStatsEntry 2 }
|
|
|
|
hwIPSecTunnelSendPacket OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the number of the sent packets."
|
|
::= { hwIPSecGdoiStatsEntry 3 }
|
|
|
|
hwIPSecTunnelSendSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the total bytes of the sent packet."
|
|
::= { hwIPSecGdoiStatsEntry 4 }
|
|
|
|
hwIPSecTunnelSendErrorPacket OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the error number of the sent packets."
|
|
::= { hwIPSecGdoiStatsEntry 5 }
|
|
|
|
hwIPSecTunnelSendErrorSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the total Error bytes of the sent packets."
|
|
::= { hwIPSecGdoiStatsEntry 6 }
|
|
|
|
hwIPSecTunnelRecvPacket OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the number of the recieved packets."
|
|
::= { hwIPSecGdoiStatsEntry 7 }
|
|
|
|
hwIPSecTunnelRecvSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the total bytes of the recieved packets."
|
|
::= { hwIPSecGdoiStatsEntry 8 }
|
|
|
|
hwIPSecTunnelRecvErrorPacket OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the error number of the recieved packets."
|
|
::= { hwIPSecGdoiStatsEntry 9 }
|
|
|
|
hwIPSecTunnelRecvErrorSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the total error bytes of the recieved packets."
|
|
::= { hwIPSecGdoiStatsEntry 10 }
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecTEKSAStatusTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.9
|
|
hwIPSecTEKSAStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecTEKSAStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the status attributes for Huawei IPSec Gdoi TEK SA."
|
|
::= { hwIpsec 9 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.9.1
|
|
hwIPSecTEKSAStatusEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecTEKSAStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in the hwIPSecTEKSAStatusEntry holds a set of monitoring status parameters associated with an instance of IPSec gdoi."
|
|
INDEX { hwIPSecGdoiGroupID, hwIPSecGdoiRemoteAddress }
|
|
::= { hwIPSecTEKSAStatusTable 1 }
|
|
|
|
HwIPSecTEKSAStatusEntry ::=
|
|
SEQUENCE{
|
|
hwIPSecTEKSAStatus
|
|
INTEGER
|
|
}
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.9.1.1
|
|
hwIPSecTEKSAStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
teksa(0),
|
|
noteksa(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Request for status of TEK-SA with the specified group-id and remote-address(If yes, the value is 0.)."
|
|
::= { hwIPSecTEKSAStatusEntry 1 }
|
|
|
|
-- ===============================================
|
|
-- Conformance Information
|
|
-- ===============================================
|
|
|
|
hwIPSecMibConformance OBJECT IDENTIFIER ::= { hwIpsec 7 }
|
|
|
|
hwIPSecMibCompliances OBJECT IDENTIFIER ::= { hwIPSecMibConformance 1 }
|
|
|
|
hwIPSecMibGroups OBJECT IDENTIFIER ::= { hwIPSecMibConformance 2 }
|
|
|
|
|
|
-- ===============================================
|
|
-- Compliance Statements
|
|
-- ===============================================
|
|
|
|
hwIPSecMibCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
" "
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS
|
|
{
|
|
hwIPSecGlobalStatsGroup,
|
|
hwIPSecTunnelConfigTableGroup,
|
|
hwIPSecTunnelStatsTableGroup,
|
|
hwIPSecSaStatisticTableGroup,
|
|
hwIPSecTrapObjectGroup,
|
|
hwIPSecNotificationsGroup
|
|
}
|
|
::= { hwIPSecMibCompliances 1 }
|
|
|
|
hwIPSecGlobalStatsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecGlobalTotal,
|
|
hwIPSecGlobalPacketInput,
|
|
hwIPSecGlobalPacketOutput,
|
|
hwIPSecGlobalByteInput,
|
|
hwIPSecGlobalByteOutput,
|
|
hwIPSecGlobalDroppedPacketInput,
|
|
hwIPSecGlobalDroppedPacketOutput,
|
|
hwIPSecGlobalEncIntactPacket,
|
|
hwIPSecGlobalEncPacketFirstSlice,
|
|
hwIPSecGlobalEncPacketAfterSlice,
|
|
hwIPSecGlobalDecPacketReassFirstSlice,
|
|
hwIPSecGlobalDecPacketReassAfterSlice,
|
|
hwIPSecGlobalDecPacketReassLenErr,
|
|
hwIPSecGlobalPacketHeaderWrong,
|
|
hwIPSecGlobalMemoryApplyFail,
|
|
hwIPSecGlobalCannotFindSA,
|
|
hwIPSecGlobalWrongSA,
|
|
hwIPSecGlobalBadAuthentication,
|
|
hwIPSecGlobalReplay,
|
|
hwIPSecGlobalPreRecheckErr,
|
|
hwIPSecGlobalPostRecheckErr,
|
|
hwIPSecGlobalExceedByteLimit,
|
|
hwIPSecGlobalExceedPacketLimit,
|
|
hwIPSecGlobalProcessIpv4Err,
|
|
hwIPSecGlobalFibSearchErr,
|
|
hwIPSecGlobalIKEInboundOK,
|
|
hwIPSecGlobalIKEInboundErr,
|
|
hwIPSecGlobalIKEOutboundOK,
|
|
hwIPSecGlobalIKEOutboundErr,
|
|
hwIPSecGlobalSoftExpr,
|
|
hwIPSecGlobalHardExpr,
|
|
hwIPSecGlobalDPDOper,
|
|
hwIPSecGlobalModpCnt,
|
|
hwIPSecGlobalSaeSucc,
|
|
hwIPSecGlobalSoftwareSucc,
|
|
hwIPSecGlobalConnectionRate,
|
|
hwIPSecGlobalTotalPhase1Num,
|
|
hwIPSecGlobalBytesPerSecondIn,
|
|
hwIPSecGlobalBytesPerSecondOut
|
|
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the global statistics information for
|
|
Huawei IPSec tunnel."
|
|
::= { hwIPSecMibGroups 1 }
|
|
|
|
hwIPSecTunnelConfigTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTunnelRuleId,
|
|
hwIPSecTunnelDstIP,
|
|
hwIPSecTunnelInsideIP,
|
|
hwIPSecTunnelRemotePort,
|
|
hwIPSecTunnelCpuID,
|
|
hwIPSecTunnelEncapMode,
|
|
hwIPSecTunnelNatTraver,
|
|
hwIPSecTunnelFromIKEV2,
|
|
hwIPSecTunnelEncryptMode,
|
|
hwIPSecTunnelESPDigestMode,
|
|
hwIPSecTunnelAHDigestMode,
|
|
hwIPSecTunnelProto,
|
|
hwIPSecTunnelOutPortIndex,
|
|
hwIPSecTunnelSrcPort,
|
|
hwIPSecTunnelDstPort,
|
|
hwIPSecTunnelVrfIndex,
|
|
hwIPSecTunnelIfVrfIndex,
|
|
hwIPSecTunnelSrcIP,
|
|
hwIPSecTunnelSpeedLimitIn,
|
|
hwIPSecTunnelSpeedLimitOut,
|
|
hwIPSecTunnelInitiator,
|
|
hwIPSecTunnelLifeSize,
|
|
hwIPSecTunnelLifeTime,
|
|
hwIPSecTunnelPolicyName,
|
|
hwIPSecTunnelSaStatus,
|
|
hwIPSecTunnelSlotID,
|
|
hwIPSecTunnelFlowInfo,
|
|
hwIPSecTunnelPolicyAlias,
|
|
hwIPSecTunnelDstIPv6,
|
|
hwIPSecTunnelInsideIPv6,
|
|
hwIPSecTunnelSrcIPv6
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the monitoring IPSec tunnel configuration attributes for
|
|
Huawei IPSec tunnel."
|
|
::= { hwIPSecMibGroups 2 }
|
|
|
|
hwIPSecTunnelStatsTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTunnelSaIDIn,
|
|
hwIPSecTunnelSaIDOut,
|
|
hwIPSecTunnelFlowSoftExpireIn,
|
|
hwIPSecTunnelFlowSoftExpireOut,
|
|
hwIPSecTunnelFlowHardExpireIn,
|
|
hwIPSecTunnelFlowHardExpireOut,
|
|
hwIPSecTunnelRemainTime,
|
|
hwIPSecTunnelRemainSize,
|
|
hwIPSecTunnelSpiIn,
|
|
hwIPSecTunnelSpiOut,
|
|
hwIPSecTunnelInSideSpiIn,
|
|
hwIPSecTunnelInSideSpiOut,
|
|
hwIPSecTunnelESPSequenceNumberIn,
|
|
hwIPSecTunnelESPSequenceNumberOut,
|
|
hwIPSecTunnellAHSequenceNumberIn,
|
|
hwIPSecTunnellAHSequenceNumberOut,
|
|
hwIPSecTunnelMemApplyFail,
|
|
hwIPSecTunnelBadAuth,
|
|
hwIPSecTunnelReplay,
|
|
hwIPSecTunnelAfterReCheckErr,
|
|
hwIPSecTunnelPktDropByteLimitIn,
|
|
hwIPSecTunnelPktDropByteLimitOut,
|
|
hwIPSecTunnelFIBSearchErr,
|
|
hwIPSecTunnelBytesPerSecondIn,
|
|
hwIPSecTunnelBytesPerSecondOut,
|
|
hwIPSecTunnelPacketsPerSecondIn,
|
|
hwIPSecTunnelPacketsPerSecondOut,
|
|
hwIPSecTunnelErrPacketsPerSecondIn,
|
|
hwIPSecTunnelErrPacketsPerSecondOut,
|
|
hwIPSecTunnelErrPacketsIn,
|
|
hwIPSecTunnelErrPacketsOut
|
|
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the monitoring IPSec tunnel statistics attributes for
|
|
Huawei IPSec tunnel."
|
|
::= { hwIPSecMibGroups 3 }
|
|
|
|
|
|
hwIPSecSaStatisticTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecSaStatisticTunnelPolicyName,
|
|
hwIPSecSaStatisticSaInCnt,
|
|
hwIPSecSaStatisticSaOutCnt,
|
|
hwIPSecTunnelByteInput,
|
|
hwIPSecTunnelByteOutput,
|
|
hwIPSecTunnelPacketInput,
|
|
hwIPSecTunnelPacketOutput,
|
|
hwIPSecTunnelDroppedPacketInput,
|
|
hwIPSecTunnelDroppedPacketOutput,
|
|
hwIPSecTunnelDialUserCount,
|
|
hwIPSecSaStatisticTunnelPolicyAlias
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the SA numbers of policies which have been bound with interfaces."
|
|
::= { hwIPSecMibGroups 4 }
|
|
|
|
|
|
hwIPSecTrapObjectGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec trap objects."
|
|
::= { hwIPSecMibGroups 5 }
|
|
|
|
hwIPSecNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS
|
|
{
|
|
hwIPSecTunnelStart,
|
|
hwIPSecTunnelStop,
|
|
hwIPSecPolicyAdd,
|
|
hwIPSecPolicyDel,
|
|
hwIPSecPolicyAttach,
|
|
hwIPSecPolicyDetach,
|
|
hwIPSecIKEReset,
|
|
hwIPSecIPSecReset,
|
|
hwIPSecTunnelReachMax,
|
|
hwIPSecTunnelReachMaxAtOnce,
|
|
hwIKEPeerReachMax,
|
|
hwIKEPeerReachMaxAtOnce,
|
|
hwIKESaPhase1Establish,
|
|
hwIPSecNegoFail,
|
|
hwIPSecTunnelStatusChange
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec traps."
|
|
::= { hwIPSecMibGroups 6 }
|
|
|
|
|
|
hwIPSecGdoiStatsTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTunnelSendPacket,
|
|
hwIPSecTunnelSendSize,
|
|
hwIPSecTunnelSendErrorPacket,
|
|
hwIPSecTunnelSendErrorSize,
|
|
hwIPSecTunnelRecvPacket,
|
|
hwIPSecTunnelRecvSize,
|
|
hwIPSecTunnelRecvErrorPacket,
|
|
hwIPSecTunnelRecvErrorSize
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistic the tunnel flow of the spcified IPSec policy group-id."
|
|
::= { hwIPSecMibGroups 7 }
|
|
|
|
END
|
|
|