WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/huawei/HUAWEI-SECURITY-IPSEC-MIB

2121 lines
64 KiB
Plaintext
Raw Blame History

-- =============================================================================
-- Copyright (C) 2022 by HUAWEI SYMANTEC TECHNOLOGIES. All rights reserved.
-- Description: The MIB is designed to get IPSec tunnels' statistic information.
-- Reference: Huawei Enterprise MIB
-- Version: V1.24
-- History:
-- V1.0 The initial version created by LiShengbai 90004270.
-- =============================================================================
HUAWEI-SECURITY-IPSEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
Gauge32, IpAddress, Counter64, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
enterprises
FROM RFC1155-SMI
Ipv6Address
FROM IPV6-TC;
hwIpsec MODULE-IDENTITY
LAST-UPDATED "202206131540Z" --June 13, 2022 at 15:48 GMT
ORGANIZATION
"Huawei Technologies Co.,Ltd."
CONTACT-INFO
"Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com"
DESCRIPTION
"V1.24 fix hwIPSecTunnelStatusChange description."
REVISION "202206131540Z"
DESCRIPTION
"V1.23 add hwIPSecTunnelPolicyAlias for hwIPSecTunnelStatusChange."
REVISION "202110071449Z"
DESCRIPTION
"V1.22 add add hwIPSecTunnelStatusChange."
REVISION "202110071449Z"
DESCRIPTION
"V1.21 add add hwIPSecTrapOprPri."
REVISION "202106181210Z"
DESCRIPTION
"V1.20 add add hwIPSecLowSecurityLevel."
REVISION "202105121000Z"
DESCRIPTION
"V1.19 add add hwIPSecGlobalBytesPerSecondIn, hwIPSecGlobalBytesPerSecondOut."
REVISION "202103231000Z"
DESCRIPTION
"V1.18 fix syntax errors."
REVISION "202008281500Z"
DESCRIPTION
"V1.17 fix syntax errors."
REVISION "202007161500Z"
DESCRIPTION
"V1.16 add hwIPSecTrapTunnelDstIPMask, hwIPSecTrapRouteNextHope."
REVISION "202004151500Z"
DESCRIPTION
"V1.15 add opr route miss warning."
REVISION "202004141500Z"
DESCRIPTION
"V1.14 add hwIPSecTunnelBytesPerSecondIn, hwIPSecTunnelBytesPerSecondOut, hwIPSecTunnelPacketsPerSecondIn, hwIPSecTunnelPacketsPerSecondOut, hwIPSecTunnelErrPacketsPerSecondIn, hwIPSecTunnelErrPacketsPerSecondOut, hwIPSecTunnelErrPacketsIn, hwIPSecTunnelErrPacketsOut at 2018-08-08."
REVISION "201808081500Z"
DESCRIPTION
"V1.13 add hwIPSecTunnelDstIPv6, hwIPSecTunnelInsideIPv6, hwIPSecTunnelSrcIPv6at 2018-07-24."
REVISION "201807241500Z"
DESCRIPTION
"V1.12 add hwIPSecInitiator at 2018-05-21."
REVISION "201805211500Z"
DESCRIPTION
"V1.10 add hwIPSecTunnelHaveReachMax at 2018-03-21."
REVISION "201803211500Z"
DESCRIPTION
"V1.10 change the position of hwIPSecTunnelFlowInfo in hwIPSecTunnelStart and hwIPSecTunnnelStop at 2018-01-17."
REVISION "201801171500Z"
DESCRIPTION
"V1.09 add hwIPSecSaStatisticsTable and add hwIPSecTunnelFlowInfo to hwIPSecTunnelStart and hwIPSecTunnnelStop at 2017-11-21."
REVISION "201711211500Z"
DESCRIPTION
"V1.09 add hwIPSecTunnelSlotID at 2017-09-27."
REVISION "201709291500Z"
DESCRIPTION
"V1.08 add hwIPSecIfName at 2017-05-10."
REVISION "201705101500Z"
DESCRIPTION
"V1.07 add hwIPSec Vsys Name at 2016-12-06."
REVISION "201612061500Z"
DESCRIPTION
"V1.06 add hwIPSecTrapTunnelOfflineReason and add this node to hwIPSecTunnelStop at 2016-10-25."
REVISION "201610251500Z"
DESCRIPTION
"V1.05 modify hwIPSecNegoFail at 2016-06-23."
REVISION "201606231500Z"
DESCRIPTION
"V1.04 modify hwIPSecTunnelLifeSize at 2015-07-13."
REVISION "201507131500Z"
DESCRIPTION
"V1.03 The IPSec mib is for Eudemon and USG product series."
REVISION "201505281500Z"
DESCRIPTION
"V1.00 The IPSec mib is for Eudemon and USG product series."
REVISION "201505051900Z"
DESCRIPTION
"Modify hwIPSecNegoFail at 2015-05-05."
REVISION "201504281900Z"
DESCRIPTION
"Add type of hwIPSecNegoFail at 2015-04-28."
REVISION "200910100900Z"
DESCRIPTION
"Modify mib nodes OID.So that, eSAP V2R1 version mib nodes
can be compatible to last version's mib nodes."
::= { hwSecurity 26 }
-- ===============================================
-- Node definitions
-- ===============================================
-- 1.3.6.1.4.1.2011
huawei OBJECT IDENTIFIER ::= { enterprises 2011 }
-- 1.3.6.1.4.1.2011.6
huaweiUtility OBJECT IDENTIFIER ::= { huawei 6 }
-- 1.3.6.1.4.1.2011.6.122
hwSecurity OBJECT IDENTIFIER ::= { huaweiUtility 122 }
-- ===============================================
-- Begin the hwIPSecGlobalStats.
-- ===============================================
hwIPSecGlobalStats OBJECT IDENTIFIER ::= { hwIpsec 1 }
hwIPSecGlobalTotal OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of IPSec Phase2 tunnels."
::= { hwIPSecGlobalStats 1 }
hwIPSecGlobalPacketInput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of received security packets."
::= { hwIPSecGlobalStats 2 }
hwIPSecGlobalPacketOutput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of sent security packets."
::= { hwIPSecGlobalStats 3 }
hwIPSecGlobalByteInput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes of received security packets."
::= { hwIPSecGlobalStats 4 }
hwIPSecGlobalByteOutput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes of sent security packets."
::= { hwIPSecGlobalStats 5 }
hwIPSecGlobalDroppedPacketInput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets that are received."
::= { hwIPSecGlobalStats 6 }
hwIPSecGlobalDroppedPacketOutput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets that are sent."
::= { hwIPSecGlobalStats 7 }
hwIPSecGlobalEncIntactPacket OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets that do not need to be fragmented."
::= { hwIPSecGlobalStats 8 }
hwIPSecGlobalEncPacketFirstSlice OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of initial packets to be encrypted."
::= { hwIPSecGlobalStats 9 }
hwIPSecGlobalEncPacketAfterSlice OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of follow-up packets to be encrypted."
::= { hwIPSecGlobalStats 10 }
hwIPSecGlobalDecPacketReassFirstSlice OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of initial packets that are fragmented and assembled."
::= { hwIPSecGlobalStats 11 }
hwIPSecGlobalDecPacketReassAfterSlice OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of follow-up packets that are fragmented and assembled."
::= { hwIPSecGlobalStats 12 }
hwIPSecGlobalDecPacketReassLenErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets with incorrect length during reassembling."
::= { hwIPSecGlobalStats 13 }
hwIPSecGlobalPacketHeaderWrong OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the packet header error."
::= { hwIPSecGlobalStats 14 }
hwIPSecGlobalMemoryApplyFail OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by memory applying failure."
::= { hwIPSecGlobalStats 15 }
hwIPSecGlobalCannotFindSA OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by no matched security associations."
::= { hwIPSecGlobalStats 16 }
hwIPSecGlobalWrongSA OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by incorrect security associations."
::= { hwIPSecGlobalStats 17 }
hwIPSecGlobalBadAuthentication OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the authentication failure."
::= { hwIPSecGlobalStats 18 }
hwIPSecGlobalReplay OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the packet replay."
::= { hwIPSecGlobalStats 19 }
hwIPSecGlobalPreRecheckErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the pre-check failure."
::= { hwIPSecGlobalStats 20 }
hwIPSecGlobalPostRecheckErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the post-check failure"
::= { hwIPSecGlobalStats 21 }
hwIPSecGlobalExceedByteLimit OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the exceeding of the byte limit."
::= { hwIPSecGlobalStats 22 }
hwIPSecGlobalExceedPacketLimit OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the exceeding of the packet limit."
::= { hwIPSecGlobalStats 23 }
hwIPSecGlobalProcessIpv4Err OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the plain-text forwarding failure."
::= { hwIPSecGlobalStats 24 }
hwIPSecGlobalFibSearchErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the route check failure."
::= { hwIPSecGlobalStats 25 }
hwIPSecGlobalIKEInboundOK OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of received IKE negotiation packets that successfully enter the queue."
::= { hwIPSecGlobalStats 26 }
hwIPSecGlobalIKEInboundErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of received IKE negotiation packets that fail to enter the queue."
::= { hwIPSecGlobalStats 27 }
hwIPSecGlobalIKEOutboundOK OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of sent IKE negotiation packets that successfully enter the queue."
::= { hwIPSecGlobalStats 28 }
hwIPSecGlobalIKEOutboundErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of sent IKE negotiation packets that fail to enter the queue."
::= { hwIPSecGlobalStats 29 }
hwIPSecGlobalSoftExpr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Soft timeout times."
::= { hwIPSecGlobalStats 30 }
hwIPSecGlobalHardExpr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Hard timeout times."
::= { hwIPSecGlobalStats 31 }
hwIPSecGlobalDPDOper OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"DPD operation and detection times."
::= { hwIPSecGlobalStats 32 }
hwIPSecGlobalModpCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Modular exponentiation calculation."
::= { hwIPSecGlobalStats 33 }
hwIPSecGlobalSaeSucc OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"SAE computing success."
::= { hwIPSecGlobalStats 34 }
hwIPSecGlobalSoftwareSucc OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Software computing success."
::= { hwIPSecGlobalStats 35 }
hwIPSecGlobalConnectionRate OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"New Connection Rate of IPSec tunnels."
::= { hwIPSecGlobalStats 36 }
hwIPSecGlobalTotalPhase1Num OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total Number of IPSec Phase1 tunnels."
::= { hwIPSecGlobalStats 37 }
hwIPSecGlobalBytesPerSecondIn OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Incoming encrypted IPsec packet rate, in bytes/s."
::= { hwIPSecGlobalStats 38 }
hwIPSecGlobalBytesPerSecondOut OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Outgoing encrypted IPsec packet rate, in bytes/s."
::= { hwIPSecGlobalStats 39 }
-- ===============================================
-- Begin the table of hwIPSecTunnelConfigTable.
-- ===============================================
-- 1.3.6.1.4.1.2011.6.122.26.2
hwIPSecTunnelConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIPSecTunnelConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the configuration attributes for Huawei IPSec tunnel."
::= { hwIpsec 2 }
-- 1.3.6.1.4.1.2011.6.122.26.2.1
hwIPSecTunnelConfigEntry OBJECT-TYPE
SYNTAX HwIPSecTunnelConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring configuration parameters associated with an instance of IPSec tunnel."
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex }
::= { hwIPSecTunnelConfigTable 1 }
HwIPSecTunnelConfigEntry ::=
SEQUENCE {
hwIPSecIfIndex
Gauge32,
hwIPSecTunnelPolicyNum
Gauge32,
hwIPSecTunnelIndex
Gauge32,
hwIPSecTunnelRuleId
Gauge32,
hwIPSecTunnelDstIP
OCTET STRING,
hwIPSecTunnelInsideIP
OCTET STRING,
hwIPSecTunnelRemotePort
Gauge32,
hwIPSecTunnelCpuID
Gauge32,
hwIPSecTunnelEncapMode
INTEGER,
hwIPSecTunnelNatTraver
INTEGER,
hwIPSecTunnelFromIKEV2
INTEGER,
hwIPSecTunnelEncryptMode
Gauge32,
hwIPSecTunnelESPDigestMode
Gauge32,
hwIPSecTunnelAHDigestMode
Gauge32,
hwIPSecTunnelProto
Gauge32,
hwIPSecTunnelOutPortIndex
Gauge32,
hwIPSecTunnelSrcPort
Gauge32,
hwIPSecTunnelDstPort
Gauge32,
hwIPSecTunnelVrfIndex
Gauge32,
hwIPSecTunnelIfVrfIndex
Gauge32,
hwIPSecTunnelSrcIP
OCTET STRING,
hwIPSecTunnelSpeedLimitIn
Gauge32,
hwIPSecTunnelSpeedLimitOut
Gauge32,
hwIPSecTunnelInitiator
INTEGER,
hwIPSecTunnelLifeSize
Gauge32,
hwIPSecTunnelLifeTime
Gauge32,
hwIPSecTunnelPolicyName
OCTET STRING,
hwIPSecTunnelSaStatus
INTEGER,
hwIPSecTunnelSlotID
Gauge32,
hwIPSecTunnelFlowInfo
OCTET STRING,
hwIPSecTunnelPolicyAlias
OCTET STRING,
hwIPSecTunnelDstIPv6
OCTET STRING,
hwIPSecTunnelInsideIPv6
OCTET STRING,
hwIPSecTunnelSrcIPv6
OCTET STRING
}
-- 1.3.6.1.4.1.2011.6.122.26.2.1.1
hwIPSecIfIndex OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Index of the router interface corresponding to the IPSec tunnel."
::= { hwIPSecTunnelConfigEntry 1 }
hwIPSecTunnelPolicyNum OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The tunnel number of IPSec policy."
::= { hwIPSecTunnelConfigEntry 2 }
hwIPSecTunnelIndex OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Index of the IPSec tunnel."
::= { hwIPSecTunnelConfigEntry 3 }
hwIPSecTunnelRuleId OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"ID of the ACL rule in the current IPSec policy."
::= { hwIPSecTunnelConfigEntry 4 }
hwIPSecTunnelDstIP OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Destination IP address of the tunnel (peer end)."
::= { hwIPSecTunnelConfigEntry 5 }
hwIPSecTunnelInsideIP OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Intranet IP address of the peer end during remote access."
::= { hwIPSecTunnelConfigEntry 6 }
hwIPSecTunnelRemotePort OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Port number of the peer end of the tunnel."
::= { hwIPSecTunnelConfigEntry 7 }
hwIPSecTunnelCpuID OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"CPU ID of the tunnel."
::= { hwIPSecTunnelConfigEntry 8 }
hwIPSecTunnelEncapMode OBJECT-TYPE
SYNTAX INTEGER {
tunnel(0),
transport(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Encapsulation mode of the tunnel (tunneling mode or transmission mode)."
::= { hwIPSecTunnelConfigEntry 9 }
hwIPSecTunnelNatTraver OBJECT-TYPE
SYNTAX INTEGER
{
noNatTraversal(0),
natTraversal(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether the tunnel needs NAT traversal (If yes, the value is 1.)."
::= { hwIPSecTunnelConfigEntry 10 }
hwIPSecTunnelFromIKEV2 OBJECT-TYPE
SYNTAX INTEGER {
noIkev2(0),
ikev2(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether the tunnel adopts IKEv2 (If yes, the value is 1.)."
::= { hwIPSecTunnelConfigEntry 11 }
hwIPSecTunnelEncryptMode OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Encryption mode of the tunnel."
::= { hwIPSecTunnelConfigEntry 12 }
hwIPSecTunnelESPDigestMode OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"ESP check mode of the tunnel."
::= { hwIPSecTunnelConfigEntry 13 }
hwIPSecTunnelAHDigestMode OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"AH check mode of the tunnel."
::= { hwIPSecTunnelConfigEntry 14 }
hwIPSecTunnelProto OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Protocol of the tunnel (ESP or AH, or both)."
::= { hwIPSecTunnelConfigEntry 15 }
hwIPSecTunnelOutPortIndex OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the egress of the tunnel."
::= { hwIPSecTunnelConfigEntry 16 }
hwIPSecTunnelSrcPort OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the source port number if NAT traversal is adopted."
::= { hwIPSecTunnelConfigEntry 17 }
hwIPSecTunnelDstPort OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the destination port number if NAT traversal is adopted."
::= { hwIPSecTunnelConfigEntry 18 }
hwIPSecTunnelVrfIndex OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"VPN ID protected by the tunnel."
::= { hwIPSecTunnelConfigEntry 19 }
hwIPSecTunnelIfVrfIndex OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"VPN ID of the sending interface of the tunnel."
::= { hwIPSecTunnelConfigEntry 20 }
hwIPSecTunnelSrcIP OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Source IP address of the tunnel (local end)."
::= { hwIPSecTunnelConfigEntry 21 }
hwIPSecTunnelSpeedLimitIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Rate limiting pre-configured in the incoming direction."
::= { hwIPSecTunnelConfigEntry 22 }
hwIPSecTunnelSpeedLimitOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Rate limiting pre-configured in the outgoing direction."
::= { hwIPSecTunnelConfigEntry 23 }
hwIPSecTunnelInitiator OBJECT-TYPE
SYNTAX INTEGER {
responder(0),
ikev2Initiator(1),
ikev1Initiator(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Initiator or responder of the IPSec tunnel."
::= { hwIPSecTunnelConfigEntry 24 }
hwIPSecTunnelLifeSize OBJECT-TYPE
SYNTAX Gauge32 (0..200000000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Life cycle of the IPSec tunnel (in kbytes)."
::= { hwIPSecTunnelConfigEntry 25 }
hwIPSecTunnelLifeTime OBJECT-TYPE
SYNTAX Gauge32 (1..604800)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Life cycle of the IPSec tunnel (in seconds)."
::= { hwIPSecTunnelConfigEntry 26 }
hwIPSecTunnelPolicyName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Security policy for the IPSec tunnel."
::= { hwIPSecTunnelConfigEntry 27 }
hwIPSecTunnelSaStatus OBJECT-TYPE
SYNTAX INTEGER {
free(0),
ocuppied(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Status of the SA."
::= { hwIPSecTunnelConfigEntry 28 }
hwIPSecTunnelSlotID OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"SLOT ID of the tunnel."
::= { hwIPSecTunnelConfigEntry 29 }
hwIPSecTunnelFlowInfo OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Data flow of the IPSec tunnel"
::= { hwIPSecTunnelConfigEntry 30 }
hwIPSecTunnelPolicyAlias OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Security policy alias for the IPSec tunnel."
::= { hwIPSecTunnelConfigEntry 31 }
hwIPSecTunnelDstIPv6 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Destination IPv6 address of the tunnel (peer end)."
::= { hwIPSecTunnelConfigEntry 32 }
hwIPSecTunnelInsideIPv6 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Intranet IPv6 address of the peer end during remote access."
::= { hwIPSecTunnelConfigEntry 33 }
hwIPSecTunnelSrcIPv6 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Source IPv6 address of the tunnel (local end)."
::= { hwIPSecTunnelConfigEntry 34 }
-- ===============================================
-- Begin the table of hwIPSecTunnelStatsTable.
-- ===============================================
-- 1.3.6.1.4.1.2011.6.122.26.3
hwIPSecTunnelStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIPSecTunnelStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the status attributes for Huawei IPSec tunnel."
::= { hwIpsec 3 }
-- 1.3.6.1.4.1.2011.6.122.26.3.1
hwIPSecTunnelStatsEntry OBJECT-TYPE
SYNTAX HwIPSecTunnelStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring status parameters associated with an instance of IPSec tunnel."
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex }
::= { hwIPSecTunnelStatsTable 1 }
HwIPSecTunnelStatsEntry ::=
SEQUENCE {
hwIPSecTunnelSaIDIn
Gauge32,
hwIPSecTunnelSaIDOut
Gauge32,
hwIPSecTunnelFlowSoftExpireIn
Gauge32,
hwIPSecTunnelFlowSoftExpireOut
Gauge32,
hwIPSecTunnelFlowHardExpireIn
Gauge32,
hwIPSecTunnelFlowHardExpireOut
Gauge32,
hwIPSecTunnelRemainTime
Gauge32,
hwIPSecTunnelRemainSize
Gauge32,
hwIPSecTunnelSpiIn
Gauge32,
hwIPSecTunnelSpiOut
Gauge32,
hwIPSecTunnelInSideSpiIn
Gauge32,
hwIPSecTunnelInSideSpiOut
Gauge32,
hwIPSecTunnelESPSequenceNumberIn
Gauge32,
hwIPSecTunnelESPSequenceNumberOut
Gauge32,
hwIPSecTunnellAHSequenceNumberIn
Gauge32,
hwIPSecTunnellAHSequenceNumberOut
Gauge32,
hwIPSecTunnelMemApplyFail
Counter64,
hwIPSecTunnelBadAuth
Counter64,
hwIPSecTunnelReplay
Counter64,
hwIPSecTunnelAfterReCheckErr
Counter64,
hwIPSecTunnelPktDropByteLimitIn
Counter64,
hwIPSecTunnelPktDropByteLimitOut
Counter64,
hwIPSecTunnelFIBSearchErr
Counter64,
hwIPSecTunnelBytesPerSecondIn
Gauge32,
hwIPSecTunnelBytesPerSecondOut
Gauge32,
hwIPSecTunnelPacketsPerSecondIn
Gauge32,
hwIPSecTunnelPacketsPerSecondOut
Gauge32,
hwIPSecTunnelErrPacketsPerSecondIn
Gauge32,
hwIPSecTunnelErrPacketsPerSecondOut
Gauge32,
hwIPSecTunnelErrPacketsIn
Gauge32,
hwIPSecTunnelErrPacketsOut
Gauge32
}
hwIPSecTunnelSaIDIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the incoming IPSec tunnel."
::= { hwIPSecTunnelStatsEntry 1 }
hwIPSecTunnelSaIDOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the outgoing IPSec tunnel."
::= { hwIPSecTunnelStatsEntry 2 }
hwIPSecTunnelFlowSoftExpireIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Incoming soft timeout traffic (in bytes)."
::= { hwIPSecTunnelStatsEntry 3 }
hwIPSecTunnelFlowSoftExpireOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Outgoing soft timeout traffic (in bytes)."
::= { hwIPSecTunnelStatsEntry 4 }
hwIPSecTunnelFlowHardExpireIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Incoming hard timeout traffic (in bytes)."
::= { hwIPSecTunnelStatsEntry 5 }
hwIPSecTunnelFlowHardExpireOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Outgoing hard timeout traffic (in bytes)."
::= { hwIPSecTunnelStatsEntry 6 }
hwIPSecTunnelRemainTime OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Remaining time of the IPSec tunnel (in seconds)."
::= { hwIPSecTunnelStatsEntry 7 }
hwIPSecTunnelRemainSize OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Remaining bytes of the IPSec tunnel (in kbytes)."
::= { hwIPSecTunnelStatsEntry 8 }
hwIPSecTunnelSpiIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Incoming SPI."
::= { hwIPSecTunnelStatsEntry 9 }
hwIPSecTunnelSpiOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Outgoing SPI."
::= { hwIPSecTunnelStatsEntry 10 }
hwIPSecTunnelInSideSpiIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"SPI of the internal ESP header when both AH and ESP are adopted in the incoming direction."
::= { hwIPSecTunnelStatsEntry 11 }
hwIPSecTunnelInSideSpiOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"SPI of the internal ESP header when both AH and ESP are adopted in the outgoing direction."
::= { hwIPSecTunnelStatsEntry 12 }
hwIPSecTunnelESPSequenceNumberIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Serial number of the incoming ESP protocol."
::= { hwIPSecTunnelStatsEntry 13 }
hwIPSecTunnelESPSequenceNumberOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Serial number of the outgoing ESP protocol."
::= { hwIPSecTunnelStatsEntry 14 }
hwIPSecTunnellAHSequenceNumberIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Serial number of the incoming AH protocol."
::= { hwIPSecTunnelStatsEntry 15 }
hwIPSecTunnellAHSequenceNumberOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Serial number of the outgoing AH protocol."
::= { hwIPSecTunnelStatsEntry 16 }
hwIPSecTunnelMemApplyFail OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets because packets to be encrypted are too long."
::= { hwIPSecTunnelStatsEntry 17 }
hwIPSecTunnelBadAuth OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the authentication failure of received packets."
::= { hwIPSecTunnelStatsEntry 18 }
hwIPSecTunnelReplay OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by receiving replayed packets."
::= { hwIPSecTunnelStatsEntry 19 }
hwIPSecTunnelAfterReCheckErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the decryption post-check failure."
::= { hwIPSecTunnelStatsEntry 20 }
hwIPSecTunnelPktDropByteLimitIn OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the exceeding the byte limit in the incoming direction."
::= { hwIPSecTunnelStatsEntry 21 }
hwIPSecTunnelPktDropByteLimitOut OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the exceeding of the byte limit in the outgoing direction."
::= { hwIPSecTunnelStatsEntry 22 }
hwIPSecTunnelFIBSearchErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of discarded packets caused by the route check failure."
::= { hwIPSecTunnelStatsEntry 23 }
hwIPSecTunnelBytesPerSecondIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Speed of inbound flow in bytes."
::= { hwIPSecTunnelStatsEntry 24 }
hwIPSecTunnelBytesPerSecondOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Speed of outbound flow in bytes."
::= { hwIPSecTunnelStatsEntry 25 }
hwIPSecTunnelPacketsPerSecondIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Speed of inbound flow in packets."
::= { hwIPSecTunnelStatsEntry 26 }
hwIPSecTunnelPacketsPerSecondOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Speed of outbound flow in packets."
::= { hwIPSecTunnelStatsEntry 27 }
hwIPSecTunnelErrPacketsPerSecondIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Speed of inbound error packets."
::= { hwIPSecTunnelStatsEntry 28 }
hwIPSecTunnelErrPacketsPerSecondOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Speed of outbound error packets."
::= { hwIPSecTunnelStatsEntry 29 }
hwIPSecTunnelErrPacketsIn OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of inbound error packets."
::= { hwIPSecTunnelStatsEntry 30 }
hwIPSecTunnelErrPacketsOut OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outbound error packets."
::= { hwIPSecTunnelStatsEntry 31 }
-- ===============================================
-- Begin the table of hwIPSecSaStatisticTable.
-- ===============================================
-- 1.3.6.1.4.1.2011.6.122.26.4
hwIPSecSaStatisticTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIPSecSaStatisticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the SA numbers of policies which have been bound with interfaces."
::= { hwIpsec 4 }
-- 1.3.6.1.4.1.2011.6.122.26.4.1
hwIPSecSaStatisticEntry OBJECT-TYPE
SYNTAX HwIPSecSaStatisticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"."
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum }
::= { hwIPSecSaStatisticTable 1 }
HwIPSecSaStatisticEntry ::=
SEQUENCE {
hwIPSecSaStatisticTunnelPolicyName
OCTET STRING,
hwIPSecSaStatisticSaInCnt
Gauge32,
hwIPSecSaStatisticSaOutCnt
Gauge32,
hwIPSecTunnelByteInput
Counter64,
hwIPSecTunnelByteOutput
Counter64,
hwIPSecTunnelPacketInput
Counter64,
hwIPSecTunnelPacketOutput
Counter64,
hwIPSecTunnelDroppedPacketInput
Counter64,
hwIPSecTunnelDroppedPacketOutput
Counter64,
hwIPSecTunnelDialUserCount
Gauge32 ,
hwIPSecSaStatisticTunnelPolicyAlias
OCTET STRING
}
hwIPSecSaStatisticTunnelPolicyName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Security policy for the IPSec tunnel."
::= { hwIPSecSaStatisticEntry 1 }
hwIPSecSaStatisticSaInCnt OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Incoming SA number."
::= { hwIPSecSaStatisticEntry 2 }
hwIPSecSaStatisticSaOutCnt OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Outgoing SA number."
::= { hwIPSecSaStatisticEntry 3 }
hwIPSecTunnelByteInput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Num of bytes received by the IPSec Tunnel."
::= { hwIPSecSaStatisticEntry 4 }
hwIPSecTunnelByteOutput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Num of bytes sent by the IPSec Tunnel."
::= { hwIPSecSaStatisticEntry 5 }
hwIPSecTunnelPacketInput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Num of packets received by the IPSec Tunnel."
::= { hwIPSecSaStatisticEntry 6 }
hwIPSecTunnelPacketOutput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Num of packets sent by the IPSec Tunnel."
::= { hwIPSecSaStatisticEntry 7 }
hwIPSecTunnelDroppedPacketInput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets discarded by the IPSec tunnel in the inbound direction"
::= { hwIPSecSaStatisticEntry 8 }
hwIPSecTunnelDroppedPacketOutput OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets discarded by the IPSec tunnel in the outbound direction"
::= { hwIPSecSaStatisticEntry 9 }
hwIPSecTunnelDialUserCount OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"IPSec tunnel remote access users"
::= { hwIPSecSaStatisticEntry 10 }
hwIPSecSaStatisticTunnelPolicyAlias OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Security policy alias for the IPSec tunnel."
::= { hwIPSecSaStatisticEntry 11 }
-- ===============================================
-- IPSecTrapObject.
-- ===============================================
hwIPSecTrapObject OBJECT IDENTIFIER ::= { hwIpsec 5 }
hwIPSecTrapTunnelPolicyNum OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The sequence number of IPSec tunnel policy."
::= { hwIPSecTrapObject 1 }
hwIPSecTrapIfIndex OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Index of the router interface corresponding to the IPSec tunnel."
::= { hwIPSecTrapObject 2 }
hwIPSecTrapTunnelPolicyName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Security policy for the IPSec tunnel."
::= { hwIPSecTrapObject 3 }
hwIPSecTrapAuthenticationMethod OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPSec tunnel authentication method."
::= { hwIPSecTrapObject 4 }
hwIPSecTrapAuthenticationID OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPSec tunnel authentication ID."
::= { hwIPSecTrapObject 5 }
hwIPSecTrapAuthenticationIDType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..32))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPSec tunnel authentication ID type."
::= { hwIPSecTrapObject 6 }
hwIPSecTrapTunnelDstIP OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Destination IP address of the tunnel (peer end)."
::= { hwIPSecTrapObject 7 }
hwIPSecTrapTunnelSrcIP OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Source IP address of the tunnel."
::= { hwIPSecTrapObject 8 }
hwIPSecTrapTunnelRemotePort OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Port number of the peer end of the tunnel."
::= { hwIPSecTrapObject 9 }
hwIPSecReason OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Fail reason of negotiation."
::= { hwIPSecTrapObject 10 }
hwIPSecReasonCode OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Fail reason code of negotiation."
::= { hwIPSecTrapObject 11 }
hwIPSecTrapTunnelOfflineReason OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Offline reason of the IPSec tunnel."
::= { hwIPSecTrapObject 12 }
hwIPSecVsysName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..31))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Virtual system name. The value Public indicates the public system. For products that do not support virtual systems, the value is fixed to Public."
::= { hwIPSecTrapObject 13 }
hwIPSecTrapIfName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..63))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The interface name corresponding to the IPSec tunnel."
::= { hwIPSecTrapObject 14 }
hwIPSecInitiator OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..19))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The role in IKE negotiation."
::= { hwIPSecTrapObject 15 }
hwIPSecTrapTunnelDstIPMask OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Destination IP address of the tunnel mask."
::= { hwIPSecTrapObject 16 }
hwIPSecTrapRouteNextHope OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Ipsec opr route next hope."
::= { hwIPSecTrapObject 17 }
hwIPSecTrapOprPri OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Ipsec opr route priority."
::= { hwIPSecTrapObject 18 }
hwIPSecTunnelVpnName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..32))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Ipsec tunnel vpn name."
::= { hwIPSecTrapObject 19 }
hwIPSecTunnelFlowVpnName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..32))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Ipsec flow vpn name."
::= { hwIPSecTrapObject 20 }
hwIPSecTunnelStatus OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Status of the Tunnel."
::= { hwIPSecTrapObject 21 }
hwIPSecTunnelStatusChangeReason OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..128))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPSec tunnel status change reason."
::= { hwIPSecTrapObject 22 }
-- ===============================================
-- definition of traps.
-- ===============================================
hwIPSecNotifications OBJECT IDENTIFIER ::= { hwIpsec 6 }
hwIPSecTunnelStart NOTIFICATION-TYPE
OBJECTS {
hwIPSecIfIndex,
hwIPSecTunnelPolicyNum,
hwIPSecTunnelIndex,
hwIPSecTunnelRuleId,
hwIPSecTunnelDstIP,
hwIPSecTunnelInsideIP,
hwIPSecTunnelRemotePort,
hwIPSecTunnelCpuID,
hwIPSecTunnelSrcIP,
hwIPSecTunnelFlowInfo,
hwIPSecTunnelLifeSize,
hwIPSecTunnelLifeTime,
hwIPSecVsysName,
hwIPSecTrapIfName,
hwIPSecTunnelSlotID,
hwIPSecInitiator
}
STATUS current
DESCRIPTION
"Send the message when the IPSec tunnel is established."
::= { hwIPSecNotifications 1 }
hwIPSecTunnelStop NOTIFICATION-TYPE
OBJECTS {
hwIPSecIfIndex,
hwIPSecTunnelPolicyNum,
hwIPSecTunnelIndex,
hwIPSecTunnelRuleId,
hwIPSecTunnelDstIP,
hwIPSecTunnelInsideIP,
hwIPSecTunnelRemotePort,
hwIPSecTunnelCpuID,
hwIPSecTunnelSrcIP,
hwIPSecTunnelFlowInfo,
hwIPSecTrapTunnelOfflineReason,
hwIPSecVsysName,
hwIPSecTrapIfName,
hwIPSecTunnelSlotID
}
STATUS current
DESCRIPTION
"Send the message when the IPSec tunnel is deleted."
::= { hwIPSecNotifications 2 }
hwIPSecPolicyAdd NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapTunnelPolicyNum,
hwIPSecTrapTunnelPolicyName,
hwIPSecVsysName
}
STATUS current
DESCRIPTION
"Send the message when an IPSec policy is added."
::= { hwIPSecNotifications 3 }
hwIPSecPolicyDel NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapTunnelPolicyNum,
hwIPSecTrapTunnelPolicyName,
hwIPSecVsysName
}
STATUS current
DESCRIPTION
"Send the message when an IPSec policy is deleted."
::= { hwIPSecNotifications 4 }
hwIPSecPolicyAttach NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapIfIndex,
hwIPSecTrapTunnelPolicyName,
hwIPSecVsysName,
hwIPSecTrapIfName
}
STATUS current
DESCRIPTION
"Send the message when an IPSec policy is applied to an interface."
::= { hwIPSecNotifications 5 }
hwIPSecPolicyDetach NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapIfIndex,
hwIPSecTrapTunnelPolicyName,
hwIPSecVsysName,
hwIPSecTrapIfName
}
STATUS current
DESCRIPTION
"Send the message when an IPSec policy is cancelled on an interface."
::= { hwIPSecNotifications 6 }
hwIPSecIKEReset NOTIFICATION-TYPE
OBJECTS {
hwIPSecVsysName
}
STATUS current
DESCRIPTION
"Send the message when an IKE SA is reset."
::= { hwIPSecNotifications 7 }
hwIPSecIPSecReset NOTIFICATION-TYPE
OBJECTS {
hwIPSecVsysName
}
STATUS current
DESCRIPTION
"Send the message when an IPSec SA is reset."
::= { hwIPSecNotifications 8 }
hwIPSecTunnelReachMax NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"Send the message when IPSec Tunnel Number will Be Reach Max."
::= { hwIPSecNotifications 9 }
hwIPSecTunnelReachMaxAtOnce NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"Send the message when IPSec Tunnel Number Reach Max At Once."
::= { hwIPSecNotifications 10 }
hwIKEPeerReachMax NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"Send the message when IKE Peer Number will Be Reach Max."
::= { hwIPSecNotifications 11 }
hwIKEPeerReachMaxAtOnce NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"Send the message when IKE Peer Number Reach Max At Once."
::= { hwIPSecNotifications 12 }
hwIKESaPhase1Establish NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapTunnelDstIP,
hwIPSecTrapTunnelRemotePort,
hwIPSecTrapTunnelSrcIP,
hwIPSecTrapAuthenticationMethod,
hwIPSecTrapAuthenticationID,
hwIPSecTrapAuthenticationIDType,
hwIPSecVsysName,
hwIPSecInitiator
}
STATUS current
DESCRIPTION
"Send the message when IKE SA phase1 establish ."
::= { hwIPSecNotifications 13 }
hwIPSecNegoFail NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapIfIndex,
hwIPSecTrapTunnelPolicyNum,
hwIPSecReason,
hwIPSecReasonCode,
hwIPSecTrapTunnelDstIP,
hwIPSecTrapTunnelRemotePort,
hwIPSecVsysName,
hwIPSecTrapIfName
}
STATUS current
DESCRIPTION
"Send the message when IPSec tunnel negotiation fails."
::= { hwIPSecNotifications 14 }
hwIPSecTunnelHaveReachMax NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"Send the message when IPSec Tunnel Number Has Been Reached Max ."
::= { hwIPSecNotifications 15 }
hwIPSecOPRRouteMissed NOTIFICATION-TYPE
OBJECTS { hwIPSecTrapTunnelDstIP, hwIPSecTrapTunnelDstIPMask, hwIPSecTrapRouteNextHope, hwIPSecTrapIfIndex, hwIPSecVsysName, hwIPSecTrapOprPri}
STATUS current
DESCRIPTION
"Send the message when opr route inject failed."
::= { hwIPSecNotifications 16 }
hwIPSecLowSecurityLevel NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"The security level of pkcs1 is low."
::= { hwIPSecNotifications 17 }
hwIPSecWeakEncr NOTIFICATION-TYPE
OBJECTS {
hwIPSecTrapTunnelDstIP,
hwIPSecTrapIfName
}
STATUS current
DESCRIPTION
"The ipsec sa encryption-algorithm is not GCM mode."
::= { hwIPSecNotifications 18 }
hwIPSecTunnelStatusChange NOTIFICATION-TYPE
OBJECTS {
hwIPSecVsysName,
hwIPSecTrapIfName,
hwIPSecTunnelPolicyName,
hwIPSecTunnelPolicyNum,
hwIPSecTunnelPolicyAlias,
hwIPSecTunnelVpnName,
hwIPSecTunnelFlowVpnName,
hwIPSecTrapTunnelDstIP,
hwIPSecTunnelDstPort,
hwIPSecTrapTunnelSrcIP,
hwIPSecTunnelSrcPort,
hwIPSecTunnelFlowInfo,
hwIPSecTunnelStatusChangeReason,
hwIPSecTunnelStatus
}
STATUS current
DESCRIPTION
"Send the message when the IPSec tunnel is established or deleted."
::= { hwIPSecNotifications 19 }
-- ===============================================
-- Begin the table of hwIPSecGdoiStatsTable.
-- ===============================================
-- 1.3.6.1.4.1.2011.6.122.26.8
hwIPSecGdoiStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIPSecGdoiStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the status attributes for Huawei IPSec Gdoi."
::= { hwIpsec 8 }
-- 1.3.6.1.4.1.2011.6.122.26.8.1
hwIPSecGdoiStatsEntry OBJECT-TYPE
SYNTAX HwIPSecGdoiStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the hwIPSecGdoiStatsTable holds a set of monitoring status parameters associated with an instance of IPSec gdoi."
INDEX { hwIPSecGdoiGroupID, hwIPSecGdoiRemoteAddress }
::= { hwIPSecGdoiStatsTable 1 }
HwIPSecGdoiStatsEntry ::=
SEQUENCE {
hwIPSecGdoiGroupID
Gauge32,
hwIPSecGdoiRemoteAddress
IpAddress,
hwIPSecTunnelSendPacket
Counter64,
hwIPSecTunnelSendSize
Counter64,
hwIPSecTunnelSendErrorPacket
Counter64,
hwIPSecTunnelSendErrorSize
Counter64,
hwIPSecTunnelRecvPacket
Counter64,
hwIPSecTunnelRecvSize
Counter64,
hwIPSecTunnelRecvErrorPacket
Counter64,
hwIPSecTunnelRecvErrorSize
Counter64
}
-- 1.3.6.1.4.1.2011.6.122.26.8.1.1
hwIPSecGdoiGroupID OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"ID of the GM group corresponding to the GM and KMC."
::= { hwIPSecGdoiStatsEntry 1 }
hwIPSecGdoiRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address where a GM points to."
::= { hwIPSecGdoiStatsEntry 2 }
hwIPSecTunnelSendPacket OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the number of the sent packets."
::= { hwIPSecGdoiStatsEntry 3 }
hwIPSecTunnelSendSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the total bytes of the sent packet."
::= { hwIPSecGdoiStatsEntry 4 }
hwIPSecTunnelSendErrorPacket OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the error number of the sent packets."
::= { hwIPSecGdoiStatsEntry 5 }
hwIPSecTunnelSendErrorSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the total Error bytes of the sent packets."
::= { hwIPSecGdoiStatsEntry 6 }
hwIPSecTunnelRecvPacket OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the number of the recieved packets."
::= { hwIPSecGdoiStatsEntry 7 }
hwIPSecTunnelRecvSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the total bytes of the recieved packets."
::= { hwIPSecGdoiStatsEntry 8 }
hwIPSecTunnelRecvErrorPacket OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the error number of the recieved packets."
::= { hwIPSecGdoiStatsEntry 9 }
hwIPSecTunnelRecvErrorSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Statistic the total error bytes of the recieved packets."
::= { hwIPSecGdoiStatsEntry 10 }
-- ===============================================
-- Begin the table of hwIPSecTEKSAStatusTable.
-- ===============================================
-- 1.3.6.1.4.1.2011.6.122.26.9
hwIPSecTEKSAStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIPSecTEKSAStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the status attributes for Huawei IPSec Gdoi TEK SA."
::= { hwIpsec 9 }
-- 1.3.6.1.4.1.2011.6.122.26.9.1
hwIPSecTEKSAStatusEntry OBJECT-TYPE
SYNTAX HwIPSecTEKSAStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the hwIPSecTEKSAStatusEntry holds a set of monitoring status parameters associated with an instance of IPSec gdoi."
INDEX { hwIPSecGdoiGroupID, hwIPSecGdoiRemoteAddress }
::= { hwIPSecTEKSAStatusTable 1 }
HwIPSecTEKSAStatusEntry ::=
SEQUENCE{
hwIPSecTEKSAStatus
INTEGER
}
-- 1.3.6.1.4.1.2011.6.122.26.9.1.1
hwIPSecTEKSAStatus OBJECT-TYPE
SYNTAX INTEGER
{
teksa(0),
noteksa(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Request for status of TEK-SA with the specified group-id and remote-address(If yes, the value is 0.)."
::= { hwIPSecTEKSAStatusEntry 1 }
-- ===============================================
-- Conformance Information
-- ===============================================
hwIPSecMibConformance OBJECT IDENTIFIER ::= { hwIpsec 7 }
hwIPSecMibCompliances OBJECT IDENTIFIER ::= { hwIPSecMibConformance 1 }
hwIPSecMibGroups OBJECT IDENTIFIER ::= { hwIPSecMibConformance 2 }
-- ===============================================
-- Compliance Statements
-- ===============================================
hwIPSecMibCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
" "
MODULE -- this module
MANDATORY-GROUPS
{
hwIPSecGlobalStatsGroup,
hwIPSecTunnelConfigTableGroup,
hwIPSecTunnelStatsTableGroup,
hwIPSecSaStatisticTableGroup,
hwIPSecTrapObjectGroup,
hwIPSecNotificationsGroup
}
::= { hwIPSecMibCompliances 1 }
hwIPSecGlobalStatsGroup OBJECT-GROUP
OBJECTS {
hwIPSecGlobalTotal,
hwIPSecGlobalPacketInput,
hwIPSecGlobalPacketOutput,
hwIPSecGlobalByteInput,
hwIPSecGlobalByteOutput,
hwIPSecGlobalDroppedPacketInput,
hwIPSecGlobalDroppedPacketOutput,
hwIPSecGlobalEncIntactPacket,
hwIPSecGlobalEncPacketFirstSlice,
hwIPSecGlobalEncPacketAfterSlice,
hwIPSecGlobalDecPacketReassFirstSlice,
hwIPSecGlobalDecPacketReassAfterSlice,
hwIPSecGlobalDecPacketReassLenErr,
hwIPSecGlobalPacketHeaderWrong,
hwIPSecGlobalMemoryApplyFail,
hwIPSecGlobalCannotFindSA,
hwIPSecGlobalWrongSA,
hwIPSecGlobalBadAuthentication,
hwIPSecGlobalReplay,
hwIPSecGlobalPreRecheckErr,
hwIPSecGlobalPostRecheckErr,
hwIPSecGlobalExceedByteLimit,
hwIPSecGlobalExceedPacketLimit,
hwIPSecGlobalProcessIpv4Err,
hwIPSecGlobalFibSearchErr,
hwIPSecGlobalIKEInboundOK,
hwIPSecGlobalIKEInboundErr,
hwIPSecGlobalIKEOutboundOK,
hwIPSecGlobalIKEOutboundErr,
hwIPSecGlobalSoftExpr,
hwIPSecGlobalHardExpr,
hwIPSecGlobalDPDOper,
hwIPSecGlobalModpCnt,
hwIPSecGlobalSaeSucc,
hwIPSecGlobalSoftwareSucc,
hwIPSecGlobalConnectionRate,
hwIPSecGlobalTotalPhase1Num,
hwIPSecGlobalBytesPerSecondIn,
hwIPSecGlobalBytesPerSecondOut
}
STATUS current
DESCRIPTION
"This table specifies the global statistics information for
Huawei IPSec tunnel."
::= { hwIPSecMibGroups 1 }
hwIPSecTunnelConfigTableGroup OBJECT-GROUP
OBJECTS {
hwIPSecTunnelRuleId,
hwIPSecTunnelDstIP,
hwIPSecTunnelInsideIP,
hwIPSecTunnelRemotePort,
hwIPSecTunnelCpuID,
hwIPSecTunnelEncapMode,
hwIPSecTunnelNatTraver,
hwIPSecTunnelFromIKEV2,
hwIPSecTunnelEncryptMode,
hwIPSecTunnelESPDigestMode,
hwIPSecTunnelAHDigestMode,
hwIPSecTunnelProto,
hwIPSecTunnelOutPortIndex,
hwIPSecTunnelSrcPort,
hwIPSecTunnelDstPort,
hwIPSecTunnelVrfIndex,
hwIPSecTunnelIfVrfIndex,
hwIPSecTunnelSrcIP,
hwIPSecTunnelSpeedLimitIn,
hwIPSecTunnelSpeedLimitOut,
hwIPSecTunnelInitiator,
hwIPSecTunnelLifeSize,
hwIPSecTunnelLifeTime,
hwIPSecTunnelPolicyName,
hwIPSecTunnelSaStatus,
hwIPSecTunnelSlotID,
hwIPSecTunnelFlowInfo,
hwIPSecTunnelPolicyAlias,
hwIPSecTunnelDstIPv6,
hwIPSecTunnelInsideIPv6,
hwIPSecTunnelSrcIPv6
}
STATUS current
DESCRIPTION
"This table specifies the monitoring IPSec tunnel configuration attributes for
Huawei IPSec tunnel."
::= { hwIPSecMibGroups 2 }
hwIPSecTunnelStatsTableGroup OBJECT-GROUP
OBJECTS {
hwIPSecTunnelSaIDIn,
hwIPSecTunnelSaIDOut,
hwIPSecTunnelFlowSoftExpireIn,
hwIPSecTunnelFlowSoftExpireOut,
hwIPSecTunnelFlowHardExpireIn,
hwIPSecTunnelFlowHardExpireOut,
hwIPSecTunnelRemainTime,
hwIPSecTunnelRemainSize,
hwIPSecTunnelSpiIn,
hwIPSecTunnelSpiOut,
hwIPSecTunnelInSideSpiIn,
hwIPSecTunnelInSideSpiOut,
hwIPSecTunnelESPSequenceNumberIn,
hwIPSecTunnelESPSequenceNumberOut,
hwIPSecTunnellAHSequenceNumberIn,
hwIPSecTunnellAHSequenceNumberOut,
hwIPSecTunnelMemApplyFail,
hwIPSecTunnelBadAuth,
hwIPSecTunnelReplay,
hwIPSecTunnelAfterReCheckErr,
hwIPSecTunnelPktDropByteLimitIn,
hwIPSecTunnelPktDropByteLimitOut,
hwIPSecTunnelFIBSearchErr,
hwIPSecTunnelBytesPerSecondIn,
hwIPSecTunnelBytesPerSecondOut,
hwIPSecTunnelPacketsPerSecondIn,
hwIPSecTunnelPacketsPerSecondOut,
hwIPSecTunnelErrPacketsPerSecondIn,
hwIPSecTunnelErrPacketsPerSecondOut,
hwIPSecTunnelErrPacketsIn,
hwIPSecTunnelErrPacketsOut
}
STATUS current
DESCRIPTION
"This table specifies the monitoring IPSec tunnel statistics attributes for
Huawei IPSec tunnel."
::= { hwIPSecMibGroups 3 }
hwIPSecSaStatisticTableGroup OBJECT-GROUP
OBJECTS {
hwIPSecSaStatisticTunnelPolicyName,
hwIPSecSaStatisticSaInCnt,
hwIPSecSaStatisticSaOutCnt,
hwIPSecTunnelByteInput,
hwIPSecTunnelByteOutput,
hwIPSecTunnelPacketInput,
hwIPSecTunnelPacketOutput,
hwIPSecTunnelDroppedPacketInput,
hwIPSecTunnelDroppedPacketOutput,
hwIPSecTunnelDialUserCount,
hwIPSecSaStatisticTunnelPolicyAlias
}
STATUS current
DESCRIPTION
"This table specifies the SA numbers of policies which have been bound with interfaces."
::= { hwIPSecMibGroups 4 }
hwIPSecTrapObjectGroup OBJECT-GROUP
OBJECTS {
hwIPSecTrapTunnelPolicyNum,
hwIPSecTrapIfIndex,
hwIPSecTrapTunnelPolicyName
}
STATUS current
DESCRIPTION
"IPSec trap objects."
::= { hwIPSecMibGroups 5 }
hwIPSecNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS
{
hwIPSecTunnelStart,
hwIPSecTunnelStop,
hwIPSecPolicyAdd,
hwIPSecPolicyDel,
hwIPSecPolicyAttach,
hwIPSecPolicyDetach,
hwIPSecIKEReset,
hwIPSecIPSecReset,
hwIPSecTunnelReachMax,
hwIPSecTunnelReachMaxAtOnce,
hwIKEPeerReachMax,
hwIKEPeerReachMaxAtOnce,
hwIKESaPhase1Establish,
hwIPSecNegoFail,
hwIPSecTunnelStatusChange
}
STATUS current
DESCRIPTION
"IPSec traps."
::= { hwIPSecMibGroups 6 }
hwIPSecGdoiStatsTableGroup OBJECT-GROUP
OBJECTS {
hwIPSecTunnelSendPacket,
hwIPSecTunnelSendSize,
hwIPSecTunnelSendErrorPacket,
hwIPSecTunnelSendErrorSize,
hwIPSecTunnelRecvPacket,
hwIPSecTunnelRecvSize,
hwIPSecTunnelRecvErrorPacket,
hwIPSecTunnelRecvErrorSize
}
STATUS current
DESCRIPTION
"Statistic the tunnel flow of the spcified IPSec policy group-id."
::= { hwIPSecMibGroups 7 }
END
View Git Blame Copy Permalink