1380 lines
40 KiB
Plaintext
1380 lines
40 KiB
Plaintext
-- =============================================================================
|
|
-- Copyright (C) 2009 by HUAWEI SYMANTEC TECHNOLOGIES. All rights reserved.
|
|
-- Description: The MIB is designed to get IPSec tunnels' statistic information.
|
|
-- Reference: Huawei Enterprise MIB
|
|
-- Version: 1.0
|
|
-- History:
|
|
-- V1.0 The initial version created by LiShengbai 90004270.
|
|
-- =============================================================================
|
|
|
|
HUAWEI-SECURITY-IPSEC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Gauge32, IpAddress, Counter64, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
enterprises
|
|
FROM RFC1155-SMI;
|
|
|
|
|
|
hwIpsec MODULE-IDENTITY
|
|
LAST-UPDATED "200910100900Z" -- October 10, 2009 at 09:00 GMT
|
|
ORGANIZATION
|
|
"Huawei Symantec Technologies Co., Ltd."
|
|
CONTACT-INFO
|
|
"3rd Floor,Section D, Keshi Building, No.28, Xinxi Rd., Shangdi,
|
|
Hai-Dian District Beijing P.R. China
|
|
Zip:100085
|
|
Http://www.huaweisymantec.com
|
|
"
|
|
DESCRIPTION
|
|
"V1.00 The IPSec mib is for Eudemon and USG product series."
|
|
::= { hwSecurity 26 }
|
|
|
|
-- ===============================================
|
|
-- Node definitions
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011
|
|
huawei OBJECT IDENTIFIER ::= { enterprises 2011 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6
|
|
huaweiUtility OBJECT IDENTIFIER ::= { huawei 6 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122
|
|
hwSecurity OBJECT IDENTIFIER ::= { huaweiUtility 122 }
|
|
|
|
-- ===============================================
|
|
-- Begin the hwIPSecGlobalStats.
|
|
-- ===============================================
|
|
|
|
hwIPSecGlobalStats OBJECT IDENTIFIER ::= { hwIpsec 1 }
|
|
|
|
hwIPSecGlobalTotal OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of IPSec tunnels."
|
|
::= { hwIPSecGlobalStats 1 }
|
|
|
|
hwIPSecGlobalPacketInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received security packets."
|
|
::= { hwIPSecGlobalStats 2 }
|
|
|
|
hwIPSecGlobalPacketOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent security packets."
|
|
::= { hwIPSecGlobalStats 3 }
|
|
|
|
hwIPSecGlobalByteInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes of received security packets."
|
|
::= { hwIPSecGlobalStats 4 }
|
|
|
|
hwIPSecGlobalByteOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes of sent security packets."
|
|
::= { hwIPSecGlobalStats 5 }
|
|
|
|
hwIPSecGlobalDroppedPacketInput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets that are received."
|
|
::= { hwIPSecGlobalStats 6 }
|
|
|
|
hwIPSecGlobalDroppedPacketOutput OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets that are sent."
|
|
::= { hwIPSecGlobalStats 7 }
|
|
|
|
hwIPSecGlobalEncIntactPacket OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets that do not need to be fragmented."
|
|
::= { hwIPSecGlobalStats 8 }
|
|
|
|
hwIPSecGlobalEncPacketFirstSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of initial packets to be encrypted."
|
|
::= { hwIPSecGlobalStats 9 }
|
|
|
|
hwIPSecGlobalEncPacketAfterSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of follow-up packets to be encrypted."
|
|
::= { hwIPSecGlobalStats 10 }
|
|
|
|
hwIPSecGlobalDecPacketReassFirstSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of initial packets that are fragmented and assembled."
|
|
::= { hwIPSecGlobalStats 11 }
|
|
|
|
hwIPSecGlobalDecPacketReassAfterSlice OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of follow-up packets that are fragmented and assembled."
|
|
::= { hwIPSecGlobalStats 12 }
|
|
|
|
hwIPSecGlobalDecPacketReassLenErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets with incorrect length during reassembling."
|
|
::= { hwIPSecGlobalStats 13 }
|
|
|
|
hwIPSecGlobalPacketHeaderWrong OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the packet header error."
|
|
::= { hwIPSecGlobalStats 14 }
|
|
|
|
hwIPSecGlobalMemoryApplyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by memory applying failure."
|
|
::= { hwIPSecGlobalStats 15 }
|
|
|
|
hwIPSecGlobalCannotFindSA OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by no matched security associations."
|
|
::= { hwIPSecGlobalStats 16 }
|
|
|
|
hwIPSecGlobalWrongSA OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by incorrect security associations."
|
|
::= { hwIPSecGlobalStats 17 }
|
|
|
|
hwIPSecGlobalBadAuthentication OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the authentication failure."
|
|
::= { hwIPSecGlobalStats 18 }
|
|
|
|
hwIPSecGlobalReplay OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the packet replay."
|
|
::= { hwIPSecGlobalStats 19 }
|
|
|
|
hwIPSecGlobalPreRecheckErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the pre-check failure."
|
|
::= { hwIPSecGlobalStats 20 }
|
|
|
|
hwIPSecGlobalPostRecheckErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the post-check failure"
|
|
::= { hwIPSecGlobalStats 21 }
|
|
|
|
hwIPSecGlobalExceedByteLimit OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding of the byte limit."
|
|
::= { hwIPSecGlobalStats 22 }
|
|
|
|
hwIPSecGlobalExceedPacketLimit OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding of the packet limit."
|
|
::= { hwIPSecGlobalStats 23 }
|
|
|
|
hwIPSecGlobalProcessIpv4Err OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the plain-text forwarding failure."
|
|
::= { hwIPSecGlobalStats 24 }
|
|
|
|
hwIPSecGlobalFibSearchErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the route check failure."
|
|
::= { hwIPSecGlobalStats 25 }
|
|
|
|
hwIPSecGlobalIKEInboundOK OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received IKE negotiation packets that successfully enter the queue."
|
|
::= { hwIPSecGlobalStats 26 }
|
|
|
|
hwIPSecGlobalIKEInboundErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received IKE negotiation packets that fail to enter the queue."
|
|
::= { hwIPSecGlobalStats 27 }
|
|
|
|
hwIPSecGlobalIKEOutboundOK OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent IKE negotiation packets that successfully enter the queue."
|
|
::= { hwIPSecGlobalStats 28 }
|
|
|
|
hwIPSecGlobalIKEOutboundErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent IKE negotiation packets that fail to enter the queue."
|
|
::= { hwIPSecGlobalStats 29 }
|
|
|
|
hwIPSecGlobalSoftExpr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Soft timeout times."
|
|
::= { hwIPSecGlobalStats 30 }
|
|
|
|
hwIPSecGlobalHardExpr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hard timeout times."
|
|
::= { hwIPSecGlobalStats 31 }
|
|
|
|
hwIPSecGlobalDPDOper OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DPD operation and detection times."
|
|
::= { hwIPSecGlobalStats 32 }
|
|
|
|
hwIPSecGlobalModpCnt OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Modular exponentiation calculation."
|
|
::= { hwIPSecGlobalStats 33 }
|
|
|
|
hwIPSecGlobalSaeSucc OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SAE computing success."
|
|
::= { hwIPSecGlobalStats 34 }
|
|
|
|
hwIPSecGlobalSoftwareSucc OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Software computing success."
|
|
::= { hwIPSecGlobalStats 35 }
|
|
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecTunnelConfigTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.2
|
|
hwIPSecTunnelConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecTunnelConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the configuration attributes for Huawei IPSec tunnel."
|
|
::= { hwIpsec 2 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.2.1
|
|
hwIPSecTunnelConfigEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecTunnelConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring configuration parameters associated with an instance of IPSec tunnel."
|
|
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex }
|
|
::= { hwIPSecTunnelConfigTable 1 }
|
|
|
|
HwIPSecTunnelConfigEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecIfIndex
|
|
Gauge32,
|
|
hwIPSecTunnelPolicyNum
|
|
Gauge32,
|
|
hwIPSecTunnelIndex
|
|
Gauge32,
|
|
hwIPSecTunnelRuleId
|
|
Gauge32,
|
|
hwIPSecTunnelDstIP
|
|
IpAddress,
|
|
hwIPSecTunnelInsideIP
|
|
IpAddress,
|
|
hwIPSecTunnelRemotePort
|
|
Gauge32,
|
|
hwIPSecTunnelCpuID
|
|
Gauge32,
|
|
hwIPSecTunnelEncapMode
|
|
INTEGER,
|
|
hwIPSecTunnelNatTraver
|
|
INTEGER,
|
|
hwIPSecTunnelFromIKEV2
|
|
INTEGER,
|
|
hwIPSecTunnelEncryptMode
|
|
Gauge32,
|
|
hwIPSecTunnelESPDigestMode
|
|
Gauge32,
|
|
hwIPSecTunnelAHDigestMode
|
|
Gauge32,
|
|
hwIPSecTunnelProto
|
|
Gauge32,
|
|
hwIPSecTunnelOutPortIndex
|
|
Gauge32,
|
|
hwIPSecTunnelSrcPort
|
|
Gauge32,
|
|
hwIPSecTunnelDstPort
|
|
Gauge32,
|
|
hwIPSecTunnelVrfIndex
|
|
Gauge32,
|
|
hwIPSecTunnelIfVrfIndex
|
|
Gauge32,
|
|
hwIPSecTunnelSrcIP
|
|
IpAddress,
|
|
hwIPSecTunnelSpeedLimitIn
|
|
Gauge32,
|
|
hwIPSecTunnelSpeedLimitOut
|
|
Gauge32,
|
|
hwIPSecTunnelInitiator
|
|
INTEGER,
|
|
hwIPSecTunnelLifeSize
|
|
Gauge32,
|
|
hwIPSecTunnelLifeTime
|
|
Gauge32,
|
|
hwIPSecTunnelPolicyName
|
|
OCTET STRING,
|
|
hwIPSecTunnelSaStatus
|
|
INTEGER
|
|
}
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.2.1.1
|
|
hwIPSecIfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the router interface corresponding to the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 1 }
|
|
|
|
hwIPSecTunnelPolicyNum OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ID of the ACL rule in the current IPSec policy."
|
|
::= { hwIPSecTunnelConfigEntry 2 }
|
|
|
|
hwIPSecTunnelIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 3 }
|
|
|
|
hwIPSecTunnelRuleId OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ID of the ACL rule in the current IPSec policy."
|
|
::= { hwIPSecTunnelConfigEntry 4 }
|
|
|
|
hwIPSecTunnelDstIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address of the tunnel (peer end)."
|
|
::= { hwIPSecTunnelConfigEntry 5 }
|
|
|
|
hwIPSecTunnelInsideIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Intranet IP address of the peer end during remote access."
|
|
::= { hwIPSecTunnelConfigEntry 6 }
|
|
|
|
hwIPSecTunnelRemotePort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port number of the peer end of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 7 }
|
|
|
|
hwIPSecTunnelCpuID OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"CPU ID of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 8 }
|
|
|
|
hwIPSecTunnelEncapMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tunnel(0),
|
|
transport(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encapsulation mode of the tunnel (tunneling mode or transmission mode)."
|
|
::= { hwIPSecTunnelConfigEntry 9 }
|
|
|
|
hwIPSecTunnelNatTraver OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noNatTraversal(0),
|
|
natTraversal(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the tunnel needs NAT traversal (If yes, the value is 1.)."
|
|
::= { hwIPSecTunnelConfigEntry 10 }
|
|
|
|
hwIPSecTunnelFromIKEV2 OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noIkev2(0),
|
|
ikev2(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the tunnel adopts IKEv2 (If yes, the value is 1.)."
|
|
::= { hwIPSecTunnelConfigEntry 11 }
|
|
|
|
hwIPSecTunnelEncryptMode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encryption mode of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 12 }
|
|
|
|
hwIPSecTunnelESPDigestMode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ESP check mode of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 13 }
|
|
|
|
hwIPSecTunnelAHDigestMode OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"AH check mode of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 14 }
|
|
|
|
hwIPSecTunnelProto OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Protocol of the tunnel (ESP or AH, or both)."
|
|
::= { hwIPSecTunnelConfigEntry 15 }
|
|
|
|
hwIPSecTunnelOutPortIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the egress of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 16 }
|
|
|
|
hwIPSecTunnelSrcPort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the source port number if NAT traversal is adopted."
|
|
::= { hwIPSecTunnelConfigEntry 17 }
|
|
|
|
hwIPSecTunnelDstPort OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the destination port number if NAT traversal is adopted."
|
|
::= { hwIPSecTunnelConfigEntry 18 }
|
|
|
|
hwIPSecTunnelVrfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN ID protected by the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 19 }
|
|
|
|
hwIPSecTunnelIfVrfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN ID of the sending interface of the tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 20 }
|
|
|
|
hwIPSecTunnelSrcIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of the tunnel (local end)."
|
|
::= { hwIPSecTunnelConfigEntry 21 }
|
|
|
|
hwIPSecTunnelSpeedLimitIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rate limiting pre-configured in the incoming direction."
|
|
::= { hwIPSecTunnelConfigEntry 22 }
|
|
|
|
hwIPSecTunnelSpeedLimitOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rate limiting pre-configured in the outgoing direction."
|
|
::= { hwIPSecTunnelConfigEntry 23 }
|
|
|
|
hwIPSecTunnelInitiator OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
responder(0),
|
|
ikev2Initiator(1),
|
|
ikev1Initiator(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Initiator or responder of the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 24 }
|
|
|
|
hwIPSecTunnelLifeSize OBJECT-TYPE
|
|
SYNTAX Gauge32 (8000..4194303)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Life cycle of the IPSec tunnel (in kbytes)."
|
|
::= { hwIPSecTunnelConfigEntry 25 }
|
|
|
|
hwIPSecTunnelLifeTime OBJECT-TYPE
|
|
SYNTAX Gauge32 (480..604800)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Life cycle of the IPSec tunnel (in seconds)."
|
|
::= { hwIPSecTunnelConfigEntry 26 }
|
|
|
|
hwIPSecTunnelPolicyName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy for the IPSec tunnel."
|
|
::= { hwIPSecTunnelConfigEntry 27 }
|
|
|
|
hwIPSecTunnelSaStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
free(0),
|
|
ocuppied(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of the SA."
|
|
::= { hwIPSecTunnelConfigEntry 28 }
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecTunnelStatsTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.3
|
|
hwIPSecTunnelStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecTunnelStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the status attributes for Huawei IPSec tunnel."
|
|
::= { hwIpsec 3 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.3.1
|
|
hwIPSecTunnelStatsEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecTunnelStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in the hwIPSecTunnelConfigTable holds a set of monitoring status parameters associated with an instance of IPSec tunnel."
|
|
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum, hwIPSecTunnelIndex }
|
|
::= { hwIPSecTunnelStatsTable 1 }
|
|
|
|
HwIPSecTunnelStatsEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecTunnelSaIDIn
|
|
Gauge32,
|
|
hwIPSecTunnelSaIDOut
|
|
Gauge32,
|
|
hwIPSecTunnelFlowSoftExpireIn
|
|
Gauge32,
|
|
hwIPSecTunnelFlowSoftExpireOut
|
|
Gauge32,
|
|
hwIPSecTunnelFlowHardExpireIn
|
|
Gauge32,
|
|
hwIPSecTunnelFlowHardExpireOut
|
|
Gauge32,
|
|
hwIPSecTunnelRemainTime
|
|
Gauge32,
|
|
hwIPSecTunnelRemainSize
|
|
Gauge32,
|
|
hwIPSecTunnelSpiIn
|
|
Gauge32,
|
|
hwIPSecTunnelSpiOut
|
|
Gauge32,
|
|
hwIPSecTunnelInSideSpiIn
|
|
Gauge32,
|
|
hwIPSecTunnelInSideSpiOut
|
|
Gauge32,
|
|
hwIPSecTunnelESPSequenceNumberIn
|
|
Gauge32,
|
|
hwIPSecTunnelESPSequenceNumberOut
|
|
Gauge32,
|
|
hwIPSecTunnellAHSequenceNumberIn
|
|
Gauge32,
|
|
hwIPSecTunnellAHSequenceNumberOut
|
|
Gauge32,
|
|
hwIPSecTunnelMemApplyFail
|
|
Counter64,
|
|
hwIPSecTunnelBadAuth
|
|
Counter64,
|
|
hwIPSecTunnelReplay
|
|
Counter64,
|
|
hwIPSecTunnelAfterReCheckErr
|
|
Counter64,
|
|
hwIPSecTunnelPktDropByteLimitIn
|
|
Counter64,
|
|
hwIPSecTunnelPktDropByteLimitOut
|
|
Counter64,
|
|
hwIPSecTunnelFIBSearchErr
|
|
Counter64
|
|
}
|
|
|
|
hwIPSecTunnelSaIDIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the incoming IPSec tunnel."
|
|
::= { hwIPSecTunnelStatsEntry 1 }
|
|
|
|
hwIPSecTunnelSaIDOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the outgoing IPSec tunnel."
|
|
::= { hwIPSecTunnelStatsEntry 2 }
|
|
|
|
hwIPSecTunnelFlowSoftExpireIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming soft timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 3 }
|
|
|
|
hwIPSecTunnelFlowSoftExpireOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing soft timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 4 }
|
|
|
|
hwIPSecTunnelFlowHardExpireIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming hard timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 5 }
|
|
|
|
hwIPSecTunnelFlowHardExpireOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing hard timeout traffic (in bytes)."
|
|
::= { hwIPSecTunnelStatsEntry 6 }
|
|
|
|
hwIPSecTunnelRemainTime OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remaining time of the IPSec tunnel (in seconds)."
|
|
::= { hwIPSecTunnelStatsEntry 7 }
|
|
|
|
hwIPSecTunnelRemainSize OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remaining bytes of the IPSec tunnel (in kbytes)."
|
|
::= { hwIPSecTunnelStatsEntry 8 }
|
|
|
|
hwIPSecTunnelSpiIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming SPI."
|
|
::= { hwIPSecTunnelStatsEntry 9 }
|
|
|
|
hwIPSecTunnelSpiOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing SPI."
|
|
::= { hwIPSecTunnelStatsEntry 10 }
|
|
|
|
hwIPSecTunnelInSideSpiIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SPI of the internal ESP header when both AH and ESP are adopted in the incoming direction."
|
|
::= { hwIPSecTunnelStatsEntry 11 }
|
|
|
|
hwIPSecTunnelInSideSpiOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SPI of the internal ESP header when both AH and ESP are adopted in the outgoing direction."
|
|
::= { hwIPSecTunnelStatsEntry 12 }
|
|
|
|
hwIPSecTunnelESPSequenceNumberIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the incoming ESP protocol."
|
|
::= { hwIPSecTunnelStatsEntry 13 }
|
|
|
|
hwIPSecTunnelESPSequenceNumberOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the outgoing ESP protocol."
|
|
::= { hwIPSecTunnelStatsEntry 14 }
|
|
|
|
hwIPSecTunnellAHSequenceNumberIn OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the incoming AH protocol."
|
|
::= { hwIPSecTunnelStatsEntry 15 }
|
|
|
|
hwIPSecTunnellAHSequenceNumberOut OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Serial number of the outgoing AH protocol."
|
|
::= { hwIPSecTunnelStatsEntry 16 }
|
|
|
|
hwIPSecTunnelMemApplyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets because packets to be encrypted are too long."
|
|
::= { hwIPSecTunnelStatsEntry 17 }
|
|
|
|
hwIPSecTunnelBadAuth OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the authentication failure of received packets."
|
|
::= { hwIPSecTunnelStatsEntry 18 }
|
|
|
|
hwIPSecTunnelReplay OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by receiving replayed packets."
|
|
::= { hwIPSecTunnelStatsEntry 19 }
|
|
|
|
hwIPSecTunnelAfterReCheckErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the decryption post-check failure."
|
|
::= { hwIPSecTunnelStatsEntry 20 }
|
|
|
|
hwIPSecTunnelPktDropByteLimitIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding the byte limit in the incoming direction."
|
|
::= { hwIPSecTunnelStatsEntry 21 }
|
|
|
|
hwIPSecTunnelPktDropByteLimitOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the exceeding of the byte limit in the outgoing direction."
|
|
::= { hwIPSecTunnelStatsEntry 22 }
|
|
|
|
hwIPSecTunnelFIBSearchErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of discarded packets caused by the route check failure."
|
|
::= { hwIPSecTunnelStatsEntry 23 }
|
|
|
|
-- ===============================================
|
|
-- Begin the table of hwIPSecSaStatisticTable.
|
|
-- ===============================================
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.4
|
|
hwIPSecSaStatisticTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HwIPSecSaStatisticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the SA numbers of policies which have been bound with interfaces."
|
|
::= { hwIpsec 4 }
|
|
|
|
-- 1.3.6.1.4.1.2011.6.122.26.4.1
|
|
hwIPSecSaStatisticEntry OBJECT-TYPE
|
|
SYNTAX HwIPSecSaStatisticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
INDEX { hwIPSecIfIndex, hwIPSecTunnelPolicyNum }
|
|
::= { hwIPSecSaStatisticTable 1 }
|
|
|
|
HwIPSecSaStatisticEntry ::=
|
|
SEQUENCE {
|
|
hwIPSecSaStatisticTunnelPolicyName
|
|
OCTET STRING,
|
|
hwIPSecSaStatisticSaInCnt
|
|
Gauge32,
|
|
hwIPSecSaStatisticSaOutCnt
|
|
Gauge32,
|
|
hwIPSecTunnelByteInput
|
|
Gauge32,
|
|
hwIPSecTunnelByteOutput
|
|
Gauge32,
|
|
hwIPSecTunnelPacketInput
|
|
Gauge32,
|
|
hwIPSecTunnelPacketOutput
|
|
Gauge32,
|
|
hwIPSecTunnelDroppedPacketInput
|
|
Gauge32,
|
|
hwIPSecTunnelDroppedPacketOutput
|
|
Gauge32,
|
|
hwIPSecTunnelDialUserCount
|
|
Gauge32
|
|
}
|
|
|
|
hwIPSecSaStatisticTunnelPolicyName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy for the IPSec tunnel."
|
|
::= { hwIPSecSaStatisticEntry 1 }
|
|
|
|
hwIPSecSaStatisticSaInCnt OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Incoming SA number."
|
|
::= { hwIPSecSaStatisticEntry 2 }
|
|
|
|
hwIPSecSaStatisticSaOutCnt OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Outgoing SA number."
|
|
::= { hwIPSecSaStatisticEntry 3 }
|
|
|
|
hwIPSecTunnelByteInput OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes of received security packets"
|
|
::= { hwIPSecSaStatisticEntry 4 }
|
|
|
|
hwIPSecTunnelByteOutput OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes of sent security packets"
|
|
::= { hwIPSecSaStatisticEntry 5 }
|
|
|
|
hwIPSecTunnelPacketInput OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of received security packets"
|
|
::= { hwIPSecSaStatisticEntry 6 }
|
|
|
|
hwIPSecTunnelPacketOutput OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of sent security packets"
|
|
::= { hwIPSecSaStatisticEntry 7 }
|
|
|
|
hwIPSecTunnelDroppedPacketInput OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received but discarded by the IPSec tunnel"
|
|
::= { hwIPSecSaStatisticEntry 8 }
|
|
|
|
hwIPSecTunnelDroppedPacketOutput OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets encrypted but discarded by the IPSec tunnel"
|
|
::= { hwIPSecSaStatisticEntry 9 }
|
|
|
|
hwIPSecTunnelDialUserCount OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of remote access users"
|
|
::= { hwIPSecSaStatisticEntry 10 }
|
|
|
|
|
|
-- ===============================================
|
|
-- IPSecTrapObject.
|
|
-- ===============================================
|
|
|
|
hwIPSecTrapObject OBJECT IDENTIFIER ::= { hwIpsec 5 }
|
|
|
|
hwIPSecTrapTunnelPolicyNum OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ID of the ACL rule in the current IPSec policy."
|
|
::= { hwIPSecTrapObject 1 }
|
|
|
|
hwIPSecTrapIfIndex OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the router interface corresponding to the IPSec tunnel."
|
|
::= { hwIPSecTrapObject 2 }
|
|
|
|
hwIPSecTrapTunnelPolicyName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security policy for the IPSec tunnel."
|
|
::= { hwIPSecTrapObject 3 }
|
|
|
|
hwIPSecNegoFailReason OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reason of an unsuccessful negotiation"
|
|
::= { hwIPSecTrapObject 4 }
|
|
|
|
-- ===============================================
|
|
-- definition of traps.
|
|
-- ===============================================
|
|
|
|
hwIPSecNotifications OBJECT IDENTIFIER ::= { hwIpsec 6 }
|
|
|
|
hwIPSecTunnelStart NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecIfIndex,
|
|
hwIPSecTunnelPolicyNum,
|
|
hwIPSecTunnelIndex,
|
|
hwIPSecTunnelRuleId,
|
|
hwIPSecTunnelDstIP,
|
|
hwIPSecTunnelInsideIP,
|
|
hwIPSecTunnelRemotePort,
|
|
hwIPSecTunnelCpuID,
|
|
hwIPSecTunnelSrcIP,
|
|
hwIPSecTunnelLifeSize,
|
|
hwIPSecTunnelLifeTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when the IPSec tunnel is established."
|
|
::= { hwIPSecNotifications 1 }
|
|
|
|
hwIPSecTunnelStop NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecIfIndex,
|
|
hwIPSecTunnelPolicyNum,
|
|
hwIPSecTunnelIndex,
|
|
hwIPSecTunnelRuleId,
|
|
hwIPSecTunnelDstIP,
|
|
hwIPSecTunnelInsideIP,
|
|
hwIPSecTunnelRemotePort,
|
|
hwIPSecTunnelCpuID,
|
|
hwIPSecTunnelSrcIP
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when the IPSec tunnel is deleted."
|
|
::= { hwIPSecNotifications 2 }
|
|
|
|
hwIPSecPolicyAdd NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecTrapTunnelPolicyName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is added."
|
|
::= { hwIPSecNotifications 3 }
|
|
|
|
hwIPSecPolicyDel NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecTrapTunnelPolicyName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is deleted."
|
|
::= { hwIPSecNotifications 4 }
|
|
|
|
hwIPSecPolicyAttach NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is applied to an interface."
|
|
::= { hwIPSecNotifications 5 }
|
|
|
|
hwIPSecPolicyDetach NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec policy is cancelled on an interface."
|
|
::= { hwIPSecNotifications 6 }
|
|
|
|
hwIPSecIKEReset NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IKE SA is reset ."
|
|
::= { hwIPSecNotifications 7 }
|
|
|
|
hwIPSecIPSecReset NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Send the message when an IPSec SA is reset ."
|
|
::= { hwIPSecNotifications 8 }
|
|
|
|
hwIPSecNegoFail NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecNegoFailReason
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The alarm is generated when the IPSec tunnel negotiation fails."
|
|
::= { hwIPSecNotifications 9 }
|
|
|
|
-- ===============================================
|
|
-- Conformance Information
|
|
-- ===============================================
|
|
|
|
hwIPSecMibConformance OBJECT IDENTIFIER ::= { hwIpsec 7 }
|
|
|
|
hwIPSecMibCompliances OBJECT IDENTIFIER ::= { hwIPSecMibConformance 1 }
|
|
|
|
hwIPSecMibGroups OBJECT IDENTIFIER ::= { hwIPSecMibConformance 2 }
|
|
|
|
|
|
-- ===============================================
|
|
-- Compliance Statements
|
|
-- ===============================================
|
|
|
|
hwIPSecMibCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
" "
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS
|
|
{
|
|
hwIPSecGlobalStatsGroup,
|
|
hwIPSecTunnelConfigTableGroup,
|
|
hwIPSecTunnelStatsTableGroup,
|
|
hwIPSecSaStatisticTableGroup,
|
|
hwIPSecTrapObjectGroup,
|
|
hwIPSecNotificationsGroup
|
|
}
|
|
::= { hwIPSecMibCompliances 1 }
|
|
|
|
hwIPSecGlobalStatsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecGlobalTotal,
|
|
hwIPSecGlobalPacketInput,
|
|
hwIPSecGlobalPacketOutput,
|
|
hwIPSecGlobalByteInput,
|
|
hwIPSecGlobalByteOutput,
|
|
hwIPSecGlobalDroppedPacketInput,
|
|
hwIPSecGlobalDroppedPacketOutput,
|
|
hwIPSecGlobalEncIntactPacket,
|
|
hwIPSecGlobalEncPacketFirstSlice,
|
|
hwIPSecGlobalEncPacketAfterSlice,
|
|
hwIPSecGlobalDecPacketReassFirstSlice,
|
|
hwIPSecGlobalDecPacketReassAfterSlice,
|
|
hwIPSecGlobalDecPacketReassLenErr,
|
|
hwIPSecGlobalPacketHeaderWrong,
|
|
hwIPSecGlobalMemoryApplyFail,
|
|
hwIPSecGlobalCannotFindSA,
|
|
hwIPSecGlobalWrongSA,
|
|
hwIPSecGlobalBadAuthentication,
|
|
hwIPSecGlobalReplay,
|
|
hwIPSecGlobalPreRecheckErr,
|
|
hwIPSecGlobalPostRecheckErr,
|
|
hwIPSecGlobalExceedByteLimit,
|
|
hwIPSecGlobalExceedPacketLimit,
|
|
hwIPSecGlobalProcessIpv4Err,
|
|
hwIPSecGlobalFibSearchErr,
|
|
hwIPSecGlobalIKEInboundOK,
|
|
hwIPSecGlobalIKEInboundErr,
|
|
hwIPSecGlobalIKEOutboundOK,
|
|
hwIPSecGlobalIKEOutboundErr,
|
|
hwIPSecGlobalSoftExpr,
|
|
hwIPSecGlobalHardExpr,
|
|
hwIPSecGlobalDPDOper,
|
|
hwIPSecGlobalModpCnt,
|
|
hwIPSecGlobalSaeSucc,
|
|
hwIPSecGlobalSoftwareSucc
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the global statistics information for
|
|
Huawei IPSec tunnel."
|
|
::= { hwIPSecMibGroups 1 }
|
|
|
|
hwIPSecTunnelConfigTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTunnelRuleId,
|
|
hwIPSecTunnelDstIP,
|
|
hwIPSecTunnelInsideIP,
|
|
hwIPSecTunnelRemotePort,
|
|
hwIPSecTunnelCpuID,
|
|
hwIPSecTunnelEncapMode,
|
|
hwIPSecTunnelNatTraver,
|
|
hwIPSecTunnelFromIKEV2,
|
|
hwIPSecTunnelEncryptMode,
|
|
hwIPSecTunnelESPDigestMode,
|
|
hwIPSecTunnelAHDigestMode,
|
|
hwIPSecTunnelProto,
|
|
hwIPSecTunnelOutPortIndex,
|
|
hwIPSecTunnelSrcPort,
|
|
hwIPSecTunnelDstPort,
|
|
hwIPSecTunnelVrfIndex,
|
|
hwIPSecTunnelIfVrfIndex,
|
|
hwIPSecTunnelSrcIP,
|
|
hwIPSecTunnelSpeedLimitIn,
|
|
hwIPSecTunnelSpeedLimitOut,
|
|
hwIPSecTunnelInitiator,
|
|
hwIPSecTunnelLifeSize,
|
|
hwIPSecTunnelLifeTime,
|
|
hwIPSecTunnelPolicyName,
|
|
hwIPSecTunnelSaStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the monitoring IPSec tunnel configuration attributes for
|
|
Huawei IPSec tunnel."
|
|
::= { hwIPSecMibGroups 2 }
|
|
|
|
hwIPSecTunnelStatsTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTunnelSaIDIn,
|
|
hwIPSecTunnelSaIDOut,
|
|
hwIPSecTunnelFlowSoftExpireIn,
|
|
hwIPSecTunnelFlowSoftExpireOut,
|
|
hwIPSecTunnelFlowHardExpireIn,
|
|
hwIPSecTunnelFlowHardExpireOut,
|
|
hwIPSecTunnelRemainTime,
|
|
hwIPSecTunnelRemainSize,
|
|
hwIPSecTunnelSpiIn,
|
|
hwIPSecTunnelSpiOut,
|
|
hwIPSecTunnelInSideSpiIn,
|
|
hwIPSecTunnelInSideSpiOut,
|
|
hwIPSecTunnelESPSequenceNumberIn,
|
|
hwIPSecTunnelESPSequenceNumberOut,
|
|
hwIPSecTunnellAHSequenceNumberIn,
|
|
hwIPSecTunnellAHSequenceNumberOut,
|
|
hwIPSecTunnelMemApplyFail,
|
|
hwIPSecTunnelBadAuth,
|
|
hwIPSecTunnelReplay,
|
|
hwIPSecTunnelAfterReCheckErr,
|
|
hwIPSecTunnelPktDropByteLimitIn,
|
|
hwIPSecTunnelPktDropByteLimitOut,
|
|
hwIPSecTunnelFIBSearchErr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the monitoring IPSec tunnel statistics attributes for
|
|
Huawei IPSec tunnel."
|
|
::= { hwIPSecMibGroups 3 }
|
|
|
|
|
|
hwIPSecSaStatisticTableGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecSaStatisticTunnelPolicyName,
|
|
hwIPSecSaStatisticSaInCnt,
|
|
hwIPSecSaStatisticSaOutCnt,
|
|
hwIPSecTunnelByteInput,
|
|
hwIPSecTunnelByteOutput,
|
|
hwIPSecTunnelPacketInput,
|
|
hwIPSecTunnelPacketOutput,
|
|
hwIPSecTunnelDroppedPacketInput,
|
|
hwIPSecTunnelDroppedPacketOutput,
|
|
hwIPSecTunnelDialUserCount
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table specifies the SA numbers of policies which have been bound with interfaces."
|
|
::= { hwIPSecMibGroups 4 }
|
|
|
|
|
|
hwIPSecTrapObjectGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hwIPSecTrapTunnelPolicyNum,
|
|
hwIPSecTrapIfIndex,
|
|
hwIPSecTrapTunnelPolicyName,
|
|
hwIPSecNegoFailReason
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec trap objects."
|
|
::= { hwIPSecMibGroups 5 }
|
|
|
|
hwIPSecNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS
|
|
{
|
|
hwIPSecTunnelStart,
|
|
hwIPSecTunnelStop,
|
|
hwIPSecPolicyAdd,
|
|
hwIPSecPolicyDel,
|
|
hwIPSecPolicyAttach,
|
|
hwIPSecPolicyDetach,
|
|
hwIPSecIKEReset,
|
|
hwIPSecIPSecReset,
|
|
hwIPSecNegoFail
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec traps."
|
|
::= { hwIPSecMibGroups 6 }
|
|
|
|
|
|
END
|
|
|