2484 lines
92 KiB
Plaintext
2484 lines
92 KiB
Plaintext
T11-FC-SP-SA-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
|
Unsigned32, Counter32, Counter64, TimeTicks, Gauge32,
|
|
mib-2 FROM SNMPv2-SMI -- [RFC2578]
|
|
RowStatus, StorageType, AutonomousType, TimeStamp,
|
|
TruthValue FROM SNMPv2-TC -- [RFC2579]
|
|
MODULE-COMPLIANCE, OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF -- [RFC2580]
|
|
InterfaceIndex,
|
|
InterfaceIndexOrZero FROM IF-MIB -- [RFC2863]
|
|
fcmInstanceIndex,
|
|
FcAddressIdOrZero FROM FC-MGMT-MIB -- [RFC4044]
|
|
T11FabricIndex FROM T11-TC-MIB -- [RFC4439]
|
|
T11FcSpType,
|
|
T11FcSpiIndex,
|
|
T11FcSpLifetimeLeft,
|
|
T11FcSpLifetimeLeftUnits,
|
|
T11FcSpSecurityProtocolId,
|
|
T11FcRoutingControl,
|
|
T11FcSaDirection,
|
|
T11FcSpPrecedence,
|
|
T11FcSpTransforms FROM T11-FC-SP-TC-MIB;
|
|
|
|
t11FcSpSaMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200808200000Z"
|
|
ORGANIZATION "This MIB module was developed through the
|
|
coordinated effort of two organizations:
|
|
T11 began the development and the IETF (in
|
|
the IMSS Working Group) finished it."
|
|
CONTACT-INFO
|
|
" Claudio DeSanti
|
|
Cisco Systems, Inc.
|
|
170 West Tasman Drive
|
|
San Jose, CA 95134 USA
|
|
EMail: cds@cisco.com
|
|
|
|
Keith McCloghrie
|
|
Cisco Systems, Inc.
|
|
170 West Tasman Drive
|
|
San Jose, CA 95134 USA
|
|
Email: kzm@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB module specifies the management information
|
|
required to manage Security Associations established via
|
|
Fibre Channel's FC-SP specification.
|
|
|
|
The MIB module consists of six parts:
|
|
|
|
- a per-Fabric table, t11FcSpSaIfTable, of capabilities,
|
|
parameters, status information, and counters; the counters
|
|
include non-transient aggregates of per-SA transient
|
|
counters;
|
|
|
|
- three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable,
|
|
and t11FcSpSaTransTable, specifying the proposals for an
|
|
FC-SP entity acting as an SA_Initiator to present to the
|
|
SA_Responder during the negotiation of Security
|
|
|
|
Associations. The same information is also used by an
|
|
FC-SP entity acting as an SA_Responder to decide what to
|
|
accept during the negotiation of Security Associations.
|
|
One of these tables, t11FcSpSaTransTable, is used not only
|
|
for information about security transforms to propose and
|
|
to accept, but also as agreed upon during the negotiation
|
|
of Security Associations;
|
|
|
|
- a table, t11FcSpSaTSelDrByTable, of Traffic Selectors
|
|
having the security action of 'drop' or 'bypass' to be
|
|
applied either to ingress traffic that is unprotected by
|
|
FC-SP, or to all egress traffic;
|
|
|
|
- four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable,
|
|
t11FcSpSaTSelNegOutTable, and t11FcSpSaTSelSpiTable,
|
|
containing information about active bidirectional pairs of
|
|
Security Associations; in particular, t11FcSpSaPairTable
|
|
has one row per active bidirectional SA pair,
|
|
t11FcSpSaTSelNegInTable and t11FcSpSaTSelNegOutTable
|
|
contain information on the Traffic Selectors negotiated on
|
|
the SAs, and the t11FcSpSaTSelSpiTable is an alternate
|
|
lookup table such that the Traffic Selector(s) in use on a
|
|
particular Security Association can be quickly determined
|
|
based on the (ingress) SPI value;
|
|
|
|
- a table, t11FcSpSaControlTable, of control and other
|
|
information concerning the generation of notifications for
|
|
events related to FC-SP Security Associations;
|
|
|
|
- one notification, t11FcSpSaNotifyAuthFailure, generated on
|
|
the occurrence of an Authentication failure for a received
|
|
FC-2 or CT_IU frame.
|
|
|
|
Copyright (C) The IETF Trust (2008). This version
|
|
of this MIB module is part of RFC 5324; see the RFC
|
|
itself for full legal notices."
|
|
REVISION "200808200000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module, published as RFC 5324."
|
|
::= { mib-2 179 }
|
|
|
|
t11FcSpSaMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpSaMIB 0 }
|
|
t11FcSpSaMIBObjects OBJECT IDENTIFIER ::= { t11FcSpSaMIB 1 }
|
|
t11FcSpSaMIBConformance OBJECT IDENTIFIER ::= { t11FcSpSaMIB 2 }
|
|
t11FcSpSaBase OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 1 }
|
|
t11FcSpSaConfig OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 2 }
|
|
t11FcSpSaActive OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 3 }
|
|
t11FcSpSaControl OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 4 }
|
|
|
|
--
|
|
-- Base-level Per-Fabric Information
|
|
--
|
|
|
|
t11FcSpSaIfTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaIfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing per-Fabric information related to
|
|
FC-SP Security Associations."
|
|
::= { t11FcSpSaBase 1 }
|
|
|
|
t11FcSpSaIfEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaIfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information related to Security
|
|
Associations on a particular Fabric, and managed as part
|
|
of the Fibre Channel management instance identified by
|
|
fcmInstanceIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
|
|
t11FcSpSaIfFabricIndex }
|
|
::= { t11FcSpSaIfTable 1 }
|
|
|
|
T11FcSpSaIfEntry ::= SEQUENCE {
|
|
t11FcSpSaIfIndex InterfaceIndexOrZero,
|
|
t11FcSpSaIfFabricIndex T11FabricIndex,
|
|
-- capabilities
|
|
t11FcSpSaIfEspHeaderCapab T11FcSpTransforms,
|
|
t11FcSpSaIfCTAuthCapab T11FcSpTransforms,
|
|
t11FcSpSaIfIKEv2Capab T11FcSpTransforms,
|
|
t11FcSpSaIfIkev2AuthCapab TruthValue,
|
|
-- parameters and status
|
|
t11FcSpSaIfStorageType StorageType,
|
|
t11FcSpSaIfReplayPrevention TruthValue,
|
|
t11FcSpSaIfReplayWindowSize Unsigned32,
|
|
t11FcSpSaIfDeadPeerDetections Counter32,
|
|
t11FcSpSaIfTerminateAllSas INTEGER,
|
|
-- summary frame counters
|
|
t11FcSpSaIfOutDrops Counter64,
|
|
t11FcSpSaIfOutBypasses Counter64,
|
|
t11FcSpSaIfOutProcesses Counter64,
|
|
t11FcSpSaIfOutUnMatcheds Counter64,
|
|
t11FcSpSaIfInUnprotUnmtchDrops Counter64,
|
|
-- aggregates of per-SA transient counters
|
|
t11FcSpSaIfInDetReplays Counter64,
|
|
t11FcSpSaIfInUnprotMtchDrops Counter64,
|
|
t11FcSpSaIfInBadXforms Counter64,
|
|
t11FcSpSaIfInGoodXforms Counter64,
|
|
t11FcSpSaIfInProtUnmtchs Counter64
|
|
}
|
|
|
|
t11FcSpSaIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object has a non-zero value to identify a particular
|
|
interface, or the value zero to indicate that the
|
|
information in this row applies to all (of the management
|
|
instance's) interfaces to the particular Fabric.
|
|
|
|
If any row has a non-zero value of t11FcSpSaIfIndex, then
|
|
all rows for the same Fibre Channel management instance must
|
|
also have a non-zero value of t11FcSpSaIfIndex and thereby
|
|
be specific to a particular interface.
|
|
|
|
As and when zero values of t11FcSpSaIfIndex are used in
|
|
this table, then they must also be used in each other
|
|
table that has t11FcSpSaIfIndex in its INDEX clause."
|
|
::= { t11FcSpSaIfEntry 1 }
|
|
|
|
t11FcSpSaIfFabricIndex OBJECT-TYPE
|
|
SYNTAX T11FabricIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value that uniquely identifies a particular
|
|
Fabric."
|
|
::= { t11FcSpSaIfEntry 2 }
|
|
|
|
t11FcSpSaIfEspHeaderCapab OBJECT-TYPE
|
|
SYNTAX T11FcSpTransforms
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the standardized transforms supported by this
|
|
entity on this interface for ESP_Header protection."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, Appendix A.3.1, tables A.23, A.25."
|
|
::= { t11FcSpSaIfEntry 3 }
|
|
|
|
t11FcSpSaIfCTAuthCapab OBJECT-TYPE
|
|
SYNTAX T11FcSpTransforms
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the standardized transforms supported by this
|
|
entity on this interface for CT_Authentication protection."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, Appendix A.3.1, tables A.23, A.25."
|
|
::= { t11FcSpSaIfEntry 4 }
|
|
|
|
t11FcSpSaIfIKEv2Capab OBJECT-TYPE
|
|
SYNTAX T11FcSpTransforms
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the standardized transforms supported by this
|
|
entity on this interface with IKEv2 protection."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, Appendix A.3.1, tables A.23, A.24,
|
|
A.25, A.26."
|
|
::= { t11FcSpSaIfEntry 5 }
|
|
|
|
t11FcSpSaIfIkev2AuthCapab OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An indication of whether the entity is capable of
|
|
supporting the IKEv2-AUTH protocol on this interface, i.e.,
|
|
concatenation of Authentication and SA Management
|
|
Transactions, such that an SA Management Transaction is
|
|
used to perform both the authentication function and
|
|
SA management."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.7.2, and table A.27."
|
|
::= { t11FcSpSaIfEntry 6 }
|
|
|
|
t11FcSpSaIfStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the memory realization of
|
|
information related to FC-SP Security Associations
|
|
for interface(s) to a particular Fabric; specifically,
|
|
for rows created and/or modified in these tables:
|
|
|
|
t11FcSpSaPropTable
|
|
t11FcSpSaTSelDrByTable
|
|
t11FcSpSaControlTable
|
|
|
|
and, for modified information contained in the same
|
|
row as an instance of this object.
|
|
|
|
Even if an instance of this object has the value
|
|
'permanent(4)', none of the information defined in
|
|
this MIB module for interface(s) to the given Fabric
|
|
need to be writable."
|
|
::= { t11FcSpSaIfEntry 7 }
|
|
|
|
t11FcSpSaIfReplayPrevention OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether anti-replay protection is
|
|
enabled for frame reception on this interface.
|
|
|
|
Note that the replay-protection mechanism in FC-SP is
|
|
conceptually similar to the corresponding mechanism in
|
|
IPsec ESP."
|
|
REFERENCE
|
|
"- IP Encapsulating Security Payload (ESP),
|
|
RFC 4303, December 2005, section 3.3.3."
|
|
::= { t11FcSpSaIfEntry 8 }
|
|
|
|
t11FcSpSaIfReplayWindowSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The size of the replay window to be used when
|
|
anti-replay protection is enabled for frame reception
|
|
on this interface.
|
|
|
|
Note that the replay-protection mechanism in FC-SP is
|
|
conceptually similar to the corresponding mechanism in
|
|
IPsec ESP."
|
|
REFERENCE
|
|
"- IP Encapsulating Security Payload (ESP),
|
|
RFC 4303, December 2005, section 3.4.3."
|
|
::= { t11FcSpSaIfEntry 9 }
|
|
|
|
t11FcSpSaIfDeadPeerDetections OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a dead peer condition has been
|
|
detected on this interface.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter32's have when sysUpTime=0."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 8.5.3.3."
|
|
::= { t11FcSpSaIfEntry 10 }
|
|
|
|
t11FcSpSaIfTerminateAllSas OBJECT-TYPE
|
|
SYNTAX INTEGER { noop(1), terminate(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to 'terminate' is a request to
|
|
terminate all outstanding Security Associations on this
|
|
interface.
|
|
|
|
When read, the value of this object is always 'noop'.
|
|
Setting this object to 'noop' has no effect."
|
|
::= { t11FcSpSaIfEntry 11 }
|
|
|
|
t11FcSpSaIfOutDrops OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of output frames that were dropped, instead
|
|
of being transmitted on this interface, because they matched
|
|
an active (at that time) Traffic Selector with an action of
|
|
'Drop'.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 12 }
|
|
|
|
t11FcSpSaIfOutBypasses OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of output frames that were transmitted
|
|
unchanged by FC-SP on this interface because they matched
|
|
an active (at that time) Traffic Selector with an action
|
|
of 'Bypass'.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 13 }
|
|
|
|
t11FcSpSaIfOutProcesses OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of output frames that were protected by FC-SP
|
|
before being transmitted on this interface because they
|
|
matched an active (at that time) Traffic Selector with an
|
|
action of 'Process'.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 14 }
|
|
|
|
t11FcSpSaIfOutUnMatcheds OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of frames that were transmitted unchanged by
|
|
FC-SP on this interface because they did not match any
|
|
Traffic Selector active at that time.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 15 }
|
|
|
|
t11FcSpSaIfInUnprotUnmtchDrops OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of frames received on this interface that
|
|
were dropped because they were unprotected and did not
|
|
match any Traffic Selector active at that time.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 16 }
|
|
|
|
t11FcSpSaIfInDetReplays OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a replay has been detected on
|
|
a Security Association that is currently active or was
|
|
previously active on this interface. Note that a frame
|
|
that is discarded because it is 'behind' the window,
|
|
i.e., too old, is counted as a replay.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 17 }
|
|
|
|
t11FcSpSaIfInUnprotMtchDrops OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a frame received on this
|
|
interface was dropped because it matched with a Traffic
|
|
Selector for a Security Association that was active at
|
|
the time of receipt but the frame was not protected as
|
|
negotiated for that Security Association.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 18 }
|
|
|
|
t11FcSpSaIfInBadXforms OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a frame received on this
|
|
interface was dropped because of a failure of one of the
|
|
transforms negotiated for the Security Association on
|
|
which it was received.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 19 }
|
|
|
|
t11FcSpSaIfInGoodXforms OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of frames received on this interface on a
|
|
Security Association for which the transforms negotiated
|
|
for that Security Association were successfully applied,
|
|
and that matched a Traffic Selector for that Security
|
|
Association.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 20 }
|
|
|
|
t11FcSpSaIfInProtUnmtchs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of frames received on this interface that
|
|
were dropped because they did not match any of the Traffic
|
|
Selectors negotiated for the Security Association on which
|
|
they were received, even though the Security Association's
|
|
transforms were successfully applied.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaIfEntry 21 }
|
|
|
|
--
|
|
-- Proposals to present in Security Association negotiation
|
|
--
|
|
|
|
t11FcSpSaPropTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaPropEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of proposals for an FC-SP entity acting as an
|
|
SA_Initiator to present to the SA_Responder during the
|
|
negotiation of Security Associations. This information
|
|
is also used by an FC-SP entity acting as an SA_Responder
|
|
to decide what to accept during the negotiation of
|
|
Security Associations."
|
|
::= { t11FcSpSaConfig 1 }
|
|
|
|
t11FcSpSaPropEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaPropEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information about one proposal for
|
|
the FC-SP entity to present, or what to accept, during
|
|
the negotiation of Security Associations on one or more
|
|
interfaces (identified by t11FcSpSaIfIndex) to a
|
|
particular Fabric (identified by t11FcSpSaIfFabricIndex),
|
|
and managed as part of the Fibre Channel management
|
|
instance identified by fcmInstanceIndex.
|
|
|
|
The StorageType of a row in this table is specified by
|
|
the instance of t11FcSpSaIfStorageType that is INDEX-ed
|
|
by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
|
|
and t11FcSpSaIfFabricIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
|
|
t11FcSpSaIfFabricIndex,
|
|
t11FcSpSaPropIndex }
|
|
::= { t11FcSpSaPropTable 1 }
|
|
|
|
T11FcSpSaPropEntry ::= SEQUENCE {
|
|
t11FcSpSaPropIndex Unsigned32,
|
|
t11FcSpSaPropSecurityProt T11FcSpSecurityProtocolId,
|
|
t11FcSpSaPropTSelListIndex Unsigned32,
|
|
t11FcSpSaPropTransListIndex Unsigned32,
|
|
t11FcSpSaPropAcceptAlgorithm INTEGER,
|
|
t11FcSpSaPropOutMatchSucceeds Counter64,
|
|
t11FcSpSaPropRowStatus RowStatus
|
|
}
|
|
|
|
t11FcSpSaPropIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value that uniquely identifies a particular
|
|
proposal for use on one or more interfaces to a Fabric."
|
|
::= { t11FcSpSaPropEntry 1 }
|
|
|
|
t11FcSpSaPropSecurityProt OBJECT-TYPE
|
|
SYNTAX T11FcSpSecurityProtocolId
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Security Protocol identifier for this proposal, i.e.,
|
|
whether the proposal is for traffic to be protected using
|
|
ESP_Header or CT_Authentication."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.3.2.2 and table 67."
|
|
::= { t11FcSpSaPropEntry 2 }
|
|
|
|
t11FcSpSaPropTSelListIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When the value of this object is non-zero, it points
|
|
to the proposal's list of Traffic Selectors. The value
|
|
must be non-zero in an active row of this table.
|
|
|
|
The identified list is represented by all rows in the
|
|
t11FcSpSaTSelPropTable for which t11FcSpSaTSelPropListIndex
|
|
has the same value as this object (and with corresponding
|
|
values of t11FcSpSaIfIndex and fcmInstanceIndex)."
|
|
::= { t11FcSpSaPropEntry 3 }
|
|
|
|
t11FcSpSaPropTransListIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When the value of this object is non-zero, it points to
|
|
the proposal's list of Transforms. The value must be
|
|
non-zero in an active row of this table.
|
|
|
|
The identified list is represented by all rows in the
|
|
t11FcSpSaTransTable for which t11FcSpSaTransListIndex
|
|
has the same value as this object (and with corresponding
|
|
values of t11FcSpSaIfIndex and fcmInstanceIndex)."
|
|
::= { t11FcSpSaPropEntry 4 }
|
|
|
|
t11FcSpSaPropAcceptAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
intersection(1),
|
|
union(2),
|
|
other(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The algorithm by which an SA_Responder in an SA negotiation
|
|
decides on which Traffic Selectors to specify in a response
|
|
to an IKE_Create_Child_SA request. This algorithm is used
|
|
|
|
when the Traffic Selectors specified by an SA_Initiator in
|
|
an IKE_Create_Child_SA request overlap with this proposal's
|
|
list of Traffic Selectors:
|
|
|
|
intersection(1) - the SA_Responder specifies the largest
|
|
subset of what the SA_Initiator proposed,
|
|
which is also a subset of this proposal's
|
|
Traffic Selectors.
|
|
|
|
union(2) - the SA_Responder specifies the smallest
|
|
superset of what the SA_Initiator proposed,
|
|
which is also a superset of this proposal's
|
|
Traffic Selectors.
|
|
|
|
other(3) - the SA_Responder uses some other algorithm.
|
|
"
|
|
::= { t11FcSpSaPropEntry 5 }
|
|
|
|
t11FcSpSaPropOutMatchSucceeds OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of egress frames that have matched a Traffic
|
|
Selector that was negotiated to select traffic for an
|
|
SA based on this proposal being accepted.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaPropEntry 6 }
|
|
|
|
t11FcSpSaPropRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of a row. Values of object instances
|
|
within an active row can be modified at any time.
|
|
|
|
The status cannot be set to 'active' unless and
|
|
until the instances of t11FcSpSaPropTSelListIndex
|
|
and t11FcSpSaPropTransListIndex in the row have
|
|
been set to point to active rows in the
|
|
t11FcSpSaTSelPropTable and t11FcSpSaTransTable
|
|
tables, respectively. A row in this table is
|
|
deleted if the active rows it points to are deleted."
|
|
::= { t11FcSpSaPropEntry 7 }
|
|
|
|
--
|
|
-- Traffic Selector Proposals
|
|
--
|
|
|
|
t11FcSpSaTSelPropTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaTSelPropEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing information about Traffic Selectors
|
|
to propose and/or to accept during the negotiation of
|
|
Security Associations."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5.
|
|
- Use of IKEv2 in FC-SP, RFC 4595,
|
|
July 2006, section 4.4."
|
|
::= { t11FcSpSaConfig 2 }
|
|
|
|
t11FcSpSaTSelPropEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaTSelPropEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information about one Traffic
|
|
Selector within a list of Traffic Selectors to propose,
|
|
or for use in determining what to accept during Security
|
|
Association negotiation.
|
|
|
|
One such list is configured for use on a Fabric by
|
|
configuring the list's value of t11FcSpSaTSelPropListIndex
|
|
as the value of an instance of t11FcSpSaPropTSelListIndex,
|
|
for corresponding values of t11FcSpSaIfIndex and
|
|
fcmInstanceIndex. Further, the proposing and accepting
|
|
of Traffic Selectors is only done as a part of a proposal
|
|
specified by a row of the t11FcSpSaPropTable, i.e.,
|
|
in combination with the proposing and accepting of security
|
|
transforms as specified by the combination of
|
|
t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex
|
|
in one row of the t11FcSpSaPropTable.
|
|
|
|
The StorageType of a row in this table is specified by
|
|
the instance of t11FcSpSaTSelPropStorageType in that row."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
|
|
t11FcSpSaTSelPropListIndex, t11FcSpSaTSelPropPrecedence }
|
|
::= { t11FcSpSaTSelPropTable 1 }
|
|
|
|
T11FcSpSaTSelPropEntry ::= SEQUENCE {
|
|
t11FcSpSaTSelPropListIndex Unsigned32,
|
|
t11FcSpSaTSelPropPrecedence T11FcSpPrecedence,
|
|
t11FcSpSaTSelPropDirection T11FcSaDirection,
|
|
t11FcSpSaTSelPropStartSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelPropEndSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelPropStartDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelPropEndDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelPropStartRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelPropEndRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelPropStartType T11FcSpType,
|
|
t11FcSpSaTSelPropEndType T11FcSpType,
|
|
t11FcSpSaTSelPropStorageType StorageType,
|
|
t11FcSpSaTSelPropRowStatus RowStatus
|
|
}
|
|
|
|
t11FcSpSaTSelPropListIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value that identifies a particular list of
|
|
Traffic Selectors."
|
|
::= { t11FcSpSaTSelPropEntry 1 }
|
|
|
|
t11FcSpSaTSelPropPrecedence OBJECT-TYPE
|
|
SYNTAX T11FcSpPrecedence
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The precedence of this Traffic Selector. Each
|
|
Traffic Selector within a particular list of
|
|
Traffic Selectors must have a different precedence.
|
|
|
|
If an egress frame matches multiple Traffic Selectors,
|
|
it should be transmitted on the SA associated with the
|
|
Traffic Selector having the numerically smallest
|
|
precedence value."
|
|
::= { t11FcSpSaTSelPropEntry 2 }
|
|
|
|
t11FcSpSaTSelPropDirection OBJECT-TYPE
|
|
SYNTAX T11FcSaDirection
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An indication of whether this Traffic Selector is
|
|
to be proposed for ingress or egress traffic."
|
|
DEFVAL { egress }
|
|
::= { t11FcSpSaTSelPropEntry 3 }
|
|
|
|
t11FcSpSaTSelPropStartSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { '000000'h }
|
|
::= { t11FcSpSaTSelPropEntry 4 }
|
|
|
|
t11FcSpSaTSelPropEndSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { 'FFFFFF'h }
|
|
::= { t11FcSpSaTSelPropEntry 5 }
|
|
|
|
t11FcSpSaTSelPropStartDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { '000000'h }
|
|
::= { t11FcSpSaTSelPropEntry 6 }
|
|
|
|
t11FcSpSaTSelPropEndDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { 'FFFFFF'h }
|
|
::= { t11FcSpSaTSelPropEntry 7 }
|
|
|
|
t11FcSpSaTSelPropStartRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { '00'h }
|
|
::= { t11FcSpSaTSelPropEntry 8 }
|
|
|
|
t11FcSpSaTSelPropEndRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { 'FF'h }
|
|
::= { t11FcSpSaTSelPropEntry 9 }
|
|
|
|
t11FcSpSaTSelPropStartType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { '0000'h }
|
|
::= { t11FcSpSaTSelPropEntry 10 }
|
|
|
|
t11FcSpSaTSelPropEndType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.4.5."
|
|
DEFVAL { 'FFFF'h }
|
|
::= { t11FcSpSaTSelPropEntry 11 }
|
|
|
|
t11FcSpSaTSelPropStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the memory realization of
|
|
the information in this row.
|
|
|
|
Even if an instance of this object has the value
|
|
'permanent(4)', none of the information in its row
|
|
needs to be writable."
|
|
::= { t11FcSpSaTSelPropEntry 12 }
|
|
|
|
t11FcSpSaTSelPropRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row. Values of object instances
|
|
within the row can be modified at any time."
|
|
::= { t11FcSpSaTSelPropEntry 13 }
|
|
|
|
--
|
|
-- Transform Proposals
|
|
--
|
|
|
|
t11FcSpSaTransTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaTransEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing information about security transforms
|
|
to propose, to accept and/or agreed upon during the
|
|
negotiation of Security Associations."
|
|
::= { t11FcSpSaConfig 3 }
|
|
|
|
t11FcSpSaTransEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaTransEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information about one proposal within a
|
|
list of security transforms to be proposed, to be accepted,
|
|
or already agreed upon, for use on a pair of Security
|
|
Associations on one or more interfaces (identified by
|
|
t11FcSpSaIfIndex), managed as part of the Fibre Channel
|
|
management instance identified by fcmInstanceIndex.
|
|
|
|
One such list is configured to be proposed or accepted for
|
|
use on a Fabric, by having the list's value of
|
|
t11FcSpSaTransListIndex be the value of an instance of
|
|
t11FcSpSaPropTransListIndex for that Fabric. Further,
|
|
the proposing and accepting of security transforms is only
|
|
done as a part of a proposal specified by a row of the
|
|
t11FcSpSaPropTable, i.e., in combination with the proposing
|
|
and accepting of Traffic Selectors as specified by the
|
|
combination of t11FcSpSaPropTSelListIndex and
|
|
t11FcSpSaPropTransListIndex in one row of the
|
|
t11FcSpSaPropTable.
|
|
|
|
The security (encryption and integrity) transform in use on
|
|
an SA pair is indicated by having the pair's values of
|
|
t11FcSpSaPairTransListIndex and t11FcSpSaPairTransIndex
|
|
contain the values of t11FcSpSaTransListIndex and
|
|
t11FcSpSaTransIndex for the transform's row in this table.
|
|
|
|
The StorageType of a row in this table is specified by
|
|
the instance of t11FcSpSaTransStorageType in that row."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
|
|
t11FcSpSaTransListIndex, t11FcSpSaTransIndex }
|
|
::= { t11FcSpSaTransTable 1 }
|
|
|
|
T11FcSpSaTransEntry ::= SEQUENCE {
|
|
t11FcSpSaTransListIndex Unsigned32,
|
|
t11FcSpSaTransIndex Unsigned32,
|
|
t11FcSpSaTransSecurityProt T11FcSpSecurityProtocolId,
|
|
t11FcSpSaTransEncryptAlg AutonomousType,
|
|
t11FcSpSaTransEncryptKeyLen Unsigned32,
|
|
t11FcSpSaTransIntegrityAlg AutonomousType,
|
|
t11FcSpSaTransStorageType StorageType,
|
|
t11FcSpSaTransRowStatus RowStatus
|
|
}
|
|
|
|
t11FcSpSaTransListIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value that uniquely identifies a particular
|
|
list of security transforms to be proposed, to be accepted,
|
|
or already agreed upon."
|
|
::= { t11FcSpSaTransEntry 1 }
|
|
|
|
t11FcSpSaTransIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value that uniquely identifies one security
|
|
transform within a list identified by
|
|
t11FcSpSaTransListIndex."
|
|
::= { t11FcSpSaTransEntry 2 }
|
|
|
|
t11FcSpSaTransSecurityProt OBJECT-TYPE
|
|
SYNTAX T11FcSpSecurityProtocolId
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Security Protocol identifier that indicates
|
|
whether this transform is for traffic to be protected
|
|
using ESP_Header or using CT_Authentication."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.3.2.2 and table 67."
|
|
::= { t11FcSpSaTransEntry 3 }
|
|
|
|
t11FcSpSaTransEncryptAlg OBJECT-TYPE
|
|
SYNTAX AutonomousType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Encryption Algorithm for this transform."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.3.2.3 and tables 69 & 70."
|
|
::= { t11FcSpSaTransEntry 4 }
|
|
|
|
t11FcSpSaTransEncryptKeyLen OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The key length in bits to be used with an encryption
|
|
algorithm that has a variable length key. This object
|
|
is ignored when the corresponding instance of
|
|
t11FcSpSaTransEncryptAlg specifies an algorithm with a
|
|
fixed length key."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.3.2.5 and table 77."
|
|
::= { t11FcSpSaTransEntry 5 }
|
|
|
|
t11FcSpSaTransIntegrityAlg OBJECT-TYPE
|
|
SYNTAX AutonomousType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Integrity Algorithm for this transform."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, section 6.3.2.3 and tables 69 & 72."
|
|
::= { t11FcSpSaTransEntry 6 }
|
|
|
|
t11FcSpSaTransStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the memory realization of
|
|
the information in this row.
|
|
|
|
Even if an instance of this object has the value
|
|
|
|
'permanent(4)', none of the information in its row
|
|
needs to be writable."
|
|
::= { t11FcSpSaTransEntry 7 }
|
|
|
|
t11FcSpSaTransRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row.
|
|
|
|
When an instance of t11FcSpSaPairTransListIndex points to
|
|
a row in this table, values of object instances in the row
|
|
cannot be modified nor can the row be deleted. Otherwise,
|
|
a row can be modified or deleted at any time."
|
|
::= { t11FcSpSaTransEntry 8 }
|
|
|
|
--
|
|
-- Traffic Selectors for Drop & Bypass
|
|
--
|
|
|
|
t11FcSpSaTSelDrByTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaTSelDrByEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing Traffic Selectors to select which
|
|
traffic is to be dropped or is to bypass further
|
|
security processing."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, sections 4.6, 4.7, and 6.4.5.
|
|
- Use of IKEv2 in FC-SP, RFC 4595,
|
|
July 2006, section 4.4."
|
|
::= { t11FcSpSaConfig 4 }
|
|
|
|
t11FcSpSaTSelDrByEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaTSelDrByEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents one Traffic Selector having the
|
|
security action of 'drop' or 'bypass', which is applied
|
|
based on a precedence value, either to ingress traffic
|
|
that is unprotected by FC-SP, or to all egress
|
|
traffic on one or more interfaces (identified by
|
|
t11FcSpSaIfIndex) to a particular Fabric (identified
|
|
|
|
by t11FcSpSaIfFabricIndex), and managed as part of the Fibre
|
|
Channel management instance identified by fcmInstanceIndex.
|
|
|
|
The StorageType of a row in this table is specified by
|
|
the instance of t11FcSpSaIfStorageType that is INDEX-ed
|
|
by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
|
|
and t11FcSpSaIfFabricIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex,
|
|
t11FcSpSaTSelDrByDirection, t11FcSpSaTSelDrByPrecedence }
|
|
::= { t11FcSpSaTSelDrByTable 1 }
|
|
|
|
T11FcSpSaTSelDrByEntry ::= SEQUENCE {
|
|
t11FcSpSaTSelDrByDirection T11FcSaDirection,
|
|
t11FcSpSaTSelDrByPrecedence T11FcSpPrecedence,
|
|
t11FcSpSaTSelDrByAction INTEGER,
|
|
t11FcSpSaTSelDrByStartSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelDrByEndSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelDrByStartDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelDrByEndDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelDrByStartRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelDrByEndRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelDrByStartType T11FcSpType,
|
|
t11FcSpSaTSelDrByEndType T11FcSpType,
|
|
t11FcSpSaTSelDrByMatches Counter64,
|
|
t11FcSpSaTSelDrByRowStatus RowStatus
|
|
}
|
|
|
|
t11FcSpSaTSelDrByDirection OBJECT-TYPE
|
|
SYNTAX T11FcSaDirection
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An indication of whether this Traffic Selector is
|
|
for ingress or egress traffic."
|
|
::= { t11FcSpSaTSelDrByEntry 1 }
|
|
|
|
t11FcSpSaTSelDrByPrecedence OBJECT-TYPE
|
|
SYNTAX T11FcSpPrecedence
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The precedence of this Traffic Selector. If and when a
|
|
frame is compared against multiple Traffic Selectors, and
|
|
multiple of them have a match with the frame, the security
|
|
action to be taken for the frame is that specified for the
|
|
matching Traffic Selector having the numerically smallest
|
|
precedence value."
|
|
::= { t11FcSpSaTSelDrByEntry 2 }
|
|
|
|
t11FcSpSaTSelDrByAction OBJECT-TYPE
|
|
SYNTAX INTEGER { drop(1), bypass(2) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security action to be taken for a frame that
|
|
matches this Traffic Selector."
|
|
DEFVAL { drop }
|
|
::= { t11FcSpSaTSelDrByEntry 3 }
|
|
|
|
t11FcSpSaTSelDrByStartSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
DEFVAL { '000000'h }
|
|
::= { t11FcSpSaTSelDrByEntry 4 }
|
|
|
|
t11FcSpSaTSelDrByEndSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
DEFVAL { 'FFFFFF'h }
|
|
::= { t11FcSpSaTSelDrByEntry 5 }
|
|
|
|
t11FcSpSaTSelDrByStartDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
DEFVAL { '000000'h }
|
|
::= { t11FcSpSaTSelDrByEntry 6 }
|
|
|
|
t11FcSpSaTSelDrByEndDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
DEFVAL { 'FFFFFF'h }
|
|
::= { t11FcSpSaTSelDrByEntry 7 }
|
|
|
|
t11FcSpSaTSelDrByStartRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
DEFVAL { '00'h }
|
|
::= { t11FcSpSaTSelDrByEntry 8 }
|
|
|
|
t11FcSpSaTSelDrByEndRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
DEFVAL { 'FF'h }
|
|
::= { t11FcSpSaTSelDrByEntry 9 }
|
|
|
|
t11FcSpSaTSelDrByStartType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
DEFVAL { '0000'h }
|
|
::= { t11FcSpSaTSelDrByEntry 10 }
|
|
|
|
t11FcSpSaTSelDrByEndType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
DEFVAL { 'FFFF'h }
|
|
::= { t11FcSpSaTSelDrByEntry 11 }
|
|
|
|
t11FcSpSaTSelDrByMatches OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of frames for which the action specified by
|
|
the corresponding instance of t11FcSpSaTSelDrByAction was
|
|
taken because of a match with this Traffic Selector.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaTSelDrByEntry 12 }
|
|
|
|
t11FcSpSaTSelDrByRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row. Values of object instances
|
|
within the row can be modified at any time."
|
|
::= { t11FcSpSaTSelDrByEntry 13 }
|
|
|
|
--
|
|
-- Active Security Associations
|
|
--
|
|
|
|
t11FcSpSaPairTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing information about active
|
|
bidirectional pairs of Security Associations."
|
|
::= { t11FcSpSaActive 1 }
|
|
|
|
t11FcSpSaPairEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information about one active
|
|
bidirectional pair of Security Associations on an
|
|
interface to a particular Fabric (identified by
|
|
t11FcSpSaIfFabricIndex), managed as part of the Fibre
|
|
Channel management instance identified by
|
|
fcmInstanceIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
|
|
t11FcSpSaIfFabricIndex, t11FcSpSaPairInboundSpi }
|
|
::= { t11FcSpSaPairTable 1 }
|
|
|
|
T11FcSpSaPairEntry ::= SEQUENCE {
|
|
t11FcSpSaPairIfIndex InterfaceIndex,
|
|
t11FcSpSaPairInboundSpi T11FcSpiIndex,
|
|
t11FcSpSaPairSecurityProt T11FcSpSecurityProtocolId,
|
|
t11FcSpSaPairTransListIndex Unsigned32,
|
|
t11FcSpSaPairTransIndex Unsigned32,
|
|
t11FcSpSaPairLifetimeLeft T11FcSpLifetimeLeft,
|
|
t11FcSpSaPairLifetimeLeftUnits T11FcSpLifetimeLeftUnits,
|
|
t11FcSpSaPairTerminate INTEGER,
|
|
t11FcSpSaPairInProtUnMatchs Counter64,
|
|
t11FcSpSaPairInDetReplays Counter64,
|
|
t11FcSpSaPairInBadXforms Counter64,
|
|
t11FcSpSaPairInGoodXforms Counter64
|
|
}
|
|
|
|
t11FcSpSaPairIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the interface to the particular
|
|
Fabric on which this SA pair is active."
|
|
::= { t11FcSpSaPairEntry 1 }
|
|
|
|
t11FcSpSaPairInboundSpi OBJECT-TYPE
|
|
SYNTAX T11FcSpiIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI value that is used to indicate that an incoming
|
|
frame was received on the ingress SA of this SA pair."
|
|
::= { t11FcSpSaPairEntry 2 }
|
|
|
|
t11FcSpSaPairSecurityProt OBJECT-TYPE
|
|
SYNTAX T11FcSpSecurityProtocolId
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object indicates whether this SA uses ESP_Header to
|
|
protect FC-2 frames, or CT_Authentication to protect Common
|
|
Transport Information Units (CT_IUs)."
|
|
::= { t11FcSpSaPairEntry 3 }
|
|
|
|
t11FcSpSaPairTransListIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The combination of this value and the value of the
|
|
corresponding instance of t11FcSpSaPairTransIndex
|
|
identify the row in the t11FcSpSaTransTable that
|
|
contains the transforms that are in use on this SA pair."
|
|
::= { t11FcSpSaPairEntry 4 }
|
|
|
|
t11FcSpSaPairTransIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The combination of this value and the value of the
|
|
corresponding instance of t11FcSpSaPairTransListIndex
|
|
identify the row in the t11FcSpSaTransTable that
|
|
contains the transforms that are in use on this SA pair."
|
|
::= { t11FcSpSaPairEntry 5 }
|
|
|
|
t11FcSpSaPairLifetimeLeft OBJECT-TYPE
|
|
SYNTAX T11FcSpLifetimeLeft
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remaining lifetime of this SA pair, given in the
|
|
units specified by the value of the corresponding
|
|
instance of t11FcSpSaPairLifetimeLeft."
|
|
::= { t11FcSpSaPairEntry 6 }
|
|
|
|
t11FcSpSaPairLifetimeLeftUnits OBJECT-TYPE
|
|
SYNTAX T11FcSpLifetimeLeftUnits
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The units in which the value of the corresponding
|
|
instance of t11FcSpSaPairLifetimeLeft specifies the
|
|
remaining lifetime of this SA pair."
|
|
::= { t11FcSpSaPairEntry 7 }
|
|
|
|
t11FcSpSaPairTerminate OBJECT-TYPE
|
|
SYNTAX INTEGER { noop(1), terminate(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to 'terminate' is a request
|
|
to terminate this pair of Security Associations.
|
|
|
|
When read, the value of this object is always 'noop'.
|
|
Setting this object to 'noop' has no effect."
|
|
::= { t11FcSpSaPairEntry 8 }
|
|
|
|
t11FcSpSaPairInProtUnMatchs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of frames received on this SA for which the
|
|
SA's transforms were successfully applied to the frame,
|
|
but the frame was still dropped because it did not match
|
|
any of the SA's ingress Traffic Selectors.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaPairEntry 9 }
|
|
|
|
t11FcSpSaPairInDetReplays OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a replay has been detected on
|
|
this Security Association. Note that a frame that is
|
|
discarded because it is 'behind' the window, i.e., too old,
|
|
is counted as a replay.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaPairEntry 10 }
|
|
|
|
t11FcSpSaPairInBadXforms OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a received frame was dropped
|
|
because one of the transforms negotiated for this Security
|
|
Association failed.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaPairEntry 11 }
|
|
|
|
t11FcSpSaPairInGoodXforms OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of received frames for which the transforms
|
|
negotiated for this Security Association, were
|
|
successfully applied.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaPairEntry 12 }
|
|
|
|
--
|
|
-- Negotiated Ingress Traffic Selectors
|
|
--
|
|
|
|
t11FcSpSaTSelNegInTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaTSelNegInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing information about ingress Traffic
|
|
Selectors that are in use on active Security
|
|
Associations."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, sections 4.6, 4.7, and 6.4.5.
|
|
- Use of IKEv2 in FC-SP, RFC 4595,
|
|
July 2006, section 4.4."
|
|
::= { t11FcSpSaActive 2 }
|
|
|
|
t11FcSpSaTSelNegInEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaTSelNegInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information about one ingress Traffic
|
|
Selector that is in use on an active Security Association
|
|
on an interface (identified by t11FcSpSaPairIfIndex) to
|
|
a particular Fabric (identified by t11FcSpSaIfFabricIndex),
|
|
managed as part of the Fibre Channel management instance
|
|
identified by fcmInstanceIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
|
|
t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegInIndex }
|
|
::= { t11FcSpSaTSelNegInTable 1 }
|
|
|
|
T11FcSpSaTSelNegInEntry ::= SEQUENCE {
|
|
t11FcSpSaTSelNegInIndex Unsigned32,
|
|
t11FcSpSaTSelNegInInboundSpi T11FcSpiIndex,
|
|
t11FcSpSaTSelNegInStartSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegInEndSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegInStartDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegInEndDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegInStartRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelNegInEndRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelNegInStartType T11FcSpType,
|
|
t11FcSpSaTSelNegInEndType T11FcSpType,
|
|
t11FcSpSaTSelNegInUnpMtchDrops Counter64
|
|
}
|
|
|
|
t11FcSpSaTSelNegInIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value to distinguish an ingress Traffic Selector
|
|
from all others currently in use by Security Associations
|
|
on the same interface to a particular Fabric."
|
|
::= { t11FcSpSaTSelNegInEntry 1 }
|
|
|
|
t11FcSpSaTSelNegInInboundSpi OBJECT-TYPE
|
|
SYNTAX T11FcSpiIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI of the ingress SA on which this Traffic Selector
|
|
is in use.
|
|
|
|
This value can be used to find the SA pair's row in the
|
|
t11FcSpSaPairTable."
|
|
::= { t11FcSpSaTSelNegInEntry 2 }
|
|
|
|
t11FcSpSaTSelNegInStartSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 3 }
|
|
|
|
t11FcSpSaTSelNegInEndSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 4 }
|
|
|
|
t11FcSpSaTSelNegInStartDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 5 }
|
|
|
|
t11FcSpSaTSelNegInEndDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 6 }
|
|
|
|
t11FcSpSaTSelNegInStartRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 7 }
|
|
|
|
t11FcSpSaTSelNegInEndRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 8 }
|
|
|
|
t11FcSpSaTSelNegInStartType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 9 }
|
|
|
|
t11FcSpSaTSelNegInEndType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegInEntry 10 }
|
|
|
|
t11FcSpSaTSelNegInUnpMtchDrops OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times that a received frame was dropped
|
|
because it matched with this Traffic Selector but the
|
|
frame was not protected as negotiated for the Security
|
|
Association identified by t11FcSpSaTSelNegInInboundSpi.
|
|
|
|
This counter has no discontinuities other than those
|
|
that all Counter64's have when sysUpTime=0."
|
|
::= { t11FcSpSaTSelNegInEntry 11 }
|
|
|
|
--
|
|
-- Negotiated Egress Traffic Selectors
|
|
--
|
|
|
|
t11FcSpSaTSelNegOutTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaTSelNegOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing information about egress Traffic
|
|
Selectors that are in use on active Security
|
|
Associations."
|
|
REFERENCE
|
|
"- ANSI INCITS 426-2007, T11/Project 1570-D,
|
|
Fibre Channel - Security Protocols (FC-SP),
|
|
February 2007, sections 4.6, 4.7, and 6.4.5.
|
|
- Use of IKEv2 in FC-SP, RFC 4595,
|
|
July 2006, section 4.4."
|
|
::= { t11FcSpSaActive 3 }
|
|
|
|
t11FcSpSaTSelNegOutEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaTSelNegOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information about one egress Traffic
|
|
Selector that is in use on an active Security Association
|
|
on an interface (identified by t11FcSpSaPairIfIndex) to
|
|
a particular Fabric (identified by t11FcSpSaIfFabricIndex),
|
|
managed as part of the Fibre Channel management instance
|
|
identified by fcmInstanceIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
|
|
t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegOutPrecedence }
|
|
::= { t11FcSpSaTSelNegOutTable 1 }
|
|
|
|
T11FcSpSaTSelNegOutEntry ::= SEQUENCE {
|
|
t11FcSpSaTSelNegOutPrecedence T11FcSpPrecedence,
|
|
t11FcSpSaTSelNegOutInboundSpi T11FcSpiIndex,
|
|
t11FcSpSaTSelNegOutStartSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegOutEndSrcAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegOutStartDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegOutEndDstAddr FcAddressIdOrZero,
|
|
t11FcSpSaTSelNegOutStartRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelNegOutEndRCtl T11FcRoutingControl,
|
|
t11FcSpSaTSelNegOutStartType T11FcSpType,
|
|
t11FcSpSaTSelNegOutEndType T11FcSpType
|
|
}
|
|
|
|
t11FcSpSaTSelNegOutPrecedence OBJECT-TYPE
|
|
SYNTAX T11FcSpPrecedence
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The precedence of this Traffic Selector. If and when a
|
|
frame is compared against multiple Traffic Selectors, and
|
|
multiple of them have a match with the frame, the security
|
|
action to be taken for the frame is that specified for the
|
|
matching Traffic Selector having the numerically smallest
|
|
precedence value."
|
|
::= { t11FcSpSaTSelNegOutEntry 1 }
|
|
|
|
t11FcSpSaTSelNegOutInboundSpi OBJECT-TYPE
|
|
SYNTAX T11FcSpiIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI of the ingress SA of the SA pair for which this
|
|
Traffic Selector is in use on the egress SA.
|
|
|
|
This value can be used to find the SA pair's row in the
|
|
t11FcSpSaPairTable."
|
|
::= { t11FcSpSaTSelNegOutEntry 2 }
|
|
|
|
t11FcSpSaTSelNegOutStartSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 3 }
|
|
|
|
t11FcSpSaTSelNegOutEndSrcAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a source address
|
|
(S_ID) of a frame that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 4 }
|
|
|
|
t11FcSpSaTSelNegOutStartDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 5 }
|
|
|
|
t11FcSpSaTSelNegOutEndDstAddr OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero (SIZE (3))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 24-bit value of a destination
|
|
address (D_ID) of a frame that will match with this
|
|
Traffic Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 6 }
|
|
|
|
t11FcSpSaTSelNegOutStartRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 7 }
|
|
|
|
t11FcSpSaTSelNegOutEndRCtl OBJECT-TYPE
|
|
SYNTAX T11FcRoutingControl
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest 8-bit value contained within a
|
|
Routing Control (R_CTL) field of a frame that will match
|
|
with this Traffic Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 8 }
|
|
|
|
t11FcSpSaTSelNegOutStartType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically smallest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 9 }
|
|
|
|
t11FcSpSaTSelNegOutEndType OBJECT-TYPE
|
|
SYNTAX T11FcSpType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerically largest of a range of possible 'type'
|
|
values of frames that will match with this Traffic
|
|
Selector."
|
|
::= { t11FcSpSaTSelNegOutEntry 10 }
|
|
|
|
--
|
|
-- Traffic Selectors index-ed by SPI
|
|
--
|
|
|
|
t11FcSpSaTSelSpiTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaTSelSpiEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table identifying the Traffic Selectors in use on
|
|
particular Security Associations, INDEX-ed by their
|
|
(ingress) SPI values."
|
|
::= { t11FcSpSaActive 4 }
|
|
|
|
t11FcSpSaTSelSpiEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaTSelSpiEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry identifies one Traffic Selector in use on an SA
|
|
pair on the interface (identified by t11FcSpSaPairIfIndex)
|
|
to a particular Fabric (identified by
|
|
t11FcSpSaIfFabricIndex), and managed as part of the Fibre
|
|
Channel management instance identified by fcmInstanceIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaPairIfIndex,
|
|
t11FcSpSaIfFabricIndex,
|
|
t11FcSpSaTSelSpiInboundSpi, t11FcSpSaTSelSpiTrafSelIndex }
|
|
::= { t11FcSpSaTSelSpiTable 1 }
|
|
|
|
T11FcSpSaTSelSpiEntry ::= SEQUENCE {
|
|
t11FcSpSaTSelSpiInboundSpi T11FcSpiIndex,
|
|
t11FcSpSaTSelSpiTrafSelIndex Unsigned32,
|
|
t11FcSpSaTSelSpiDirection T11FcSaDirection,
|
|
t11FcSpSaTSelSpiTrafSelPtr Unsigned32
|
|
}
|
|
|
|
t11FcSpSaTSelSpiInboundSpi OBJECT-TYPE
|
|
SYNTAX T11FcSpiIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An SPI value that identifies the ingress Security
|
|
Association of a particular SA pair."
|
|
::= { t11FcSpSaTSelSpiEntry 1 }
|
|
|
|
t11FcSpSaTSelSpiTrafSelIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value that distinguishes between the
|
|
(potentially multiple) Traffic Selectors in use on
|
|
this Security Association pair."
|
|
::= { t11FcSpSaTSelSpiEntry 2 }
|
|
|
|
t11FcSpSaTSelSpiDirection OBJECT-TYPE
|
|
SYNTAX T11FcSaDirection
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether this Traffic Selector
|
|
is being used for ingress or for egress traffic."
|
|
::= { t11FcSpSaTSelSpiEntry 3 }
|
|
|
|
t11FcSpSaTSelSpiTrafSelPtr OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains a pointer into another table that
|
|
can be used to obtain more information about this Traffic
|
|
Selector.
|
|
|
|
If the corresponding instance of t11FcSpSaTSelSpiDirection
|
|
has the value 'egress', then this object contains the
|
|
value of t11FcSpSaTSelNegOutPrecedence in the row of
|
|
t11FcSpSaTSelNegOutTable, which contains more information.
|
|
|
|
If the corresponding instance of t11FcSpSaTSelSpiDirection
|
|
has the value 'ingress', then this object contains the
|
|
value of t11FcSpSaTSelNegInIndex that identifies the row
|
|
in t11FcSpSaTSelNegInTable containing more information."
|
|
::= { t11FcSpSaTSelSpiEntry 4 }
|
|
|
|
--
|
|
-- Notification information & control
|
|
--
|
|
|
|
t11FcSpSaControlTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF T11FcSpSaControlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of control and other information concerning
|
|
the generation of notifications for events related
|
|
to FC-SP Security Associations."
|
|
::= { t11FcSpSaControl 1 }
|
|
|
|
t11FcSpSaControlEntry OBJECT-TYPE
|
|
SYNTAX T11FcSpSaControlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry identifies information for the one or more
|
|
|
|
interfaces (identified by t11FcSpSaIfIndex) to a
|
|
particular Fabric (identified by t11FcSpSaIfFabricIndex),
|
|
and managed as part of the Fibre Channel management
|
|
instance identified by fcmInstanceIndex.
|
|
|
|
The StorageType of a row in this table is specified by
|
|
the instance of t11FcSpSaIfStorageType that is INDEX-ed
|
|
by the same values of fcmInstanceIndex, t11FcSpSaIfIndex,
|
|
and t11FcSpSaIfFabricIndex."
|
|
INDEX { fcmInstanceIndex, t11FcSpSaIfIndex,
|
|
t11FcSpSaIfFabricIndex }
|
|
::= { t11FcSpSaControlTable 1 }
|
|
|
|
T11FcSpSaControlEntry ::= SEQUENCE {
|
|
t11FcSpSaControlAuthFailEnable TruthValue,
|
|
t11FcSpSaControlInboundSpi T11FcSpiIndex,
|
|
t11FcSpSaControlSource FcAddressIdOrZero,
|
|
t11FcSpSaControlDestination FcAddressIdOrZero,
|
|
t11FcSpSaControlFrame OCTET STRING,
|
|
t11FcSpSaControlElapsed TimeTicks,
|
|
t11FcSpSaControlSuppressed Gauge32,
|
|
t11FcSpSaControlWindow Unsigned32,
|
|
t11FcSpSaControlMaxNotifs Unsigned32,
|
|
t11FcSpSaControlLifeExcdEnable TruthValue,
|
|
t11FcSpSaControlLifeExcdSpi T11FcSpiIndex,
|
|
t11FcSpSaControlLifeExcdDir T11FcSaDirection,
|
|
t11FcSpSaControlLifeExcdTime TimeStamp
|
|
}
|
|
|
|
t11FcSpSaControlAuthFailEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether a t11FcSpSaNotifyAuthFailure
|
|
notification should be generated for the first occurrence
|
|
of an Authentication failure within a time window for this
|
|
Fabric."
|
|
::= { t11FcSpSaControlEntry 1 }
|
|
|
|
t11FcSpSaControlInboundSpi OBJECT-TYPE
|
|
SYNTAX T11FcSpiIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI value of the ingress Security Association on
|
|
which was received the last frame for which a
|
|
t11FcSpSaNotifyAuthFailure was generated.
|
|
|
|
If no t11FcSpSaNotifyAuthFailure notifications have
|
|
been generated, the value of this object is zero."
|
|
::= { t11FcSpSaControlEntry 2 }
|
|
|
|
t11FcSpSaControlSource OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The S_ID contained in the last frame for which a
|
|
t11FcSpSaNotifyAuthFailure was generated.
|
|
|
|
If no t11FcSpSaNotifyAuthFailure notifications have
|
|
been generated, the value of this object is the
|
|
zero-length string."
|
|
::= { t11FcSpSaControlEntry 3 }
|
|
|
|
t11FcSpSaControlDestination OBJECT-TYPE
|
|
SYNTAX FcAddressIdOrZero
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The D_ID contained in the last frame for which a
|
|
t11FcSpSaNotifyAuthFailure was generated.
|
|
|
|
If no t11FcSpSaNotifyAuthFailure notifications have
|
|
been generated, the value of this object is the
|
|
zero-length string."
|
|
::= { t11FcSpSaControlEntry 4 }
|
|
|
|
t11FcSpSaControlFrame OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..256))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The binary content of the last frame for which a
|
|
t11FcSpSaNotifyAuthFailure was generated. If more than
|
|
256 bytes of the frame are available, then this object
|
|
contains the first 256 bytes. If less than 256 bytes of
|
|
the frame are available, then this object contains the
|
|
first N bytes, where N is greater or equal to zero.
|
|
|
|
If no t11FcSpSaNotifyAuthFailure notifications have
|
|
been generated, the value of this object is the
|
|
zero-length string."
|
|
::= { t11FcSpSaControlEntry 5 }
|
|
|
|
t11FcSpSaControlElapsed OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The elapsed time since the last generation of a
|
|
t11FcSpSaNotifyAuthFailure notification on the same
|
|
Fabric, or the value of sysUpTime if no
|
|
t11FcSpSaNotifyAuthFailure notifications have been
|
|
generated since the last restart."
|
|
::= { t11FcSpSaControlEntry 6 }
|
|
|
|
t11FcSpSaControlSuppressed OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of occurrences of an Authentication failure
|
|
on a Fabric that were suppressed because they occurred
|
|
on the same Fabric within the same time window as a
|
|
previous Authentication failure for which a
|
|
t11FcSpSaNotifyAuthFailure notification was generated.
|
|
|
|
The value of this object is reset to zero on a restart
|
|
of the network management subsystem, and whenever a
|
|
t11FcSpSaNotifyAuthFailure notification is generated.
|
|
In the event that the value of this object reaches its
|
|
maximum value, it remains at that value until it is
|
|
reset on the generation of the next
|
|
t11FcSpSaNotifyAuthFailure notification."
|
|
::= { t11FcSpSaControlEntry 7 }
|
|
|
|
t11FcSpSaControlWindow OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of a time window that begins when a
|
|
t11FcSpSaNotifyAuthFailure notification is generated for
|
|
any Security Association on a particular Fabric. For the
|
|
duration of the time window, further Authentication failures
|
|
occurring for the same Security Association are counted but
|
|
no t11FcSpSaNotifyAuthFailure notification is generated.
|
|
|
|
When this object is modified before the end of a time
|
|
window, that time window is immediately terminated, i.e.,
|
|
the next Authentication failure on the relevant Fabric
|
|
after the modification will cause a new time window to
|
|
|
|
begin with the new length."
|
|
DEFVAL { 300 }
|
|
::= { t11FcSpSaControlEntry 8 }
|
|
|
|
t11FcSpSaControlMaxNotifs OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of t11FcSpSaNotifyAuthFailure
|
|
notifications to be generated per Fabric within a
|
|
t11FcSpSaControlWindow time window. Subsequent
|
|
Authentication failures occurring on the same Fabric
|
|
in the same time window are counted, but no
|
|
t11FcSpSaNotifyAuthFailure notification is generated.
|
|
|
|
When this object is modified before the end of a time
|
|
window, that time window is immediately terminated, i.e.,
|
|
the next Authentication failure on the relevant Fabric
|
|
after the modification will cause a new time window to
|
|
begin with the new length."
|
|
DEFVAL { 16 }
|
|
::= { t11FcSpSaControlEntry 9 }
|
|
|
|
t11FcSpSaControlLifeExcdEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether t11FcSpSaNotifyLifeExceeded
|
|
notifications should be generated for this Fabric."
|
|
DEFVAL { true }
|
|
::= { t11FcSpSaControlEntry 10 }
|
|
|
|
t11FcSpSaControlLifeExcdSpi OBJECT-TYPE
|
|
SYNTAX T11FcSpiIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI of the SA that was most recently terminated
|
|
because its lifetime (in seconds or in passed bytes)
|
|
was exceeded. Such terminations include those due to
|
|
a failed attempt to renew an SA after its lifetime was
|
|
exceeded."
|
|
::= { t11FcSpSaControlEntry 11 }
|
|
|
|
t11FcSpSaControlLifeExcdDir OBJECT-TYPE
|
|
SYNTAX T11FcSaDirection
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of frame transmission on the SA that was
|
|
most recently terminated because its lifetime (in seconds
|
|
or in passed bytes) was exceeded."
|
|
::= { t11FcSpSaControlEntry 12 }
|
|
|
|
t11FcSpSaControlLifeExcdTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time of the most recent termination of an SA
|
|
due to its lifetime (in seconds or in passed bytes)
|
|
being exceeded. Such terminations include those
|
|
due to a failed attempt to renew an SA after its
|
|
lifetime was exceeded."
|
|
::= { t11FcSpSaControlEntry 13 }
|
|
|
|
--
|
|
-- Notification definitions
|
|
--
|
|
|
|
t11FcSpSaNotifyAuthFailure NOTIFICATION-TYPE
|
|
OBJECTS { t11FcSpSaControlInboundSpi,
|
|
t11FcSpSaControlSource,
|
|
t11FcSpSaControlDestination,
|
|
t11FcSpSaControlFrame,
|
|
t11FcSpSaControlElapsed,
|
|
t11FcSpSaControlSuppressed }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When this notification is generated, it indicates the
|
|
occurrence of an Authentication failure for a received
|
|
FC-2 or CT_IU frame. The t11FcSpSaControlInboundSpi,
|
|
t11FcSpSaControlSource, and t11FcSpSaControlDestination
|
|
objects in the varbindlist are the frame's SPI, source and
|
|
destination addresses, respectively. t11FcSpSaControlFrame
|
|
provides the (beginning of the) frame's content if such is
|
|
available.
|
|
|
|
This notification is generated only for the first
|
|
occurrence of an Authentication failure on a Fabric within
|
|
a time window. Subsequent occurrences of an Authentication
|
|
Failure on the same Fabric within the same time window
|
|
are counted but suppressed.
|
|
|
|
The value of t11FcSpSaControlElapsed contains (a lower bound
|
|
on) the elapsed time since the last generation of this
|
|
notification for the same Fabric. The value of
|
|
t11FcSpSaControlSuppressed contains the number of
|
|
generations which were suppressed in the time window after
|
|
that last generation, or zero if unknown."
|
|
::= { t11FcSpSaMIBNotifications 1 }
|
|
|
|
t11FcSpSaNotifyLifeExceeded NOTIFICATION-TYPE
|
|
OBJECTS { t11FcSpSaControlLifeExcdSpi,
|
|
t11FcSpSaControlLifeExcdDir }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated when the lifetime (in
|
|
seconds or in passed bytes) of an SA is exceeded, and the
|
|
SA is either immediately terminated or is terminated
|
|
because an attempt to renew the SA fails. The values of
|
|
t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir
|
|
contain the SPI and direction of the terminated SA."
|
|
::= { t11FcSpSaMIBNotifications 2 }
|
|
|
|
--
|
|
-- Conformance
|
|
--
|
|
|
|
t11FcSpSaMIBCompliances
|
|
OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 1 }
|
|
t11FcSpSaMIBGroups OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 2 }
|
|
|
|
t11FcSpSaMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities that implement
|
|
FC-SP Security Associations."
|
|
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS
|
|
{ t11FcSpSaCapabilityGroup,
|
|
t11FcSpSaParamStatusGroup,
|
|
t11FcSpSaSummaryCountGroup,
|
|
t11FcSpSaProposalGroup,
|
|
t11FcSpSaDropBypassGroup,
|
|
t11FcSpSaActiveGroup,
|
|
t11FcSpSaNotifInfoGroup,
|
|
t11FcSpSaNotificationGroup
|
|
}
|
|
|
|
-- The following is an auxiliary (listed in an INDEX clause)
|
|
|
|
-- object for which the SMIv2 does not allow an OBJECT clause
|
|
-- to be specified, but for which this MIB has the following
|
|
-- compliance requirement:
|
|
-- OBJECT t11FcSpSaIfIndex
|
|
-- DESCRIPTION
|
|
-- Compliance requires support for either one of:
|
|
-- - individual interfaces using ifIndex values, or
|
|
-- - the use of the zero value.
|
|
|
|
-- Write access is not required for any objects in this MIB module:
|
|
|
|
OBJECT t11FcSpSaIfStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTransStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaIfReplayPrevention
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaIfReplayWindowSize
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaIfTerminateAllSas
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaPropSecurityProt
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaPropTSelListIndex
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaPropTransListIndex
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaPropAcceptAlgorithm
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaPropRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropDirection
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropStartSrcAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropEndSrcAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropStartDstAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropEndDstAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropStartRCtl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropEndRCtl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropStartType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropEndType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelPropRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTransSecurityProt
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTransEncryptAlg
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTransEncryptKeyLen
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTransIntegrityAlg
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTransRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByStartSrcAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByEndSrcAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByStartDstAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByEndDstAddr
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByStartRCtl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByEndRCtl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByStartType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByEndType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaTSelDrByRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaPairTerminate
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaControlAuthFailEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaControlWindow
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaControlMaxNotifs
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
|
|
OBJECT t11FcSpSaControlLifeExcdEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION "Write access is not required."
|
|
::= { t11FcSpSaMIBCompliances 1 }
|
|
|
|
-- Units of Conformance
|
|
|
|
t11FcSpSaCapabilityGroup OBJECT-GROUP
|
|
OBJECTS { t11FcSpSaIfEspHeaderCapab,
|
|
t11FcSpSaIfCTAuthCapab,
|
|
t11FcSpSaIfIKEv2Capab,
|
|
t11FcSpSaIfIkev2AuthCapab
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing information
|
|
related to capabilities of FC-SP entities."
|
|
::= { t11FcSpSaMIBGroups 1 }
|
|
|
|
t11FcSpSaParamStatusGroup OBJECT-GROUP
|
|
|
|
OBJECTS { t11FcSpSaIfStorageType,
|
|
t11FcSpSaIfReplayPrevention,
|
|
t11FcSpSaIfReplayWindowSize,
|
|
t11FcSpSaIfDeadPeerDetections,
|
|
t11FcSpSaIfTerminateAllSas
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing parameters
|
|
and status information related to FC-SP entities."
|
|
::= { t11FcSpSaMIBGroups 2 }
|
|
|
|
t11FcSpSaSummaryCountGroup OBJECT-GROUP
|
|
OBJECTS { t11FcSpSaIfOutDrops,
|
|
t11FcSpSaIfOutBypasses,
|
|
t11FcSpSaIfOutProcesses,
|
|
t11FcSpSaIfOutUnMatcheds,
|
|
t11FcSpSaIfInUnprotUnmtchDrops,
|
|
t11FcSpSaIfInDetReplays,
|
|
t11FcSpSaIfInUnprotMtchDrops,
|
|
t11FcSpSaIfInBadXforms,
|
|
t11FcSpSaIfInGoodXforms,
|
|
t11FcSpSaIfInProtUnmtchs
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing summary
|
|
counters for FC-SP Security Associations."
|
|
::= { t11FcSpSaMIBGroups 3 }
|
|
|
|
t11FcSpSaProposalGroup OBJECT-GROUP
|
|
OBJECTS { t11FcSpSaPropSecurityProt,
|
|
t11FcSpSaPropTSelListIndex,
|
|
t11FcSpSaPropTransListIndex,
|
|
t11FcSpSaPropAcceptAlgorithm,
|
|
t11FcSpSaPropOutMatchSucceeds,
|
|
t11FcSpSaPropRowStatus,
|
|
t11FcSpSaTSelPropDirection,
|
|
t11FcSpSaTSelPropStartSrcAddr,
|
|
t11FcSpSaTSelPropEndSrcAddr,
|
|
t11FcSpSaTSelPropStartDstAddr,
|
|
t11FcSpSaTSelPropEndDstAddr,
|
|
t11FcSpSaTSelPropStartRCtl,
|
|
t11FcSpSaTSelPropEndRCtl,
|
|
t11FcSpSaTSelPropStartType,
|
|
t11FcSpSaTSelPropEndType,
|
|
t11FcSpSaTSelPropStorageType,
|
|
t11FcSpSaTSelPropRowStatus
|
|
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing information
|
|
related to making and accepting proposals for
|
|
FC-SP Security Associations."
|
|
::= { t11FcSpSaMIBGroups 4 }
|
|
|
|
t11FcSpSaDropBypassGroup OBJECT-GROUP
|
|
OBJECTS { t11FcSpSaTSelDrByAction,
|
|
t11FcSpSaTSelDrByStartSrcAddr,
|
|
t11FcSpSaTSelDrByEndSrcAddr,
|
|
t11FcSpSaTSelDrByStartDstAddr,
|
|
t11FcSpSaTSelDrByEndDstAddr,
|
|
t11FcSpSaTSelDrByStartRCtl,
|
|
t11FcSpSaTSelDrByEndRCtl,
|
|
t11FcSpSaTSelDrByStartType,
|
|
t11FcSpSaTSelDrByEndType,
|
|
t11FcSpSaTSelDrByMatches,
|
|
t11FcSpSaTSelDrByRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing information
|
|
about Traffic Selectors of traffic to drop or bypass
|
|
for FC-SP Security."
|
|
::= { t11FcSpSaMIBGroups 5 }
|
|
|
|
t11FcSpSaActiveGroup OBJECT-GROUP
|
|
OBJECTS { t11FcSpSaPairSecurityProt,
|
|
t11FcSpSaPairTransListIndex,
|
|
t11FcSpSaPairTransIndex,
|
|
t11FcSpSaPairLifetimeLeft,
|
|
t11FcSpSaPairLifetimeLeftUnits,
|
|
t11FcSpSaPairTerminate,
|
|
t11FcSpSaPairInProtUnMatchs,
|
|
t11FcSpSaPairInDetReplays,
|
|
t11FcSpSaPairInBadXforms,
|
|
t11FcSpSaPairInGoodXforms,
|
|
t11FcSpSaTransSecurityProt,
|
|
t11FcSpSaTransEncryptAlg,
|
|
t11FcSpSaTransEncryptKeyLen,
|
|
t11FcSpSaTransIntegrityAlg,
|
|
t11FcSpSaTransStorageType,
|
|
t11FcSpSaTransRowStatus,
|
|
t11FcSpSaTSelNegInInboundSpi,
|
|
t11FcSpSaTSelNegInStartSrcAddr,
|
|
t11FcSpSaTSelNegInEndSrcAddr,
|
|
t11FcSpSaTSelNegInStartDstAddr,
|
|
t11FcSpSaTSelNegInEndDstAddr,
|
|
t11FcSpSaTSelNegInStartRCtl,
|
|
t11FcSpSaTSelNegInEndRCtl,
|
|
t11FcSpSaTSelNegInStartType,
|
|
t11FcSpSaTSelNegInEndType,
|
|
t11FcSpSaTSelNegInUnpMtchDrops,
|
|
t11FcSpSaTSelNegOutInboundSpi,
|
|
t11FcSpSaTSelNegOutStartSrcAddr,
|
|
t11FcSpSaTSelNegOutEndSrcAddr,
|
|
t11FcSpSaTSelNegOutStartDstAddr,
|
|
t11FcSpSaTSelNegOutEndDstAddr,
|
|
t11FcSpSaTSelNegOutStartRCtl,
|
|
t11FcSpSaTSelNegOutEndRCtl,
|
|
t11FcSpSaTSelNegOutStartType,
|
|
t11FcSpSaTSelNegOutEndType,
|
|
t11FcSpSaTSelSpiDirection,
|
|
t11FcSpSaTSelSpiTrafSelPtr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing information related
|
|
to currently active FC-SP Security Associations."
|
|
::= { t11FcSpSaMIBGroups 6 }
|
|
|
|
t11FcSpSaNotifInfoGroup OBJECT-GROUP
|
|
OBJECTS { t11FcSpSaControlAuthFailEnable,
|
|
t11FcSpSaControlInboundSpi,
|
|
t11FcSpSaControlSource,
|
|
t11FcSpSaControlDestination,
|
|
t11FcSpSaControlFrame,
|
|
t11FcSpSaControlElapsed,
|
|
t11FcSpSaControlSuppressed,
|
|
t11FcSpSaControlWindow,
|
|
t11FcSpSaControlMaxNotifs,
|
|
t11FcSpSaControlLifeExcdEnable,
|
|
t11FcSpSaControlLifeExcdSpi,
|
|
t11FcSpSaControlLifeExcdDir,
|
|
t11FcSpSaControlLifeExcdTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects containing information
|
|
related to notifications of events concerning
|
|
FC-SP Security Associations."
|
|
::= { t11FcSpSaMIBGroups 7 }
|
|
|
|
t11FcSpSaNotificationGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { t11FcSpSaNotifyAuthFailure,
|
|
t11FcSpSaNotifyLifeExceeded
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications of events concerning
|
|
FC-SP Security Associations."
|
|
::= { t11FcSpSaMIBGroups 8 }
|
|
|
|
END
|