1633 lines
44 KiB
Plaintext
1633 lines
44 KiB
Plaintext
LUM-CRYPTO-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64
|
|
FROM SNMPv2-SMI
|
|
OBJECT-GROUP, MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF
|
|
TEXTUAL-CONVENTION, DateAndTime, DisplayString
|
|
FROM SNMPv2-TC
|
|
lumModules, lumCryptoMIB
|
|
FROM LUM-REG
|
|
SignalStatusWithNA, FaultStatusWithNA, MgmtNameString, CommandString,
|
|
Unsigned32WithNA, OperStatusWithNA, OnOff, ResetWithNA, OperStatusWithNA,
|
|
AdminStatusWithNA
|
|
FROM LUM-TC;
|
|
|
|
lumCryptoMIBModule MODULE-IDENTITY
|
|
LAST-UPDATED
|
|
"201810310000Z" -- Oct 31st 2018
|
|
ORGANIZATION
|
|
"Infinera Corporation"
|
|
CONTACT-INFO
|
|
"techsupport@infinera.com"
|
|
DESCRIPTION
|
|
"This module describes the traffic encryption.
|
|
|
|
The tables contained in this MIB are:
|
|
|
|
(1) The General group contains some general attributes as time stamps
|
|
and tables sizes.
|
|
|
|
(2) Crypto Auth.
|
|
|
|
(3) Crypto Peer.
|
|
|
|
(4) Crypto Pmadmin
|
|
|
|
(5) Performance.
|
|
|
|
"
|
|
REVISION
|
|
"201810310000Z" -- Oct 31st 2018
|
|
DESCRIPTION
|
|
"The initial revision of this module."
|
|
::= { lumModules 71 }
|
|
|
|
|
|
|
|
CryptoPeriodWithNA ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The period time for performance data.
|
|
|
|
period15minutes - 15 minutes
|
|
period24hours - 24 hours"
|
|
|
|
SYNTAX INTEGER {
|
|
period15minutes (1),
|
|
period24hours (2),
|
|
notApplicable (2147483647) }
|
|
|
|
CryptoMeasurementTypeWithNA ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction type.
|
|
|
|
rx - receiver, only ingoing signal
|
|
tx - transmitter, only outgoing signal
|
|
both - rx and tx both"
|
|
|
|
SYNTAX INTEGER {
|
|
rx (1),
|
|
tx (2),
|
|
both (3),
|
|
notApplicable (2147483647) }
|
|
|
|
BooleanWithNA ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines a value that can be true, false or not available
|
|
|
|
true - The condition is true
|
|
|
|
false - The condition is false
|
|
|
|
notAvailable (2147483646) is used when attribute is
|
|
not available under current circumstances. This value
|
|
is only used when used for a state.
|
|
|
|
notApplicable (2147483647) is used when attribute is
|
|
not used in current configuration."
|
|
|
|
SYNTAX INTEGER {
|
|
true (1),
|
|
false (2),
|
|
notAvailable (2147483646),
|
|
notApplicable (2147483647) }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- Compliance area, containing groups and compliance
|
|
-- specifications.
|
|
-- ----------------------------------------------------
|
|
|
|
lumCryptoConfs OBJECT IDENTIFIER ::= { lumCryptoMIB 1 }
|
|
lumCryptoGroups OBJECT IDENTIFIER ::= { lumCryptoConfs 1 }
|
|
lumCryptoCompl OBJECT IDENTIFIER ::= { lumCryptoConfs 2 }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- Root for objects in the CRYPTO MIB
|
|
-- ----------------------------------------------------
|
|
|
|
lumCryptoMIBObjects OBJECT IDENTIFIER ::= { lumCryptoMIB 2 }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- This MIB contains the following groups:
|
|
-- ----------------------------------------------------
|
|
cryptoGeneral OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 1 }
|
|
cryptoAuthList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 2 }
|
|
cryptoIKEPeerList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 3 }
|
|
cryptoDataplaneEncryptionList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 4 }
|
|
cryptoPmadminList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 5 }
|
|
cryptoPerformanceList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 6 }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- General group
|
|
-- ----------------------------------------------------
|
|
|
|
cryptoGeneralConfigLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the configuration of the MIB was
|
|
last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 1 }
|
|
|
|
cryptoGeneralStateLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the state and/or configuration of
|
|
the MIB was last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 2 }
|
|
|
|
cryptoGeneralCryptoAuthTableSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Size of table.
|
|
|
|
"
|
|
::= { cryptoGeneral 3 }
|
|
|
|
cryptoGeneralCryptoAuthConfigLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the configuration of the table was
|
|
last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 4 }
|
|
|
|
cryptoGeneralCryptoAuthStateLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the state and/or configuration of
|
|
the table was last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 5 }
|
|
|
|
cryptoGeneralCryptoIKEPeerTableSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Size of table.
|
|
|
|
"
|
|
::= { cryptoGeneral 6 }
|
|
|
|
cryptoGeneralCryptoIKEPeerConfigLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the configuration of the table was
|
|
last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 7 }
|
|
|
|
cryptoGeneralCryptoIKEPeerStateLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the state and/or configuration of
|
|
the table was last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 8 }
|
|
|
|
cryptoGeneralCryptoDataplaneEncryptionTableSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Size of table.
|
|
|
|
"
|
|
::= { cryptoGeneral 9 }
|
|
|
|
cryptoGeneralCryptoDataplaneEncryptionConfigLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the configuration of the table was
|
|
last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 10 }
|
|
|
|
cryptoGeneralCryptoDataplaneEncryptionStateLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the state and/or configuration of
|
|
the table was last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 11 }
|
|
|
|
cryptoGeneralCryptoPmadminTableSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Size of cryptoPmadmin table.
|
|
|
|
"
|
|
::= { cryptoGeneral 12 }
|
|
|
|
cryptoGeneralCryptoPmadminConfigLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the configuration of the table was
|
|
last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 13 }
|
|
|
|
cryptoGeneralCryptoPmadminStateLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the state and/or configuration of
|
|
the table was last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 14 }
|
|
|
|
cryptoGeneralCryptoPerformanceTableSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Size of cryptoPerformance performance table.
|
|
|
|
"
|
|
::= { cryptoGeneral 15 }
|
|
|
|
cryptoGeneralCryptoPerformanceConfigLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the configuration of the table was
|
|
last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 16 }
|
|
|
|
cryptoGeneralCryptoPerformanceStateLastChangeTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time when the state and/or configuration of
|
|
the table was last changed.
|
|
|
|
"
|
|
::= { cryptoGeneral 17 }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- Crypto Auth group
|
|
-- ----------------------------------------------------
|
|
|
|
cryptoAuthTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CryptoAuthEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The crypto auth group contains information and
|
|
configuration for the crypto authentication."
|
|
|
|
::= { cryptoAuthList 1 }
|
|
|
|
cryptoAuthEntry OBJECT-TYPE
|
|
SYNTAX CryptoAuthEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the crypto auth list.
|
|
|
|
"
|
|
INDEX { cryptoAuthIndex }
|
|
::= { cryptoAuthTable 1 }
|
|
|
|
CryptoAuthEntry ::=
|
|
SEQUENCE {
|
|
cryptoAuthIndex Unsigned32,
|
|
cryptoAuthUId Unsigned32,
|
|
cryptoAuthName MgmtNameString,
|
|
cryptoAuthIdentity MgmtNameString,
|
|
cryptoAuthReAuthInterval Unsigned32,
|
|
cryptoAuthReAuth CommandString,
|
|
cryptoAuthCreateIKEPeer CommandString,
|
|
cryptoAuthenticationGenerateUniqueID CommandString,
|
|
cryptoGeneratedUniqueIdentity MgmtNameString}
|
|
|
|
cryptoAuthIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoAuthEntry 1 }
|
|
|
|
cryptoAuthUId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique identifier assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoAuthEntry 2 }
|
|
|
|
cryptoAuthName OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The management name of the object,
|
|
in the format 'authentication:subrack:slot:Id'
|
|
|
|
"
|
|
::= { cryptoAuthEntry 3 }
|
|
|
|
cryptoAuthIdentity OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A globally unique authentication identifier for this board.
|
|
This is unique identity for communication, if found blank
|
|
please generate it using Generate Authentication Identity Option.
|
|
|
|
"
|
|
::= { cryptoAuthEntry 4 }
|
|
|
|
cryptoAuthReAuthInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..1000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the interval after which reauthentication
|
|
will be triggered to ensure message integrity.
|
|
|
|
"
|
|
DEFVAL { 24 }
|
|
::= { cryptoAuthEntry 5 }
|
|
|
|
cryptoAuthReAuth OBJECT-TYPE
|
|
SYNTAX CommandString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to initiate reauthentication for all IKE peers.
|
|
|
|
"
|
|
::= { cryptoAuthEntry 6 }
|
|
|
|
cryptoAuthCreateIKEPeer OBJECT-TYPE
|
|
SYNTAX CommandString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Command for creating an IKE peer entry.
|
|
|
|
"
|
|
::= { cryptoAuthEntry 7 }
|
|
|
|
cryptoAuthenticationGenerateUniqueID OBJECT-TYPE
|
|
SYNTAX CommandString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use this option to generate unique ID for IKE authentication.
|
|
|
|
"
|
|
::= { cryptoAuthEntry 8 }
|
|
|
|
cryptoGeneratedUniqueIdentity OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A generated unique identifier which will be used,
|
|
in case backplane serial number is not present for node.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { cryptoAuthEntry 9 }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- Crypto IKE Peer group
|
|
-- ----------------------------------------------------
|
|
|
|
cryptoIKEPeerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CryptoIKEPeerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The crypto peer group contains information and
|
|
configuration for the crypto peer."
|
|
|
|
::= { cryptoIKEPeerList 1 }
|
|
|
|
cryptoIKEPeerEntry OBJECT-TYPE
|
|
SYNTAX CryptoIKEPeerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the crypto peer list.
|
|
|
|
"
|
|
INDEX { cryptoIKEPeerIndex }
|
|
::= { cryptoIKEPeerTable 1 }
|
|
|
|
CryptoIKEPeerEntry ::=
|
|
SEQUENCE {
|
|
cryptoIKEPeerIndex Unsigned32,
|
|
cryptoIKEPeerUId Unsigned32,
|
|
cryptoIKEPeerName MgmtNameString,
|
|
cryptoIKEPeerIdentity MgmtNameString,
|
|
cryptoIKEPeerExpectedIKEPeerIdentity MgmtNameString,
|
|
cryptoIKEPeerAuthScheme INTEGER,
|
|
cryptoIKEPeerPSK DisplayString,
|
|
cryptoIKEPeerAdminStatus INTEGER,
|
|
cryptoIKEPeerOperStatus OperStatusWithNA,
|
|
cryptoIKEPeerLastReAuthTime DateAndTime,
|
|
cryptoIKEPeerReKeyInterval Unsigned32,
|
|
cryptoIKEPeerLastReKeyTime DateAndTime,
|
|
cryptoIKEPeerReKey CommandString,
|
|
cryptoIKEPeerConfigMismatch FaultStatusWithNA,
|
|
cryptoIKEPeerUnreachable FaultStatusWithNA,
|
|
cryptoIKEPeerAuthenticationFailure FaultStatusWithNA,
|
|
cryptoIKEPeerReKeyFailure FaultStatusWithNA }
|
|
|
|
cryptoIKEPeerIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 1 }
|
|
|
|
cryptoIKEPeerUId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An unique identifier assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 2 }
|
|
|
|
cryptoIKEPeerName OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The management name of the object,
|
|
in the format 'ikePeer:subrack:slot:Id.'
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 3 }
|
|
|
|
cryptoIKEPeerIdentity OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A globally unique authentication identifier for this IKE peer.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { cryptoIKEPeerEntry 4 }
|
|
|
|
cryptoIKEPeerExpectedIKEPeerIdentity OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the user configured expected identifier of the IKE peer.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { cryptoIKEPeerEntry 5 }
|
|
|
|
cryptoIKEPeerAuthScheme OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
psk (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication scheme to use for this IKE peer.
|
|
|
|
"
|
|
DEFVAL { 1 }
|
|
::= { cryptoIKEPeerEntry 6 }
|
|
|
|
cryptoIKEPeerPSK OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The pre-shared key(PSK) used to authenticate the IKE peer.
|
|
|
|
PSK should be in the below format:
|
|
- text string
|
|
- valid length: 64-128 characters
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { cryptoIKEPeerEntry 7 }
|
|
|
|
cryptoIKEPeerAdminStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
up (1),
|
|
service (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administrative state for the IKE peer.
|
|
|
|
service - the object is activated but alarms
|
|
are suppressed. Intended for use during service
|
|
or reconfiguration. When service is concluded
|
|
adminStatus should be set to 'up' again.
|
|
|
|
up - the object is active and alarms are not suppressed.
|
|
|
|
"
|
|
DEFVAL { 1 }
|
|
::= { cryptoIKEPeerEntry 8 }
|
|
|
|
|
|
cryptoIKEPeerOperStatus OBJECT-TYPE
|
|
SYNTAX OperStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The operational state of this object.
|
|
This attribute is required to automatically suppress (or not)
|
|
the alarms from admin status attribute.
|
|
"
|
|
::= { cryptoIKEPeerEntry 9 }
|
|
|
|
cryptoIKEPeerLastReAuthTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The last time this IKE peer was reauthenticated.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 10 }
|
|
|
|
cryptoIKEPeerReKeyInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (600..86400)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value denotes the remaining time interval beyond which the system
|
|
will initiate re-key for this IKE peer.
|
|
|
|
"
|
|
DEFVAL { 3600 }
|
|
::= { cryptoIKEPeerEntry 11 }
|
|
|
|
cryptoIKEPeerLastReKeyTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The last time the peer was rekeyed.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 12 }
|
|
|
|
cryptoIKEPeerReKey OBJECT-TYPE
|
|
SYNTAX CommandString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to initiate rekey for this IKE peer.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 13 }
|
|
|
|
cryptoIKEPeerConfigMismatch OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IKE SA cannot be negotiated due to mismatch in SA proposal.
|
|
|
|
alarm: configured peer identity wrong or un-configured.
|
|
|
|
ok: the encryption configuration matches.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 14 }
|
|
|
|
cryptoIKEPeerUnreachable OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unable to reach the IKE Peer.
|
|
|
|
alarm: communication failure.
|
|
|
|
ok: IKE peer communication successfull.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 15 }
|
|
|
|
cryptoIKEPeerAuthenticationFailure OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Re-authentication with the peer instance failed.
|
|
|
|
alarm: re-authentication with the peer instance failed.
|
|
|
|
ok: the IKE authentication is successfull.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 16 }
|
|
|
|
cryptoIKEPeerReKeyFailure OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rekey of the IKE SA fails.
|
|
|
|
alarm: IKE SA rekey is unsuccessfull.
|
|
|
|
ok: IKE SA rekey is successfull.
|
|
|
|
"
|
|
::= { cryptoIKEPeerEntry 17 }
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- Crypto Dataplane Encryption group
|
|
-- ----------------------------------------------------
|
|
|
|
cryptoDataplaneEncryptionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CryptoDataplaneEncryptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The crypto dataplane encryption contains information and
|
|
configuration for the crypto dataplane encryption."
|
|
|
|
::= { cryptoDataplaneEncryptionList 1 }
|
|
|
|
cryptoDataplaneEncryptionEntry OBJECT-TYPE
|
|
SYNTAX CryptoDataplaneEncryptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the crypto dataplane encryption list.
|
|
|
|
"
|
|
INDEX { cryptoDataplaneEncryptionIndex }
|
|
::= { cryptoDataplaneEncryptionTable 1 }
|
|
|
|
CryptoDataplaneEncryptionEntry ::=
|
|
SEQUENCE {
|
|
cryptoDataplaneEncryptionIndex Unsigned32,
|
|
cryptoDataplaneEncryptionUId Unsigned32,
|
|
cryptoDataplaneEncryptionName MgmtNameString,
|
|
cryptoDataplaneEncryptionLocalDataplaneId MgmtNameString,
|
|
cryptoDataplaneEncryptionExpectedPeerDataplaneId MgmtNameString,
|
|
cryptoDataplaneEncryptionDiscoveredPeerDataplaneId MgmtNameString,
|
|
cryptoDataplaneEncryptionOTNOHAllocation INTEGER,
|
|
cryptoDataplaneEncryptionIKEPeerIdentity INTEGER,
|
|
cryptoDataplaneEncryptionReKeyInterval Unsigned32,
|
|
cryptoDataplaneEncryptionFailurePolicy INTEGER,
|
|
cryptoDataplaneEncryptionTrafficKillTimeOffset Unsigned32,
|
|
cryptoDataplaneEncryptionEncryptionMode INTEGER,
|
|
cryptoDataplaneEncryptionLastReKeyTimeTx DateAndTime,
|
|
cryptoDataplaneEncryptionLastReKeyTimeRx DateAndTime,
|
|
cryptoDataplaneEncryptionPeerDpIdMismatch FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionConfigMismatch FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionReKeyFailure FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionRXKeyRotationFailure FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionIVExhausted FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionFunctionBlocked FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionUnexpectedRxKeyId FaultStatusWithNA,
|
|
cryptoDataplaneEncryptionReKey CommandString }
|
|
|
|
cryptoDataplaneEncryptionIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 1 }
|
|
|
|
cryptoDataplaneEncryptionUId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An unique identifier assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 2 }
|
|
|
|
cryptoDataplaneEncryptionName OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The management name of the Dataplane Link,
|
|
in the format 'dpEncr:subrack:slot:portNumber'.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 3 }
|
|
|
|
cryptoDataplaneEncryptionLocalDataplaneId OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the unique local unique identifier for the dataplane link
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 4 }
|
|
|
|
cryptoDataplaneEncryptionExpectedPeerDataplaneId OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the user configured expected Dataplane link peer unique identifier.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { cryptoDataplaneEncryptionEntry 5 }
|
|
|
|
cryptoDataplaneEncryptionDiscoveredPeerDataplaneId OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the actual peer Dataplane link identifier discovered by the system.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 6 }
|
|
|
|
cryptoDataplaneEncryptionOTNOHAllocation OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
apspcctcm3 (1),
|
|
apspcctcm1 (2),
|
|
tcm1 (3),
|
|
tcm3 (4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the OTN overhead chosen by the user for Dataplane link.
|
|
|
|
"
|
|
DEFVAL { 1 }
|
|
::= { cryptoDataplaneEncryptionEntry 7 }
|
|
|
|
cryptoDataplaneEncryptionIKEPeerIdentity OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none (0),
|
|
ikePeer1 (1),
|
|
ikePeer2 (2),
|
|
ikePeer3 (3),
|
|
ikePeer4 (4),
|
|
ikePeer5 (5),
|
|
ikePeer6 (6),
|
|
ikePeer7 (7),
|
|
ikePeer8 (8),
|
|
ikePeer9 (9),
|
|
ikePeer10 (10),
|
|
ikePeer11 (11),
|
|
ikePeer12 (12),
|
|
ikePeer13 (13),
|
|
ikePeer14 (14),
|
|
ikePeer15 (15),
|
|
ikePeer16 (16),
|
|
notApplicable (2147483647)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the corresponding IKE Peer associated to the data plane link.
|
|
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { cryptoDataplaneEncryptionEntry 8 }
|
|
|
|
cryptoDataplaneEncryptionReKeyInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (60..86400)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value denotes the remaining time interval beyond which the system will initiate re-key.
|
|
|
|
"
|
|
DEFVAL { 300 }
|
|
::= { cryptoDataplaneEncryptionEntry 9 }
|
|
|
|
cryptoDataplaneEncryptionFailurePolicy OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
continueop (1),
|
|
killtraffic (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value denotes which policy is applied on rekey or re-auth failure scenarios.
|
|
continueop - indicates continue operation
|
|
killtraffic - indicates stop the traffic after Kill Time offset.
|
|
|
|
"
|
|
DEFVAL { 1 }
|
|
::= { cryptoDataplaneEncryptionEntry 10 }
|
|
|
|
cryptoDataplaneEncryptionTrafficKillTimeOffset OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..86400)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents, how long to hold-off before traffic should be killed.
|
|
Applies if failure policy is set to kill traffic.
|
|
|
|
"
|
|
DEFVAL { 900 }
|
|
::= { cryptoDataplaneEncryptionEntry 11 }
|
|
|
|
cryptoDataplaneEncryptionEncryptionMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
bypass (1),
|
|
gcm (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the encryption mode selected by user for Dataplane link
|
|
|
|
"
|
|
DEFVAL { 1 }
|
|
::= { cryptoDataplaneEncryptionEntry 12 }
|
|
|
|
cryptoDataplaneEncryptionLastReKeyTimeTx OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the last time the dataplane was rekeyed in tx direction.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 13 }
|
|
|
|
cryptoDataplaneEncryptionLastReKeyTimeRx OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the last time the dataplane was rekeyed in rx direction.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 14 }
|
|
|
|
cryptoDataplaneEncryptionPeerDpIdMismatch OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The expected peer dataplane identity does not match with what is discovered.
|
|
|
|
alarm: expected peer dataplane identity does not match with what is discovered.
|
|
|
|
ok: peer dataplane matches with what is discovered.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 15 }
|
|
|
|
|
|
cryptoDataplaneEncryptionConfigMismatch OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The CHILD SA cannot be negotiated due to config mismatch.
|
|
|
|
alarm: CHILD SA cannot be negotiated due to config mismatch.
|
|
|
|
ok: encryption config matches successfully.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 16 }
|
|
|
|
cryptoDataplaneEncryptionReKeyFailure OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rekey of the CHILD SA fails.
|
|
|
|
alarm: rekey of the CHILD SA fails.
|
|
|
|
ok: rekey of child SA successfull.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 17 }
|
|
|
|
cryptoDataplaneEncryptionRXKeyRotationFailure OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rx key rotation failure.
|
|
|
|
alarm: rx key rotation failure.
|
|
|
|
ok: new key handshake successfull.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 18 }
|
|
|
|
|
|
cryptoDataplaneEncryptionIVExhausted OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IV has been used too many times and is about to wrap back to zero.
|
|
|
|
alarm: data plane has detected that the IV has been used too many times.
|
|
|
|
ok: IV exhaustion condition cleared.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 19 }
|
|
|
|
|
|
cryptoDataplaneEncryptionFunctionBlocked OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This alarm is applicable when encryption mode = gcm
|
|
but encryption is not in affect due to other alarms or admin status.
|
|
|
|
alarm: encryption function blocked traffic.
|
|
|
|
ok: encryption function enabled successfully.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 20 }
|
|
|
|
|
|
cryptoDataplaneEncryptionUnexpectedRxKeyId OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unexpected rx key identifier.
|
|
|
|
alarm: rx key identifier in the dataplane does not match with what has been programmed.
|
|
|
|
ok: rx key Identifier matches successfully.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 21 }
|
|
|
|
cryptoDataplaneEncryptionReKey OBJECT-TYPE
|
|
SYNTAX CommandString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to initiate rekey for this Dataplane entity.
|
|
|
|
"
|
|
::= { cryptoDataplaneEncryptionEntry 22 }
|
|
|
|
-- ----------------------------------------------------
|
|
-- CryptoPmadmin group
|
|
-- This is a dummy table created to group objects of
|
|
-- cryptoPerformance table.
|
|
-- ----------------------------------------------------
|
|
|
|
cryptoPmadminTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CryptoPmadminEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The cryptoPmadmin group contains information and
|
|
configuration for all cryptoPmadmin objects."
|
|
|
|
::= { cryptoPmadminList 1 }
|
|
|
|
cryptoPmadminEntry OBJECT-TYPE
|
|
SYNTAX CryptoPmadminEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cryptoPmadmin list.
|
|
|
|
"
|
|
INDEX { cryptoPmadminIndex }
|
|
::= { cryptoPmadminTable 1 }
|
|
|
|
CryptoPmadminEntry ::=
|
|
SEQUENCE {
|
|
cryptoPmadminIndex Unsigned32,
|
|
cryptoPmadminName MgmtNameString,
|
|
cryptoPmadminUId Unsigned32,
|
|
cryptoPmadminConnAdminIfIndex Unsigned32WithNA,
|
|
cryptoPmadminUpId Unsigned32}
|
|
|
|
cryptoPmadminIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoPmadminEntry 1 }
|
|
|
|
cryptoPmadminName OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The management name of the pmadmin object,
|
|
for example 'cryptoPmadmin:1:2:1-2', where the first number indicates
|
|
subrack, the second slot number and the third/fourth
|
|
are the physical port numbers.
|
|
|
|
"
|
|
::= { cryptoPmadminEntry 2 }
|
|
|
|
cryptoPmadminUId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An unique identifier assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoPmadminEntry 3 }
|
|
|
|
|
|
cryptoPmadminConnAdminIfIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32WithNA
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that describes to which index in cryptoPmadmin table
|
|
this object is related.
|
|
|
|
"
|
|
::= { cryptoPmadminEntry 4 }
|
|
|
|
cryptoPmadminUpId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identity in the UP for the cryptoPmadmin entry
|
|
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { cryptoPmadminEntry 5 }
|
|
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- CryptoPerformance group
|
|
-- ----------------------------------------------------
|
|
|
|
cryptoPerformanceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CryptoPerformanceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The cryptoPerformance performance group contains information and
|
|
configuration for all cryptoPerformance performance objects."
|
|
|
|
::= { cryptoPerformanceList 1 }
|
|
|
|
cryptoPerformanceEntry OBJECT-TYPE
|
|
SYNTAX CryptoPerformanceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the cryptoPerformance list.
|
|
|
|
"
|
|
INDEX { cryptoPerformanceIndex }
|
|
::= { cryptoPerformanceTable 1 }
|
|
|
|
CryptoPerformanceEntry ::=
|
|
SEQUENCE {
|
|
cryptoPerformanceIndex Unsigned32,
|
|
cryptoPerformanceName MgmtNameString,
|
|
cryptoPerformanceUId Unsigned32,
|
|
cryptoPerformanceConnAdminIfIndex Unsigned32WithNA,
|
|
cryptoPerformancePeriod CryptoPeriodWithNA,
|
|
cryptoPerformanceType CryptoMeasurementTypeWithNA,
|
|
cryptoPerformanceCounterNulledFrames Counter64,
|
|
cryptoPerformanceCounterAuthFail Counter64,
|
|
cryptoPerformanceCounterIvTrouble Counter64,
|
|
cryptoPerformanceCounterReplayErr Counter64,
|
|
cryptoPerformanceCounterTotalFrames Counter64,
|
|
cryptoPerformanceCounterAuthFrames Counter64,
|
|
cryptoPerformanceCounterEncryptedFrames Counter64,
|
|
cryptoPerformanceThresholdNulledFrames Counter64,
|
|
cryptoPerformanceThresholdAuthFail Counter64,
|
|
cryptoPerformanceThresholdIvTrouble Counter64,
|
|
cryptoPerformanceThresholdReplayErr Counter64,
|
|
cryptoPerformanceFaultStatusNulledFrames FaultStatusWithNA,
|
|
cryptoPerformanceFaultStatusAuthFail FaultStatusWithNA,
|
|
cryptoPerformanceFaultStatusIvTrouble FaultStatusWithNA,
|
|
cryptoPerformanceFaultStatusReplayErr FaultStatusWithNA,
|
|
cryptoPerformanceUpId Unsigned32}
|
|
|
|
cryptoPerformanceIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 1 }
|
|
|
|
cryptoPerformanceName OBJECT-TYPE
|
|
SYNTAX MgmtNameString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The management name of the performance object,
|
|
for example 'cryptoPerformance:1:2:1-2', where the first number indicates
|
|
subrack, the second slot number and the third/fourth
|
|
are the physical port numbers.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 2 }
|
|
|
|
cryptoPerformanceUId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An unique identifier assigned to each entry.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 3 }
|
|
|
|
|
|
cryptoPerformanceConnAdminIfIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32WithNA
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that describes to which index in cryptoPerformance table
|
|
this object is related.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 4 }
|
|
|
|
cryptoPerformancePeriod OBJECT-TYPE
|
|
SYNTAX CryptoPeriodWithNA
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Period, 15 minute or 24 hour.
|
|
- 15 minute interval measurements per
|
|
measurement point
|
|
|
|
- 24 hour interval measurements per
|
|
measurement point
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 5 }
|
|
|
|
cryptoPerformanceType OBJECT-TYPE
|
|
SYNTAX CryptoMeasurementTypeWithNA
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction type of signal the interface expects.
|
|
|
|
rx - Only ingoing signal.
|
|
|
|
tx - Only outgoing signal.
|
|
|
|
both - Ingoing and outgoing signal on the same
|
|
port.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 6 }
|
|
|
|
cryptoPerformanceCounterNulledFrames OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of nulled frames in traffic.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 7 }
|
|
|
|
cryptoPerformanceCounterAuthFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authentication fail count.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 8 }
|
|
|
|
cryptoPerformanceCounterIvTrouble OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IV trouble count.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 9 }
|
|
|
|
cryptoPerformanceCounterReplayErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Replay Error count.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 10 }
|
|
|
|
cryptoPerformanceCounterTotalFrames OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total frames count.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 11 }
|
|
|
|
|
|
cryptoPerformanceCounterAuthFrames OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Autheticated frames count.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 12 }
|
|
|
|
cryptoPerformanceCounterEncryptedFrames OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encrypted frames count.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 13 }
|
|
|
|
cryptoPerformanceThresholdNulledFrames OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Nulled frames threshold.
|
|
|
|
"
|
|
DEFVAL { 20 }
|
|
::= { cryptoPerformanceEntry 14 }
|
|
|
|
cryptoPerformanceThresholdAuthFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Auth failed threshold.
|
|
|
|
"
|
|
DEFVAL { 20 }
|
|
::= { cryptoPerformanceEntry 15 }
|
|
|
|
|
|
cryptoPerformanceThresholdIvTrouble OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IV trouble threshold.
|
|
|
|
"
|
|
DEFVAL { 20 }
|
|
::= { cryptoPerformanceEntry 16 }
|
|
|
|
cryptoPerformanceThresholdReplayErr OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Replay Error threshold.
|
|
|
|
"
|
|
DEFVAL { 20 }
|
|
::= { cryptoPerformanceEntry 17 }
|
|
|
|
cryptoPerformanceFaultStatusNulledFrames OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Nulled frames threshold exceeded.
|
|
|
|
alarm: The number of errors during a period
|
|
exceeds the associated threshold.
|
|
|
|
ok: The number of errors during a
|
|
period is below the threshold.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 18 }
|
|
|
|
cryptoPerformanceFaultStatusAuthFail OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Auth fail threshold exceeded.
|
|
|
|
alarm: The number of errors during a period
|
|
exceeds the associated threshold.
|
|
|
|
ok: The number of errors during a
|
|
period is below the threshold.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 19}
|
|
|
|
cryptoPerformanceFaultStatusIvTrouble OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IV trouble threshold exceeded.
|
|
|
|
alarm: The number of errors during a period
|
|
exceeds the associated threshold.
|
|
|
|
ok: The number of errors during a
|
|
period is below the threshold.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 20 }
|
|
|
|
|
|
cryptoPerformanceFaultStatusReplayErr OBJECT-TYPE
|
|
SYNTAX FaultStatusWithNA
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Replay error threshold exceeded.
|
|
|
|
alarm: The number of errors during a period
|
|
exceeds the associated threshold.
|
|
|
|
ok: The number of errors during a
|
|
period is below the threshold.
|
|
|
|
"
|
|
::= { cryptoPerformanceEntry 21 }
|
|
|
|
cryptoPerformanceUpId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identity in the UP for the cryptoPerf entry
|
|
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { cryptoPerformanceEntry 22 }
|
|
|
|
-- ----------------------------------------------------
|
|
-- Notifications
|
|
-- ----------------------------------------------------
|
|
|
|
|
|
-- ----------------------------------------------------
|
|
-- Object and event groups
|
|
-- ----------------------------------------------------
|
|
|
|
|
|
cryptoGeneralGroupV1 OBJECT-GROUP
|
|
OBJECTS {
|
|
cryptoGeneralConfigLastChangeTime,
|
|
cryptoGeneralStateLastChangeTime,
|
|
cryptoGeneralCryptoAuthTableSize,
|
|
cryptoGeneralCryptoAuthConfigLastChangeTime,
|
|
cryptoGeneralCryptoAuthStateLastChangeTime,
|
|
cryptoGeneralCryptoIKEPeerTableSize,
|
|
cryptoGeneralCryptoIKEPeerConfigLastChangeTime,
|
|
cryptoGeneralCryptoIKEPeerStateLastChangeTime,
|
|
cryptoGeneralCryptoDataplaneEncryptionTableSize,
|
|
cryptoGeneralCryptoDataplaneEncryptionConfigLastChangeTime,
|
|
cryptoGeneralCryptoDataplaneEncryptionStateLastChangeTime,
|
|
cryptoGeneralCryptoPmadminTableSize,
|
|
cryptoGeneralCryptoPmadminConfigLastChangeTime,
|
|
cryptoGeneralCryptoPmadminStateLastChangeTime,
|
|
cryptoGeneralCryptoPerformanceTableSize,
|
|
cryptoGeneralCryptoPerformanceConfigLastChangeTime,
|
|
cryptoGeneralCryptoPerformanceStateLastChangeTime }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The general objects."
|
|
::= { lumCryptoGroups 1 }
|
|
|
|
|
|
cryptoAuthGroupV1 OBJECT-GROUP
|
|
OBJECTS {
|
|
cryptoAuthIndex,
|
|
cryptoAuthUId,
|
|
cryptoAuthName,
|
|
cryptoAuthIdentity,
|
|
cryptoAuthReAuthInterval,
|
|
cryptoAuthReAuth,
|
|
cryptoAuthCreateIKEPeer,
|
|
cryptoAuthenticationGenerateUniqueID,
|
|
cryptoGeneratedUniqueIdentity}
|
|
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The crypto auth objects."
|
|
::= { lumCryptoGroups 2 }
|
|
|
|
cryptoIKEPeerGroupV1 OBJECT-GROUP
|
|
OBJECTS {
|
|
cryptoIKEPeerIndex,
|
|
cryptoIKEPeerUId,
|
|
cryptoIKEPeerName,
|
|
cryptoIKEPeerIdentity,
|
|
cryptoIKEPeerExpectedIKEPeerIdentity,
|
|
cryptoIKEPeerAuthScheme,
|
|
cryptoIKEPeerPSK,
|
|
cryptoIKEPeerAdminStatus,
|
|
cryptoIKEPeerOperStatus,
|
|
cryptoIKEPeerLastReAuthTime,
|
|
cryptoIKEPeerReKeyInterval,
|
|
cryptoIKEPeerLastReKeyTime,
|
|
cryptoIKEPeerReKey,
|
|
cryptoIKEPeerConfigMismatch,
|
|
cryptoIKEPeerUnreachable,
|
|
cryptoIKEPeerAuthenticationFailure,
|
|
cryptoIKEPeerReKeyFailure }
|
|
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The crypto peer objects."
|
|
::= { lumCryptoGroups 3 }
|
|
|
|
cryptoDataplaneEncryptionGroupV1 OBJECT-GROUP
|
|
OBJECTS {
|
|
cryptoDataplaneEncryptionIndex,
|
|
cryptoDataplaneEncryptionUId,
|
|
cryptoDataplaneEncryptionName,
|
|
cryptoDataplaneEncryptionLocalDataplaneId,
|
|
cryptoDataplaneEncryptionExpectedPeerDataplaneId,
|
|
cryptoDataplaneEncryptionDiscoveredPeerDataplaneId,
|
|
cryptoDataplaneEncryptionOTNOHAllocation,
|
|
cryptoDataplaneEncryptionIKEPeerIdentity,
|
|
cryptoDataplaneEncryptionReKeyInterval,
|
|
cryptoDataplaneEncryptionFailurePolicy,
|
|
cryptoDataplaneEncryptionTrafficKillTimeOffset,
|
|
cryptoDataplaneEncryptionEncryptionMode,
|
|
cryptoDataplaneEncryptionLastReKeyTimeTx,
|
|
cryptoDataplaneEncryptionLastReKeyTimeRx,
|
|
cryptoDataplaneEncryptionPeerDpIdMismatch,
|
|
cryptoDataplaneEncryptionConfigMismatch,
|
|
cryptoDataplaneEncryptionReKeyFailure,
|
|
cryptoDataplaneEncryptionRXKeyRotationFailure,
|
|
cryptoDataplaneEncryptionIVExhausted,
|
|
cryptoDataplaneEncryptionFunctionBlocked,
|
|
cryptoDataplaneEncryptionUnexpectedRxKeyId,
|
|
cryptoDataplaneEncryptionReKey }
|
|
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The dataplane encryption objects."
|
|
::= { lumCryptoGroups 4 }
|
|
|
|
cryptoPmadminGroupV1 OBJECT-GROUP
|
|
OBJECTS {
|
|
cryptoPmadminIndex,
|
|
cryptoPmadminName,
|
|
cryptoPmadminUId,
|
|
cryptoPmadminConnAdminIfIndex,
|
|
cryptoPmadminUpId}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The cryptoPerformance objects"
|
|
::= { lumCryptoGroups 5 }
|
|
|
|
cryptoPerformanceGroupV1 OBJECT-GROUP
|
|
OBJECTS {
|
|
cryptoPerformanceIndex,
|
|
cryptoPerformanceName,
|
|
cryptoPerformanceUId,
|
|
cryptoPerformanceConnAdminIfIndex,
|
|
cryptoPerformancePeriod,
|
|
cryptoPerformanceType,
|
|
cryptoPerformanceCounterNulledFrames,
|
|
cryptoPerformanceCounterAuthFail,
|
|
cryptoPerformanceCounterIvTrouble,
|
|
cryptoPerformanceCounterReplayErr,
|
|
cryptoPerformanceCounterTotalFrames,
|
|
cryptoPerformanceCounterAuthFrames,
|
|
cryptoPerformanceCounterEncryptedFrames,
|
|
cryptoPerformanceThresholdNulledFrames,
|
|
cryptoPerformanceThresholdAuthFail,
|
|
cryptoPerformanceThresholdIvTrouble,
|
|
cryptoPerformanceThresholdReplayErr,
|
|
cryptoPerformanceFaultStatusNulledFrames,
|
|
cryptoPerformanceFaultStatusAuthFail,
|
|
cryptoPerformanceFaultStatusIvTrouble ,
|
|
cryptoPerformanceFaultStatusReplayErr,
|
|
cryptoPerformanceUpId}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The cryptoPerformance objects"
|
|
::= { lumCryptoGroups 6 }
|
|
|
|
-- ----------------------------------------------------
|
|
-- Compliance
|
|
-- ----------------------------------------------------
|
|
|
|
lumCryptoComplV1 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Basic implementation requirements for the crypto MIB. (R31.0)"
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
cryptoGeneralGroupV1,
|
|
cryptoAuthGroupV1,
|
|
cryptoIKEPeerGroupV1,
|
|
cryptoDataplaneEncryptionGroupV1,
|
|
cryptoPmadminGroupV1,
|
|
cryptoPerformanceGroupV1 }
|
|
::= { lumCryptoCompl 1 }
|
|
|
|
|
|
END
|
|
|