mibs/MIBS/IEEE8021-SECY-MIB

1955 lines
61 KiB
Plaintext
Raw Normal View History

2023-12-05 12:25:34 +01:00
-- *****************************************************************
-- IEEE8021-SECY-MIB
--
-- Definitions of managed objects supporting IEEE 802.1AE MACsec.
--
-- January 2006
--
-- *****************************************************************
IEEE8021-SECY-MIB DEFINITIONS ::= BEGIN
-- -----------------------------------------------------------------
-- IEEEE802.1AE MIB
-- -----------------------------------------------------------------
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32,
Counter64
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, RowPointer, TimeStamp, TruthValue, RowStatus
FROM SNMPv2-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
InterfaceIndex
FROM IF-MIB
;
ieee8021SecyMIB MODULE-IDENTITY
LAST-UPDATED "200601100000Z"
ORGANIZATION "IEEE 802.1 Working Group"
CONTACT-INFO
"http:/grouper.ieee.org/groups/8021/index.html"
DESCRIPTION
"The MAC security entity (SecY) module for managing IEEE
802.1AE. An SecY is the entity that operates the MAC Security
protocol within the system.
Each SecY transmits frames conveying secure MAC Service
requests on a single Secure Channel (SC), and receives frames
conveying secure service indications on separate SCs (one for
each of the other SecYs participating in the Secure
Connectivity Association (CA)). A CA is a security
relationship, established and maintained by key agreement
protocols that comprise a fully connected subset of the
service access points in stations attached to a single MACsec
supported LAN. An SC is a security relationship used to
provide security guarantees for frames transmitted from one
member of a CA to the others. It is a unidirectional point to
multipoint communication, and can be long lived, persisting
through Secure Association Key (SAK) changes. Each SC is
supported by a sequence of Secure Associations (SAs) thus
allowing the periodic use of fresh keys without terminating
the relationship. Each SA is supported by a single secret
key, or a set of keys where the cryptographic operations used
to protect one frame require more than one key.
Two different interfaces <20>Controlled Port<72> and
<20>Uncontrolled Port<72>, are associated with a SecY, and that for
each instance of a SecY, two ifTable rows (one for each
interface) run on top of an ifTable row representing the
<20>Common Port<72> interface, such as a row with ifType =
<20>ethernetCsmacd(6)<29>.
For example :
-----------------------------------------------------------
| | |
| Controlled Port | Uncontrolled Port |
| Interface | Interface |
| (ifEntry = j) | (ifEntry = k) |
| (ifType = | (ifType = |
| macSecControlledIF(231)) | macSecUncontrolledIF(232))|
| | |
|---------------------------------------------------------|
| |
| Physical Interface |
| (ifEntry = i) |
| (ifType = ethernetCsmacd(6)) |
|_________________________________________________________|
i, j, k are ifIndex to indicate an interface row in the ifTable.
Figure : MACsec Interface Stack
The <20>Controlled Port<72> is the service point to provide one
instance of the secure MAC service in a SecY. The
<20>Uncontrolled Port<72> is the service point to provide one instance
of the insecure MAC service in a SecY."
REVISION "200601100000Z"
DESCRIPTION
"Initial version of this MIB module. Published as part of
IEEE standard 802.1AE"
::= { iso(1) std(0) iso8802(8802) ieee802dot1(1)
ieee802dot1mibs(1) 3 }
secyMIBNotifications OBJECT IDENTIFIER ::= { ieee8021SecyMIB 0 }
secyMIBObjects OBJECT IDENTIFIER ::= { ieee8021SecyMIB 1 }
secyMIBConformance OBJECT IDENTIFIER ::= { ieee8021SecyMIB 2 }
--
-- Textual Convention
--
SecySCI ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention indicates a Secure Channel
Identifier (SCI).
Each SC is identified by an SCI, comprised of a unique 48-bit
Universally Administered MAC Address, identifying the system
to which the transmitting SecY belongs, concatenated with a
16-bit Port number, identifying the SecY within that system."
REFERENCE
"IEEE 802.1AE Clause 7.1.2, 10.7.1 and figure 7.7"
SYNTAX OCTET STRING (SIZE (8))
SecyAN ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"This textual convention indicates an Association Number (AN).
Each SC is comprised of a succession of SAs, each with a
different SAK. Each SA is identified by the SC identifier
concatenated with a two-bit AN. The Secure Association
Identifier (SAI) thus created allows the receiving SecY to
identify the SA, and the SAK used to decrypt and authenticate
the received frame. The AN, and the SAI, is only unique for
the SAs that can be used or recorded by participating SecYs
at any instant."
REFERENCE
"IEEE 802.1AE Clause 8.1.3 and figure 7.7"
SYNTAX Unsigned32 (0..3)
secyMgmtMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 1 }
secyStatsMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 2 }
--
-- SecY Management Table
--
secyIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of system level information for each interface
supported by the MAC security entity. An entry appears in this
table for each interface with MAC security capability in this
system.
For the writeable objects in this table, the configured value
shall be stored in persistent memory and remain unchanged across
a re-initialization of the management system of the entity."
REFERENCE
"IEEE 802.1AE Clause 10.7"
::= { secyMgmtMIBObjects 1 }
secyIfEntry OBJECT-TYPE
SYNTAX SecyIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing SecY management information applicable to
a particular interface."
INDEX { secyIfInterfaceIndex }
::= { secyIfTable 1 }
SecyIfEntry ::= SEQUENCE {
secyIfInterfaceIndex InterfaceIndex,
secyIfMaxPeerSCs Unsigned32,
secyIfRxMaxKeys Unsigned32,
secyIfTxMaxKeys Unsigned32,
secyIfProtectFramesEnable TruthValue,
secyIfValidateFrames INTEGER,
secyIfReplayProtectEnable TruthValue,
secyIfReplayProtectWindow Unsigned32,
secyIfCurrentCipherSuite Unsigned32,
secyIfAdminPt2PtMAC INTEGER,
secyIfOperPt2PtMAC TruthValue,
secyIfIncludeSCIEnable TruthValue,
secyIfUseESEnable TruthValue,
secyIfUseSCBEnable TruthValue
}
secyIfInterfaceIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An interface index for a port with SecY management ability.
This interface index should be aligned with ifIndex in the
ifTable to point to the SecY Controlled Port entity."
REFERENCE
"IEEE 802.1AE Clause 10.1"
::= { secyIfEntry 1 }
secyIfMaxPeerSCs OBJECT-TYPE
SYNTAX Unsigned32
UNITS "security connections"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of peer SCs that this SecY can support."
REFERENCE
"IEEE 802.1AE Clause 10.7.7"
::= { secyIfEntry 2 }
secyIfRxMaxKeys OBJECT-TYPE
SYNTAX Unsigned32
UNITS "keys"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of keys in simultaneous use for reception
that this SecY can support."
REFERENCE
"IEEE 802.1AE Clause 10.7.7"
::= { secyIfEntry 3 }
secyIfTxMaxKeys OBJECT-TYPE
SYNTAX Unsigned32
UNITS "keys"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of keys in simultaneous use for transmission
that this SecY can support."
REFERENCE
"IEEE 802.1AE Clause 10.7.16"
::= { secyIfEntry 4 }
secyIfProtectFramesEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object to enable or disable the protection function for
egress frames."
REFERENCE
"IEEE 802.1AE Clause 10.5"
DEFVAL { true }
::= { secyIfEntry 5 }
secyIfValidateFrames OBJECT-TYPE
SYNTAX INTEGER {
disabled(1),
check(2),
strict(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object to control the validation function for ingress
frames.
disabled(1) : means to disable the validation function.
check(2) : means to enable the validation function but only
for checking without filtering out invalid frames.
strict(3) : means to enable the validation function and also
strictly filter out those invalid frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.8"
DEFVAL { strict }
::= { secyIfEntry 6 }
secyIfReplayProtectEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object to enable or disable the replay protection function."
REFERENCE
"IEEE 802.1AE Clause 10.7.8, 10.7.17"
DEFVAL { true }
::= { secyIfEntry 7 }
secyIfReplayProtectWindow OBJECT-TYPE
SYNTAX Unsigned32
UNITS "Packets"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object to indicate the replay protection window size. This
object only takes effect if the object secyReplayProtectEnable
is true."
REFERENCE
"IEEE 802.1AE Clause 10.7.8"
DEFVAL { 0 }
::= { secyIfEntry 8 }
secyIfCurrentCipherSuite OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object that points to an entry of the secyCipherSuiteTable
with <20>active<76> row status to indicate the cipher Suite which this
SecY is currently using. By default, this object should point
to the default cipher suite which system provides."
REFERENCE
"IEEE 802.1AE Clause 10.7.25"
::= { secyIfEntry 9 }
secyIfAdminPt2PtMAC OBJECT-TYPE
SYNTAX INTEGER {
forceTrue(1),
forceFalse(2),
auto(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object to control the service connectivity to at most one
other system. The secyOperPt2PtMAC indicates operational
status of the service connectivity for this SecY.
forceTrue(1) : allows only one service connection to the
other system.
forceFalse(2) : no restriction on the number of service
connections to the other systems.
auto(3) : means the service connectivity is determined by the
service providing entity."
REFERENCE
"IEEE 802.1AE Clause 6.5"
DEFVAL { auto }
::= { secyIfEntry 10 }
secyIfOperPt2PtMAC OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An object to reflect the current service connectivity status.
true(1) : means the service connectivity of this SecY provides
at most one other system.
false(2) : means the service connectivity of this SecY could
provide more than one other system."
REFERENCE
"IEEE 802.1AE Clause 6.5"
::= { secyIfEntry 11 }
secyIfIncludeSCIEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object indicates to include the SCI information in
security TAG (SecTAG) field while transmitting MACsec
frames."
REFERENCE
"IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17"
DEFVAL { false }
::= { secyIfEntry 12 }
secyIfUseESEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object indicates to enable the ES bit in
security TAG (SecTAG) field while transmitting MACsec
frames."
REFERENCE
"IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17"
DEFVAL { false }
::= { secyIfEntry 13 }
secyIfUseSCBEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An object indicates to enable the SCB bit in
security TAG (SecTAG) field while transmitting MACsec
frames."
REFERENCE
"IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17"
DEFVAL { false }
::= { secyIfEntry 14 }
--
-- Tx SC Management Table
--
secyTxSCTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyTxSCEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for providing information about the status of each
transmitting SC supported by the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.17, 10.7.20"
::= { secyMgmtMIBObjects 2 }
secyTxSCEntry OBJECT-TYPE
SYNTAX SecyTxSCEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing transmitting SC management information
applicable to a particular SecY."
INDEX { secyIfInterfaceIndex }
::= { secyTxSCTable 1 }
SecyTxSCEntry ::= SEQUENCE {
secyTxSCI SecySCI,
secyTxSCState INTEGER,
secyTxSCEncodingSA RowPointer,
secyTxSCEncipheringSA RowPointer,
secyTxSCCreatedTime TimeStamp,
secyTxSCStartedTime TimeStamp,
secyTxSCStoppedTime TimeStamp
}
secyTxSCI OBJECT-TYPE
SYNTAX SecySCI
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The SCI information for transmitting MACsec frames of the
transmitting SC in the SecY."
REFERENCE
"IEEE 802.1AE Clause 7.1.2, 8.2.1, 10.7.1"
::= { secyTxSCEntry 1 }
secyTxSCState OBJECT-TYPE
SYNTAX INTEGER {
inUse(1),
notInUse(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The state of the current transmitting SC in the SecY.
inUse(1) : means any of SAs for this SC is in use.
notInUse(2) : means no SAs for this SC is in use."
REFERENCE
"IEEE 802.1AE Clause 10.7.20"
::= { secyTxSCEntry 2 }
secyTxSCEncodingSA OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current transmitting SA in use. The row pointer will point
to an entry in the secyTxSATable. If no such information is
available, the value shall be the OBJECT IDENTIFIER { 0 0 }."
REFERENCE
"IEEE 802.1AE Clause 10.5.1, 10.7.20"
::= { secyTxSCEntry 3 }
secyTxSCEncipheringSA OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The previous transmitting SA in use. The row pointer will point
to an entry in the secyTxSATable. If no such information is
available, the value shall be the OBJECT IDENTIFIER { 0 0 }."
REFERENCE
"IEEE 802.1AE Clause 10.5.4, 10.7.20"
::= { secyTxSCEntry 4 }
secyTxSCCreatedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this transmitting SC was created."
REFERENCE
"IEEE 802.1AE Clause 10.7.20"
::= { secyTxSCEntry 5 }
secyTxSCStartedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this transmitting SC last started
transmitting MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.20"
::= { secyTxSCEntry 6 }
secyTxSCStoppedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this transmitting SC last stopped
transmitting MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.20"
::= { secyTxSCEntry 7 }
--
-- Tx SA Management Table
--
secyTxSATable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyTxSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for providing information about the status of each
transmitting SA supported by the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.21"
::= { secyMgmtMIBObjects 3 }
secyTxSAEntry OBJECT-TYPE
SYNTAX SecyTxSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing transmitting SA management information
applicable to a particular SA."
INDEX { secyIfInterfaceIndex, secyTxSA }
::= { secyTxSATable 1 }
SecyTxSAEntry ::= SEQUENCE {
secyTxSA SecyAN,
secyTxSAState INTEGER,
secyTxSANextPN Unsigned32,
secyTxSAConfidentiality TruthValue,
secyTxSASAKUnchanged TruthValue,
secyTxSACreatedTime TimeStamp,
secyTxSAStartedTime TimeStamp,
secyTxSAStoppedTime TimeStamp
}
secyTxSA OBJECT-TYPE
SYNTAX SecyAN
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The association number (AN) for identifying a transmitting
SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.21"
::= { secyTxSAEntry 1 }
secyTxSAState OBJECT-TYPE
SYNTAX INTEGER {
inUse(1),
notInUse(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current status of the transmitting SA.
inUse(1) : means this SA is in use.
notInUse(2) : means this SA is not in use."
REFERENCE
"IEEE 802.1AE Clause 10.7.22"
::= { secyTxSAEntry 2 }
secyTxSANextPN OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The next packet number (PN) that will be used in transmitting
MACsec frames in the SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.21"
::= { secyTxSAEntry 3 }
secyTxSAConfidentiality OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether this SA supports the confidentiality as well as
integrity function in transmitting frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.21"
::= { secyTxSAEntry 4 }
secyTxSASAKUnchanged OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A reference to an SAK that is unchanged for the life
of the transmitting SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.21"
::= { secyTxSAEntry 5 }
secyTxSACreatedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this transmitting SA was created."
REFERENCE
"IEEE 802.1AE Clause 10.7.22"
::= { secyTxSAEntry 6 }
secyTxSAStartedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this transmitting SA last started
transmitting MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.22"
::= { secyTxSAEntry 7 }
secyTxSAStoppedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this transmitting SA last stopped
transmitting MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.22"
::= { secyTxSAEntry 8 }
--
-- Rx SC Management Table
--
secyRxSCTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyRxSCEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for providing information about the status of each
receiving SC supported by the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.11"
::= { secyMgmtMIBObjects 4 }
secyRxSCEntry OBJECT-TYPE
SYNTAX SecyRxSCEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing receiving SC management information
applicable to a particular SC."
INDEX { secyIfInterfaceIndex, secyRxSCI }
::= { secyRxSCTable 1 }
SecyRxSCEntry ::= SEQUENCE {
secyRxSCI SecySCI,
secyRxSCState INTEGER,
secyRxSCCurrentSA RowPointer,
secyRxSCCreatedTime TimeStamp,
secyRxSCStartedTime TimeStamp,
secyRxSCStoppedTime TimeStamp
}
secyRxSCI OBJECT-TYPE
SYNTAX SecySCI
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The SCI for identifying the receiving SC in the SecY."
REFERENCE
"IEEE 802.1AE Clause 10.7.11"
::= { secyRxSCEntry 1 }
secyRxSCState OBJECT-TYPE
SYNTAX INTEGER {
inUse(1),
notInUse(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The state of the receiving SC in the SecY.
inUse(1) : means any of SAs for this SC is in use.
notInUse(2) : means no SAs for this SC is in use."
REFERENCE
"IEEE 802.1AE Clause 10.7.12"
::= { secyRxSCEntry 2 }
secyRxSCCurrentSA OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current receiving association number of the SC in use.
The row pointer will point to an entry in the
secyRxSATable. If no such information can be identified,
the value of this object shall be set to the
OBJECT IDENTIFIER { 0 0 }."
REFERENCE
"IEEE 802.1AE Clause 10.6.1, 10.7.13"
::= { secyRxSCEntry 3 }
secyRxSCCreatedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this receiving SC was created."
REFERENCE
"IEEE 802.1AE Clause 10.7.12"
::= { secyRxSCEntry 4 }
secyRxSCStartedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this receiving SC last started
receiving MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.12"
::= { secyRxSCEntry 5 }
secyRxSCStoppedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this receiving SC last stopped
receiving MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.12"
::= { secyRxSCEntry 6 }
--
-- Rx SA Management Table
--
secyRxSATable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyRxSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for providing information about the status of each
receiving SA supported by the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.13"
::= { secyMgmtMIBObjects 5 }
secyRxSAEntry OBJECT-TYPE
SYNTAX SecyRxSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing receiving SA management information
applicable to a particular SA."
INDEX { secyIfInterfaceIndex, secyRxSCI, secyRxSA }
::= { secyRxSATable 1 }
SecyRxSAEntry ::= SEQUENCE {
secyRxSA SecyAN,
secyRxSAState INTEGER,
secyRxSANextPN Unsigned32,
secyRxSASAKUnchanged TruthValue,
secyRxSACreatedTime TimeStamp,
secyRxSAStartedTime TimeStamp,
secyRxSAStoppedTime TimeStamp
}
secyRxSA OBJECT-TYPE
SYNTAX SecyAN
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The association number (AN) for identifying a receiving
SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.13"
::= { secyRxSAEntry 1 }
secyRxSAState OBJECT-TYPE
SYNTAX INTEGER {
inUse(1),
notInUse(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current state for the receiving SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.14"
::= { secyRxSAEntry 2 }
secyRxSANextPN OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The stored packet number (PN) for replay protection
in the SA. If the PN of any receiving frames is less
than the value of this object minus the value of
secyReplayProtectWindow and secyReplayProtectEnable
is true, the receiving frames should be discarded."
REFERENCE
"IEEE 802.1AE Clause 10.7.14, Clause 10.7.15"
::= { secyRxSAEntry 3 }
secyRxSASAKUnchanged OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A reference to an SAK that is unchanged for the life
of the receiving SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.13"
::= { secyRxSAEntry 4 }
secyRxSACreatedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this receiving SA was created."
REFERENCE
"IEEE 802.1AE Clause 10.7.14"
::= { secyRxSAEntry 5 }
secyRxSAStartedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this receiving SA last started
receiving MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.14"
::= { secyRxSAEntry 6 }
secyRxSAStoppedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The system time when this receiving SA last stopped
receiving MACsec frames."
REFERENCE
"IEEE 802.1AE Clause 10.7.14"
::= { secyRxSAEntry 7 }
--
-- SecY Selectable Cipher Suites
--
secyCipherSuiteTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyCipherSuiteEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of selectable cipher suites for the MAC security
entity.
For the writeable objects in this table, the configured value
shall be stored in persistent memory and remain unchanged across
a re-initialization of the management system of the entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.24"
::= { secyMgmtMIBObjects 6 }
secyCipherSuiteEntry OBJECT-TYPE
SYNTAX SecyCipherSuiteEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the management information for a cipher
suite."
INDEX { secyCipherSuiteIndex }
::= { secyCipherSuiteTable 1 }
SecyCipherSuiteEntry ::= SEQUENCE {
secyCipherSuiteIndex Unsigned32,
secyCipherSuiteId OCTET STRING,
secyCipherSuiteName SnmpAdminString,
secyCipherSuiteCapability BITS,
secyCipherSuiteProtection BITS,
secyCipherSuiteProtectionOffset INTEGER,
secyCipherSuiteDataLengthChange TruthValue,
secyCipherSuiteICVLength Unsigned32,
secyCipherSuiteRowStatus RowStatus
}
secyCipherSuiteIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index to recognize a Cipher Suite in the system."
::= { secyCipherSuiteEntry 1 }
secyCipherSuiteId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (8))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identifier for the cipher suite. This is a global
unique 64-bit (EUI-64) identifier."
REFERENCE
"IEEE 802.1AE Clause 10.7.24"
::= { secyCipherSuiteEntry 2 }
secyCipherSuiteName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (1..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the cipher suite. If the name is composed of
multi-byte characters, the total length must fit within 128
octets."
REFERENCE
"IEEE 802.1AE Clause 10.7.24"
::= { secyCipherSuiteEntry 3 }
secyCipherSuiteCapability OBJECT-TYPE
SYNTAX BITS {
integrity(0),
confidentiality(1),
offsetConfidentiality(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The capability of this cipher suite.
integrity(0) : integrity protection capability for this
cipher suite..
confidentiality(1) : confidentiality protection
capability for this cipher suite.
offsetConfidentiality(2) : offset confidentiality protection
capability for this cipher suite."
REFERENCE
"IEEE 802.1AE Clause 10.7.24, 10.7.25"
::= { secyCipherSuiteEntry 4 }
secyCipherSuiteProtection OBJECT-TYPE
SYNTAX BITS {
integrity(0),
confidentiality(1),
offsetConfidentiality(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The protection options of this cipher suite. The options
should depend on the object secyCipherSuiteCapability.
If the value of secyCipherSuiteCapability is only integerity
bit on, users can only choose to turn on integrity bit for
this object.
If the value of secyCipherSuiteCapability is integrity and
confidentiality bits on, users can choose to turn on
integrity or confidentiality bits, but if confidentiality
bit is on, the integrity bit has to be on.
If the value of secyCipherSuiteCapability is integrity and
offsetConfidentiality bits on, users can choose to turn on
integrity or offsetConfidentiality bits, but if
offsetConfidentiality bit is on, the integrity bit has to be
on.
If the value of secyCipherSuiteCapability is integrity and
confidentiality and offsetConfidentiality bits on, users can
choose to turn on integrity or confidentiality or
offsetConfidentiality bits, but if confidentiality or
offsetConfidentiality bits are on, the integrity bit has to
be on.
integrity(0) : on or off the function of supporting integrity
protection for this cipher suite.
confidentiality(1) : on or off the function of supporting
confidentiality for this cipher suite.
offsetConfidentiality(2) : on or off the function of
supporting offset confidentiality for this cipher suite."
REFERENCE
"IEEE 802.1AE Clause 10.7.24, 10.7.25"
DEFVAL { { integrity } }
::= { secyCipherSuiteEntry 5 }
secyCipherSuiteProtectionOffset OBJECT-TYPE
SYNTAX Integer32 (0 | 30 | 50)
UNITS "bytes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The confidentiality protection offset options of this
cipher suite. The options should depend on the choice of
secyCipherSuiteProtection.
If the value of secyCipherSuiteProtection only turns on
integrity bit, users can only choose 0 byte for this
object.
If the value of secyCipherSuiteProtection only turns on
integrity and confidentiality bits, users can only choose
0 byte for this object.
If the value of secyCipherSuiteProtection only turns on
integrity and offsetConfidentiality bits, users can choose
30 or 50 bytes for this object.
If the value of secyCipherSuiteProtection turns on
integrity and confidentiality and offsetConfidentiality
bits, users can choose 0 or 30 or 50 bytes for this object."
REFERENCE
"IEEE 802.1AE Clause 10.7.24, 10.7.25"
DEFVAL { 0 }
::= { secyCipherSuiteEntry 6 }
secyCipherSuiteDataLengthChange OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This indicates whether the data length will be
changed after encryption by the cipher suite."
REFERENCE
"IEEE 802.1AE Clause 10.7.24"
::= { secyCipherSuiteEntry 7 }
secyCipherSuiteICVLength OBJECT-TYPE
SYNTAX Unsigned32 (8..16)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The length of integrity check value (ICV) field."
REFERENCE
"IEEE 802.1AE Clause 10.7.24"
::= { secyCipherSuiteEntry 8 }
secyCipherSuiteRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The object to create the paramaters for the supported
Cipher Suites in the system. If the specified
secyCipherSuiteId object information is not supported
in the system or the secyCipherSuiteCapability object
is not matched the capability of the corresponding
specified Cipher Suite in the same entry, the corresponding
entry should not be active, i.e., this object should not be
<20>active<76> or <20>notInService<63>."
REFERENCE
"IEEE 802.1AE Clause 10.7.24"
::= { secyCipherSuiteEntry 9 }
--
-- Statistics Information
--
--
-- TX SA Statistics Information
--
secyTxSAStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyTxSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains the statistics objects for each
transmitting SA in the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyStatsMIBObjects 1 }
secyTxSAStatsEntry OBJECT-TYPE
SYNTAX SecyTxSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The entry holds the statistics for a transmitting SA. An SA
may be reused once a while.
When starting using the SA, the counters of the SA should
start at 0.
When stopping using the SA, the counters will be stopped
incrementing.
The timestamps of starting and stopping time are recorded in
the secyTxSATable."
AUGMENTS { secyTxSAEntry }
::= { secyTxSAStatsTable 1 }
SecyTxSAStatsEntry ::= SEQUENCE {
secyTxSAStatsProtectedPkts Counter32,
secyTxSAStatsEncryptedPkts Counter32
}
secyTxSAStatsProtectedPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of integrity protected but not encrypted packets
for this transmitting SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyTxSAStatsEntry 1 }
secyTxSAStatsEncryptedPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of integrity protected and encrypted packets for
this transmitting SA."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyTxSAStatsEntry 2 }
--
-- TX SC Statistics Information
--
secyTxSCStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyTxSCStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains statistics information for each
transmitting SC in the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, 10.7.19, figure 10.4"
::= { secyStatsMIBObjects 2 }
secyTxSCStatsEntry OBJECT-TYPE
SYNTAX SecyTxSCStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The entry contains the counters of a transmitting SC. Since some
counters in the transmitting SA will be reset while the SA is
reused, in order to maintain complete statistics information
for the SC, the counters information on the SAs need to be kept
in the SC.
Those counters that may be reset are :
secyTxSAStatsProtectedPkts,
secyTxSAStatsEncryptedPkts
Each counter for a SC is in the summation of the corresponding
counter information for all the SAs, current and prior SAs,
belonging to this SC."
AUGMENTS { secyTxSCEntry }
::= { secyTxSCStatsTable 1 }
SecyTxSCStatsEntry ::= SEQUENCE {
secyTxSCStatsProtectedPkts Counter64,
secyTxSCStatsEncryptedPkts Counter64,
secyTxSCStatsOctetsProtected Counter64,
secyTxSCStatsOctetsEncrypted Counter64
}
secyTxSCStatsProtectedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of integrity protected but not encrypted packets
for this transmitting SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyTxSCStatsEntry 1 }
secyTxSCStatsEncryptedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of integrity protected and encrypted packets for
this transmitting SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyTxSCStatsEntry 4 }
secyTxSCStatsOctetsProtected OBJECT-TYPE
SYNTAX Counter64
UNITS "Octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of plain text octets that are integrity protected
but not encrypted on the transmitting SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.19, figure 10.4"
::= { secyTxSCStatsEntry 10 }
secyTxSCStatsOctetsEncrypted OBJECT-TYPE
SYNTAX Counter64
UNITS "Octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of plain text octets that are integrity protected
and encrypted on the transmitting SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.19, figure 10.4"
::= { secyTxSCStatsEntry 11 }
--
-- RX SA Statistics Information
--
secyRxSAStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyRxSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains the statistics objects for each
receiving SA in the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyStatsMIBObjects 3 }
secyRxSAStatsEntry OBJECT-TYPE
SYNTAX SecyRxSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The entry holds the statistics for a receiving SA. An SA
may be reused once a while.
When starting using the SA, the counters of the SA should
start at 0.
When stopping using the SA, the counters will be stopped
incrementing.
The timestamps of starting and stopping time are recorded in
the secyRxSATable."
AUGMENTS { secyRxSAEntry }
::= { secyRxSAStatsTable 1 }
SecyRxSAStatsEntry ::= SEQUENCE {
secyRxSAStatsUnusedSAPkts Counter32,
secyRxSAStatsNoUsingSAPkts Counter32,
secyRxSAStatsNotValidPkts Counter32,
secyRxSAStatsInvalidPkts Counter32,
secyRxSAStatsOKPkts Counter32
}
secyRxSAStatsUnusedSAPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SA which is not currently in use, the number of
received, unencrypted, packets with secyValidateFrames
not in the strict mode."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSAStatsEntry 1 }
secyRxSAStatsNoUsingSAPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SA which is not currently in use, the number of
received packets that have been discarded, and have
either the packets encrypted or the secyValidateFrames set to
strict mode."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSAStatsEntry 4 }
secyRxSAStatsNotValidPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SA, the number discarded packets with the
condition that the packets are not valid and one of the
following conditions are true: either secyValidateFrames in
strict mode or the packets encrypted."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSAStatsEntry 13 }
secyRxSAStatsInvalidPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SA, the number of packets with the condition
that the packets are not valid and secyValidateFrames is in
check mode."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSAStatsEntry 16 }
secyRxSAStatsOKPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SA, the number of validated packets."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSAStatsEntry 25 }
--
-- RX SC Statistics Information
--
secyRxSCStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyRxSCStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for the statistics information of each receiving SC
supported by the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, 10.7.10, figure 10.5"
::= { secyStatsMIBObjects 4 }
secyRxSCStatsEntry OBJECT-TYPE
SYNTAX SecyRxSCStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The entry contains the counters of a receiving SC. Since some
counters in the receiving SA will be reset while the SA is
reused, in order to maintain complete statistics information
for the SC, the counters information on the SAs need to be kept
in the SC.
Those counters that may be reset are :
secyRxSAStatsUnusedSAPkts,
secyRxSAStatsNoUsingSAPkts,
secyRxSAStatsNotValidPkts,
secyRxSAStatsInvalidPkts,
secyRxSAStatsOKPkts
Each counter for a SC is in the summation of the corresponding
counter information for all the SAs, current and prior SAs,
belonging to this SC."
AUGMENTS { secyRxSCEntry }
::= { secyRxSCStatsTable 1 }
SecyRxSCStatsEntry ::= SEQUENCE {
secyRxSCStatsUnusedSAPkts Counter64,
secyRxSCStatsNoUsingSAPkts Counter64,
secyRxSCStatsLatePkts Counter64,
secyRxSCStatsNotValidPkts Counter64,
secyRxSCStatsInvalidPkts Counter64,
secyRxSCStatsDelayedPkts Counter64,
secyRxSCStatsUncheckedPkts Counter64,
secyRxSCStatsOKPkts Counter64,
secyRxSCStatsOctetsValidated Counter64,
secyRxSCStatsOctetsDecrypted Counter64
}
secyRxSCStatsUnusedSAPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The summation of counter secyRxSAStatsUnusedSAPkts
information for all the SAs which belong to this SC.
Since the secyRxSAStatsUnusedSAPkts counters in the SAs
will be reset, in order to maintain complete statistics
information for the SC, the counter information on the SAs
need to be kept in the SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 1 }
secyRxSCStatsNoUsingSAPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The summation of counter secyRxSAStatsNoUsingSAPkts
information for all the SAs which belong to this SC.
Since the secyRxSAStatsNoUsingSAPkts counters in the SAs
will be reset, in order to maintain complete statistics
information for the SC, the counter information on the SAs
need to be kept in the SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 2 }
secyRxSCStatsLatePkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SC, the number of received packets that have
been discarded with the condition : secyReplayProtect is equal
to true and the PN of the packet is lower than the lower bound
replay check PN."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 3 }
secyRxSCStatsNotValidPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The summation of counter secyRxSAStatsNotValidPkts
information for all the SAs which belong to this SC.
Since the secyRxSAStatsNotValidPkts counters in the SAs
will be reset, in order to maintain complete statistics
information for the SC, the counter information on the SAs
need to be kept in the SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 4 }
secyRxSCStatsInvalidPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The summation of counter secyRxSAStatsInvalidPkts
information for all the SAs which belong to this SC.
Since the secyRxSAStatsInvalidPkts counters in the SAs
will be reset, in order to maintain complete statistics
information for the SC, the counter information on the SAs
need to be kept in the SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 5 }
secyRxSCStatsDelayedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SC, the number of packets with the condition
that the PN of the packets is lower than the lower bound
replay protection PN."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 6 }
secyRxSCStatsUncheckedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"For this SC, the number of packets with the following
condition:
-secyValidateFrames is disabled or
-secyValidateFrames is not disabled and the packet is not
encrypted and the integrity check has failed or
-secyValidateFrames is not disable and the packet is
encrypted and integrity check has failed."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 7 }
secyRxSCStatsOKPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The summation of counter secyRxSAStatsOKPkts
information for all the SAs which belong to this SC.
Since the secyRxSAStatsOKPkts counters in the SAs
will be reset, in order to maintain complete statistics
information for the SC, the counter information on the SAs
need to be kept in the SC."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
::= { secyRxSCStatsEntry 8 }
secyRxSCStatsOctetsValidated OBJECT-TYPE
SYNTAX Counter64
UNITS "Octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of octets of plaintext recovered from received
packets that were integrity protected but not encrypted."
REFERENCE
"IEEE 802.1AE Clause 10.7.10, figure 10.5"
::= { secyRxSCStatsEntry 9 }
secyRxSCStatsOctetsDecrypted OBJECT-TYPE
SYNTAX Counter64
UNITS "Octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of octets of plaintext recovered from received
packets that were integrity protected and encrypted."
REFERENCE
"IEEE 802.1AE Clause 10.7.10, figure 10.5"
::= { secyRxSCStatsEntry 10 }
--
-- SecY statistics table
--
secyStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SecyStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for the statistics information of each SecY supported by
the MAC security entity."
REFERENCE
"IEEE 802.1AE Clause 10.7.9, 10.7.18, figure 10.4, 10.5"
::= { secyStatsMIBObjects 5 }
secyStatsEntry OBJECT-TYPE
SYNTAX SecyStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing counters for statistics or diagnosis for
a SecY."
AUGMENTS { secyIfEntry }
::= { secyStatsTable 1 }
SecyStatsEntry ::= SEQUENCE {
secyStatsTxUntaggedPkts Counter64,
secyStatsTxTooLongPkts Counter64,
secyStatsRxUntaggedPkts Counter64,
secyStatsRxNoTagPkts Counter64,
secyStatsRxBadTagPkts Counter64,
secyStatsRxUnknownSCIPkts Counter64,
secyStatsRxNoSCIPkts Counter64,
secyStatsRxOverrunPkts Counter64
}
secyStatsTxUntaggedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of transmitted packets without the MAC
security tag (SecTAG) because secyProtectFramesEnable is
configured as false."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyStatsEntry 1 }
secyStatsTxTooLongPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of transmitted packets discarded because the packet
length is greater than the ifMtu of the Common Port interface."
REFERENCE
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
::= { secyStatsEntry 2 }
secyStatsRxUntaggedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received packets without the MAC security tag
(SecTAG) with secyValidateFrames which is not in the
strict mode."
REFERENCE
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
::= { secyStatsEntry 3 }
secyStatsRxNoTagPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received packets discarded without the
MAC security tag (SecTAG) with secyValidateFrames which is
in the strict mode."
REFERENCE
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
::= { secyStatsEntry 4 }
secyStatsRxBadTagPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received packets discarded with an invalid
SecTAG or a zero value PN or an invalid ICV."
REFERENCE
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
::= { secyStatsEntry 5 }
secyStatsRxUnknownSCIPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received packets with unknown SCI with the
condition :
secyValidateFrames is not in the strict mode and the
C bit in the SecTAG is not set."
REFERENCE
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
::= { secyStatsEntry 6 }
secyStatsRxNoSCIPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received packets discarded with unknown SCI
information with the condition :
secyValidateFrames is in the strict mode or the C bit
in the SecTAG is set."
REFERENCE
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
::= { secyStatsEntry 7 }
secyStatsRxOverrunPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded because the number of
received packets exceeded the cryptographic performance
capabilities."
REFERENCE
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
::= { secyStatsEntry 8 }
--
-- Conformance
--
secyMIBCompliances OBJECT IDENTIFIER ::= { secyMIBConformance 1 }
secyMIBGroups OBJECT IDENTIFIER ::= { secyMIBConformance 2 }
-- Compliance
secyMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for entities which implement
the IEEE8021-SECY-MIB."
MODULE -- this module
MANDATORY-GROUPS {
secyIfCtrlGroup,
secyTxSCGroup,
secyTxSAGroup,
secyRxSCGroup,
secyRxSAGroup,
secyCipherSuiteGroup,
secyTxSAStatsGroup,
secyTxSCStatsGroup,
secyRxSAStatsGroup,
secyRxSCStatsGroup,
secyStatsGroup
}
OBJECT secyIfCurrentCipherSuite
MIN-ACCESS read-only
DESCRIPTION
"write access is not required. This may be
read-only."
OBJECT secyCipherSuiteId
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteName
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteCapability
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteProtection
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteProtectionOffset
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteDataLengthChange
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteICVLength
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
OBJECT secyCipherSuiteRowStatus
MIN-ACCESS read-only
DESCRIPTION
"read-create access is not required. This may be
read-only."
::= { secyMIBCompliances 1 }
-- Units of Conformance
secyIfCtrlGroup OBJECT-GROUP
OBJECTS {
secyIfMaxPeerSCs,
secyIfRxMaxKeys,
secyIfTxMaxKeys,
secyIfProtectFramesEnable,
secyIfValidateFrames,
secyIfReplayProtectEnable,
secyIfReplayProtectWindow,
secyIfCurrentCipherSuite,
secyIfAdminPt2PtMAC,
secyIfOperPt2PtMAC,
secyIfIncludeSCIEnable,
secyIfUseESEnable,
secyIfUseSCBEnable
}
STATUS current
DESCRIPTION
"A collection of objects providing a SecY control management
information."
::= { secyMIBGroups 1 }
secyTxSCGroup OBJECT-GROUP
OBJECTS {
secyTxSCI,
secyTxSCState,
secyTxSCEncodingSA,
secyTxSCEncipheringSA,
secyTxSCCreatedTime,
secyTxSCStartedTime,
secyTxSCStoppedTime
}
STATUS current
DESCRIPTION
"A collection of objects providing a transmitting SC control
management information."
::= { secyMIBGroups 2 }
secyTxSAGroup OBJECT-GROUP
OBJECTS {
secyTxSAState,
secyTxSANextPN,
secyTxSAConfidentiality,
secyTxSASAKUnchanged,
secyTxSACreatedTime,
secyTxSAStartedTime,
secyTxSAStoppedTime
}
STATUS current
DESCRIPTION
"A collection of objects providing a transmitting SA control
management information."
::= { secyMIBGroups 3 }
secyRxSCGroup OBJECT-GROUP
OBJECTS {
secyRxSCState,
secyRxSCCurrentSA,
secyRxSCCreatedTime,
secyRxSCStartedTime,
secyRxSCStoppedTime
}
STATUS current
DESCRIPTION
"A collection of objects providing a receiving SC control
management information."
::= { secyMIBGroups 4 }
secyRxSAGroup OBJECT-GROUP
OBJECTS {
secyRxSAState,
secyRxSANextPN,
secyRxSASAKUnchanged,
secyRxSACreatedTime,
secyRxSAStartedTime,
secyRxSAStoppedTime
}
STATUS current
DESCRIPTION
"A collection of objects providing a receiving SA control
management information."
::= { secyMIBGroups 5 }
secyCipherSuiteGroup OBJECT-GROUP
OBJECTS {
secyCipherSuiteId,
secyCipherSuiteName,
secyCipherSuiteCapability,
secyCipherSuiteProtection,
secyCipherSuiteProtectionOffset,
secyCipherSuiteDataLengthChange,
secyCipherSuiteICVLength,
secyCipherSuiteRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing a cipher suite information."
::= { secyMIBGroups 6 }
secyTxSAStatsGroup OBJECT-GROUP
OBJECTS {
secyTxSAStatsProtectedPkts,
secyTxSAStatsEncryptedPkts
}
STATUS current
DESCRIPTION
"A collection of objects providing a transmitting SA statistics
information."
::= { secyMIBGroups 7 }
secyRxSAStatsGroup OBJECT-GROUP
OBJECTS {
secyRxSAStatsUnusedSAPkts,
secyRxSAStatsNoUsingSAPkts,
secyRxSAStatsNotValidPkts,
secyRxSAStatsInvalidPkts,
secyRxSAStatsOKPkts
}
STATUS current
DESCRIPTION
"A collection of objects providing a receiving SA statistics
information."
::= { secyMIBGroups 8 }
secyTxSCStatsGroup OBJECT-GROUP
OBJECTS {
secyTxSCStatsProtectedPkts,
secyTxSCStatsEncryptedPkts,
secyTxSCStatsOctetsProtected,
secyTxSCStatsOctetsEncrypted
}
STATUS current
DESCRIPTION
"A collection of objects providing a transmitting SC statistics
information."
::= { secyMIBGroups 9 }
secyRxSCStatsGroup OBJECT-GROUP
OBJECTS {
secyRxSCStatsUnusedSAPkts,
secyRxSCStatsNoUsingSAPkts,
secyRxSCStatsLatePkts,
secyRxSCStatsNotValidPkts,
secyRxSCStatsInvalidPkts,
secyRxSCStatsDelayedPkts,
secyRxSCStatsUncheckedPkts,
secyRxSCStatsOKPkts,
secyRxSCStatsOctetsValidated,
secyRxSCStatsOctetsDecrypted
}
STATUS current
DESCRIPTION
"A collection of objects providing a receiving SC statistics
information."
::= { secyMIBGroups 10 }
secyStatsGroup OBJECT-GROUP
OBJECTS {
secyStatsTxUntaggedPkts,
secyStatsTxTooLongPkts,
secyStatsRxUntaggedPkts,
secyStatsRxNoTagPkts,
secyStatsRxBadTagPkts,
secyStatsRxUnknownSCIPkts,
secyStatsRxNoSCIPkts,
secyStatsRxOverrunPkts
}
STATUS current
DESCRIPTION
"A collection of objects providing a SecY statistics
information."
::= { secyMIBGroups 11 }
END