1955 lines
61 KiB
Plaintext
1955 lines
61 KiB
Plaintext
-- *****************************************************************
|
||
-- IEEE8021-SECY-MIB
|
||
--
|
||
-- Definitions of managed objects supporting IEEE 802.1AE MACsec.
|
||
--
|
||
-- January 2006
|
||
--
|
||
-- *****************************************************************
|
||
|
||
IEEE8021-SECY-MIB DEFINITIONS ::= BEGIN
|
||
|
||
-- -----------------------------------------------------------------
|
||
-- IEEEE802.1AE MIB
|
||
-- -----------------------------------------------------------------
|
||
|
||
IMPORTS
|
||
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32,
|
||
Counter64
|
||
FROM SNMPv2-SMI
|
||
TEXTUAL-CONVENTION, RowPointer, TimeStamp, TruthValue, RowStatus
|
||
FROM SNMPv2-TC
|
||
SnmpAdminString
|
||
FROM SNMP-FRAMEWORK-MIB
|
||
MODULE-COMPLIANCE, OBJECT-GROUP
|
||
FROM SNMPv2-CONF
|
||
InterfaceIndex
|
||
FROM IF-MIB
|
||
;
|
||
|
||
ieee8021SecyMIB MODULE-IDENTITY
|
||
LAST-UPDATED "200601100000Z"
|
||
ORGANIZATION "IEEE 802.1 Working Group"
|
||
CONTACT-INFO
|
||
"http:/grouper.ieee.org/groups/8021/index.html"
|
||
DESCRIPTION
|
||
"The MAC security entity (SecY) module for managing IEEE
|
||
802.1AE. An SecY is the entity that operates the MAC Security
|
||
protocol within the system.
|
||
|
||
Each SecY transmits frames conveying secure MAC Service
|
||
requests on a single Secure Channel (SC), and receives frames
|
||
conveying secure service indications on separate SCs (one for
|
||
each of the other SecYs participating in the Secure
|
||
Connectivity Association (CA)). A CA is a security
|
||
relationship, established and maintained by key agreement
|
||
protocols that comprise a fully connected subset of the
|
||
service access points in stations attached to a single MACsec
|
||
supported LAN. An SC is a security relationship used to
|
||
provide security guarantees for frames transmitted from one
|
||
member of a CA to the others. It is a unidirectional point to
|
||
multipoint communication, and can be long lived, persisting
|
||
through Secure Association Key (SAK) changes. Each SC is
|
||
supported by a sequence of Secure Associations (SAs) thus
|
||
allowing the periodic use of fresh keys without terminating
|
||
the relationship. Each SA is supported by a single secret
|
||
key, or a set of keys where the cryptographic operations used
|
||
to protect one frame require more than one key.
|
||
|
||
Two different interfaces <20>Controlled Port<72> and
|
||
<20>Uncontrolled Port<72>, are associated with a SecY, and that for
|
||
each instance of a SecY, two ifTable rows (one for each
|
||
interface) run on top of an ifTable row representing the
|
||
<20>Common Port<72> interface, such as a row with ifType =
|
||
<20>ethernetCsmacd(6)<29>.
|
||
|
||
For example :
|
||
|
||
-----------------------------------------------------------
|
||
| | |
|
||
| Controlled Port | Uncontrolled Port |
|
||
| Interface | Interface |
|
||
| (ifEntry = j) | (ifEntry = k) |
|
||
| (ifType = | (ifType = |
|
||
| macSecControlledIF(231)) | macSecUncontrolledIF(232))|
|
||
| | |
|
||
|---------------------------------------------------------|
|
||
| |
|
||
| Physical Interface |
|
||
| (ifEntry = i) |
|
||
| (ifType = ethernetCsmacd(6)) |
|
||
|_________________________________________________________|
|
||
i, j, k are ifIndex to indicate an interface row in the ifTable.
|
||
|
||
Figure : MACsec Interface Stack
|
||
|
||
The <20>Controlled Port<72> is the service point to provide one
|
||
instance of the secure MAC service in a SecY. The
|
||
<20>Uncontrolled Port<72> is the service point to provide one instance
|
||
of the insecure MAC service in a SecY."
|
||
|
||
REVISION "200601100000Z"
|
||
DESCRIPTION
|
||
"Initial version of this MIB module. Published as part of
|
||
IEEE standard 802.1AE"
|
||
::= { iso(1) std(0) iso8802(8802) ieee802dot1(1)
|
||
ieee802dot1mibs(1) 3 }
|
||
|
||
secyMIBNotifications OBJECT IDENTIFIER ::= { ieee8021SecyMIB 0 }
|
||
|
||
secyMIBObjects OBJECT IDENTIFIER ::= { ieee8021SecyMIB 1 }
|
||
|
||
secyMIBConformance OBJECT IDENTIFIER ::= { ieee8021SecyMIB 2 }
|
||
|
||
|
||
--
|
||
-- Textual Convention
|
||
--
|
||
|
||
SecySCI ::= TEXTUAL-CONVENTION
|
||
STATUS current
|
||
DESCRIPTION
|
||
"This textual convention indicates a Secure Channel
|
||
Identifier (SCI).
|
||
|
||
Each SC is identified by an SCI, comprised of a unique 48-bit
|
||
Universally Administered MAC Address, identifying the system
|
||
to which the transmitting SecY belongs, concatenated with a
|
||
16-bit Port number, identifying the SecY within that system."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 7.1.2, 10.7.1 and figure 7.7"
|
||
SYNTAX OCTET STRING (SIZE (8))
|
||
|
||
SecyAN ::= TEXTUAL-CONVENTION
|
||
DISPLAY-HINT "d"
|
||
STATUS current
|
||
DESCRIPTION
|
||
"This textual convention indicates an Association Number (AN).
|
||
|
||
Each SC is comprised of a succession of SAs, each with a
|
||
different SAK. Each SA is identified by the SC identifier
|
||
concatenated with a two-bit AN. The Secure Association
|
||
Identifier (SAI) thus created allows the receiving SecY to
|
||
identify the SA, and the SAK used to decrypt and authenticate
|
||
the received frame. The AN, and the SAI, is only unique for
|
||
the SAs that can be used or recorded by participating SecYs
|
||
at any instant."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 8.1.3 and figure 7.7"
|
||
SYNTAX Unsigned32 (0..3)
|
||
|
||
|
||
secyMgmtMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 1 }
|
||
|
||
secyStatsMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 2 }
|
||
|
||
--
|
||
-- SecY Management Table
|
||
--
|
||
|
||
secyIfTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyIfEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table of system level information for each interface
|
||
supported by the MAC security entity. An entry appears in this
|
||
table for each interface with MAC security capability in this
|
||
system.
|
||
|
||
For the writeable objects in this table, the configured value
|
||
shall be stored in persistent memory and remain unchanged across
|
||
a re-initialization of the management system of the entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7"
|
||
::= { secyMgmtMIBObjects 1 }
|
||
|
||
secyIfEntry OBJECT-TYPE
|
||
SYNTAX SecyIfEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing SecY management information applicable to
|
||
a particular interface."
|
||
INDEX { secyIfInterfaceIndex }
|
||
::= { secyIfTable 1 }
|
||
|
||
SecyIfEntry ::= SEQUENCE {
|
||
secyIfInterfaceIndex InterfaceIndex,
|
||
secyIfMaxPeerSCs Unsigned32,
|
||
secyIfRxMaxKeys Unsigned32,
|
||
secyIfTxMaxKeys Unsigned32,
|
||
secyIfProtectFramesEnable TruthValue,
|
||
secyIfValidateFrames INTEGER,
|
||
secyIfReplayProtectEnable TruthValue,
|
||
secyIfReplayProtectWindow Unsigned32,
|
||
secyIfCurrentCipherSuite Unsigned32,
|
||
secyIfAdminPt2PtMAC INTEGER,
|
||
secyIfOperPt2PtMAC TruthValue,
|
||
secyIfIncludeSCIEnable TruthValue,
|
||
secyIfUseESEnable TruthValue,
|
||
secyIfUseSCBEnable TruthValue
|
||
}
|
||
|
||
secyIfInterfaceIndex OBJECT-TYPE
|
||
SYNTAX InterfaceIndex
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An interface index for a port with SecY management ability.
|
||
|
||
This interface index should be aligned with ifIndex in the
|
||
ifTable to point to the SecY Controlled Port entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.1"
|
||
::= { secyIfEntry 1 }
|
||
|
||
secyIfMaxPeerSCs OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
UNITS "security connections"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Maximum number of peer SCs that this SecY can support."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.7"
|
||
::= { secyIfEntry 2 }
|
||
|
||
secyIfRxMaxKeys OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
UNITS "keys"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Maximum number of keys in simultaneous use for reception
|
||
that this SecY can support."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.7"
|
||
::= { secyIfEntry 3 }
|
||
|
||
secyIfTxMaxKeys OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
UNITS "keys"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Maximum number of keys in simultaneous use for transmission
|
||
that this SecY can support."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.16"
|
||
::= { secyIfEntry 4 }
|
||
|
||
secyIfProtectFramesEnable OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object to enable or disable the protection function for
|
||
egress frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.5"
|
||
DEFVAL { true }
|
||
::= { secyIfEntry 5 }
|
||
|
||
secyIfValidateFrames OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
disabled(1),
|
||
check(2),
|
||
strict(3)
|
||
}
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object to control the validation function for ingress
|
||
frames.
|
||
|
||
disabled(1) : means to disable the validation function.
|
||
|
||
check(2) : means to enable the validation function but only
|
||
for checking without filtering out invalid frames.
|
||
|
||
strict(3) : means to enable the validation function and also
|
||
strictly filter out those invalid frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.8"
|
||
DEFVAL { strict }
|
||
::= { secyIfEntry 6 }
|
||
|
||
secyIfReplayProtectEnable OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object to enable or disable the replay protection function."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.8, 10.7.17"
|
||
DEFVAL { true }
|
||
::= { secyIfEntry 7 }
|
||
|
||
secyIfReplayProtectWindow OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object to indicate the replay protection window size. This
|
||
object only takes effect if the object secyReplayProtectEnable
|
||
is true."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.8"
|
||
DEFVAL { 0 }
|
||
::= { secyIfEntry 8 }
|
||
|
||
secyIfCurrentCipherSuite OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object that points to an entry of the secyCipherSuiteTable
|
||
with <20>active<76> row status to indicate the cipher Suite which this
|
||
SecY is currently using. By default, this object should point
|
||
to the default cipher suite which system provides."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.25"
|
||
::= { secyIfEntry 9 }
|
||
|
||
secyIfAdminPt2PtMAC OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
forceTrue(1),
|
||
forceFalse(2),
|
||
auto(3)
|
||
}
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object to control the service connectivity to at most one
|
||
other system. The secyOperPt2PtMAC indicates operational
|
||
status of the service connectivity for this SecY.
|
||
|
||
forceTrue(1) : allows only one service connection to the
|
||
other system.
|
||
|
||
forceFalse(2) : no restriction on the number of service
|
||
connections to the other systems.
|
||
|
||
auto(3) : means the service connectivity is determined by the
|
||
service providing entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 6.5"
|
||
DEFVAL { auto }
|
||
::= { secyIfEntry 10 }
|
||
|
||
secyIfOperPt2PtMAC OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object to reflect the current service connectivity status.
|
||
|
||
true(1) : means the service connectivity of this SecY provides
|
||
at most one other system.
|
||
|
||
false(2) : means the service connectivity of this SecY could
|
||
provide more than one other system."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 6.5"
|
||
::= { secyIfEntry 11 }
|
||
|
||
secyIfIncludeSCIEnable OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object indicates to include the SCI information in
|
||
security TAG (SecTAG) field while transmitting MACsec
|
||
frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17"
|
||
DEFVAL { false }
|
||
::= { secyIfEntry 12 }
|
||
|
||
secyIfUseESEnable OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object indicates to enable the ES bit in
|
||
security TAG (SecTAG) field while transmitting MACsec
|
||
frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17"
|
||
DEFVAL { false }
|
||
::= { secyIfEntry 13 }
|
||
|
||
secyIfUseSCBEnable OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An object indicates to enable the SCB bit in
|
||
security TAG (SecTAG) field while transmitting MACsec
|
||
frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17"
|
||
DEFVAL { false }
|
||
::= { secyIfEntry 14 }
|
||
|
||
--
|
||
-- Tx SC Management Table
|
||
--
|
||
|
||
secyTxSCTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyTxSCEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table for providing information about the status of each
|
||
transmitting SC supported by the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.17, 10.7.20"
|
||
::= { secyMgmtMIBObjects 2 }
|
||
|
||
secyTxSCEntry OBJECT-TYPE
|
||
SYNTAX SecyTxSCEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing transmitting SC management information
|
||
applicable to a particular SecY."
|
||
INDEX { secyIfInterfaceIndex }
|
||
::= { secyTxSCTable 1 }
|
||
|
||
SecyTxSCEntry ::= SEQUENCE {
|
||
secyTxSCI SecySCI,
|
||
secyTxSCState INTEGER,
|
||
secyTxSCEncodingSA RowPointer,
|
||
secyTxSCEncipheringSA RowPointer,
|
||
secyTxSCCreatedTime TimeStamp,
|
||
secyTxSCStartedTime TimeStamp,
|
||
secyTxSCStoppedTime TimeStamp
|
||
}
|
||
|
||
secyTxSCI OBJECT-TYPE
|
||
SYNTAX SecySCI
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The SCI information for transmitting MACsec frames of the
|
||
transmitting SC in the SecY."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 7.1.2, 8.2.1, 10.7.1"
|
||
::= { secyTxSCEntry 1 }
|
||
|
||
secyTxSCState OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
inUse(1),
|
||
notInUse(2)
|
||
}
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The state of the current transmitting SC in the SecY.
|
||
|
||
inUse(1) : means any of SAs for this SC is in use.
|
||
|
||
notInUse(2) : means no SAs for this SC is in use."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.20"
|
||
::= { secyTxSCEntry 2 }
|
||
|
||
secyTxSCEncodingSA OBJECT-TYPE
|
||
SYNTAX RowPointer
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The current transmitting SA in use. The row pointer will point
|
||
to an entry in the secyTxSATable. If no such information is
|
||
available, the value shall be the OBJECT IDENTIFIER { 0 0 }."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.5.1, 10.7.20"
|
||
::= { secyTxSCEntry 3 }
|
||
|
||
secyTxSCEncipheringSA OBJECT-TYPE
|
||
SYNTAX RowPointer
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The previous transmitting SA in use. The row pointer will point
|
||
to an entry in the secyTxSATable. If no such information is
|
||
available, the value shall be the OBJECT IDENTIFIER { 0 0 }."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.5.4, 10.7.20"
|
||
::= { secyTxSCEntry 4 }
|
||
|
||
secyTxSCCreatedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this transmitting SC was created."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.20"
|
||
::= { secyTxSCEntry 5 }
|
||
|
||
secyTxSCStartedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this transmitting SC last started
|
||
transmitting MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.20"
|
||
::= { secyTxSCEntry 6 }
|
||
|
||
secyTxSCStoppedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this transmitting SC last stopped
|
||
transmitting MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.20"
|
||
::= { secyTxSCEntry 7 }
|
||
|
||
--
|
||
-- Tx SA Management Table
|
||
--
|
||
|
||
secyTxSATable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyTxSAEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table for providing information about the status of each
|
||
transmitting SA supported by the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.21"
|
||
::= { secyMgmtMIBObjects 3 }
|
||
|
||
secyTxSAEntry OBJECT-TYPE
|
||
SYNTAX SecyTxSAEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing transmitting SA management information
|
||
applicable to a particular SA."
|
||
INDEX { secyIfInterfaceIndex, secyTxSA }
|
||
::= { secyTxSATable 1 }
|
||
|
||
SecyTxSAEntry ::= SEQUENCE {
|
||
secyTxSA SecyAN,
|
||
secyTxSAState INTEGER,
|
||
secyTxSANextPN Unsigned32,
|
||
secyTxSAConfidentiality TruthValue,
|
||
secyTxSASAKUnchanged TruthValue,
|
||
secyTxSACreatedTime TimeStamp,
|
||
secyTxSAStartedTime TimeStamp,
|
||
secyTxSAStoppedTime TimeStamp
|
||
}
|
||
|
||
secyTxSA OBJECT-TYPE
|
||
SYNTAX SecyAN
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The association number (AN) for identifying a transmitting
|
||
SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.21"
|
||
::= { secyTxSAEntry 1 }
|
||
|
||
secyTxSAState OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
inUse(1),
|
||
notInUse(2)
|
||
}
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The current status of the transmitting SA.
|
||
|
||
inUse(1) : means this SA is in use.
|
||
|
||
notInUse(2) : means this SA is not in use."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.22"
|
||
::= { secyTxSAEntry 2 }
|
||
|
||
secyTxSANextPN OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The next packet number (PN) that will be used in transmitting
|
||
MACsec frames in the SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.21"
|
||
::= { secyTxSAEntry 3 }
|
||
|
||
secyTxSAConfidentiality OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Whether this SA supports the confidentiality as well as
|
||
integrity function in transmitting frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.21"
|
||
::= { secyTxSAEntry 4 }
|
||
|
||
secyTxSASAKUnchanged OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A reference to an SAK that is unchanged for the life
|
||
of the transmitting SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.21"
|
||
::= { secyTxSAEntry 5 }
|
||
|
||
secyTxSACreatedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this transmitting SA was created."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.22"
|
||
::= { secyTxSAEntry 6 }
|
||
|
||
secyTxSAStartedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this transmitting SA last started
|
||
transmitting MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.22"
|
||
::= { secyTxSAEntry 7 }
|
||
|
||
secyTxSAStoppedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this transmitting SA last stopped
|
||
transmitting MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.22"
|
||
::= { secyTxSAEntry 8 }
|
||
|
||
--
|
||
-- Rx SC Management Table
|
||
--
|
||
|
||
secyRxSCTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyRxSCEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table for providing information about the status of each
|
||
receiving SC supported by the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.11"
|
||
::= { secyMgmtMIBObjects 4 }
|
||
|
||
secyRxSCEntry OBJECT-TYPE
|
||
SYNTAX SecyRxSCEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing receiving SC management information
|
||
applicable to a particular SC."
|
||
INDEX { secyIfInterfaceIndex, secyRxSCI }
|
||
::= { secyRxSCTable 1 }
|
||
|
||
SecyRxSCEntry ::= SEQUENCE {
|
||
secyRxSCI SecySCI,
|
||
secyRxSCState INTEGER,
|
||
secyRxSCCurrentSA RowPointer,
|
||
secyRxSCCreatedTime TimeStamp,
|
||
secyRxSCStartedTime TimeStamp,
|
||
secyRxSCStoppedTime TimeStamp
|
||
}
|
||
|
||
secyRxSCI OBJECT-TYPE
|
||
SYNTAX SecySCI
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The SCI for identifying the receiving SC in the SecY."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.11"
|
||
::= { secyRxSCEntry 1 }
|
||
|
||
secyRxSCState OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
inUse(1),
|
||
notInUse(2)
|
||
}
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The state of the receiving SC in the SecY.
|
||
|
||
inUse(1) : means any of SAs for this SC is in use.
|
||
|
||
notInUse(2) : means no SAs for this SC is in use."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.12"
|
||
::= { secyRxSCEntry 2 }
|
||
|
||
secyRxSCCurrentSA OBJECT-TYPE
|
||
SYNTAX RowPointer
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The current receiving association number of the SC in use.
|
||
The row pointer will point to an entry in the
|
||
secyRxSATable. If no such information can be identified,
|
||
the value of this object shall be set to the
|
||
OBJECT IDENTIFIER { 0 0 }."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.6.1, 10.7.13"
|
||
::= { secyRxSCEntry 3 }
|
||
|
||
secyRxSCCreatedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this receiving SC was created."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.12"
|
||
::= { secyRxSCEntry 4 }
|
||
|
||
secyRxSCStartedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this receiving SC last started
|
||
receiving MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.12"
|
||
::= { secyRxSCEntry 5 }
|
||
|
||
secyRxSCStoppedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this receiving SC last stopped
|
||
receiving MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.12"
|
||
::= { secyRxSCEntry 6 }
|
||
|
||
--
|
||
-- Rx SA Management Table
|
||
--
|
||
|
||
secyRxSATable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyRxSAEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table for providing information about the status of each
|
||
receiving SA supported by the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.13"
|
||
::= { secyMgmtMIBObjects 5 }
|
||
|
||
secyRxSAEntry OBJECT-TYPE
|
||
SYNTAX SecyRxSAEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing receiving SA management information
|
||
applicable to a particular SA."
|
||
INDEX { secyIfInterfaceIndex, secyRxSCI, secyRxSA }
|
||
::= { secyRxSATable 1 }
|
||
|
||
SecyRxSAEntry ::= SEQUENCE {
|
||
secyRxSA SecyAN,
|
||
secyRxSAState INTEGER,
|
||
secyRxSANextPN Unsigned32,
|
||
secyRxSASAKUnchanged TruthValue,
|
||
secyRxSACreatedTime TimeStamp,
|
||
secyRxSAStartedTime TimeStamp,
|
||
secyRxSAStoppedTime TimeStamp
|
||
}
|
||
|
||
secyRxSA OBJECT-TYPE
|
||
SYNTAX SecyAN
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The association number (AN) for identifying a receiving
|
||
SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.13"
|
||
::= { secyRxSAEntry 1 }
|
||
|
||
secyRxSAState OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
inUse(1),
|
||
notInUse(2)
|
||
}
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The current state for the receiving SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.14"
|
||
::= { secyRxSAEntry 2 }
|
||
|
||
secyRxSANextPN OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The stored packet number (PN) for replay protection
|
||
in the SA. If the PN of any receiving frames is less
|
||
than the value of this object minus the value of
|
||
secyReplayProtectWindow and secyReplayProtectEnable
|
||
is true, the receiving frames should be discarded."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.14, Clause 10.7.15"
|
||
::= { secyRxSAEntry 3 }
|
||
|
||
secyRxSASAKUnchanged OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A reference to an SAK that is unchanged for the life
|
||
of the receiving SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.13"
|
||
::= { secyRxSAEntry 4 }
|
||
|
||
secyRxSACreatedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this receiving SA was created."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.14"
|
||
::= { secyRxSAEntry 5 }
|
||
|
||
secyRxSAStartedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this receiving SA last started
|
||
receiving MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.14"
|
||
::= { secyRxSAEntry 6 }
|
||
|
||
secyRxSAStoppedTime OBJECT-TYPE
|
||
SYNTAX TimeStamp
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The system time when this receiving SA last stopped
|
||
receiving MACsec frames."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.14"
|
||
::= { secyRxSAEntry 7 }
|
||
|
||
--
|
||
-- SecY Selectable Cipher Suites
|
||
--
|
||
|
||
secyCipherSuiteTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyCipherSuiteEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The table of selectable cipher suites for the MAC security
|
||
entity.
|
||
|
||
For the writeable objects in this table, the configured value
|
||
shall be stored in persistent memory and remain unchanged across
|
||
a re-initialization of the management system of the entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24"
|
||
::= { secyMgmtMIBObjects 6 }
|
||
|
||
secyCipherSuiteEntry OBJECT-TYPE
|
||
SYNTAX SecyCipherSuiteEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing the management information for a cipher
|
||
suite."
|
||
INDEX { secyCipherSuiteIndex }
|
||
::= { secyCipherSuiteTable 1 }
|
||
|
||
SecyCipherSuiteEntry ::= SEQUENCE {
|
||
secyCipherSuiteIndex Unsigned32,
|
||
secyCipherSuiteId OCTET STRING,
|
||
secyCipherSuiteName SnmpAdminString,
|
||
secyCipherSuiteCapability BITS,
|
||
secyCipherSuiteProtection BITS,
|
||
secyCipherSuiteProtectionOffset INTEGER,
|
||
secyCipherSuiteDataLengthChange TruthValue,
|
||
secyCipherSuiteICVLength Unsigned32,
|
||
secyCipherSuiteRowStatus RowStatus
|
||
}
|
||
|
||
secyCipherSuiteIndex OBJECT-TYPE
|
||
SYNTAX Unsigned32 (1..4294967295)
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The index to recognize a Cipher Suite in the system."
|
||
::= { secyCipherSuiteEntry 1 }
|
||
|
||
secyCipherSuiteId OBJECT-TYPE
|
||
SYNTAX OCTET STRING (SIZE (8))
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The identifier for the cipher suite. This is a global
|
||
unique 64-bit (EUI-64) identifier."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24"
|
||
::= { secyCipherSuiteEntry 2 }
|
||
|
||
secyCipherSuiteName OBJECT-TYPE
|
||
SYNTAX SnmpAdminString (SIZE (1..128))
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The name of the cipher suite. If the name is composed of
|
||
multi-byte characters, the total length must fit within 128
|
||
octets."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24"
|
||
::= { secyCipherSuiteEntry 3 }
|
||
|
||
secyCipherSuiteCapability OBJECT-TYPE
|
||
SYNTAX BITS {
|
||
integrity(0),
|
||
confidentiality(1),
|
||
offsetConfidentiality(2)
|
||
}
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The capability of this cipher suite.
|
||
|
||
integrity(0) : integrity protection capability for this
|
||
cipher suite..
|
||
|
||
confidentiality(1) : confidentiality protection
|
||
capability for this cipher suite.
|
||
|
||
offsetConfidentiality(2) : offset confidentiality protection
|
||
capability for this cipher suite."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24, 10.7.25"
|
||
::= { secyCipherSuiteEntry 4 }
|
||
|
||
secyCipherSuiteProtection OBJECT-TYPE
|
||
SYNTAX BITS {
|
||
integrity(0),
|
||
confidentiality(1),
|
||
offsetConfidentiality(2)
|
||
}
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The protection options of this cipher suite. The options
|
||
should depend on the object secyCipherSuiteCapability.
|
||
|
||
If the value of secyCipherSuiteCapability is only integerity
|
||
bit on, users can only choose to turn on integrity bit for
|
||
this object.
|
||
|
||
If the value of secyCipherSuiteCapability is integrity and
|
||
confidentiality bits on, users can choose to turn on
|
||
integrity or confidentiality bits, but if confidentiality
|
||
bit is on, the integrity bit has to be on.
|
||
|
||
If the value of secyCipherSuiteCapability is integrity and
|
||
offsetConfidentiality bits on, users can choose to turn on
|
||
integrity or offsetConfidentiality bits, but if
|
||
offsetConfidentiality bit is on, the integrity bit has to be
|
||
on.
|
||
|
||
If the value of secyCipherSuiteCapability is integrity and
|
||
confidentiality and offsetConfidentiality bits on, users can
|
||
choose to turn on integrity or confidentiality or
|
||
offsetConfidentiality bits, but if confidentiality or
|
||
offsetConfidentiality bits are on, the integrity bit has to
|
||
be on.
|
||
|
||
integrity(0) : on or off the function of supporting integrity
|
||
protection for this cipher suite.
|
||
|
||
confidentiality(1) : on or off the function of supporting
|
||
confidentiality for this cipher suite.
|
||
|
||
offsetConfidentiality(2) : on or off the function of
|
||
supporting offset confidentiality for this cipher suite."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24, 10.7.25"
|
||
DEFVAL { { integrity } }
|
||
::= { secyCipherSuiteEntry 5 }
|
||
|
||
secyCipherSuiteProtectionOffset OBJECT-TYPE
|
||
SYNTAX Integer32 (0 | 30 | 50)
|
||
UNITS "bytes"
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The confidentiality protection offset options of this
|
||
cipher suite. The options should depend on the choice of
|
||
secyCipherSuiteProtection.
|
||
|
||
If the value of secyCipherSuiteProtection only turns on
|
||
integrity bit, users can only choose 0 byte for this
|
||
object.
|
||
|
||
If the value of secyCipherSuiteProtection only turns on
|
||
integrity and confidentiality bits, users can only choose
|
||
0 byte for this object.
|
||
|
||
If the value of secyCipherSuiteProtection only turns on
|
||
integrity and offsetConfidentiality bits, users can choose
|
||
30 or 50 bytes for this object.
|
||
|
||
If the value of secyCipherSuiteProtection turns on
|
||
integrity and confidentiality and offsetConfidentiality
|
||
bits, users can choose 0 or 30 or 50 bytes for this object."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24, 10.7.25"
|
||
DEFVAL { 0 }
|
||
::= { secyCipherSuiteEntry 6 }
|
||
|
||
secyCipherSuiteDataLengthChange OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"This indicates whether the data length will be
|
||
changed after encryption by the cipher suite."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24"
|
||
::= { secyCipherSuiteEntry 7 }
|
||
|
||
secyCipherSuiteICVLength OBJECT-TYPE
|
||
SYNTAX Unsigned32 (8..16)
|
||
UNITS "octets"
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The length of integrity check value (ICV) field."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24"
|
||
::= { secyCipherSuiteEntry 8 }
|
||
|
||
secyCipherSuiteRowStatus OBJECT-TYPE
|
||
SYNTAX RowStatus
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The object to create the paramaters for the supported
|
||
Cipher Suites in the system. If the specified
|
||
secyCipherSuiteId object information is not supported
|
||
in the system or the secyCipherSuiteCapability object
|
||
is not matched the capability of the corresponding
|
||
specified Cipher Suite in the same entry, the corresponding
|
||
entry should not be active, i.e., this object should not be
|
||
<20>active<76> or <20>notInService<63>."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.24"
|
||
::= { secyCipherSuiteEntry 9 }
|
||
|
||
--
|
||
-- Statistics Information
|
||
--
|
||
|
||
--
|
||
-- TX SA Statistics Information
|
||
--
|
||
|
||
secyTxSAStatsTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyTxSAStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table that contains the statistics objects for each
|
||
transmitting SA in the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyStatsMIBObjects 1 }
|
||
|
||
secyTxSAStatsEntry OBJECT-TYPE
|
||
SYNTAX SecyTxSAStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry holds the statistics for a transmitting SA. An SA
|
||
may be reused once a while.
|
||
|
||
When starting using the SA, the counters of the SA should
|
||
start at 0.
|
||
|
||
When stopping using the SA, the counters will be stopped
|
||
incrementing.
|
||
|
||
The timestamps of starting and stopping time are recorded in
|
||
the secyTxSATable."
|
||
AUGMENTS { secyTxSAEntry }
|
||
::= { secyTxSAStatsTable 1 }
|
||
|
||
SecyTxSAStatsEntry ::= SEQUENCE {
|
||
secyTxSAStatsProtectedPkts Counter32,
|
||
secyTxSAStatsEncryptedPkts Counter32
|
||
}
|
||
|
||
secyTxSAStatsProtectedPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of integrity protected but not encrypted packets
|
||
for this transmitting SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyTxSAStatsEntry 1 }
|
||
|
||
secyTxSAStatsEncryptedPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of integrity protected and encrypted packets for
|
||
this transmitting SA."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyTxSAStatsEntry 2 }
|
||
|
||
--
|
||
-- TX SC Statistics Information
|
||
--
|
||
|
||
secyTxSCStatsTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyTxSCStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table that contains statistics information for each
|
||
transmitting SC in the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, 10.7.19, figure 10.4"
|
||
::= { secyStatsMIBObjects 2 }
|
||
|
||
secyTxSCStatsEntry OBJECT-TYPE
|
||
SYNTAX SecyTxSCStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry contains the counters of a transmitting SC. Since some
|
||
counters in the transmitting SA will be reset while the SA is
|
||
reused, in order to maintain complete statistics information
|
||
for the SC, the counters information on the SAs need to be kept
|
||
in the SC.
|
||
|
||
Those counters that may be reset are :
|
||
secyTxSAStatsProtectedPkts,
|
||
secyTxSAStatsEncryptedPkts
|
||
|
||
Each counter for a SC is in the summation of the corresponding
|
||
counter information for all the SAs, current and prior SAs,
|
||
belonging to this SC."
|
||
AUGMENTS { secyTxSCEntry }
|
||
::= { secyTxSCStatsTable 1 }
|
||
|
||
SecyTxSCStatsEntry ::= SEQUENCE {
|
||
secyTxSCStatsProtectedPkts Counter64,
|
||
secyTxSCStatsEncryptedPkts Counter64,
|
||
secyTxSCStatsOctetsProtected Counter64,
|
||
secyTxSCStatsOctetsEncrypted Counter64
|
||
}
|
||
|
||
secyTxSCStatsProtectedPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of integrity protected but not encrypted packets
|
||
for this transmitting SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyTxSCStatsEntry 1 }
|
||
|
||
secyTxSCStatsEncryptedPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of integrity protected and encrypted packets for
|
||
this transmitting SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyTxSCStatsEntry 4 }
|
||
|
||
secyTxSCStatsOctetsProtected OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Octets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of plain text octets that are integrity protected
|
||
but not encrypted on the transmitting SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.19, figure 10.4"
|
||
::= { secyTxSCStatsEntry 10 }
|
||
|
||
secyTxSCStatsOctetsEncrypted OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Octets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of plain text octets that are integrity protected
|
||
and encrypted on the transmitting SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.19, figure 10.4"
|
||
::= { secyTxSCStatsEntry 11 }
|
||
|
||
--
|
||
-- RX SA Statistics Information
|
||
--
|
||
|
||
secyRxSAStatsTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyRxSAStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table that contains the statistics objects for each
|
||
receiving SA in the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyStatsMIBObjects 3 }
|
||
|
||
secyRxSAStatsEntry OBJECT-TYPE
|
||
SYNTAX SecyRxSAStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry holds the statistics for a receiving SA. An SA
|
||
may be reused once a while.
|
||
|
||
When starting using the SA, the counters of the SA should
|
||
start at 0.
|
||
|
||
When stopping using the SA, the counters will be stopped
|
||
incrementing.
|
||
|
||
The timestamps of starting and stopping time are recorded in
|
||
the secyRxSATable."
|
||
AUGMENTS { secyRxSAEntry }
|
||
::= { secyRxSAStatsTable 1 }
|
||
|
||
SecyRxSAStatsEntry ::= SEQUENCE {
|
||
secyRxSAStatsUnusedSAPkts Counter32,
|
||
secyRxSAStatsNoUsingSAPkts Counter32,
|
||
secyRxSAStatsNotValidPkts Counter32,
|
||
secyRxSAStatsInvalidPkts Counter32,
|
||
secyRxSAStatsOKPkts Counter32
|
||
}
|
||
|
||
secyRxSAStatsUnusedSAPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SA which is not currently in use, the number of
|
||
received, unencrypted, packets with secyValidateFrames
|
||
not in the strict mode."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSAStatsEntry 1 }
|
||
|
||
secyRxSAStatsNoUsingSAPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SA which is not currently in use, the number of
|
||
received packets that have been discarded, and have
|
||
either the packets encrypted or the secyValidateFrames set to
|
||
strict mode."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSAStatsEntry 4 }
|
||
|
||
secyRxSAStatsNotValidPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SA, the number discarded packets with the
|
||
condition that the packets are not valid and one of the
|
||
following conditions are true: either secyValidateFrames in
|
||
strict mode or the packets encrypted."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSAStatsEntry 13 }
|
||
|
||
secyRxSAStatsInvalidPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SA, the number of packets with the condition
|
||
that the packets are not valid and secyValidateFrames is in
|
||
check mode."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSAStatsEntry 16 }
|
||
|
||
secyRxSAStatsOKPkts OBJECT-TYPE
|
||
SYNTAX Counter32
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SA, the number of validated packets."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSAStatsEntry 25 }
|
||
|
||
--
|
||
-- RX SC Statistics Information
|
||
--
|
||
|
||
secyRxSCStatsTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyRxSCStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table for the statistics information of each receiving SC
|
||
supported by the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, 10.7.10, figure 10.5"
|
||
::= { secyStatsMIBObjects 4 }
|
||
|
||
secyRxSCStatsEntry OBJECT-TYPE
|
||
SYNTAX SecyRxSCStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry contains the counters of a receiving SC. Since some
|
||
counters in the receiving SA will be reset while the SA is
|
||
reused, in order to maintain complete statistics information
|
||
for the SC, the counters information on the SAs need to be kept
|
||
in the SC.
|
||
|
||
Those counters that may be reset are :
|
||
secyRxSAStatsUnusedSAPkts,
|
||
secyRxSAStatsNoUsingSAPkts,
|
||
secyRxSAStatsNotValidPkts,
|
||
secyRxSAStatsInvalidPkts,
|
||
secyRxSAStatsOKPkts
|
||
|
||
Each counter for a SC is in the summation of the corresponding
|
||
counter information for all the SAs, current and prior SAs,
|
||
belonging to this SC."
|
||
AUGMENTS { secyRxSCEntry }
|
||
::= { secyRxSCStatsTable 1 }
|
||
|
||
SecyRxSCStatsEntry ::= SEQUENCE {
|
||
secyRxSCStatsUnusedSAPkts Counter64,
|
||
secyRxSCStatsNoUsingSAPkts Counter64,
|
||
secyRxSCStatsLatePkts Counter64,
|
||
secyRxSCStatsNotValidPkts Counter64,
|
||
secyRxSCStatsInvalidPkts Counter64,
|
||
secyRxSCStatsDelayedPkts Counter64,
|
||
secyRxSCStatsUncheckedPkts Counter64,
|
||
secyRxSCStatsOKPkts Counter64,
|
||
secyRxSCStatsOctetsValidated Counter64,
|
||
secyRxSCStatsOctetsDecrypted Counter64
|
||
}
|
||
|
||
secyRxSCStatsUnusedSAPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The summation of counter secyRxSAStatsUnusedSAPkts
|
||
information for all the SAs which belong to this SC.
|
||
|
||
Since the secyRxSAStatsUnusedSAPkts counters in the SAs
|
||
will be reset, in order to maintain complete statistics
|
||
information for the SC, the counter information on the SAs
|
||
need to be kept in the SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 1 }
|
||
|
||
secyRxSCStatsNoUsingSAPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The summation of counter secyRxSAStatsNoUsingSAPkts
|
||
information for all the SAs which belong to this SC.
|
||
|
||
Since the secyRxSAStatsNoUsingSAPkts counters in the SAs
|
||
will be reset, in order to maintain complete statistics
|
||
information for the SC, the counter information on the SAs
|
||
need to be kept in the SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 2 }
|
||
|
||
secyRxSCStatsLatePkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SC, the number of received packets that have
|
||
been discarded with the condition : secyReplayProtect is equal
|
||
to true and the PN of the packet is lower than the lower bound
|
||
replay check PN."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 3 }
|
||
|
||
secyRxSCStatsNotValidPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The summation of counter secyRxSAStatsNotValidPkts
|
||
information for all the SAs which belong to this SC.
|
||
|
||
Since the secyRxSAStatsNotValidPkts counters in the SAs
|
||
will be reset, in order to maintain complete statistics
|
||
information for the SC, the counter information on the SAs
|
||
need to be kept in the SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 4 }
|
||
|
||
secyRxSCStatsInvalidPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The summation of counter secyRxSAStatsInvalidPkts
|
||
information for all the SAs which belong to this SC.
|
||
|
||
Since the secyRxSAStatsInvalidPkts counters in the SAs
|
||
will be reset, in order to maintain complete statistics
|
||
information for the SC, the counter information on the SAs
|
||
need to be kept in the SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 5 }
|
||
|
||
secyRxSCStatsDelayedPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SC, the number of packets with the condition
|
||
that the PN of the packets is lower than the lower bound
|
||
replay protection PN."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 6 }
|
||
|
||
secyRxSCStatsUncheckedPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"For this SC, the number of packets with the following
|
||
condition:
|
||
-secyValidateFrames is disabled or
|
||
-secyValidateFrames is not disabled and the packet is not
|
||
encrypted and the integrity check has failed or
|
||
-secyValidateFrames is not disable and the packet is
|
||
encrypted and integrity check has failed."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 7 }
|
||
|
||
secyRxSCStatsOKPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The summation of counter secyRxSAStatsOKPkts
|
||
information for all the SAs which belong to this SC.
|
||
|
||
Since the secyRxSAStatsOKPkts counters in the SAs
|
||
will be reset, in order to maintain complete statistics
|
||
information for the SC, the counter information on the SAs
|
||
need to be kept in the SC."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, figure 10.5"
|
||
::= { secyRxSCStatsEntry 8 }
|
||
|
||
secyRxSCStatsOctetsValidated OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Octets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of octets of plaintext recovered from received
|
||
packets that were integrity protected but not encrypted."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.10, figure 10.5"
|
||
::= { secyRxSCStatsEntry 9 }
|
||
|
||
secyRxSCStatsOctetsDecrypted OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Octets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of octets of plaintext recovered from received
|
||
packets that were integrity protected and encrypted."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.10, figure 10.5"
|
||
::= { secyRxSCStatsEntry 10 }
|
||
|
||
--
|
||
-- SecY statistics table
|
||
--
|
||
|
||
secyStatsTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF SecyStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A table for the statistics information of each SecY supported by
|
||
the MAC security entity."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9, 10.7.18, figure 10.4, 10.5"
|
||
::= { secyStatsMIBObjects 5 }
|
||
|
||
secyStatsEntry OBJECT-TYPE
|
||
SYNTAX SecyStatsEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"An entry containing counters for statistics or diagnosis for
|
||
a SecY."
|
||
AUGMENTS { secyIfEntry }
|
||
::= { secyStatsTable 1 }
|
||
|
||
SecyStatsEntry ::= SEQUENCE {
|
||
secyStatsTxUntaggedPkts Counter64,
|
||
secyStatsTxTooLongPkts Counter64,
|
||
secyStatsRxUntaggedPkts Counter64,
|
||
secyStatsRxNoTagPkts Counter64,
|
||
secyStatsRxBadTagPkts Counter64,
|
||
secyStatsRxUnknownSCIPkts Counter64,
|
||
secyStatsRxNoSCIPkts Counter64,
|
||
secyStatsRxOverrunPkts Counter64
|
||
}
|
||
|
||
secyStatsTxUntaggedPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of transmitted packets without the MAC
|
||
security tag (SecTAG) because secyProtectFramesEnable is
|
||
configured as false."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyStatsEntry 1 }
|
||
|
||
secyStatsTxTooLongPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of transmitted packets discarded because the packet
|
||
length is greater than the ifMtu of the Common Port interface."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.18, figure 10.4"
|
||
::= { secyStatsEntry 2 }
|
||
|
||
secyStatsRxUntaggedPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of received packets without the MAC security tag
|
||
(SecTAG) with secyValidateFrames which is not in the
|
||
strict mode."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
|
||
::= { secyStatsEntry 3 }
|
||
|
||
secyStatsRxNoTagPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of received packets discarded without the
|
||
MAC security tag (SecTAG) with secyValidateFrames which is
|
||
in the strict mode."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
|
||
::= { secyStatsEntry 4 }
|
||
|
||
secyStatsRxBadTagPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of received packets discarded with an invalid
|
||
SecTAG or a zero value PN or an invalid ICV."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
|
||
::= { secyStatsEntry 5 }
|
||
|
||
secyStatsRxUnknownSCIPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of received packets with unknown SCI with the
|
||
condition :
|
||
secyValidateFrames is not in the strict mode and the
|
||
C bit in the SecTAG is not set."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
|
||
::= { secyStatsEntry 6 }
|
||
|
||
secyStatsRxNoSCIPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of received packets discarded with unknown SCI
|
||
information with the condition :
|
||
secyValidateFrames is in the strict mode or the C bit
|
||
in the SecTAG is set."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
|
||
::= { secyStatsEntry 7 }
|
||
|
||
secyStatsRxOverrunPkts OBJECT-TYPE
|
||
SYNTAX Counter64
|
||
UNITS "Packets"
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The number of packets discarded because the number of
|
||
received packets exceeded the cryptographic performance
|
||
capabilities."
|
||
REFERENCE
|
||
"IEEE 802.1AE Clause 10.7.9 , figure 10.5"
|
||
::= { secyStatsEntry 8 }
|
||
|
||
--
|
||
-- Conformance
|
||
--
|
||
|
||
secyMIBCompliances OBJECT IDENTIFIER ::= { secyMIBConformance 1 }
|
||
|
||
secyMIBGroups OBJECT IDENTIFIER ::= { secyMIBConformance 2 }
|
||
|
||
-- Compliance
|
||
|
||
secyMIBCompliance MODULE-COMPLIANCE
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The compliance statement for entities which implement
|
||
the IEEE8021-SECY-MIB."
|
||
MODULE -- this module
|
||
MANDATORY-GROUPS {
|
||
secyIfCtrlGroup,
|
||
secyTxSCGroup,
|
||
secyTxSAGroup,
|
||
secyRxSCGroup,
|
||
secyRxSAGroup,
|
||
secyCipherSuiteGroup,
|
||
secyTxSAStatsGroup,
|
||
secyTxSCStatsGroup,
|
||
secyRxSAStatsGroup,
|
||
secyRxSCStatsGroup,
|
||
secyStatsGroup
|
||
}
|
||
|
||
OBJECT secyIfCurrentCipherSuite
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"write access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteId
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteName
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteCapability
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteProtection
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteProtectionOffset
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteDataLengthChange
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteICVLength
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
OBJECT secyCipherSuiteRowStatus
|
||
MIN-ACCESS read-only
|
||
DESCRIPTION
|
||
"read-create access is not required. This may be
|
||
read-only."
|
||
|
||
|
||
::= { secyMIBCompliances 1 }
|
||
|
||
-- Units of Conformance
|
||
|
||
secyIfCtrlGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyIfMaxPeerSCs,
|
||
secyIfRxMaxKeys,
|
||
secyIfTxMaxKeys,
|
||
secyIfProtectFramesEnable,
|
||
secyIfValidateFrames,
|
||
secyIfReplayProtectEnable,
|
||
secyIfReplayProtectWindow,
|
||
secyIfCurrentCipherSuite,
|
||
secyIfAdminPt2PtMAC,
|
||
secyIfOperPt2PtMAC,
|
||
secyIfIncludeSCIEnable,
|
||
secyIfUseESEnable,
|
||
secyIfUseSCBEnable
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a SecY control management
|
||
information."
|
||
::= { secyMIBGroups 1 }
|
||
|
||
secyTxSCGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyTxSCI,
|
||
secyTxSCState,
|
||
secyTxSCEncodingSA,
|
||
secyTxSCEncipheringSA,
|
||
secyTxSCCreatedTime,
|
||
secyTxSCStartedTime,
|
||
secyTxSCStoppedTime
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a transmitting SC control
|
||
management information."
|
||
::= { secyMIBGroups 2 }
|
||
|
||
secyTxSAGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyTxSAState,
|
||
secyTxSANextPN,
|
||
secyTxSAConfidentiality,
|
||
secyTxSASAKUnchanged,
|
||
secyTxSACreatedTime,
|
||
secyTxSAStartedTime,
|
||
secyTxSAStoppedTime
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a transmitting SA control
|
||
management information."
|
||
::= { secyMIBGroups 3 }
|
||
|
||
secyRxSCGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyRxSCState,
|
||
secyRxSCCurrentSA,
|
||
secyRxSCCreatedTime,
|
||
secyRxSCStartedTime,
|
||
secyRxSCStoppedTime
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a receiving SC control
|
||
management information."
|
||
::= { secyMIBGroups 4 }
|
||
|
||
secyRxSAGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyRxSAState,
|
||
secyRxSANextPN,
|
||
secyRxSASAKUnchanged,
|
||
secyRxSACreatedTime,
|
||
secyRxSAStartedTime,
|
||
secyRxSAStoppedTime
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a receiving SA control
|
||
management information."
|
||
::= { secyMIBGroups 5 }
|
||
|
||
secyCipherSuiteGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyCipherSuiteId,
|
||
secyCipherSuiteName,
|
||
secyCipherSuiteCapability,
|
||
secyCipherSuiteProtection,
|
||
secyCipherSuiteProtectionOffset,
|
||
secyCipherSuiteDataLengthChange,
|
||
secyCipherSuiteICVLength,
|
||
secyCipherSuiteRowStatus
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a cipher suite information."
|
||
::= { secyMIBGroups 6 }
|
||
|
||
secyTxSAStatsGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyTxSAStatsProtectedPkts,
|
||
secyTxSAStatsEncryptedPkts
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a transmitting SA statistics
|
||
information."
|
||
::= { secyMIBGroups 7 }
|
||
|
||
secyRxSAStatsGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyRxSAStatsUnusedSAPkts,
|
||
secyRxSAStatsNoUsingSAPkts,
|
||
secyRxSAStatsNotValidPkts,
|
||
secyRxSAStatsInvalidPkts,
|
||
secyRxSAStatsOKPkts
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a receiving SA statistics
|
||
information."
|
||
::= { secyMIBGroups 8 }
|
||
|
||
secyTxSCStatsGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyTxSCStatsProtectedPkts,
|
||
secyTxSCStatsEncryptedPkts,
|
||
secyTxSCStatsOctetsProtected,
|
||
secyTxSCStatsOctetsEncrypted
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a transmitting SC statistics
|
||
information."
|
||
::= { secyMIBGroups 9 }
|
||
|
||
secyRxSCStatsGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyRxSCStatsUnusedSAPkts,
|
||
secyRxSCStatsNoUsingSAPkts,
|
||
secyRxSCStatsLatePkts,
|
||
secyRxSCStatsNotValidPkts,
|
||
secyRxSCStatsInvalidPkts,
|
||
secyRxSCStatsDelayedPkts,
|
||
secyRxSCStatsUncheckedPkts,
|
||
secyRxSCStatsOKPkts,
|
||
secyRxSCStatsOctetsValidated,
|
||
secyRxSCStatsOctetsDecrypted
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a receiving SC statistics
|
||
information."
|
||
::= { secyMIBGroups 10 }
|
||
|
||
secyStatsGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
secyStatsTxUntaggedPkts,
|
||
secyStatsTxTooLongPkts,
|
||
secyStatsRxUntaggedPkts,
|
||
secyStatsRxNoTagPkts,
|
||
secyStatsRxBadTagPkts,
|
||
secyStatsRxUnknownSCIPkts,
|
||
secyStatsRxNoSCIPkts,
|
||
secyStatsRxOverrunPkts
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing a SecY statistics
|
||
information."
|
||
::= { secyMIBGroups 11 }
|
||
|
||
END
|
||
|
||
|
||
|