diff options
| author | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
|---|---|---|
| committer | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
| commit | 98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch) | |
| tree | 9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/IEEE8021-SECY-MIB | |
| download | mibs-main.tar.gz mibs-main.zip | |
Diffstat (limited to 'MIBS/IEEE8021-SECY-MIB')
| -rw-r--r-- | MIBS/IEEE8021-SECY-MIB | 1954 |
1 files changed, 1954 insertions, 0 deletions
diff --git a/MIBS/IEEE8021-SECY-MIB b/MIBS/IEEE8021-SECY-MIB new file mode 100644 index 0000000..5053ab8 --- /dev/null +++ b/MIBS/IEEE8021-SECY-MIB @@ -0,0 +1,1954 @@ +-- ***************************************************************** +-- IEEE8021-SECY-MIB +-- +-- Definitions of managed objects supporting IEEE 802.1AE MACsec. +-- +-- January 2006 +-- +-- ***************************************************************** + +IEEE8021-SECY-MIB DEFINITIONS ::= BEGIN + +-- ----------------------------------------------------------------- +-- IEEEE802.1AE MIB +-- ----------------------------------------------------------------- + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32, + Counter64 + FROM SNMPv2-SMI + TEXTUAL-CONVENTION, RowPointer, TimeStamp, TruthValue, RowStatus + FROM SNMPv2-TC + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + InterfaceIndex + FROM IF-MIB + ; + +ieee8021SecyMIB MODULE-IDENTITY + LAST-UPDATED "200601100000Z" + ORGANIZATION "IEEE 802.1 Working Group" + CONTACT-INFO + "http:/grouper.ieee.org/groups/8021/index.html" + DESCRIPTION + "The MAC security entity (SecY) module for managing IEEE + 802.1AE. An SecY is the entity that operates the MAC Security + protocol within the system. + + Each SecY transmits frames conveying secure MAC Service + requests on a single Secure Channel (SC), and receives frames + conveying secure service indications on separate SCs (one for + each of the other SecYs participating in the Secure + Connectivity Association (CA)). A CA is a security + relationship, established and maintained by key agreement + protocols that comprise a fully connected subset of the + service access points in stations attached to a single MACsec + supported LAN. An SC is a security relationship used to + provide security guarantees for frames transmitted from one + member of a CA to the others. It is a unidirectional point to + multipoint communication, and can be long lived, persisting + through Secure Association Key (SAK) changes. Each SC is + supported by a sequence of Secure Associations (SAs) thus + allowing the periodic use of fresh keys without terminating + the relationship. Each SA is supported by a single secret + key, or a set of keys where the cryptographic operations used + to protect one frame require more than one key. + + Two different interfaces ’Controlled Port’ and + ’Uncontrolled Port’, are associated with a SecY, and that for + each instance of a SecY, two ifTable rows (one for each + interface) run on top of an ifTable row representing the + ’Common Port’ interface, such as a row with ifType = + ’ethernetCsmacd(6)’. + + For example : + + ----------------------------------------------------------- + | | | + | Controlled Port | Uncontrolled Port | + | Interface | Interface | + | (ifEntry = j) | (ifEntry = k) | + | (ifType = | (ifType = | + | macSecControlledIF(231)) | macSecUncontrolledIF(232))| + | | | + |---------------------------------------------------------| + | | + | Physical Interface | + | (ifEntry = i) | + | (ifType = ethernetCsmacd(6)) | + |_________________________________________________________| + i, j, k are ifIndex to indicate an interface row in the ifTable. + + Figure : MACsec Interface Stack + + The ’Controlled Port’ is the service point to provide one + instance of the secure MAC service in a SecY. The + ’Uncontrolled Port’ is the service point to provide one instance + of the insecure MAC service in a SecY." + + REVISION "200601100000Z" + DESCRIPTION + "Initial version of this MIB module. Published as part of + IEEE standard 802.1AE" + ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1) + ieee802dot1mibs(1) 3 } + +secyMIBNotifications OBJECT IDENTIFIER ::= { ieee8021SecyMIB 0 } + +secyMIBObjects OBJECT IDENTIFIER ::= { ieee8021SecyMIB 1 } + +secyMIBConformance OBJECT IDENTIFIER ::= { ieee8021SecyMIB 2 } + + +-- +-- Textual Convention +-- + +SecySCI ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention indicates a Secure Channel + Identifier (SCI). + + Each SC is identified by an SCI, comprised of a unique 48-bit + Universally Administered MAC Address, identifying the system + to which the transmitting SecY belongs, concatenated with a + 16-bit Port number, identifying the SecY within that system." + REFERENCE + "IEEE 802.1AE Clause 7.1.2, 10.7.1 and figure 7.7" + SYNTAX OCTET STRING (SIZE (8)) + +SecyAN ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "This textual convention indicates an Association Number (AN). + + Each SC is comprised of a succession of SAs, each with a + different SAK. Each SA is identified by the SC identifier + concatenated with a two-bit AN. The Secure Association + Identifier (SAI) thus created allows the receiving SecY to + identify the SA, and the SAK used to decrypt and authenticate + the received frame. The AN, and the SAI, is only unique for + the SAs that can be used or recorded by participating SecYs + at any instant." + REFERENCE + "IEEE 802.1AE Clause 8.1.3 and figure 7.7" + SYNTAX Unsigned32 (0..3) + + +secyMgmtMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 1 } + +secyStatsMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 2 } + +-- +-- SecY Management Table +-- + +secyIfTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of system level information for each interface + supported by the MAC security entity. An entry appears in this + table for each interface with MAC security capability in this + system. + + For the writeable objects in this table, the configured value + shall be stored in persistent memory and remain unchanged across + a re-initialization of the management system of the entity." + REFERENCE + "IEEE 802.1AE Clause 10.7" + ::= { secyMgmtMIBObjects 1 } + +secyIfEntry OBJECT-TYPE + SYNTAX SecyIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing SecY management information applicable to + a particular interface." + INDEX { secyIfInterfaceIndex } + ::= { secyIfTable 1 } + +SecyIfEntry ::= SEQUENCE { + secyIfInterfaceIndex InterfaceIndex, + secyIfMaxPeerSCs Unsigned32, + secyIfRxMaxKeys Unsigned32, + secyIfTxMaxKeys Unsigned32, + secyIfProtectFramesEnable TruthValue, + secyIfValidateFrames INTEGER, + secyIfReplayProtectEnable TruthValue, + secyIfReplayProtectWindow Unsigned32, + secyIfCurrentCipherSuite Unsigned32, + secyIfAdminPt2PtMAC INTEGER, + secyIfOperPt2PtMAC TruthValue, + secyIfIncludeSCIEnable TruthValue, + secyIfUseESEnable TruthValue, + secyIfUseSCBEnable TruthValue +} + +secyIfInterfaceIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An interface index for a port with SecY management ability. + + This interface index should be aligned with ifIndex in the + ifTable to point to the SecY Controlled Port entity." + REFERENCE + "IEEE 802.1AE Clause 10.1" + ::= { secyIfEntry 1 } + +secyIfMaxPeerSCs OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "security connections" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Maximum number of peer SCs that this SecY can support." + REFERENCE + "IEEE 802.1AE Clause 10.7.7" + ::= { secyIfEntry 2 } + +secyIfRxMaxKeys OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "keys" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Maximum number of keys in simultaneous use for reception + that this SecY can support." + REFERENCE + "IEEE 802.1AE Clause 10.7.7" + ::= { secyIfEntry 3 } + +secyIfTxMaxKeys OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "keys" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Maximum number of keys in simultaneous use for transmission + that this SecY can support." + REFERENCE + "IEEE 802.1AE Clause 10.7.16" + ::= { secyIfEntry 4 } + +secyIfProtectFramesEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object to enable or disable the protection function for + egress frames." + REFERENCE + "IEEE 802.1AE Clause 10.5" + DEFVAL { true } + ::= { secyIfEntry 5 } + +secyIfValidateFrames OBJECT-TYPE + SYNTAX INTEGER { + disabled(1), + check(2), + strict(3) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object to control the validation function for ingress + frames. + + disabled(1) : means to disable the validation function. + + check(2) : means to enable the validation function but only + for checking without filtering out invalid frames. + + strict(3) : means to enable the validation function and also + strictly filter out those invalid frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.8" + DEFVAL { strict } + ::= { secyIfEntry 6 } + +secyIfReplayProtectEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object to enable or disable the replay protection function." + REFERENCE + "IEEE 802.1AE Clause 10.7.8, 10.7.17" + DEFVAL { true } + ::= { secyIfEntry 7 } + +secyIfReplayProtectWindow OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "Packets" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object to indicate the replay protection window size. This + object only takes effect if the object secyReplayProtectEnable + is true." + REFERENCE + "IEEE 802.1AE Clause 10.7.8" + DEFVAL { 0 } + ::= { secyIfEntry 8 } + +secyIfCurrentCipherSuite OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object that points to an entry of the secyCipherSuiteTable + with ’active’ row status to indicate the cipher Suite which this + SecY is currently using. By default, this object should point + to the default cipher suite which system provides." + REFERENCE + "IEEE 802.1AE Clause 10.7.25" + ::= { secyIfEntry 9 } + +secyIfAdminPt2PtMAC OBJECT-TYPE + SYNTAX INTEGER { + forceTrue(1), + forceFalse(2), + auto(3) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object to control the service connectivity to at most one + other system. The secyOperPt2PtMAC indicates operational + status of the service connectivity for this SecY. + + forceTrue(1) : allows only one service connection to the + other system. + + forceFalse(2) : no restriction on the number of service + connections to the other systems. + + auto(3) : means the service connectivity is determined by the + service providing entity." + REFERENCE + "IEEE 802.1AE Clause 6.5" + DEFVAL { auto } + ::= { secyIfEntry 10 } + +secyIfOperPt2PtMAC OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An object to reflect the current service connectivity status. + + true(1) : means the service connectivity of this SecY provides + at most one other system. + + false(2) : means the service connectivity of this SecY could + provide more than one other system." + REFERENCE + "IEEE 802.1AE Clause 6.5" + ::= { secyIfEntry 11 } + +secyIfIncludeSCIEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object indicates to include the SCI information in + security TAG (SecTAG) field while transmitting MACsec + frames." + REFERENCE + "IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17" + DEFVAL { false } + ::= { secyIfEntry 12 } + +secyIfUseESEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object indicates to enable the ES bit in + security TAG (SecTAG) field while transmitting MACsec + frames." + REFERENCE + "IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17" + DEFVAL { false } + ::= { secyIfEntry 13 } + +secyIfUseSCBEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An object indicates to enable the SCB bit in + security TAG (SecTAG) field while transmitting MACsec + frames." + REFERENCE + "IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17" + DEFVAL { false } + ::= { secyIfEntry 14 } + +-- +-- Tx SC Management Table +-- + +secyTxSCTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyTxSCEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table for providing information about the status of each + transmitting SC supported by the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.17, 10.7.20" + ::= { secyMgmtMIBObjects 2 } + +secyTxSCEntry OBJECT-TYPE + SYNTAX SecyTxSCEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing transmitting SC management information + applicable to a particular SecY." + INDEX { secyIfInterfaceIndex } + ::= { secyTxSCTable 1 } + +SecyTxSCEntry ::= SEQUENCE { + secyTxSCI SecySCI, + secyTxSCState INTEGER, + secyTxSCEncodingSA RowPointer, + secyTxSCEncipheringSA RowPointer, + secyTxSCCreatedTime TimeStamp, + secyTxSCStartedTime TimeStamp, + secyTxSCStoppedTime TimeStamp +} + +secyTxSCI OBJECT-TYPE + SYNTAX SecySCI + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The SCI information for transmitting MACsec frames of the + transmitting SC in the SecY." + REFERENCE + "IEEE 802.1AE Clause 7.1.2, 8.2.1, 10.7.1" + ::= { secyTxSCEntry 1 } + +secyTxSCState OBJECT-TYPE + SYNTAX INTEGER { + inUse(1), + notInUse(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The state of the current transmitting SC in the SecY. + + inUse(1) : means any of SAs for this SC is in use. + + notInUse(2) : means no SAs for this SC is in use." + REFERENCE + "IEEE 802.1AE Clause 10.7.20" + ::= { secyTxSCEntry 2 } + +secyTxSCEncodingSA OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current transmitting SA in use. The row pointer will point + to an entry in the secyTxSATable. If no such information is + available, the value shall be the OBJECT IDENTIFIER { 0 0 }." + REFERENCE + "IEEE 802.1AE Clause 10.5.1, 10.7.20" + ::= { secyTxSCEntry 3 } + +secyTxSCEncipheringSA OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The previous transmitting SA in use. The row pointer will point + to an entry in the secyTxSATable. If no such information is + available, the value shall be the OBJECT IDENTIFIER { 0 0 }." + REFERENCE + "IEEE 802.1AE Clause 10.5.4, 10.7.20" + ::= { secyTxSCEntry 4 } + +secyTxSCCreatedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this transmitting SC was created." + REFERENCE + "IEEE 802.1AE Clause 10.7.20" + ::= { secyTxSCEntry 5 } + +secyTxSCStartedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this transmitting SC last started + transmitting MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.20" + ::= { secyTxSCEntry 6 } + +secyTxSCStoppedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this transmitting SC last stopped + transmitting MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.20" + ::= { secyTxSCEntry 7 } + +-- +-- Tx SA Management Table +-- + +secyTxSATable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyTxSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table for providing information about the status of each + transmitting SA supported by the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.21" + ::= { secyMgmtMIBObjects 3 } + +secyTxSAEntry OBJECT-TYPE + SYNTAX SecyTxSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing transmitting SA management information + applicable to a particular SA." + INDEX { secyIfInterfaceIndex, secyTxSA } + ::= { secyTxSATable 1 } + +SecyTxSAEntry ::= SEQUENCE { + secyTxSA SecyAN, + secyTxSAState INTEGER, + secyTxSANextPN Unsigned32, + secyTxSAConfidentiality TruthValue, + secyTxSASAKUnchanged TruthValue, + secyTxSACreatedTime TimeStamp, + secyTxSAStartedTime TimeStamp, + secyTxSAStoppedTime TimeStamp +} + +secyTxSA OBJECT-TYPE + SYNTAX SecyAN + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The association number (AN) for identifying a transmitting + SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.21" + ::= { secyTxSAEntry 1 } + +secyTxSAState OBJECT-TYPE + SYNTAX INTEGER { + inUse(1), + notInUse(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current status of the transmitting SA. + + inUse(1) : means this SA is in use. + + notInUse(2) : means this SA is not in use." + REFERENCE + "IEEE 802.1AE Clause 10.7.22" + ::= { secyTxSAEntry 2 } + +secyTxSANextPN OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The next packet number (PN) that will be used in transmitting + MACsec frames in the SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.21" + ::= { secyTxSAEntry 3 } + +secyTxSAConfidentiality OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Whether this SA supports the confidentiality as well as + integrity function in transmitting frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.21" + ::= { secyTxSAEntry 4 } + +secyTxSASAKUnchanged OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A reference to an SAK that is unchanged for the life + of the transmitting SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.21" + ::= { secyTxSAEntry 5 } + +secyTxSACreatedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this transmitting SA was created." + REFERENCE + "IEEE 802.1AE Clause 10.7.22" + ::= { secyTxSAEntry 6 } + +secyTxSAStartedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this transmitting SA last started + transmitting MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.22" + ::= { secyTxSAEntry 7 } + +secyTxSAStoppedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this transmitting SA last stopped + transmitting MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.22" + ::= { secyTxSAEntry 8 } + +-- +-- Rx SC Management Table +-- + +secyRxSCTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyRxSCEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table for providing information about the status of each + receiving SC supported by the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.11" + ::= { secyMgmtMIBObjects 4 } + +secyRxSCEntry OBJECT-TYPE + SYNTAX SecyRxSCEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing receiving SC management information + applicable to a particular SC." + INDEX { secyIfInterfaceIndex, secyRxSCI } + ::= { secyRxSCTable 1 } + +SecyRxSCEntry ::= SEQUENCE { + secyRxSCI SecySCI, + secyRxSCState INTEGER, + secyRxSCCurrentSA RowPointer, + secyRxSCCreatedTime TimeStamp, + secyRxSCStartedTime TimeStamp, + secyRxSCStoppedTime TimeStamp +} + +secyRxSCI OBJECT-TYPE + SYNTAX SecySCI + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The SCI for identifying the receiving SC in the SecY." + REFERENCE + "IEEE 802.1AE Clause 10.7.11" + ::= { secyRxSCEntry 1 } + +secyRxSCState OBJECT-TYPE + SYNTAX INTEGER { + inUse(1), + notInUse(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The state of the receiving SC in the SecY. + + inUse(1) : means any of SAs for this SC is in use. + + notInUse(2) : means no SAs for this SC is in use." + REFERENCE + "IEEE 802.1AE Clause 10.7.12" + ::= { secyRxSCEntry 2 } + +secyRxSCCurrentSA OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current receiving association number of the SC in use. + The row pointer will point to an entry in the + secyRxSATable. If no such information can be identified, + the value of this object shall be set to the + OBJECT IDENTIFIER { 0 0 }." + REFERENCE + "IEEE 802.1AE Clause 10.6.1, 10.7.13" + ::= { secyRxSCEntry 3 } + +secyRxSCCreatedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this receiving SC was created." + REFERENCE + "IEEE 802.1AE Clause 10.7.12" + ::= { secyRxSCEntry 4 } + +secyRxSCStartedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this receiving SC last started + receiving MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.12" + ::= { secyRxSCEntry 5 } + +secyRxSCStoppedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this receiving SC last stopped + receiving MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.12" + ::= { secyRxSCEntry 6 } + +-- +-- Rx SA Management Table +-- + +secyRxSATable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyRxSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table for providing information about the status of each + receiving SA supported by the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.13" + ::= { secyMgmtMIBObjects 5 } + +secyRxSAEntry OBJECT-TYPE + SYNTAX SecyRxSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing receiving SA management information + applicable to a particular SA." + INDEX { secyIfInterfaceIndex, secyRxSCI, secyRxSA } + ::= { secyRxSATable 1 } + +SecyRxSAEntry ::= SEQUENCE { + secyRxSA SecyAN, + secyRxSAState INTEGER, + secyRxSANextPN Unsigned32, + secyRxSASAKUnchanged TruthValue, + secyRxSACreatedTime TimeStamp, + secyRxSAStartedTime TimeStamp, + secyRxSAStoppedTime TimeStamp +} + +secyRxSA OBJECT-TYPE + SYNTAX SecyAN + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The association number (AN) for identifying a receiving + SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.13" + ::= { secyRxSAEntry 1 } + +secyRxSAState OBJECT-TYPE + SYNTAX INTEGER { + inUse(1), + notInUse(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current state for the receiving SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.14" + ::= { secyRxSAEntry 2 } + +secyRxSANextPN OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The stored packet number (PN) for replay protection + in the SA. If the PN of any receiving frames is less + than the value of this object minus the value of + secyReplayProtectWindow and secyReplayProtectEnable + is true, the receiving frames should be discarded." + REFERENCE + "IEEE 802.1AE Clause 10.7.14, Clause 10.7.15" + ::= { secyRxSAEntry 3 } + +secyRxSASAKUnchanged OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A reference to an SAK that is unchanged for the life + of the receiving SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.13" + ::= { secyRxSAEntry 4 } + +secyRxSACreatedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this receiving SA was created." + REFERENCE + "IEEE 802.1AE Clause 10.7.14" + ::= { secyRxSAEntry 5 } + +secyRxSAStartedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this receiving SA last started + receiving MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.14" + ::= { secyRxSAEntry 6 } + +secyRxSAStoppedTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system time when this receiving SA last stopped + receiving MACsec frames." + REFERENCE + "IEEE 802.1AE Clause 10.7.14" + ::= { secyRxSAEntry 7 } + +-- +-- SecY Selectable Cipher Suites +-- + +secyCipherSuiteTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyCipherSuiteEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of selectable cipher suites for the MAC security + entity. + + For the writeable objects in this table, the configured value + shall be stored in persistent memory and remain unchanged across + a re-initialization of the management system of the entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.24" + ::= { secyMgmtMIBObjects 6 } + +secyCipherSuiteEntry OBJECT-TYPE + SYNTAX SecyCipherSuiteEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing the management information for a cipher + suite." + INDEX { secyCipherSuiteIndex } + ::= { secyCipherSuiteTable 1 } + +SecyCipherSuiteEntry ::= SEQUENCE { + secyCipherSuiteIndex Unsigned32, + secyCipherSuiteId OCTET STRING, + secyCipherSuiteName SnmpAdminString, + secyCipherSuiteCapability BITS, + secyCipherSuiteProtection BITS, + secyCipherSuiteProtectionOffset INTEGER, + secyCipherSuiteDataLengthChange TruthValue, + secyCipherSuiteICVLength Unsigned32, + secyCipherSuiteRowStatus RowStatus +} + +secyCipherSuiteIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index to recognize a Cipher Suite in the system." + ::= { secyCipherSuiteEntry 1 } + +secyCipherSuiteId OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (8)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The identifier for the cipher suite. This is a global + unique 64-bit (EUI-64) identifier." + REFERENCE + "IEEE 802.1AE Clause 10.7.24" + ::= { secyCipherSuiteEntry 2 } + +secyCipherSuiteName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..128)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the cipher suite. If the name is composed of + multi-byte characters, the total length must fit within 128 + octets." + REFERENCE + "IEEE 802.1AE Clause 10.7.24" + ::= { secyCipherSuiteEntry 3 } + +secyCipherSuiteCapability OBJECT-TYPE + SYNTAX BITS { + integrity(0), + confidentiality(1), + offsetConfidentiality(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The capability of this cipher suite. + + integrity(0) : integrity protection capability for this + cipher suite.. + + confidentiality(1) : confidentiality protection + capability for this cipher suite. + + offsetConfidentiality(2) : offset confidentiality protection + capability for this cipher suite." + REFERENCE + "IEEE 802.1AE Clause 10.7.24, 10.7.25" + ::= { secyCipherSuiteEntry 4 } + +secyCipherSuiteProtection OBJECT-TYPE + SYNTAX BITS { + integrity(0), + confidentiality(1), + offsetConfidentiality(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The protection options of this cipher suite. The options + should depend on the object secyCipherSuiteCapability. + + If the value of secyCipherSuiteCapability is only integerity + bit on, users can only choose to turn on integrity bit for + this object. + + If the value of secyCipherSuiteCapability is integrity and + confidentiality bits on, users can choose to turn on + integrity or confidentiality bits, but if confidentiality + bit is on, the integrity bit has to be on. + + If the value of secyCipherSuiteCapability is integrity and + offsetConfidentiality bits on, users can choose to turn on + integrity or offsetConfidentiality bits, but if + offsetConfidentiality bit is on, the integrity bit has to be + on. + + If the value of secyCipherSuiteCapability is integrity and + confidentiality and offsetConfidentiality bits on, users can + choose to turn on integrity or confidentiality or + offsetConfidentiality bits, but if confidentiality or + offsetConfidentiality bits are on, the integrity bit has to + be on. + + integrity(0) : on or off the function of supporting integrity + protection for this cipher suite. + + confidentiality(1) : on or off the function of supporting + confidentiality for this cipher suite. + + offsetConfidentiality(2) : on or off the function of + supporting offset confidentiality for this cipher suite." + REFERENCE + "IEEE 802.1AE Clause 10.7.24, 10.7.25" + DEFVAL { { integrity } } + ::= { secyCipherSuiteEntry 5 } + +secyCipherSuiteProtectionOffset OBJECT-TYPE + SYNTAX Integer32 (0 | 30 | 50) + UNITS "bytes" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The confidentiality protection offset options of this + cipher suite. The options should depend on the choice of + secyCipherSuiteProtection. + + If the value of secyCipherSuiteProtection only turns on + integrity bit, users can only choose 0 byte for this + object. + + If the value of secyCipherSuiteProtection only turns on + integrity and confidentiality bits, users can only choose + 0 byte for this object. + + If the value of secyCipherSuiteProtection only turns on + integrity and offsetConfidentiality bits, users can choose + 30 or 50 bytes for this object. + + If the value of secyCipherSuiteProtection turns on + integrity and confidentiality and offsetConfidentiality + bits, users can choose 0 or 30 or 50 bytes for this object." + REFERENCE + "IEEE 802.1AE Clause 10.7.24, 10.7.25" + DEFVAL { 0 } + ::= { secyCipherSuiteEntry 6 } + +secyCipherSuiteDataLengthChange OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This indicates whether the data length will be + changed after encryption by the cipher suite." + REFERENCE + "IEEE 802.1AE Clause 10.7.24" + ::= { secyCipherSuiteEntry 7 } + +secyCipherSuiteICVLength OBJECT-TYPE + SYNTAX Unsigned32 (8..16) + UNITS "octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The length of integrity check value (ICV) field." + REFERENCE + "IEEE 802.1AE Clause 10.7.24" + ::= { secyCipherSuiteEntry 8 } + +secyCipherSuiteRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object to create the paramaters for the supported + Cipher Suites in the system. If the specified + secyCipherSuiteId object information is not supported + in the system or the secyCipherSuiteCapability object + is not matched the capability of the corresponding + specified Cipher Suite in the same entry, the corresponding + entry should not be active, i.e., this object should not be + ’active’ or ’notInService’." + REFERENCE + "IEEE 802.1AE Clause 10.7.24" + ::= { secyCipherSuiteEntry 9 } + +-- +-- Statistics Information +-- + +-- +-- TX SA Statistics Information +-- + +secyTxSAStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyTxSAStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains the statistics objects for each + transmitting SA in the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyStatsMIBObjects 1 } + +secyTxSAStatsEntry OBJECT-TYPE + SYNTAX SecyTxSAStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry holds the statistics for a transmitting SA. An SA + may be reused once a while. + + When starting using the SA, the counters of the SA should + start at 0. + + When stopping using the SA, the counters will be stopped + incrementing. + + The timestamps of starting and stopping time are recorded in + the secyTxSATable." + AUGMENTS { secyTxSAEntry } + ::= { secyTxSAStatsTable 1 } + +SecyTxSAStatsEntry ::= SEQUENCE { + secyTxSAStatsProtectedPkts Counter32, + secyTxSAStatsEncryptedPkts Counter32 +} + +secyTxSAStatsProtectedPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of integrity protected but not encrypted packets + for this transmitting SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyTxSAStatsEntry 1 } + +secyTxSAStatsEncryptedPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of integrity protected and encrypted packets for + this transmitting SA." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyTxSAStatsEntry 2 } + +-- +-- TX SC Statistics Information +-- + +secyTxSCStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyTxSCStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains statistics information for each + transmitting SC in the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, 10.7.19, figure 10.4" + ::= { secyStatsMIBObjects 2 } + +secyTxSCStatsEntry OBJECT-TYPE + SYNTAX SecyTxSCStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry contains the counters of a transmitting SC. Since some + counters in the transmitting SA will be reset while the SA is + reused, in order to maintain complete statistics information + for the SC, the counters information on the SAs need to be kept + in the SC. + + Those counters that may be reset are : + secyTxSAStatsProtectedPkts, + secyTxSAStatsEncryptedPkts + + Each counter for a SC is in the summation of the corresponding + counter information for all the SAs, current and prior SAs, + belonging to this SC." + AUGMENTS { secyTxSCEntry } + ::= { secyTxSCStatsTable 1 } + +SecyTxSCStatsEntry ::= SEQUENCE { + secyTxSCStatsProtectedPkts Counter64, + secyTxSCStatsEncryptedPkts Counter64, + secyTxSCStatsOctetsProtected Counter64, + secyTxSCStatsOctetsEncrypted Counter64 +} + +secyTxSCStatsProtectedPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of integrity protected but not encrypted packets + for this transmitting SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyTxSCStatsEntry 1 } + +secyTxSCStatsEncryptedPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of integrity protected and encrypted packets for + this transmitting SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyTxSCStatsEntry 4 } + +secyTxSCStatsOctetsProtected OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of plain text octets that are integrity protected + but not encrypted on the transmitting SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.19, figure 10.4" + ::= { secyTxSCStatsEntry 10 } + +secyTxSCStatsOctetsEncrypted OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of plain text octets that are integrity protected + and encrypted on the transmitting SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.19, figure 10.4" + ::= { secyTxSCStatsEntry 11 } + +-- +-- RX SA Statistics Information +-- + +secyRxSAStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyRxSAStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains the statistics objects for each + receiving SA in the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyStatsMIBObjects 3 } + +secyRxSAStatsEntry OBJECT-TYPE + SYNTAX SecyRxSAStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry holds the statistics for a receiving SA. An SA + may be reused once a while. + + When starting using the SA, the counters of the SA should + start at 0. + + When stopping using the SA, the counters will be stopped + incrementing. + + The timestamps of starting and stopping time are recorded in + the secyRxSATable." + AUGMENTS { secyRxSAEntry } + ::= { secyRxSAStatsTable 1 } + +SecyRxSAStatsEntry ::= SEQUENCE { + secyRxSAStatsUnusedSAPkts Counter32, + secyRxSAStatsNoUsingSAPkts Counter32, + secyRxSAStatsNotValidPkts Counter32, + secyRxSAStatsInvalidPkts Counter32, + secyRxSAStatsOKPkts Counter32 +} + +secyRxSAStatsUnusedSAPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SA which is not currently in use, the number of + received, unencrypted, packets with secyValidateFrames + not in the strict mode." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSAStatsEntry 1 } + +secyRxSAStatsNoUsingSAPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SA which is not currently in use, the number of + received packets that have been discarded, and have + either the packets encrypted or the secyValidateFrames set to + strict mode." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSAStatsEntry 4 } + +secyRxSAStatsNotValidPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SA, the number discarded packets with the + condition that the packets are not valid and one of the + following conditions are true: either secyValidateFrames in + strict mode or the packets encrypted." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSAStatsEntry 13 } + +secyRxSAStatsInvalidPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SA, the number of packets with the condition + that the packets are not valid and secyValidateFrames is in + check mode." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSAStatsEntry 16 } + +secyRxSAStatsOKPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SA, the number of validated packets." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSAStatsEntry 25 } + +-- +-- RX SC Statistics Information +-- + +secyRxSCStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyRxSCStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table for the statistics information of each receiving SC + supported by the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, 10.7.10, figure 10.5" + ::= { secyStatsMIBObjects 4 } + +secyRxSCStatsEntry OBJECT-TYPE + SYNTAX SecyRxSCStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry contains the counters of a receiving SC. Since some + counters in the receiving SA will be reset while the SA is + reused, in order to maintain complete statistics information + for the SC, the counters information on the SAs need to be kept + in the SC. + + Those counters that may be reset are : + secyRxSAStatsUnusedSAPkts, + secyRxSAStatsNoUsingSAPkts, + secyRxSAStatsNotValidPkts, + secyRxSAStatsInvalidPkts, + secyRxSAStatsOKPkts + + Each counter for a SC is in the summation of the corresponding + counter information for all the SAs, current and prior SAs, + belonging to this SC." + AUGMENTS { secyRxSCEntry } + ::= { secyRxSCStatsTable 1 } + +SecyRxSCStatsEntry ::= SEQUENCE { + secyRxSCStatsUnusedSAPkts Counter64, + secyRxSCStatsNoUsingSAPkts Counter64, + secyRxSCStatsLatePkts Counter64, + secyRxSCStatsNotValidPkts Counter64, + secyRxSCStatsInvalidPkts Counter64, + secyRxSCStatsDelayedPkts Counter64, + secyRxSCStatsUncheckedPkts Counter64, + secyRxSCStatsOKPkts Counter64, + secyRxSCStatsOctetsValidated Counter64, + secyRxSCStatsOctetsDecrypted Counter64 +} + +secyRxSCStatsUnusedSAPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The summation of counter secyRxSAStatsUnusedSAPkts + information for all the SAs which belong to this SC. + + Since the secyRxSAStatsUnusedSAPkts counters in the SAs + will be reset, in order to maintain complete statistics + information for the SC, the counter information on the SAs + need to be kept in the SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 1 } + +secyRxSCStatsNoUsingSAPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The summation of counter secyRxSAStatsNoUsingSAPkts + information for all the SAs which belong to this SC. + + Since the secyRxSAStatsNoUsingSAPkts counters in the SAs + will be reset, in order to maintain complete statistics + information for the SC, the counter information on the SAs + need to be kept in the SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 2 } + +secyRxSCStatsLatePkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SC, the number of received packets that have + been discarded with the condition : secyReplayProtect is equal + to true and the PN of the packet is lower than the lower bound + replay check PN." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 3 } + +secyRxSCStatsNotValidPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The summation of counter secyRxSAStatsNotValidPkts + information for all the SAs which belong to this SC. + + Since the secyRxSAStatsNotValidPkts counters in the SAs + will be reset, in order to maintain complete statistics + information for the SC, the counter information on the SAs + need to be kept in the SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 4 } + +secyRxSCStatsInvalidPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The summation of counter secyRxSAStatsInvalidPkts + information for all the SAs which belong to this SC. + + Since the secyRxSAStatsInvalidPkts counters in the SAs + will be reset, in order to maintain complete statistics + information for the SC, the counter information on the SAs + need to be kept in the SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 5 } + +secyRxSCStatsDelayedPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SC, the number of packets with the condition + that the PN of the packets is lower than the lower bound + replay protection PN." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 6 } + +secyRxSCStatsUncheckedPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For this SC, the number of packets with the following + condition: + -secyValidateFrames is disabled or + -secyValidateFrames is not disabled and the packet is not + encrypted and the integrity check has failed or + -secyValidateFrames is not disable and the packet is + encrypted and integrity check has failed." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 7 } + +secyRxSCStatsOKPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The summation of counter secyRxSAStatsOKPkts + information for all the SAs which belong to this SC. + + Since the secyRxSAStatsOKPkts counters in the SAs + will be reset, in order to maintain complete statistics + information for the SC, the counter information on the SAs + need to be kept in the SC." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, figure 10.5" + ::= { secyRxSCStatsEntry 8 } + +secyRxSCStatsOctetsValidated OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets of plaintext recovered from received + packets that were integrity protected but not encrypted." + REFERENCE + "IEEE 802.1AE Clause 10.7.10, figure 10.5" + ::= { secyRxSCStatsEntry 9 } + +secyRxSCStatsOctetsDecrypted OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets of plaintext recovered from received + packets that were integrity protected and encrypted." + REFERENCE + "IEEE 802.1AE Clause 10.7.10, figure 10.5" + ::= { secyRxSCStatsEntry 10 } + +-- +-- SecY statistics table +-- + +secyStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF SecyStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table for the statistics information of each SecY supported by + the MAC security entity." + REFERENCE + "IEEE 802.1AE Clause 10.7.9, 10.7.18, figure 10.4, 10.5" + ::= { secyStatsMIBObjects 5 } + +secyStatsEntry OBJECT-TYPE + SYNTAX SecyStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing counters for statistics or diagnosis for + a SecY." + AUGMENTS { secyIfEntry } + ::= { secyStatsTable 1 } + +SecyStatsEntry ::= SEQUENCE { + secyStatsTxUntaggedPkts Counter64, + secyStatsTxTooLongPkts Counter64, + secyStatsRxUntaggedPkts Counter64, + secyStatsRxNoTagPkts Counter64, + secyStatsRxBadTagPkts Counter64, + secyStatsRxUnknownSCIPkts Counter64, + secyStatsRxNoSCIPkts Counter64, + secyStatsRxOverrunPkts Counter64 +} + +secyStatsTxUntaggedPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of transmitted packets without the MAC + security tag (SecTAG) because secyProtectFramesEnable is + configured as false." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyStatsEntry 1 } + +secyStatsTxTooLongPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of transmitted packets discarded because the packet + length is greater than the ifMtu of the Common Port interface." + REFERENCE + "IEEE 802.1AE Clause 10.7.18, figure 10.4" + ::= { secyStatsEntry 2 } + +secyStatsRxUntaggedPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of received packets without the MAC security tag + (SecTAG) with secyValidateFrames which is not in the + strict mode." + REFERENCE + "IEEE 802.1AE Clause 10.7.9 , figure 10.5" + ::= { secyStatsEntry 3 } + +secyStatsRxNoTagPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of received packets discarded without the + MAC security tag (SecTAG) with secyValidateFrames which is + in the strict mode." + REFERENCE + "IEEE 802.1AE Clause 10.7.9 , figure 10.5" + ::= { secyStatsEntry 4 } + +secyStatsRxBadTagPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of received packets discarded with an invalid + SecTAG or a zero value PN or an invalid ICV." + REFERENCE + "IEEE 802.1AE Clause 10.7.9 , figure 10.5" + ::= { secyStatsEntry 5 } + +secyStatsRxUnknownSCIPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of received packets with unknown SCI with the + condition : + secyValidateFrames is not in the strict mode and the + C bit in the SecTAG is not set." + REFERENCE + "IEEE 802.1AE Clause 10.7.9 , figure 10.5" + ::= { secyStatsEntry 6 } + +secyStatsRxNoSCIPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of received packets discarded with unknown SCI + information with the condition : + secyValidateFrames is in the strict mode or the C bit + in the SecTAG is set." + REFERENCE + "IEEE 802.1AE Clause 10.7.9 , figure 10.5" + ::= { secyStatsEntry 7 } + +secyStatsRxOverrunPkts OBJECT-TYPE + SYNTAX Counter64 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets discarded because the number of + received packets exceeded the cryptographic performance + capabilities." + REFERENCE + "IEEE 802.1AE Clause 10.7.9 , figure 10.5" + ::= { secyStatsEntry 8 } + +-- +-- Conformance +-- + +secyMIBCompliances OBJECT IDENTIFIER ::= { secyMIBConformance 1 } + +secyMIBGroups OBJECT IDENTIFIER ::= { secyMIBConformance 2 } + +-- Compliance + +secyMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement + the IEEE8021-SECY-MIB." + MODULE -- this module + MANDATORY-GROUPS { + secyIfCtrlGroup, + secyTxSCGroup, + secyTxSAGroup, + secyRxSCGroup, + secyRxSAGroup, + secyCipherSuiteGroup, + secyTxSAStatsGroup, + secyTxSCStatsGroup, + secyRxSAStatsGroup, + secyRxSCStatsGroup, + secyStatsGroup + } + + OBJECT secyIfCurrentCipherSuite + MIN-ACCESS read-only + DESCRIPTION + "write access is not required. This may be + read-only." + + OBJECT secyCipherSuiteId + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteName + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteCapability + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteProtection + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteProtectionOffset + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteDataLengthChange + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteICVLength + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + OBJECT secyCipherSuiteRowStatus + MIN-ACCESS read-only + DESCRIPTION + "read-create access is not required. This may be + read-only." + + + ::= { secyMIBCompliances 1 } + +-- Units of Conformance + +secyIfCtrlGroup OBJECT-GROUP + OBJECTS { + secyIfMaxPeerSCs, + secyIfRxMaxKeys, + secyIfTxMaxKeys, + secyIfProtectFramesEnable, + secyIfValidateFrames, + secyIfReplayProtectEnable, + secyIfReplayProtectWindow, + secyIfCurrentCipherSuite, + secyIfAdminPt2PtMAC, + secyIfOperPt2PtMAC, + secyIfIncludeSCIEnable, + secyIfUseESEnable, + secyIfUseSCBEnable + } + STATUS current + DESCRIPTION + "A collection of objects providing a SecY control management + information." + ::= { secyMIBGroups 1 } + +secyTxSCGroup OBJECT-GROUP + OBJECTS { + secyTxSCI, + secyTxSCState, + secyTxSCEncodingSA, + secyTxSCEncipheringSA, + secyTxSCCreatedTime, + secyTxSCStartedTime, + secyTxSCStoppedTime + } + STATUS current + DESCRIPTION + "A collection of objects providing a transmitting SC control + management information." + ::= { secyMIBGroups 2 } + +secyTxSAGroup OBJECT-GROUP + OBJECTS { + secyTxSAState, + secyTxSANextPN, + secyTxSAConfidentiality, + secyTxSASAKUnchanged, + secyTxSACreatedTime, + secyTxSAStartedTime, + secyTxSAStoppedTime + } + STATUS current + DESCRIPTION + "A collection of objects providing a transmitting SA control + management information." + ::= { secyMIBGroups 3 } + +secyRxSCGroup OBJECT-GROUP + OBJECTS { + secyRxSCState, + secyRxSCCurrentSA, + secyRxSCCreatedTime, + secyRxSCStartedTime, + secyRxSCStoppedTime + } + STATUS current + DESCRIPTION + "A collection of objects providing a receiving SC control + management information." + ::= { secyMIBGroups 4 } + +secyRxSAGroup OBJECT-GROUP + OBJECTS { + secyRxSAState, + secyRxSANextPN, + secyRxSASAKUnchanged, + secyRxSACreatedTime, + secyRxSAStartedTime, + secyRxSAStoppedTime + } + STATUS current + DESCRIPTION + "A collection of objects providing a receiving SA control + management information." + ::= { secyMIBGroups 5 } + +secyCipherSuiteGroup OBJECT-GROUP + OBJECTS { + secyCipherSuiteId, + secyCipherSuiteName, + secyCipherSuiteCapability, + secyCipherSuiteProtection, + secyCipherSuiteProtectionOffset, + secyCipherSuiteDataLengthChange, + secyCipherSuiteICVLength, + secyCipherSuiteRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing a cipher suite information." + ::= { secyMIBGroups 6 } + +secyTxSAStatsGroup OBJECT-GROUP + OBJECTS { + secyTxSAStatsProtectedPkts, + secyTxSAStatsEncryptedPkts + } + STATUS current + DESCRIPTION + "A collection of objects providing a transmitting SA statistics + information." + ::= { secyMIBGroups 7 } + +secyRxSAStatsGroup OBJECT-GROUP + OBJECTS { + secyRxSAStatsUnusedSAPkts, + secyRxSAStatsNoUsingSAPkts, + secyRxSAStatsNotValidPkts, + secyRxSAStatsInvalidPkts, + secyRxSAStatsOKPkts + } + STATUS current + DESCRIPTION + "A collection of objects providing a receiving SA statistics + information." + ::= { secyMIBGroups 8 } + +secyTxSCStatsGroup OBJECT-GROUP + OBJECTS { + secyTxSCStatsProtectedPkts, + secyTxSCStatsEncryptedPkts, + secyTxSCStatsOctetsProtected, + secyTxSCStatsOctetsEncrypted + } + STATUS current + DESCRIPTION + "A collection of objects providing a transmitting SC statistics + information." + ::= { secyMIBGroups 9 } + +secyRxSCStatsGroup OBJECT-GROUP + OBJECTS { + secyRxSCStatsUnusedSAPkts, + secyRxSCStatsNoUsingSAPkts, + secyRxSCStatsLatePkts, + secyRxSCStatsNotValidPkts, + secyRxSCStatsInvalidPkts, + secyRxSCStatsDelayedPkts, + secyRxSCStatsUncheckedPkts, + secyRxSCStatsOKPkts, + secyRxSCStatsOctetsValidated, + secyRxSCStatsOctetsDecrypted + } + STATUS current + DESCRIPTION + "A collection of objects providing a receiving SC statistics + information." + ::= { secyMIBGroups 10 } + +secyStatsGroup OBJECT-GROUP + OBJECTS { + secyStatsTxUntaggedPkts, + secyStatsTxTooLongPkts, + secyStatsRxUntaggedPkts, + secyStatsRxNoTagPkts, + secyStatsRxBadTagPkts, + secyStatsRxUnknownSCIPkts, + secyStatsRxNoSCIPkts, + secyStatsRxOverrunPkts + } + STATUS current + DESCRIPTION + "A collection of objects providing a SecY statistics + information." + ::= { secyMIBGroups 11 } + +END + + + |