T11-FC-SP-SA-MIB: View SNMP OID List / Download MIB
VENDOR: INTERNET-STANDARD
Home | MIB: T11-FC-SP-SA-MIB | |||
---|---|---|---|---|
Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
Object Name | OID | Type | Access | Info |
t11FcSpSaMIB | 1.3.6.1.2.1.179 |
This MIB module specifies the management information required to manage Security Associations established via Fibre Channel's FC-SP specification. The MIB module consists of six parts: - a per-Fabric table, t11FcSpSaIfTable, of capabilities, parameters, status information, and counters; the counters include non-transient aggregates of per-SA transient counters; - three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable, and t11FcSpSaTransTable, specifying the proposals for an FC-SP entity acting as an SA_Initiator to present to the SA_Responder during the negotiation of Security Associations. The same information is also used by an FC-SP entity acting as an SA_Responder to decide what to accept during the negotiation of Security Associations. One of these tables, t11FcSpSaTransTable, is used not only for information about security transforms to propose and to accept, but also as agreed upon during the negotiation of Security Associations; - a table, t11FcSpSaTSelDrByTable, of Traffic Selectors having the security action of 'drop' or 'bypass' to be applied either to ingress traffic that is unprotected by FC-SP, or to all egress traffic; - four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable, t11FcSpSaTSelNegOutTable, and t11FcSpSaTSelSpiTable, containing information about active bidirectional pairs of Security Associations; in particular, t11FcSpSaPairTable has one row per active bidirectional SA pair, t11FcSpSaTSelNegInTable and t11FcSpSaTSelNegOutTable contain information on the Traffic Selectors negotiated on the SAs, and the t11FcSpSaTSelSpiTable is an alternate lookup table such that the Traffic Selector(s) in use on a particular Security Association can be quickly determined based on the (ingress) SPI value; - a table, t11FcSpSaControlTable, of control and other information concerning the generation of notifications for events related to FC-SP Security Associations; - one notification, t11FcSpSaNotifyAuthFailure, generated on the occurrence of an Authentication failure for a received FC-2 or CT_IU frame. Copyright (C) The IETF Trust (2008). This version of this MIB module is part of RFC 5324; see the RFC itself for full legal notices. |
||
t11FcSpSaMIBNotifications | 1.3.6.1.2.1.179.0 | |||
t11FcSpSaNotifyAuthFailure | 1.3.6.1.2.1.179.0.1 |
When this notification is generated, it indicates the occurrence of an Authentication failure for a received FC-2 or CT_IU frame. The t11FcSpSaControlInboundSpi, t11FcSpSaControlSource, and t11FcSpSaControlDestination objects in the varbindlist are the frame's SPI, source and destination addresses, respectively. t11FcSpSaControlFrame provides the (beginning of the) frame's content if such is available. This notification is generated only for the first occurrence of an Authentication failure on a Fabric within a time window. Subsequent occurrences of an Authentication Failure on the same Fabric within the same time window are counted but suppressed. The value of t11FcSpSaControlElapsed contains (a lower bound on) the elapsed time since the last generation of this notification for the same Fabric. The value of t11FcSpSaControlSuppressed contains the number of generations which were suppressed in the time window after that last generation, or zero if unknown. |
||
t11FcSpSaNotifyLifeExceeded | 1.3.6.1.2.1.179.0.2 |
This notification is generated when the lifetime (in seconds or in passed bytes) of an SA is exceeded, and the SA is either immediately terminated or is terminated because an attempt to renew the SA fails. The values of t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir contain the SPI and direction of the terminated SA. |
||
t11FcSpSaMIBObjects | 1.3.6.1.2.1.179.1 | |||
t11FcSpSaBase | 1.3.6.1.2.1.179.1.1 | |||
t11FcSpSaIfTable | 1.3.6.1.2.1.179.1.1.1 | no-access |
A table containing per-Fabric information related to FC-SP Security Associations. |
|
1.3.6.1.2.1.179.1.1.1.1 | no-access |
Each entry contains information related to Security Associations on a particular Fabric, and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. |
||
t11FcSpSaIfIndex | 1.3.6.1.2.1.179.1.1.1.1.1 | interfaceindexorzero | no-access |
This object has a non-zero value to identify a particular interface, or the value zero to indicate that the information in this row applies to all (of the management instance's) interfaces to the particular Fabric. If any row has a non-zero value of t11FcSpSaIfIndex, then all rows for the same Fibre Channel management instance must also have a non-zero value of t11FcSpSaIfIndex and thereby be specific to a particular interface. As and when zero values of t11FcSpSaIfIndex are used in this table, then they must also be used in each other table that has t11FcSpSaIfIndex in its INDEX clause. |
t11FcSpSaIfFabricIndex | 1.3.6.1.2.1.179.1.1.1.1.2 | t11fabricindex | no-access |
An index value that uniquely identifies a particular Fabric. |
t11FcSpSaIfEspHeaderCapab | 1.3.6.1.2.1.179.1.1.1.1.3 | t11fcsptransforms | read-only |
A list of the standardized transforms supported by this entity on this interface for ESP_Header protection. |
t11FcSpSaIfCTAuthCapab | 1.3.6.1.2.1.179.1.1.1.1.4 | t11fcsptransforms | read-only |
A list of the standardized transforms supported by this entity on this interface for CT_Authentication protection. |
t11FcSpSaIfIKEv2Capab | 1.3.6.1.2.1.179.1.1.1.1.5 | t11fcsptransforms | read-only |
A list of the standardized transforms supported by this entity on this interface with IKEv2 protection. |
t11FcSpSaIfIkev2AuthCapab | 1.3.6.1.2.1.179.1.1.1.1.6 | truthvalue | read-only |
An indication of whether the entity is capable of supporting the IKEv2-AUTH protocol on this interface, i.e., concatenation of Authentication and SA Management Transactions, such that an SA Management Transaction is used to perform both the authentication function and SA management. |
t11FcSpSaIfStorageType | 1.3.6.1.2.1.179.1.1.1.1.7 | storagetype | read-write |
This object specifies the memory realization of information related to FC-SP Security Associations for interface(s) to a particular Fabric; specifically, for rows created and/or modified in these tables: t11FcSpSaPropTable t11FcSpSaTSelDrByTable t11FcSpSaControlTable and, for modified information contained in the same row as an instance of this object. Even if an instance of this object has the value 'permanent(4)', none of the information defined in this MIB module for interface(s) to the given Fabric need to be writable. |
t11FcSpSaIfReplayPrevention | 1.3.6.1.2.1.179.1.1.1.1.8 | truthvalue | read-write |
This object indicates whether anti-replay protection is enabled for frame reception on this interface. Note that the replay-protection mechanism in FC-SP is conceptually similar to the corresponding mechanism in IPsec ESP. |
t11FcSpSaIfReplayWindowSize | 1.3.6.1.2.1.179.1.1.1.1.9 | unsigned32 | read-write |
The size of the replay window to be used when anti-replay protection is enabled for frame reception on this interface. Note that the replay-protection mechanism in FC-SP is conceptually similar to the corresponding mechanism in IPsec ESP. |
t11FcSpSaIfDeadPeerDetections | 1.3.6.1.2.1.179.1.1.1.1.10 | counter32 | read-only |
The number of times that a dead peer condition has been detected on this interface. This counter has no discontinuities other than those that all Counter32's have when sysUpTime=0. |
t11FcSpSaIfTerminateAllSas | 1.3.6.1.2.1.179.1.1.1.1.11 | integer | read-write |
Setting this object to 'terminate' is a request to terminate all outstanding Security Associations on this interface. When read, the value of this object is always 'noop'. Setting this object to 'noop' has no effect. Enumeration: 'terminate': 2, 'noop': 1. |
t11FcSpSaIfOutDrops | 1.3.6.1.2.1.179.1.1.1.1.12 | counter64 | read-only |
The number of output frames that were dropped, instead of being transmitted on this interface, because they matched an active (at that time) Traffic Selector with an action of 'Drop'. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfOutBypasses | 1.3.6.1.2.1.179.1.1.1.1.13 | counter64 | read-only |
The number of output frames that were transmitted unchanged by FC-SP on this interface because they matched an active (at that time) Traffic Selector with an action of 'Bypass'. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfOutProcesses | 1.3.6.1.2.1.179.1.1.1.1.14 | counter64 | read-only |
The number of output frames that were protected by FC-SP before being transmitted on this interface because they matched an active (at that time) Traffic Selector with an action of 'Process'. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfOutUnMatcheds | 1.3.6.1.2.1.179.1.1.1.1.15 | counter64 | read-only |
The number of frames that were transmitted unchanged by FC-SP on this interface because they did not match any Traffic Selector active at that time. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfInUnprotUnmtchDrops | 1.3.6.1.2.1.179.1.1.1.1.16 | counter64 | read-only |
The number of frames received on this interface that were dropped because they were unprotected and did not match any Traffic Selector active at that time. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfInDetReplays | 1.3.6.1.2.1.179.1.1.1.1.17 | counter64 | read-only |
The number of times that a replay has been detected on a Security Association that is currently active or was previously active on this interface. Note that a frame that is discarded because it is 'behind' the window, i.e., too old, is counted as a replay. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfInUnprotMtchDrops | 1.3.6.1.2.1.179.1.1.1.1.18 | counter64 | read-only |
The number of times that a frame received on this interface was dropped because it matched with a Traffic Selector for a Security Association that was active at the time of receipt but the frame was not protected as negotiated for that Security Association. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfInBadXforms | 1.3.6.1.2.1.179.1.1.1.1.19 | counter64 | read-only |
The number of times that a frame received on this interface was dropped because of a failure of one of the transforms negotiated for the Security Association on which it was received. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfInGoodXforms | 1.3.6.1.2.1.179.1.1.1.1.20 | counter64 | read-only |
The number of frames received on this interface on a Security Association for which the transforms negotiated for that Security Association were successfully applied, and that matched a Traffic Selector for that Security Association. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaIfInProtUnmtchs | 1.3.6.1.2.1.179.1.1.1.1.21 | counter64 | read-only |
The number of frames received on this interface that were dropped because they did not match any of the Traffic Selectors negotiated for the Security Association on which they were received, even though the Security Association's transforms were successfully applied. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaConfig | 1.3.6.1.2.1.179.1.2 | |||
t11FcSpSaPropTable | 1.3.6.1.2.1.179.1.2.1 | no-access |
A table of proposals for an FC-SP entity acting as an SA_Initiator to present to the SA_Responder during the negotiation of Security Associations. This information is also used by an FC-SP entity acting as an SA_Responder to decide what to accept during the negotiation of Security Associations. |
|
1.3.6.1.2.1.179.1.2.1.1 | no-access |
Each entry contains information about one proposal for the FC-SP entity to present, or what to accept, during the negotiation of Security Associations on one or more interfaces (identified by t11FcSpSaIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType that is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex. |
||
t11FcSpSaPropIndex | 1.3.6.1.2.1.179.1.2.1.1.1 | unsigned32 | no-access |
An index value that uniquely identifies a particular proposal for use on one or more interfaces to a Fabric. |
t11FcSpSaPropSecurityProt | 1.3.6.1.2.1.179.1.2.1.1.2 | t11fcspsecurityprotocolid | read-only |
The Security Protocol identifier for this proposal, i.e., whether the proposal is for traffic to be protected using ESP_Header or CT_Authentication. |
t11FcSpSaPropTSelListIndex | 1.3.6.1.2.1.179.1.2.1.1.3 | unsigned32 | read-only |
When the value of this object is non-zero, it points to the proposal's list of Traffic Selectors. The value must be non-zero in an active row of this table. The identified list is represented by all rows in the t11FcSpSaTSelPropTable for which t11FcSpSaTSelPropListIndex has the same value as this object (and with corresponding values of t11FcSpSaIfIndex and fcmInstanceIndex). |
t11FcSpSaPropTransListIndex | 1.3.6.1.2.1.179.1.2.1.1.4 | unsigned32 | read-only |
When the value of this object is non-zero, it points to the proposal's list of Transforms. The value must be non-zero in an active row of this table. The identified list is represented by all rows in the t11FcSpSaTransTable for which t11FcSpSaTransListIndex has the same value as this object (and with corresponding values of t11FcSpSaIfIndex and fcmInstanceIndex). |
t11FcSpSaPropAcceptAlgorithm | 1.3.6.1.2.1.179.1.2.1.1.5 | integer | read-only |
The algorithm by which an SA_Responder in an SA negotiation decides on which Traffic Selectors to specify in a response to an IKE_Create_Child_SA request. This algorithm is used when the Traffic Selectors specified by an SA_Initiator in an IKE_Create_Child_SA request overlap with this proposal's list of Traffic Selectors: intersection(1) - the SA_Responder specifies the largest subset of what the SA_Initiator proposed, which is also a subset of this proposal's Traffic Selectors. union(2) - the SA_Responder specifies the smallest superset of what the SA_Initiator proposed, which is also a superset of this proposal's Traffic Selectors. other(3) - the SA_Responder uses some other algorithm. Enumeration: 'union': 2, 'intersection': 1, 'other': 3. |
t11FcSpSaPropOutMatchSucceeds | 1.3.6.1.2.1.179.1.2.1.1.6 | counter64 | read-only |
The number of egress frames that have matched a Traffic Selector that was negotiated to select traffic for an SA based on this proposal being accepted. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaPropRowStatus | 1.3.6.1.2.1.179.1.2.1.1.7 | rowstatus | read-only |
The status of a row. Values of object instances within an active row can be modified at any time. The status cannot be set to 'active' unless and until the instances of t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex in the row have been set to point to active rows in the t11FcSpSaTSelPropTable and t11FcSpSaTransTable tables, respectively. A row in this table is deleted if the active rows it points to are deleted. |
t11FcSpSaTSelPropTable | 1.3.6.1.2.1.179.1.2.2 | no-access |
A table containing information about Traffic Selectors to propose and/or to accept during the negotiation of Security Associations. |
|
1.3.6.1.2.1.179.1.2.2.1 | no-access |
Each entry contains information about one Traffic Selector within a list of Traffic Selectors to propose, or for use in determining what to accept during Security Association negotiation. One such list is configured for use on a Fabric by configuring the list's value of t11FcSpSaTSelPropListIndex as the value of an instance of t11FcSpSaPropTSelListIndex, for corresponding values of t11FcSpSaIfIndex and fcmInstanceIndex. Further, the proposing and accepting of Traffic Selectors is only done as a part of a proposal specified by a row of the t11FcSpSaPropTable, i.e., in combination with the proposing and accepting of security transforms as specified by the combination of t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex in one row of the t11FcSpSaPropTable. The StorageType of a row in this table is specified by the instance of t11FcSpSaTSelPropStorageType in that row. |
||
t11FcSpSaTSelPropListIndex | 1.3.6.1.2.1.179.1.2.2.1.1 | unsigned32 | no-access |
An index value that identifies a particular list of Traffic Selectors. |
t11FcSpSaTSelPropPrecedence | 1.3.6.1.2.1.179.1.2.2.1.2 | t11fcspprecedence | no-access |
The precedence of this Traffic Selector. Each Traffic Selector within a particular list of Traffic Selectors must have a different precedence. If an egress frame matches multiple Traffic Selectors, it should be transmitted on the SA associated with the Traffic Selector having the numerically smallest precedence value. |
t11FcSpSaTSelPropDirection | 1.3.6.1.2.1.179.1.2.2.1.3 | t11fcsadirection | read-only |
An indication of whether this Traffic Selector is to be proposed for ingress or egress traffic. |
t11FcSpSaTSelPropStartSrcAddr | 1.3.6.1.2.1.179.1.2.2.1.4 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelPropEndSrcAddr | 1.3.6.1.2.1.179.1.2.2.1.5 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelPropStartDstAddr | 1.3.6.1.2.1.179.1.2.2.1.6 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelPropEndDstAddr | 1.3.6.1.2.1.179.1.2.2.1.7 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelPropStartRCtl | 1.3.6.1.2.1.179.1.2.2.1.8 | t11fcroutingcontrol | read-only |
The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelPropEndRCtl | 1.3.6.1.2.1.179.1.2.2.1.9 | t11fcroutingcontrol | read-only |
The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelPropStartType | 1.3.6.1.2.1.179.1.2.2.1.10 | t11fcsptype | read-only |
The numerically smallest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelPropEndType | 1.3.6.1.2.1.179.1.2.2.1.11 | t11fcsptype | read-only |
The numerically largest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelPropStorageType | 1.3.6.1.2.1.179.1.2.2.1.12 | storagetype | read-only |
This object specifies the memory realization of the information in this row. Even if an instance of this object has the value 'permanent(4)', none of the information in its row needs to be writable. |
t11FcSpSaTSelPropRowStatus | 1.3.6.1.2.1.179.1.2.2.1.13 | rowstatus | read-only |
The status of this row. Values of object instances within the row can be modified at any time. |
t11FcSpSaTransTable | 1.3.6.1.2.1.179.1.2.3 | no-access |
A table containing information about security transforms to propose, to accept and/or agreed upon during the negotiation of Security Associations. |
|
1.3.6.1.2.1.179.1.2.3.1 | no-access |
Each entry contains information about one proposal within a list of security transforms to be proposed, to be accepted, or already agreed upon, for use on a pair of Security Associations on one or more interfaces (identified by t11FcSpSaIfIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. One such list is configured to be proposed or accepted for use on a Fabric, by having the list's value of t11FcSpSaTransListIndex be the value of an instance of t11FcSpSaPropTransListIndex for that Fabric. Further, the proposing and accepting of security transforms is only done as a part of a proposal specified by a row of the t11FcSpSaPropTable, i.e., in combination with the proposing and accepting of Traffic Selectors as specified by the combination of t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex in one row of the t11FcSpSaPropTable. The security (encryption and integrity) transform in use on an SA pair is indicated by having the pair's values of t11FcSpSaPairTransListIndex and t11FcSpSaPairTransIndex contain the values of t11FcSpSaTransListIndex and t11FcSpSaTransIndex for the transform's row in this table. The StorageType of a row in this table is specified by the instance of t11FcSpSaTransStorageType in that row. |
||
t11FcSpSaTransListIndex | 1.3.6.1.2.1.179.1.2.3.1.1 | unsigned32 | no-access |
An index value that uniquely identifies a particular list of security transforms to be proposed, to be accepted, or already agreed upon. |
t11FcSpSaTransIndex | 1.3.6.1.2.1.179.1.2.3.1.2 | unsigned32 | no-access |
An index value that uniquely identifies one security transform within a list identified by t11FcSpSaTransListIndex. |
t11FcSpSaTransSecurityProt | 1.3.6.1.2.1.179.1.2.3.1.3 | t11fcspsecurityprotocolid | read-only |
The Security Protocol identifier that indicates whether this transform is for traffic to be protected using ESP_Header or using CT_Authentication. |
t11FcSpSaTransEncryptAlg | 1.3.6.1.2.1.179.1.2.3.1.4 | autonomoustype | read-only |
The Encryption Algorithm for this transform. |
t11FcSpSaTransEncryptKeyLen | 1.3.6.1.2.1.179.1.2.3.1.5 | unsigned32 | read-only |
The key length in bits to be used with an encryption algorithm that has a variable length key. This object is ignored when the corresponding instance of t11FcSpSaTransEncryptAlg specifies an algorithm with a fixed length key. |
t11FcSpSaTransIntegrityAlg | 1.3.6.1.2.1.179.1.2.3.1.6 | autonomoustype | read-only |
The Integrity Algorithm for this transform. |
t11FcSpSaTransStorageType | 1.3.6.1.2.1.179.1.2.3.1.7 | storagetype | read-only |
This object specifies the memory realization of the information in this row. Even if an instance of this object has the value 'permanent(4)', none of the information in its row needs to be writable. |
t11FcSpSaTransRowStatus | 1.3.6.1.2.1.179.1.2.3.1.8 | rowstatus | read-only |
The status of this row. When an instance of t11FcSpSaPairTransListIndex points to a row in this table, values of object instances in the row cannot be modified nor can the row be deleted. Otherwise, a row can be modified or deleted at any time. |
t11FcSpSaTSelDrByTable | 1.3.6.1.2.1.179.1.2.4 | no-access |
A table containing Traffic Selectors to select which traffic is to be dropped or is to bypass further security processing. |
|
1.3.6.1.2.1.179.1.2.4.1 | no-access |
Each entry represents one Traffic Selector having the security action of 'drop' or 'bypass', which is applied based on a precedence value, either to ingress traffic that is unprotected by FC-SP, or to all egress traffic on one or more interfaces (identified by t11FcSpSaIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType that is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex and t11FcSpSaIfFabricIndex. |
||
t11FcSpSaTSelDrByDirection | 1.3.6.1.2.1.179.1.2.4.1.1 | t11fcsadirection | no-access |
An indication of whether this Traffic Selector is for ingress or egress traffic. |
t11FcSpSaTSelDrByPrecedence | 1.3.6.1.2.1.179.1.2.4.1.2 | t11fcspprecedence | no-access |
The precedence of this Traffic Selector. If and when a frame is compared against multiple Traffic Selectors, and multiple of them have a match with the frame, the security action to be taken for the frame is that specified for the matching Traffic Selector having the numerically smallest precedence value. |
t11FcSpSaTSelDrByAction | 1.3.6.1.2.1.179.1.2.4.1.3 | integer | read-only |
The security action to be taken for a frame that matches this Traffic Selector. Enumeration: 'drop': 1, 'bypass': 2. |
t11FcSpSaTSelDrByStartSrcAddr | 1.3.6.1.2.1.179.1.2.4.1.4 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelDrByEndSrcAddr | 1.3.6.1.2.1.179.1.2.4.1.5 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelDrByStartDstAddr | 1.3.6.1.2.1.179.1.2.4.1.6 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelDrByEndDstAddr | 1.3.6.1.2.1.179.1.2.4.1.7 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelDrByStartRCtl | 1.3.6.1.2.1.179.1.2.4.1.8 | t11fcroutingcontrol | read-only |
The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelDrByEndRCtl | 1.3.6.1.2.1.179.1.2.4.1.9 | t11fcroutingcontrol | read-only |
The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelDrByStartType | 1.3.6.1.2.1.179.1.2.4.1.10 | t11fcsptype | read-only |
The numerically smallest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelDrByEndType | 1.3.6.1.2.1.179.1.2.4.1.11 | t11fcsptype | read-only |
The numerically largest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelDrByMatches | 1.3.6.1.2.1.179.1.2.4.1.12 | counter64 | read-only |
The number of frames for which the action specified by the corresponding instance of t11FcSpSaTSelDrByAction was taken because of a match with this Traffic Selector. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaTSelDrByRowStatus | 1.3.6.1.2.1.179.1.2.4.1.13 | rowstatus | read-only |
The status of this row. Values of object instances within the row can be modified at any time. |
t11FcSpSaActive | 1.3.6.1.2.1.179.1.3 | |||
t11FcSpSaPairTable | 1.3.6.1.2.1.179.1.3.1 | no-access |
A table containing information about active bidirectional pairs of Security Associations. |
|
1.3.6.1.2.1.179.1.3.1.1 | no-access |
Each entry contains information about one active bidirectional pair of Security Associations on an interface to a particular Fabric (identified by t11FcSpSaIfFabricIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. |
||
t11FcSpSaPairIfIndex | 1.3.6.1.2.1.179.1.3.1.1.1 | interfaceindex | no-access |
This object identifies the interface to the particular Fabric on which this SA pair is active. |
t11FcSpSaPairInboundSpi | 1.3.6.1.2.1.179.1.3.1.1.2 | t11fcspiindex | no-access |
The SPI value that is used to indicate that an incoming frame was received on the ingress SA of this SA pair. |
t11FcSpSaPairSecurityProt | 1.3.6.1.2.1.179.1.3.1.1.3 | t11fcspsecurityprotocolid | read-only |
The object indicates whether this SA uses ESP_Header to protect FC-2 frames, or CT_Authentication to protect Common Transport Information Units (CT_IUs). |
t11FcSpSaPairTransListIndex | 1.3.6.1.2.1.179.1.3.1.1.4 | unsigned32 | read-only |
The combination of this value and the value of the corresponding instance of t11FcSpSaPairTransIndex identify the row in the t11FcSpSaTransTable that contains the transforms that are in use on this SA pair. |
t11FcSpSaPairTransIndex | 1.3.6.1.2.1.179.1.3.1.1.5 | unsigned32 | read-only |
The combination of this value and the value of the corresponding instance of t11FcSpSaPairTransListIndex identify the row in the t11FcSpSaTransTable that contains the transforms that are in use on this SA pair. |
t11FcSpSaPairLifetimeLeft | 1.3.6.1.2.1.179.1.3.1.1.6 | t11fcsplifetimeleft | read-only |
The remaining lifetime of this SA pair, given in the units specified by the value of the corresponding instance of t11FcSpSaPairLifetimeLeft. |
t11FcSpSaPairLifetimeLeftUnits | 1.3.6.1.2.1.179.1.3.1.1.7 | t11fcsplifetimeleftunits | read-only |
The units in which the value of the corresponding instance of t11FcSpSaPairLifetimeLeft specifies the remaining lifetime of this SA pair. |
t11FcSpSaPairTerminate | 1.3.6.1.2.1.179.1.3.1.1.8 | integer | read-write |
Setting this object to 'terminate' is a request to terminate this pair of Security Associations. When read, the value of this object is always 'noop'. Setting this object to 'noop' has no effect. Enumeration: 'terminate': 2, 'noop': 1. |
t11FcSpSaPairInProtUnMatchs | 1.3.6.1.2.1.179.1.3.1.1.9 | counter64 | read-only |
The number of frames received on this SA for which the SA's transforms were successfully applied to the frame, but the frame was still dropped because it did not match any of the SA's ingress Traffic Selectors. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaPairInDetReplays | 1.3.6.1.2.1.179.1.3.1.1.10 | counter64 | read-only |
The number of times that a replay has been detected on this Security Association. Note that a frame that is discarded because it is 'behind' the window, i.e., too old, is counted as a replay. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaPairInBadXforms | 1.3.6.1.2.1.179.1.3.1.1.11 | counter64 | read-only |
The number of times that a received frame was dropped because one of the transforms negotiated for this Security Association failed. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaPairInGoodXforms | 1.3.6.1.2.1.179.1.3.1.1.12 | counter64 | read-only |
The number of received frames for which the transforms negotiated for this Security Association, were successfully applied. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaTSelNegInTable | 1.3.6.1.2.1.179.1.3.2 | no-access |
A table containing information about ingress Traffic Selectors that are in use on active Security Associations. |
|
1.3.6.1.2.1.179.1.3.2.1 | no-access |
Each entry contains information about one ingress Traffic Selector that is in use on an active Security Association on an interface (identified by t11FcSpSaPairIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. |
||
t11FcSpSaTSelNegInIndex | 1.3.6.1.2.1.179.1.3.2.1.1 | unsigned32 | no-access |
An index value to distinguish an ingress Traffic Selector from all others currently in use by Security Associations on the same interface to a particular Fabric. |
t11FcSpSaTSelNegInInboundSpi | 1.3.6.1.2.1.179.1.3.2.1.2 | t11fcspiindex | read-only |
The SPI of the ingress SA on which this Traffic Selector is in use. This value can be used to find the SA pair's row in the t11FcSpSaPairTable. |
t11FcSpSaTSelNegInStartSrcAddr | 1.3.6.1.2.1.179.1.3.2.1.3 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegInEndSrcAddr | 1.3.6.1.2.1.179.1.3.2.1.4 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegInStartDstAddr | 1.3.6.1.2.1.179.1.3.2.1.5 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegInEndDstAddr | 1.3.6.1.2.1.179.1.3.2.1.6 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegInStartRCtl | 1.3.6.1.2.1.179.1.3.2.1.7 | t11fcroutingcontrol | read-only |
The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegInEndRCtl | 1.3.6.1.2.1.179.1.3.2.1.8 | t11fcroutingcontrol | read-only |
The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegInStartType | 1.3.6.1.2.1.179.1.3.2.1.9 | t11fcsptype | read-only |
The numerically smallest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelNegInEndType | 1.3.6.1.2.1.179.1.3.2.1.10 | t11fcsptype | read-only |
The numerically largest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelNegInUnpMtchDrops | 1.3.6.1.2.1.179.1.3.2.1.11 | counter64 | read-only |
The number of times that a received frame was dropped because it matched with this Traffic Selector but the frame was not protected as negotiated for the Security Association identified by t11FcSpSaTSelNegInInboundSpi. This counter has no discontinuities other than those that all Counter64's have when sysUpTime=0. |
t11FcSpSaTSelNegOutTable | 1.3.6.1.2.1.179.1.3.3 | no-access |
A table containing information about egress Traffic Selectors that are in use on active Security Associations. |
|
1.3.6.1.2.1.179.1.3.3.1 | no-access |
Each entry contains information about one egress Traffic Selector that is in use on an active Security Association on an interface (identified by t11FcSpSaPairIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. |
||
t11FcSpSaTSelNegOutPrecedence | 1.3.6.1.2.1.179.1.3.3.1.1 | t11fcspprecedence | no-access |
The precedence of this Traffic Selector. If and when a frame is compared against multiple Traffic Selectors, and multiple of them have a match with the frame, the security action to be taken for the frame is that specified for the matching Traffic Selector having the numerically smallest precedence value. |
t11FcSpSaTSelNegOutInboundSpi | 1.3.6.1.2.1.179.1.3.3.1.2 | t11fcspiindex | read-only |
The SPI of the ingress SA of the SA pair for which this Traffic Selector is in use on the egress SA. This value can be used to find the SA pair's row in the t11FcSpSaPairTable. |
t11FcSpSaTSelNegOutStartSrcAddr | 1.3.6.1.2.1.179.1.3.3.1.3 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutEndSrcAddr | 1.3.6.1.2.1.179.1.3.3.1.4 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a source address (S_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutStartDstAddr | 1.3.6.1.2.1.179.1.3.3.1.5 | fcaddressidorzero | read-only |
The numerically smallest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutEndDstAddr | 1.3.6.1.2.1.179.1.3.3.1.6 | fcaddressidorzero | read-only |
The numerically largest 24-bit value of a destination address (D_ID) of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutStartRCtl | 1.3.6.1.2.1.179.1.3.3.1.7 | t11fcroutingcontrol | read-only |
The numerically smallest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutEndRCtl | 1.3.6.1.2.1.179.1.3.3.1.8 | t11fcroutingcontrol | read-only |
The numerically largest 8-bit value contained within a Routing Control (R_CTL) field of a frame that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutStartType | 1.3.6.1.2.1.179.1.3.3.1.9 | t11fcsptype | read-only |
The numerically smallest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelNegOutEndType | 1.3.6.1.2.1.179.1.3.3.1.10 | t11fcsptype | read-only |
The numerically largest of a range of possible 'type' values of frames that will match with this Traffic Selector. |
t11FcSpSaTSelSpiTable | 1.3.6.1.2.1.179.1.3.4 | no-access |
A table identifying the Traffic Selectors in use on particular Security Associations, INDEX-ed by their (ingress) SPI values. |
|
1.3.6.1.2.1.179.1.3.4.1 | no-access |
Each entry identifies one Traffic Selector in use on an SA pair on the interface (identified by t11FcSpSaPairIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. |
||
t11FcSpSaTSelSpiInboundSpi | 1.3.6.1.2.1.179.1.3.4.1.1 | t11fcspiindex | no-access |
An SPI value that identifies the ingress Security Association of a particular SA pair. |
t11FcSpSaTSelSpiTrafSelIndex | 1.3.6.1.2.1.179.1.3.4.1.2 | unsigned32 | no-access |
An index value that distinguishes between the (potentially multiple) Traffic Selectors in use on this Security Association pair. |
t11FcSpSaTSelSpiDirection | 1.3.6.1.2.1.179.1.3.4.1.3 | t11fcsadirection | read-only |
This object indicates whether this Traffic Selector is being used for ingress or for egress traffic. |
t11FcSpSaTSelSpiTrafSelPtr | 1.3.6.1.2.1.179.1.3.4.1.4 | unsigned32 | read-only |
This object contains a pointer into another table that can be used to obtain more information about this Traffic Selector. If the corresponding instance of t11FcSpSaTSelSpiDirection has the value 'egress', then this object contains the value of t11FcSpSaTSelNegOutPrecedence in the row of t11FcSpSaTSelNegOutTable, which contains more information. If the corresponding instance of t11FcSpSaTSelSpiDirection has the value 'ingress', then this object contains the value of t11FcSpSaTSelNegInIndex that identifies the row in t11FcSpSaTSelNegInTable containing more information. |
t11FcSpSaControl | 1.3.6.1.2.1.179.1.4 | |||
t11FcSpSaControlTable | 1.3.6.1.2.1.179.1.4.1 | no-access |
A table of control and other information concerning the generation of notifications for events related to FC-SP Security Associations. |
|
1.3.6.1.2.1.179.1.4.1.1 | no-access |
Each entry identifies information for the one or more interfaces (identified by t11FcSpSaIfIndex) to a particular Fabric (identified by t11FcSpSaIfFabricIndex), and managed as part of the Fibre Channel management instance identified by fcmInstanceIndex. The StorageType of a row in this table is specified by the instance of t11FcSpSaIfStorageType that is INDEX-ed by the same values of fcmInstanceIndex, t11FcSpSaIfIndex, and t11FcSpSaIfFabricIndex. |
||
t11FcSpSaControlAuthFailEnable | 1.3.6.1.2.1.179.1.4.1.1.1 | truthvalue | read-write |
This object specifies whether a t11FcSpSaNotifyAuthFailure notification should be generated for the first occurrence of an Authentication failure within a time window for this Fabric. |
t11FcSpSaControlInboundSpi | 1.3.6.1.2.1.179.1.4.1.1.2 | t11fcspiindex | read-only |
The SPI value of the ingress Security Association on which was received the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is zero. |
t11FcSpSaControlSource | 1.3.6.1.2.1.179.1.4.1.1.3 | fcaddressidorzero | read-only |
The S_ID contained in the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is the zero-length string. |
t11FcSpSaControlDestination | 1.3.6.1.2.1.179.1.4.1.1.4 | fcaddressidorzero | read-only |
The D_ID contained in the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is the zero-length string. |
t11FcSpSaControlFrame | 1.3.6.1.2.1.179.1.4.1.1.5 | octet string | read-only |
The binary content of the last frame for which a t11FcSpSaNotifyAuthFailure was generated. If more than 256 bytes of the frame are available, then this object contains the first 256 bytes. If less than 256 bytes of the frame are available, then this object contains the first N bytes, where N is greater or equal to zero. If no t11FcSpSaNotifyAuthFailure notifications have been generated, the value of this object is the zero-length string. |
t11FcSpSaControlElapsed | 1.3.6.1.2.1.179.1.4.1.1.6 | timeticks | read-only |
The elapsed time since the last generation of a t11FcSpSaNotifyAuthFailure notification on the same Fabric, or the value of sysUpTime if no t11FcSpSaNotifyAuthFailure notifications have been generated since the last restart. |
t11FcSpSaControlSuppressed | 1.3.6.1.2.1.179.1.4.1.1.7 | gauge32 | read-only |
The number of occurrences of an Authentication failure on a Fabric that were suppressed because they occurred on the same Fabric within the same time window as a previous Authentication failure for which a t11FcSpSaNotifyAuthFailure notification was generated. The value of this object is reset to zero on a restart of the network management subsystem, and whenever a t11FcSpSaNotifyAuthFailure notification is generated. In the event that the value of this object reaches its maximum value, it remains at that value until it is reset on the generation of the next t11FcSpSaNotifyAuthFailure notification. |
t11FcSpSaControlWindow | 1.3.6.1.2.1.179.1.4.1.1.8 | unsigned32 | read-write |
The length of a time window that begins when a t11FcSpSaNotifyAuthFailure notification is generated for any Security Association on a particular Fabric. For the duration of the time window, further Authentication failures occurring for the same Security Association are counted but no t11FcSpSaNotifyAuthFailure notification is generated. When this object is modified before the end of a time window, that time window is immediately terminated, i.e., the next Authentication failure on the relevant Fabric after the modification will cause a new time window to begin with the new length. |
t11FcSpSaControlMaxNotifs | 1.3.6.1.2.1.179.1.4.1.1.9 | unsigned32 | read-write |
The maximum number of t11FcSpSaNotifyAuthFailure notifications to be generated per Fabric within a t11FcSpSaControlWindow time window. Subsequent Authentication failures occurring on the same Fabric in the same time window are counted, but no t11FcSpSaNotifyAuthFailure notification is generated. When this object is modified before the end of a time window, that time window is immediately terminated, i.e., the next Authentication failure on the relevant Fabric after the modification will cause a new time window to begin with the new length. |
t11FcSpSaControlLifeExcdEnable | 1.3.6.1.2.1.179.1.4.1.1.10 | truthvalue | read-write |
This object specifies whether t11FcSpSaNotifyLifeExceeded notifications should be generated for this Fabric. |
t11FcSpSaControlLifeExcdSpi | 1.3.6.1.2.1.179.1.4.1.1.11 | t11fcspiindex | read-only |
The SPI of the SA that was most recently terminated because its lifetime (in seconds or in passed bytes) was exceeded. Such terminations include those due to a failed attempt to renew an SA after its lifetime was exceeded. |
t11FcSpSaControlLifeExcdDir | 1.3.6.1.2.1.179.1.4.1.1.12 | t11fcsadirection | read-only |
The direction of frame transmission on the SA that was most recently terminated because its lifetime (in seconds or in passed bytes) was exceeded. |
t11FcSpSaControlLifeExcdTime | 1.3.6.1.2.1.179.1.4.1.1.13 | timestamp | read-only |
The time of the most recent termination of an SA due to its lifetime (in seconds or in passed bytes) being exceeded. Such terminations include those due to a failed attempt to renew an SA after its lifetime was exceeded. |
t11FcSpSaMIBConformance | 1.3.6.1.2.1.179.2 | |||
t11FcSpSaMIBCompliances | 1.3.6.1.2.1.179.2.1 | |||
t11FcSpSaMIBCompliance | 1.3.6.1.2.1.179.2.1.1 |
The compliance statement for entities that implement FC-SP Security Associations. |
||
t11FcSpSaMIBGroups | 1.3.6.1.2.1.179.2.2 | |||
t11FcSpSaCapabilityGroup | 1.3.6.1.2.1.179.2.2.1 |
A collection of objects containing information related to capabilities of FC-SP entities. |
||
t11FcSpSaParamStatusGroup | 1.3.6.1.2.1.179.2.2.2 |
A collection of objects containing parameters and status information related to FC-SP entities. |
||
t11FcSpSaSummaryCountGroup | 1.3.6.1.2.1.179.2.2.3 |
A collection of objects containing summary counters for FC-SP Security Associations. |
||
t11FcSpSaProposalGroup | 1.3.6.1.2.1.179.2.2.4 |
A collection of objects containing information related to making and accepting proposals for FC-SP Security Associations. |
||
t11FcSpSaDropBypassGroup | 1.3.6.1.2.1.179.2.2.5 |
A collection of objects containing information about Traffic Selectors of traffic to drop or bypass for FC-SP Security. |
||
t11FcSpSaActiveGroup | 1.3.6.1.2.1.179.2.2.6 |
A collection of objects containing information related to currently active FC-SP Security Associations. |
||
t11FcSpSaNotifInfoGroup | 1.3.6.1.2.1.179.2.2.7 |
A collection of objects containing information related to notifications of events concerning FC-SP Security Associations. |
||
t11FcSpSaNotificationGroup | 1.3.6.1.2.1.179.2.2.8 |
A collection of notifications of events concerning FC-SP Security Associations. |