-- ***************************************************************** -- IEEE8021-SECY-MIB -- -- Definitions of managed objects supporting IEEE 802.1AE MACsec. -- -- January 2006 -- -- ***************************************************************** IEEE8021-SECY-MIB DEFINITIONS ::= BEGIN -- ----------------------------------------------------------------- -- IEEEE802.1AE MIB -- ----------------------------------------------------------------- IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32, Counter64 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowPointer, TimeStamp, TruthValue, RowStatus FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InterfaceIndex FROM IF-MIB ; ieee8021SecyMIB MODULE-IDENTITY LAST-UPDATED "200601100000Z" ORGANIZATION "IEEE 802.1 Working Group" CONTACT-INFO "http:/grouper.ieee.org/groups/8021/index.html" DESCRIPTION "The MAC security entity (SecY) module for managing IEEE 802.1AE. An SecY is the entity that operates the MAC Security protocol within the system. Each SecY transmits frames conveying secure MAC Service requests on a single Secure Channel (SC), and receives frames conveying secure service indications on separate SCs (one for each of the other SecYs participating in the Secure Connectivity Association (CA)). A CA is a security relationship, established and maintained by key agreement protocols that comprise a fully connected subset of the service access points in stations attached to a single MACsec supported LAN. An SC is a security relationship used to provide security guarantees for frames transmitted from one member of a CA to the others. It is a unidirectional point to multipoint communication, and can be long lived, persisting through Secure Association Key (SAK) changes. Each SC is supported by a sequence of Secure Associations (SAs) thus allowing the periodic use of fresh keys without terminating the relationship. Each SA is supported by a single secret key, or a set of keys where the cryptographic operations used to protect one frame require more than one key. Two different interfaces ’Controlled Port’ and ’Uncontrolled Port’, are associated with a SecY, and that for each instance of a SecY, two ifTable rows (one for each interface) run on top of an ifTable row representing the ’Common Port’ interface, such as a row with ifType = ’ethernetCsmacd(6)’. For example : ----------------------------------------------------------- | | | | Controlled Port | Uncontrolled Port | | Interface | Interface | | (ifEntry = j) | (ifEntry = k) | | (ifType = | (ifType = | | macSecControlledIF(231)) | macSecUncontrolledIF(232))| | | | |---------------------------------------------------------| | | | Physical Interface | | (ifEntry = i) | | (ifType = ethernetCsmacd(6)) | |_________________________________________________________| i, j, k are ifIndex to indicate an interface row in the ifTable. Figure : MACsec Interface Stack The ’Controlled Port’ is the service point to provide one instance of the secure MAC service in a SecY. The ’Uncontrolled Port’ is the service point to provide one instance of the insecure MAC service in a SecY." REVISION "200601100000Z" DESCRIPTION "Initial version of this MIB module. Published as part of IEEE standard 802.1AE" ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1) ieee802dot1mibs(1) 3 } secyMIBNotifications OBJECT IDENTIFIER ::= { ieee8021SecyMIB 0 } secyMIBObjects OBJECT IDENTIFIER ::= { ieee8021SecyMIB 1 } secyMIBConformance OBJECT IDENTIFIER ::= { ieee8021SecyMIB 2 } -- -- Textual Convention -- SecySCI ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention indicates a Secure Channel Identifier (SCI). Each SC is identified by an SCI, comprised of a unique 48-bit Universally Administered MAC Address, identifying the system to which the transmitting SecY belongs, concatenated with a 16-bit Port number, identifying the SecY within that system." REFERENCE "IEEE 802.1AE Clause 7.1.2, 10.7.1 and figure 7.7" SYNTAX OCTET STRING (SIZE (8)) SecyAN ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "This textual convention indicates an Association Number (AN). Each SC is comprised of a succession of SAs, each with a different SAK. Each SA is identified by the SC identifier concatenated with a two-bit AN. The Secure Association Identifier (SAI) thus created allows the receiving SecY to identify the SA, and the SAK used to decrypt and authenticate the received frame. The AN, and the SAI, is only unique for the SAs that can be used or recorded by participating SecYs at any instant." REFERENCE "IEEE 802.1AE Clause 8.1.3 and figure 7.7" SYNTAX Unsigned32 (0..3) secyMgmtMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 1 } secyStatsMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 2 } -- -- SecY Management Table -- secyIfTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of system level information for each interface supported by the MAC security entity. An entry appears in this table for each interface with MAC security capability in this system. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity." REFERENCE "IEEE 802.1AE Clause 10.7" ::= { secyMgmtMIBObjects 1 } secyIfEntry OBJECT-TYPE SYNTAX SecyIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing SecY management information applicable to a particular interface." INDEX { secyIfInterfaceIndex } ::= { secyIfTable 1 } SecyIfEntry ::= SEQUENCE { secyIfInterfaceIndex InterfaceIndex, secyIfMaxPeerSCs Unsigned32, secyIfRxMaxKeys Unsigned32, secyIfTxMaxKeys Unsigned32, secyIfProtectFramesEnable TruthValue, secyIfValidateFrames INTEGER, secyIfReplayProtectEnable TruthValue, secyIfReplayProtectWindow Unsigned32, secyIfCurrentCipherSuite Unsigned32, secyIfAdminPt2PtMAC INTEGER, secyIfOperPt2PtMAC TruthValue, secyIfIncludeSCIEnable TruthValue, secyIfUseESEnable TruthValue, secyIfUseSCBEnable TruthValue } secyIfInterfaceIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "An interface index for a port with SecY management ability. This interface index should be aligned with ifIndex in the ifTable to point to the SecY Controlled Port entity." REFERENCE "IEEE 802.1AE Clause 10.1" ::= { secyIfEntry 1 } secyIfMaxPeerSCs OBJECT-TYPE SYNTAX Unsigned32 UNITS "security connections" MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum number of peer SCs that this SecY can support." REFERENCE "IEEE 802.1AE Clause 10.7.7" ::= { secyIfEntry 2 } secyIfRxMaxKeys OBJECT-TYPE SYNTAX Unsigned32 UNITS "keys" MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum number of keys in simultaneous use for reception that this SecY can support." REFERENCE "IEEE 802.1AE Clause 10.7.7" ::= { secyIfEntry 3 } secyIfTxMaxKeys OBJECT-TYPE SYNTAX Unsigned32 UNITS "keys" MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum number of keys in simultaneous use for transmission that this SecY can support." REFERENCE "IEEE 802.1AE Clause 10.7.16" ::= { secyIfEntry 4 } secyIfProtectFramesEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An object to enable or disable the protection function for egress frames." REFERENCE "IEEE 802.1AE Clause 10.5" DEFVAL { true } ::= { secyIfEntry 5 } secyIfValidateFrames OBJECT-TYPE SYNTAX INTEGER { disabled(1), check(2), strict(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "An object to control the validation function for ingress frames. disabled(1) : means to disable the validation function. check(2) : means to enable the validation function but only for checking without filtering out invalid frames. strict(3) : means to enable the validation function and also strictly filter out those invalid frames." REFERENCE "IEEE 802.1AE Clause 10.7.8" DEFVAL { strict } ::= { secyIfEntry 6 } secyIfReplayProtectEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An object to enable or disable the replay protection function." REFERENCE "IEEE 802.1AE Clause 10.7.8, 10.7.17" DEFVAL { true } ::= { secyIfEntry 7 } secyIfReplayProtectWindow OBJECT-TYPE SYNTAX Unsigned32 UNITS "Packets" MAX-ACCESS read-write STATUS current DESCRIPTION "An object to indicate the replay protection window size. This object only takes effect if the object secyReplayProtectEnable is true." REFERENCE "IEEE 802.1AE Clause 10.7.8" DEFVAL { 0 } ::= { secyIfEntry 8 } secyIfCurrentCipherSuite OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "An object that points to an entry of the secyCipherSuiteTable with ’active’ row status to indicate the cipher Suite which this SecY is currently using. By default, this object should point to the default cipher suite which system provides." REFERENCE "IEEE 802.1AE Clause 10.7.25" ::= { secyIfEntry 9 } secyIfAdminPt2PtMAC OBJECT-TYPE SYNTAX INTEGER { forceTrue(1), forceFalse(2), auto(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "An object to control the service connectivity to at most one other system. The secyOperPt2PtMAC indicates operational status of the service connectivity for this SecY. forceTrue(1) : allows only one service connection to the other system. forceFalse(2) : no restriction on the number of service connections to the other systems. auto(3) : means the service connectivity is determined by the service providing entity." REFERENCE "IEEE 802.1AE Clause 6.5" DEFVAL { auto } ::= { secyIfEntry 10 } secyIfOperPt2PtMAC OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An object to reflect the current service connectivity status. true(1) : means the service connectivity of this SecY provides at most one other system. false(2) : means the service connectivity of this SecY could provide more than one other system." REFERENCE "IEEE 802.1AE Clause 6.5" ::= { secyIfEntry 11 } secyIfIncludeSCIEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An object indicates to include the SCI information in security TAG (SecTAG) field while transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17" DEFVAL { false } ::= { secyIfEntry 12 } secyIfUseESEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An object indicates to enable the ES bit in security TAG (SecTAG) field while transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17" DEFVAL { false } ::= { secyIfEntry 13 } secyIfUseSCBEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An object indicates to enable the SCB bit in security TAG (SecTAG) field while transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 9.3, 10.5.3, 10.7.17" DEFVAL { false } ::= { secyIfEntry 14 } -- -- Tx SC Management Table -- secyTxSCTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for providing information about the status of each transmitting SC supported by the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.17, 10.7.20" ::= { secyMgmtMIBObjects 2 } secyTxSCEntry OBJECT-TYPE SYNTAX SecyTxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing transmitting SC management information applicable to a particular SecY." INDEX { secyIfInterfaceIndex } ::= { secyTxSCTable 1 } SecyTxSCEntry ::= SEQUENCE { secyTxSCI SecySCI, secyTxSCState INTEGER, secyTxSCEncodingSA RowPointer, secyTxSCEncipheringSA RowPointer, secyTxSCCreatedTime TimeStamp, secyTxSCStartedTime TimeStamp, secyTxSCStoppedTime TimeStamp } secyTxSCI OBJECT-TYPE SYNTAX SecySCI MAX-ACCESS read-only STATUS current DESCRIPTION "The SCI information for transmitting MACsec frames of the transmitting SC in the SecY." REFERENCE "IEEE 802.1AE Clause 7.1.2, 8.2.1, 10.7.1" ::= { secyTxSCEntry 1 } secyTxSCState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the current transmitting SC in the SecY. inUse(1) : means any of SAs for this SC is in use. notInUse(2) : means no SAs for this SC is in use." REFERENCE "IEEE 802.1AE Clause 10.7.20" ::= { secyTxSCEntry 2 } secyTxSCEncodingSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "The current transmitting SA in use. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.5.1, 10.7.20" ::= { secyTxSCEntry 3 } secyTxSCEncipheringSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "The previous transmitting SA in use. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.5.4, 10.7.20" ::= { secyTxSCEntry 4 } secyTxSCCreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC was created." REFERENCE "IEEE 802.1AE Clause 10.7.20" ::= { secyTxSCEntry 5 } secyTxSCStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC last started transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.20" ::= { secyTxSCEntry 6 } secyTxSCStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC last stopped transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.20" ::= { secyTxSCEntry 7 } -- -- Tx SA Management Table -- secyTxSATable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for providing information about the status of each transmitting SA supported by the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyMgmtMIBObjects 3 } secyTxSAEntry OBJECT-TYPE SYNTAX SecyTxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing transmitting SA management information applicable to a particular SA." INDEX { secyIfInterfaceIndex, secyTxSA } ::= { secyTxSATable 1 } SecyTxSAEntry ::= SEQUENCE { secyTxSA SecyAN, secyTxSAState INTEGER, secyTxSANextPN Unsigned32, secyTxSAConfidentiality TruthValue, secyTxSASAKUnchanged TruthValue, secyTxSACreatedTime TimeStamp, secyTxSAStartedTime TimeStamp, secyTxSAStoppedTime TimeStamp } secyTxSA OBJECT-TYPE SYNTAX SecyAN MAX-ACCESS not-accessible STATUS current DESCRIPTION "The association number (AN) for identifying a transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSAEntry 1 } secyTxSAState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current status of the transmitting SA. inUse(1) : means this SA is in use. notInUse(2) : means this SA is not in use." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 2 } secyTxSANextPN OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The next packet number (PN) that will be used in transmitting MACsec frames in the SA." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSAEntry 3 } secyTxSAConfidentiality OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Whether this SA supports the confidentiality as well as integrity function in transmitting frames." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSAEntry 4 } secyTxSASAKUnchanged OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "A reference to an SAK that is unchanged for the life of the transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSAEntry 5 } secyTxSACreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SA was created." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 6 } secyTxSAStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SA last started transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 7 } secyTxSAStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SA last stopped transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 8 } -- -- Rx SC Management Table -- secyRxSCTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for providing information about the status of each receiving SC supported by the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.11" ::= { secyMgmtMIBObjects 4 } secyRxSCEntry OBJECT-TYPE SYNTAX SecyRxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing receiving SC management information applicable to a particular SC." INDEX { secyIfInterfaceIndex, secyRxSCI } ::= { secyRxSCTable 1 } SecyRxSCEntry ::= SEQUENCE { secyRxSCI SecySCI, secyRxSCState INTEGER, secyRxSCCurrentSA RowPointer, secyRxSCCreatedTime TimeStamp, secyRxSCStartedTime TimeStamp, secyRxSCStoppedTime TimeStamp } secyRxSCI OBJECT-TYPE SYNTAX SecySCI MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SCI for identifying the receiving SC in the SecY." REFERENCE "IEEE 802.1AE Clause 10.7.11" ::= { secyRxSCEntry 1 } secyRxSCState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the receiving SC in the SecY. inUse(1) : means any of SAs for this SC is in use. notInUse(2) : means no SAs for this SC is in use." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 2 } secyRxSCCurrentSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "The current receiving association number of the SC in use. The row pointer will point to an entry in the secyRxSATable. If no such information can be identified, the value of this object shall be set to the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.6.1, 10.7.13" ::= { secyRxSCEntry 3 } secyRxSCCreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SC was created." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 4 } secyRxSCStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SC last started receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 5 } secyRxSCStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SC last stopped receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 6 } -- -- Rx SA Management Table -- secyRxSATable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for providing information about the status of each receiving SA supported by the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { secyMgmtMIBObjects 5 } secyRxSAEntry OBJECT-TYPE SYNTAX SecyRxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing receiving SA management information applicable to a particular SA." INDEX { secyIfInterfaceIndex, secyRxSCI, secyRxSA } ::= { secyRxSATable 1 } SecyRxSAEntry ::= SEQUENCE { secyRxSA SecyAN, secyRxSAState INTEGER, secyRxSANextPN Unsigned32, secyRxSASAKUnchanged TruthValue, secyRxSACreatedTime TimeStamp, secyRxSAStartedTime TimeStamp, secyRxSAStoppedTime TimeStamp } secyRxSA OBJECT-TYPE SYNTAX SecyAN MAX-ACCESS not-accessible STATUS current DESCRIPTION "The association number (AN) for identifying a receiving SA." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { secyRxSAEntry 1 } secyRxSAState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state for the receiving SA." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 2 } secyRxSANextPN OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The stored packet number (PN) for replay protection in the SA. If the PN of any receiving frames is less than the value of this object minus the value of secyReplayProtectWindow and secyReplayProtectEnable is true, the receiving frames should be discarded." REFERENCE "IEEE 802.1AE Clause 10.7.14, Clause 10.7.15" ::= { secyRxSAEntry 3 } secyRxSASAKUnchanged OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "A reference to an SAK that is unchanged for the life of the receiving SA." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { secyRxSAEntry 4 } secyRxSACreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SA was created." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 5 } secyRxSAStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SA last started receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 6 } secyRxSAStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SA last stopped receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 7 } -- -- SecY Selectable Cipher Suites -- secyCipherSuiteTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyCipherSuiteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of selectable cipher suites for the MAC security entity. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity." REFERENCE "IEEE 802.1AE Clause 10.7.24" ::= { secyMgmtMIBObjects 6 } secyCipherSuiteEntry OBJECT-TYPE SYNTAX SecyCipherSuiteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the management information for a cipher suite." INDEX { secyCipherSuiteIndex } ::= { secyCipherSuiteTable 1 } SecyCipherSuiteEntry ::= SEQUENCE { secyCipherSuiteIndex Unsigned32, secyCipherSuiteId OCTET STRING, secyCipherSuiteName SnmpAdminString, secyCipherSuiteCapability BITS, secyCipherSuiteProtection BITS, secyCipherSuiteProtectionOffset INTEGER, secyCipherSuiteDataLengthChange TruthValue, secyCipherSuiteICVLength Unsigned32, secyCipherSuiteRowStatus RowStatus } secyCipherSuiteIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index to recognize a Cipher Suite in the system." ::= { secyCipherSuiteEntry 1 } secyCipherSuiteId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (8)) MAX-ACCESS read-create STATUS current DESCRIPTION "The identifier for the cipher suite. This is a global unique 64-bit (EUI-64) identifier." REFERENCE "IEEE 802.1AE Clause 10.7.24" ::= { secyCipherSuiteEntry 2 } secyCipherSuiteName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the cipher suite. If the name is composed of multi-byte characters, the total length must fit within 128 octets." REFERENCE "IEEE 802.1AE Clause 10.7.24" ::= { secyCipherSuiteEntry 3 } secyCipherSuiteCapability OBJECT-TYPE SYNTAX BITS { integrity(0), confidentiality(1), offsetConfidentiality(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The capability of this cipher suite. integrity(0) : integrity protection capability for this cipher suite.. confidentiality(1) : confidentiality protection capability for this cipher suite. offsetConfidentiality(2) : offset confidentiality protection capability for this cipher suite." REFERENCE "IEEE 802.1AE Clause 10.7.24, 10.7.25" ::= { secyCipherSuiteEntry 4 } secyCipherSuiteProtection OBJECT-TYPE SYNTAX BITS { integrity(0), confidentiality(1), offsetConfidentiality(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The protection options of this cipher suite. The options should depend on the object secyCipherSuiteCapability. If the value of secyCipherSuiteCapability is only integerity bit on, users can only choose to turn on integrity bit for this object. If the value of secyCipherSuiteCapability is integrity and confidentiality bits on, users can choose to turn on integrity or confidentiality bits, but if confidentiality bit is on, the integrity bit has to be on. If the value of secyCipherSuiteCapability is integrity and offsetConfidentiality bits on, users can choose to turn on integrity or offsetConfidentiality bits, but if offsetConfidentiality bit is on, the integrity bit has to be on. If the value of secyCipherSuiteCapability is integrity and confidentiality and offsetConfidentiality bits on, users can choose to turn on integrity or confidentiality or offsetConfidentiality bits, but if confidentiality or offsetConfidentiality bits are on, the integrity bit has to be on. integrity(0) : on or off the function of supporting integrity protection for this cipher suite. confidentiality(1) : on or off the function of supporting confidentiality for this cipher suite. offsetConfidentiality(2) : on or off the function of supporting offset confidentiality for this cipher suite." REFERENCE "IEEE 802.1AE Clause 10.7.24, 10.7.25" DEFVAL { { integrity } } ::= { secyCipherSuiteEntry 5 } secyCipherSuiteProtectionOffset OBJECT-TYPE SYNTAX Integer32 (0 | 30 | 50) UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The confidentiality protection offset options of this cipher suite. The options should depend on the choice of secyCipherSuiteProtection. If the value of secyCipherSuiteProtection only turns on integrity bit, users can only choose 0 byte for this object. If the value of secyCipherSuiteProtection only turns on integrity and confidentiality bits, users can only choose 0 byte for this object. If the value of secyCipherSuiteProtection only turns on integrity and offsetConfidentiality bits, users can choose 30 or 50 bytes for this object. If the value of secyCipherSuiteProtection turns on integrity and confidentiality and offsetConfidentiality bits, users can choose 0 or 30 or 50 bytes for this object." REFERENCE "IEEE 802.1AE Clause 10.7.24, 10.7.25" DEFVAL { 0 } ::= { secyCipherSuiteEntry 6 } secyCipherSuiteDataLengthChange OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This indicates whether the data length will be changed after encryption by the cipher suite." REFERENCE "IEEE 802.1AE Clause 10.7.24" ::= { secyCipherSuiteEntry 7 } secyCipherSuiteICVLength OBJECT-TYPE SYNTAX Unsigned32 (8..16) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The length of integrity check value (ICV) field." REFERENCE "IEEE 802.1AE Clause 10.7.24" ::= { secyCipherSuiteEntry 8 } secyCipherSuiteRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The object to create the paramaters for the supported Cipher Suites in the system. If the specified secyCipherSuiteId object information is not supported in the system or the secyCipherSuiteCapability object is not matched the capability of the corresponding specified Cipher Suite in the same entry, the corresponding entry should not be active, i.e., this object should not be ’active’ or ’notInService’." REFERENCE "IEEE 802.1AE Clause 10.7.24" ::= { secyCipherSuiteEntry 9 } -- -- Statistics Information -- -- -- TX SA Statistics Information -- secyTxSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the statistics objects for each transmitting SA in the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyStatsMIBObjects 1 } secyTxSAStatsEntry OBJECT-TYPE SYNTAX SecyTxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry holds the statistics for a transmitting SA. An SA may be reused once a while. When starting using the SA, the counters of the SA should start at 0. When stopping using the SA, the counters will be stopped incrementing. The timestamps of starting and stopping time are recorded in the secyTxSATable." AUGMENTS { secyTxSAEntry } ::= { secyTxSAStatsTable 1 } SecyTxSAStatsEntry ::= SEQUENCE { secyTxSAStatsProtectedPkts Counter32, secyTxSAStatsEncryptedPkts Counter32 } secyTxSAStatsProtectedPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected but not encrypted packets for this transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyTxSAStatsEntry 1 } secyTxSAStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected and encrypted packets for this transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyTxSAStatsEntry 2 } -- -- TX SC Statistics Information -- secyTxSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains statistics information for each transmitting SC in the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.18, 10.7.19, figure 10.4" ::= { secyStatsMIBObjects 2 } secyTxSCStatsEntry OBJECT-TYPE SYNTAX SecyTxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry contains the counters of a transmitting SC. Since some counters in the transmitting SA will be reset while the SA is reused, in order to maintain complete statistics information for the SC, the counters information on the SAs need to be kept in the SC. Those counters that may be reset are : secyTxSAStatsProtectedPkts, secyTxSAStatsEncryptedPkts Each counter for a SC is in the summation of the corresponding counter information for all the SAs, current and prior SAs, belonging to this SC." AUGMENTS { secyTxSCEntry } ::= { secyTxSCStatsTable 1 } SecyTxSCStatsEntry ::= SEQUENCE { secyTxSCStatsProtectedPkts Counter64, secyTxSCStatsEncryptedPkts Counter64, secyTxSCStatsOctetsProtected Counter64, secyTxSCStatsOctetsEncrypted Counter64 } secyTxSCStatsProtectedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected but not encrypted packets for this transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyTxSCStatsEntry 1 } secyTxSCStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected and encrypted packets for this transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyTxSCStatsEntry 4 } secyTxSCStatsOctetsProtected OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of plain text octets that are integrity protected but not encrypted on the transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.19, figure 10.4" ::= { secyTxSCStatsEntry 10 } secyTxSCStatsOctetsEncrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of plain text octets that are integrity protected and encrypted on the transmitting SC." REFERENCE "IEEE 802.1AE Clause 10.7.19, figure 10.4" ::= { secyTxSCStatsEntry 11 } -- -- RX SA Statistics Information -- secyRxSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the statistics objects for each receiving SA in the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyStatsMIBObjects 3 } secyRxSAStatsEntry OBJECT-TYPE SYNTAX SecyRxSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry holds the statistics for a receiving SA. An SA may be reused once a while. When starting using the SA, the counters of the SA should start at 0. When stopping using the SA, the counters will be stopped incrementing. The timestamps of starting and stopping time are recorded in the secyRxSATable." AUGMENTS { secyRxSAEntry } ::= { secyRxSAStatsTable 1 } SecyRxSAStatsEntry ::= SEQUENCE { secyRxSAStatsUnusedSAPkts Counter32, secyRxSAStatsNoUsingSAPkts Counter32, secyRxSAStatsNotValidPkts Counter32, secyRxSAStatsInvalidPkts Counter32, secyRxSAStatsOKPkts Counter32 } secyRxSAStatsUnusedSAPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SA which is not currently in use, the number of received, unencrypted, packets with secyValidateFrames not in the strict mode." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSAStatsEntry 1 } secyRxSAStatsNoUsingSAPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SA which is not currently in use, the number of received packets that have been discarded, and have either the packets encrypted or the secyValidateFrames set to strict mode." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSAStatsEntry 4 } secyRxSAStatsNotValidPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SA, the number discarded packets with the condition that the packets are not valid and one of the following conditions are true: either secyValidateFrames in strict mode or the packets encrypted." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSAStatsEntry 13 } secyRxSAStatsInvalidPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SA, the number of packets with the condition that the packets are not valid and secyValidateFrames is in check mode." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSAStatsEntry 16 } secyRxSAStatsOKPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SA, the number of validated packets." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSAStatsEntry 25 } -- -- RX SC Statistics Information -- secyRxSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for the statistics information of each receiving SC supported by the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.9, 10.7.10, figure 10.5" ::= { secyStatsMIBObjects 4 } secyRxSCStatsEntry OBJECT-TYPE SYNTAX SecyRxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry contains the counters of a receiving SC. Since some counters in the receiving SA will be reset while the SA is reused, in order to maintain complete statistics information for the SC, the counters information on the SAs need to be kept in the SC. Those counters that may be reset are : secyRxSAStatsUnusedSAPkts, secyRxSAStatsNoUsingSAPkts, secyRxSAStatsNotValidPkts, secyRxSAStatsInvalidPkts, secyRxSAStatsOKPkts Each counter for a SC is in the summation of the corresponding counter information for all the SAs, current and prior SAs, belonging to this SC." AUGMENTS { secyRxSCEntry } ::= { secyRxSCStatsTable 1 } SecyRxSCStatsEntry ::= SEQUENCE { secyRxSCStatsUnusedSAPkts Counter64, secyRxSCStatsNoUsingSAPkts Counter64, secyRxSCStatsLatePkts Counter64, secyRxSCStatsNotValidPkts Counter64, secyRxSCStatsInvalidPkts Counter64, secyRxSCStatsDelayedPkts Counter64, secyRxSCStatsUncheckedPkts Counter64, secyRxSCStatsOKPkts Counter64, secyRxSCStatsOctetsValidated Counter64, secyRxSCStatsOctetsDecrypted Counter64 } secyRxSCStatsUnusedSAPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The summation of counter secyRxSAStatsUnusedSAPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsUnusedSAPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 1 } secyRxSCStatsNoUsingSAPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The summation of counter secyRxSAStatsNoUsingSAPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsNoUsingSAPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 2 } secyRxSCStatsLatePkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SC, the number of received packets that have been discarded with the condition : secyReplayProtect is equal to true and the PN of the packet is lower than the lower bound replay check PN." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 3 } secyRxSCStatsNotValidPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The summation of counter secyRxSAStatsNotValidPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsNotValidPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 4 } secyRxSCStatsInvalidPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The summation of counter secyRxSAStatsInvalidPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsInvalidPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 5 } secyRxSCStatsDelayedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SC, the number of packets with the condition that the PN of the packets is lower than the lower bound replay protection PN." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 6 } secyRxSCStatsUncheckedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "For this SC, the number of packets with the following condition: -secyValidateFrames is disabled or -secyValidateFrames is not disabled and the packet is not encrypted and the integrity check has failed or -secyValidateFrames is not disable and the packet is encrypted and integrity check has failed." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 7 } secyRxSCStatsOKPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The summation of counter secyRxSAStatsOKPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsOKPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, figure 10.5" ::= { secyRxSCStatsEntry 8 } secyRxSCStatsOctetsValidated OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets of plaintext recovered from received packets that were integrity protected but not encrypted." REFERENCE "IEEE 802.1AE Clause 10.7.10, figure 10.5" ::= { secyRxSCStatsEntry 9 } secyRxSCStatsOctetsDecrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets of plaintext recovered from received packets that were integrity protected and encrypted." REFERENCE "IEEE 802.1AE Clause 10.7.10, figure 10.5" ::= { secyRxSCStatsEntry 10 } -- -- SecY statistics table -- secyStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for the statistics information of each SecY supported by the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.9, 10.7.18, figure 10.4, 10.5" ::= { secyStatsMIBObjects 5 } secyStatsEntry OBJECT-TYPE SYNTAX SecyStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing counters for statistics or diagnosis for a SecY." AUGMENTS { secyIfEntry } ::= { secyStatsTable 1 } SecyStatsEntry ::= SEQUENCE { secyStatsTxUntaggedPkts Counter64, secyStatsTxTooLongPkts Counter64, secyStatsRxUntaggedPkts Counter64, secyStatsRxNoTagPkts Counter64, secyStatsRxBadTagPkts Counter64, secyStatsRxUnknownSCIPkts Counter64, secyStatsRxNoSCIPkts Counter64, secyStatsRxOverrunPkts Counter64 } secyStatsTxUntaggedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transmitted packets without the MAC security tag (SecTAG) because secyProtectFramesEnable is configured as false." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyStatsEntry 1 } secyStatsTxTooLongPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transmitted packets discarded because the packet length is greater than the ifMtu of the Common Port interface." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10.4" ::= { secyStatsEntry 2 } secyStatsRxUntaggedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets without the MAC security tag (SecTAG) with secyValidateFrames which is not in the strict mode." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { secyStatsEntry 3 } secyStatsRxNoTagPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets discarded without the MAC security tag (SecTAG) with secyValidateFrames which is in the strict mode." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { secyStatsEntry 4 } secyStatsRxBadTagPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets discarded with an invalid SecTAG or a zero value PN or an invalid ICV." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { secyStatsEntry 5 } secyStatsRxUnknownSCIPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets with unknown SCI with the condition : secyValidateFrames is not in the strict mode and the C bit in the SecTAG is not set." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { secyStatsEntry 6 } secyStatsRxNoSCIPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets discarded with unknown SCI information with the condition : secyValidateFrames is in the strict mode or the C bit in the SecTAG is set." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { secyStatsEntry 7 } secyStatsRxOverrunPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded because the number of received packets exceeded the cryptographic performance capabilities." REFERENCE "IEEE 802.1AE Clause 10.7.9 , figure 10.5" ::= { secyStatsEntry 8 } -- -- Conformance -- secyMIBCompliances OBJECT IDENTIFIER ::= { secyMIBConformance 1 } secyMIBGroups OBJECT IDENTIFIER ::= { secyMIBConformance 2 } -- Compliance secyMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the IEEE8021-SECY-MIB." MODULE -- this module MANDATORY-GROUPS { secyIfCtrlGroup, secyTxSCGroup, secyTxSAGroup, secyRxSCGroup, secyRxSAGroup, secyCipherSuiteGroup, secyTxSAStatsGroup, secyTxSCStatsGroup, secyRxSAStatsGroup, secyRxSCStatsGroup, secyStatsGroup } OBJECT secyIfCurrentCipherSuite MIN-ACCESS read-only DESCRIPTION "write access is not required. This may be read-only." OBJECT secyCipherSuiteId MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteName MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteCapability MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteProtection MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteProtectionOffset MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteDataLengthChange MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteICVLength MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." OBJECT secyCipherSuiteRowStatus MIN-ACCESS read-only DESCRIPTION "read-create access is not required. This may be read-only." ::= { secyMIBCompliances 1 } -- Units of Conformance secyIfCtrlGroup OBJECT-GROUP OBJECTS { secyIfMaxPeerSCs, secyIfRxMaxKeys, secyIfTxMaxKeys, secyIfProtectFramesEnable, secyIfValidateFrames, secyIfReplayProtectEnable, secyIfReplayProtectWindow, secyIfCurrentCipherSuite, secyIfAdminPt2PtMAC, secyIfOperPt2PtMAC, secyIfIncludeSCIEnable, secyIfUseESEnable, secyIfUseSCBEnable } STATUS current DESCRIPTION "A collection of objects providing a SecY control management information." ::= { secyMIBGroups 1 } secyTxSCGroup OBJECT-GROUP OBJECTS { secyTxSCI, secyTxSCState, secyTxSCEncodingSA, secyTxSCEncipheringSA, secyTxSCCreatedTime, secyTxSCStartedTime, secyTxSCStoppedTime } STATUS current DESCRIPTION "A collection of objects providing a transmitting SC control management information." ::= { secyMIBGroups 2 } secyTxSAGroup OBJECT-GROUP OBJECTS { secyTxSAState, secyTxSANextPN, secyTxSAConfidentiality, secyTxSASAKUnchanged, secyTxSACreatedTime, secyTxSAStartedTime, secyTxSAStoppedTime } STATUS current DESCRIPTION "A collection of objects providing a transmitting SA control management information." ::= { secyMIBGroups 3 } secyRxSCGroup OBJECT-GROUP OBJECTS { secyRxSCState, secyRxSCCurrentSA, secyRxSCCreatedTime, secyRxSCStartedTime, secyRxSCStoppedTime } STATUS current DESCRIPTION "A collection of objects providing a receiving SC control management information." ::= { secyMIBGroups 4 } secyRxSAGroup OBJECT-GROUP OBJECTS { secyRxSAState, secyRxSANextPN, secyRxSASAKUnchanged, secyRxSACreatedTime, secyRxSAStartedTime, secyRxSAStoppedTime } STATUS current DESCRIPTION "A collection of objects providing a receiving SA control management information." ::= { secyMIBGroups 5 } secyCipherSuiteGroup OBJECT-GROUP OBJECTS { secyCipherSuiteId, secyCipherSuiteName, secyCipherSuiteCapability, secyCipherSuiteProtection, secyCipherSuiteProtectionOffset, secyCipherSuiteDataLengthChange, secyCipherSuiteICVLength, secyCipherSuiteRowStatus } STATUS current DESCRIPTION "A collection of objects providing a cipher suite information." ::= { secyMIBGroups 6 } secyTxSAStatsGroup OBJECT-GROUP OBJECTS { secyTxSAStatsProtectedPkts, secyTxSAStatsEncryptedPkts } STATUS current DESCRIPTION "A collection of objects providing a transmitting SA statistics information." ::= { secyMIBGroups 7 } secyRxSAStatsGroup OBJECT-GROUP OBJECTS { secyRxSAStatsUnusedSAPkts, secyRxSAStatsNoUsingSAPkts, secyRxSAStatsNotValidPkts, secyRxSAStatsInvalidPkts, secyRxSAStatsOKPkts } STATUS current DESCRIPTION "A collection of objects providing a receiving SA statistics information." ::= { secyMIBGroups 8 } secyTxSCStatsGroup OBJECT-GROUP OBJECTS { secyTxSCStatsProtectedPkts, secyTxSCStatsEncryptedPkts, secyTxSCStatsOctetsProtected, secyTxSCStatsOctetsEncrypted } STATUS current DESCRIPTION "A collection of objects providing a transmitting SC statistics information." ::= { secyMIBGroups 9 } secyRxSCStatsGroup OBJECT-GROUP OBJECTS { secyRxSCStatsUnusedSAPkts, secyRxSCStatsNoUsingSAPkts, secyRxSCStatsLatePkts, secyRxSCStatsNotValidPkts, secyRxSCStatsInvalidPkts, secyRxSCStatsDelayedPkts, secyRxSCStatsUncheckedPkts, secyRxSCStatsOKPkts, secyRxSCStatsOctetsValidated, secyRxSCStatsOctetsDecrypted } STATUS current DESCRIPTION "A collection of objects providing a receiving SC statistics information." ::= { secyMIBGroups 10 } secyStatsGroup OBJECT-GROUP OBJECTS { secyStatsTxUntaggedPkts, secyStatsTxTooLongPkts, secyStatsRxUntaggedPkts, secyStatsRxNoTagPkts, secyStatsRxBadTagPkts, secyStatsRxUnknownSCIPkts, secyStatsRxNoSCIPkts, secyStatsRxOverrunPkts } STATUS current DESCRIPTION "A collection of objects providing a SecY statistics information." ::= { secyMIBGroups 11 } END