-- ***************************************************************** -- IEEE8021-SECY-MIB -- -- Definitions of managed objects supporting IEEE 802.1AE MACsec. -- ***************************************************************** IEEE8021-SECY-MIB DEFINITIONS ::= BEGIN -- ----------------------------------------------------------------- -- IEEEE802.1AE MIB -- ----------------------------------------------------------------- IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32, Counter64 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowPointer, TimeStamp, TruthValue, RowStatus FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InterfaceIndex, ifCounterDiscontinuityGroup FROM IF-MIB ; ieee8021SecyMIB MODULE-IDENTITY LAST-UPDATED "201712071816Z" ORGANIZATION "IEEE 802.1 Working Group" CONTACT-INFO "WG-URL: http://www.ieee802.org/1 WG-EMail: stds-802-1-L@ieee.org Contact: IEEE 802.1 Working Group Chair Postal: C/O IEEE 802.1 Working Group IEEE Standards Association 445 Hoes Lane P.O. Box 1331 Piscataway NJ 08855-1331 USA E-mail: STDS-802-1-L@IEEE.ORG" DESCRIPTION "The MAC security entity (SecY) MIB module. A SecY is a protocol shim providing MAC Security (MACsec) in an interface stack. Each SecY transmits MACsec protected frames on one or more Secure Channels (SCs) to each of the other SecYs attached to the same LAN and participating in the same Secure Connectivity Association (CA). The CA is a security relationship, that is established and maintained by key agreement protocols and supported by MACsec to provide full connectivity between its participants. Each SC provides unidirectional point to multipoint connectivity from one participant to all the others and is supported by a succession of similarly point to multipoint Secure Associations (SAs). The Secure Association Key (SAK) used to protect frames is changed as an SA is replaced by its (overlapping) successor so fresh keys can be used without disrupting a long lived SC and CA. Two different upper interfaces, a Controlled Port (for frames protected by MACsec, providing an instance of the secure MAC service) and an Uncontrolled Port (for frames not requiring protection, like the key agreement frames used to establish the CA and distribute keys) are associated with a SecY shim. For each instance of a SecY two ifTable rows (one for each interface) run on top of an ifTable row representing the 'Common Port' interface, such as a row with ifType ='ethernetCsmacd(6)'. ___________________________________________________________________ | | | | Controlled Port Interface | Uncontrolled Port Interface | | (ifEntry = j,ifType = | (ifEntry = k, ifType = | | macSecControlledIF(231)) | macSecUncontrolledIF(232)) | |________________________________________________________________| | | | Physical Interface | | (ifEntry = i) | | (ifType = ethernetCsmacd(6)) | |________________________________________________________________| Example MACsec Interface Stack. i, j, k are ifIndexes each indicating a row in the ifTable. " REVISION "201712071816Z" DESCRIPTION "Published as part of IEEE Std 802.1AE-2018. Updated CONTACT-INFO." REVISION "201605102049Z" DESCRIPTION "Updated by the IEEE Std 802.1AEcg amendment. Object DESCRIPTIONs and references aligned with text of the standard (including prior amendments). IEEE 802.1AEcg Annex G details changes. The initial version of this ieee8021SecyMIB used the object name prefix 'secy' rather than 'ieee8021secy' (recommended by RFC 4181). The 'secy' prefix has been retained in this revision for for backwards compatibility and internal consistency." REVISION "200601100000Z" DESCRIPTION "Initial version of this MIB in IEEE 802.1AE-2006" ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1) ieee802dot1mibs(1) 3 } secyMIBNotifications OBJECT IDENTIFIER ::= { ieee8021SecyMIB 0 } secyMIBObjects OBJECT IDENTIFIER ::= { ieee8021SecyMIB 1 } secyMIBConformance OBJECT IDENTIFIER ::= { ieee8021SecyMIB 2 } -- -- Textual Conventions -- SecySCI ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Textual convention for a Secure Channel Identifier (SCI). Each SC is identified by an SCI comprising a 48-bit MAC Address, allocated to the transmitting system and a 16-bit Port Identifier." REFERENCE "IEEE 802.1AE Clause 7.1.2 and figure 7.7" SYNTAX OCTET STRING (SIZE (8)) SecyAN ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "Textual convention for an Association Number (AN). Each SC is comprised of a succession of SAs, each with a different SAK, identified by a Secure Association Identifier (SAI) comprising an SCI concatenated with a two-bit AN. The SAI is unique for SAs used by SecYs participating in a given CA at any instant." REFERENCE "IEEE 802.1AE Clause 7.1.3, Figure 7.7" SYNTAX Unsigned32 (0..3) secyMgmtMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 1 } secyStatsMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 2 } -- -- SecY Interface Management Table -- secyIfTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table with an entry for each service interface in this system with MAC Security capability, i.e. for each SecY. The configured value of writable objects in each table entry shall be stored in persistent memory and remain unchanged across a re-initialization of the system's management entity." REFERENCE "IEEE 802.1AE Clause 10.7, Table 13-1" ::= { secyMgmtMIBObjects 1 } secyIfEntry OBJECT-TYPE SYNTAX SecyIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table entry with service information for a particular SecY." INDEX { secyIfInterfaceIndex } ::= { secyIfTable 1 } SecyIfEntry ::= SEQUENCE { secyIfInterfaceIndex InterfaceIndex, secyIfMaxPeerSCs Unsigned32, secyIfRxMaxKeys Unsigned32, secyIfTxMaxKeys Unsigned32, secyIfProtectFramesEnable TruthValue, secyIfValidateFrames INTEGER, secyIfReplayProtectEnable TruthValue, secyIfReplayProtectWindow Unsigned32, secyIfCurrentCipherSuite Unsigned32, secyIfAdminPt2PtMAC INTEGER, secyIfOperPt2PtMAC TruthValue, secyIfIncludeSCIEnable TruthValue, secyIfUseESEnable TruthValue, secyIfUseSCBEnable TruthValue, secyIfSCI SecySCI, -- 802.1AEcg secyIfIncludingSCI TruthValue, -- 802.1AEcg secyIfMaxTSCs Unsigned32 -- 802.1AEcg } secyIfInterfaceIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "An interface index, aligned with ifIndex in the ifTable, pointing to the SecY's Controlled Port." REFERENCE "IEEE 802.1AE Clause 10.1" ::= { secyIfEntry 1 } secyIfMaxPeerSCs OBJECT-TYPE SYNTAX Unsigned32 UNITS "security connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of peer SCs for this SecY." REFERENCE "IEEE 802.1AE Clause 10.7.7" ::= { secyIfEntry 2 } secyIfRxMaxKeys OBJECT-TYPE SYNTAX Unsigned32 UNITS "keys" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of keys in simultaneous use for reception for this SecY." REFERENCE "IEEE 802.1AE Clause 10.7.7" ::= { secyIfEntry 3 } secyIfTxMaxKeys OBJECT-TYPE SYNTAX Unsigned32 UNITS "keys" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of keys in simultaneous use for transmission for this SecY." REFERENCE "IEEE 802.1AE Clause 10.7.16" ::= { secyIfEntry 4 } secyIfProtectFramesEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables protection of transmitted frames." REFERENCE "IEEE 802.1AE Clause 10.7.17, Figure 10-3" DEFVAL { true } ::= { secyIfEntry 5 } secyIfValidateFrames OBJECT-TYPE SYNTAX INTEGER { disabled(1), check(2), strict(3), null(4) -- 802.1AEcg } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls validation of received frames. disabled(1) : disable validation, remove SecTAGs and ICVs (if present) from received frames. check(2) : enable validation, do not discard invalid frames. strict(3) : enable validation and discard invalid frames. null(4) : no processing, do not remove SecTAGs or ICVs." REFERENCE "IEEE 802.1AE Clause 10.7.8, Figure 10-4" DEFVAL { strict } ::= { secyIfEntry 6 } secyIfReplayProtectEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables replay protection." REFERENCE "IEEE 802.1AE Clause 10.7.8, Figure 10-4" DEFVAL { true } ::= { secyIfEntry 7 } secyIfReplayProtectWindow OBJECT-TYPE SYNTAX Unsigned32 UNITS "Packets" MAX-ACCESS read-write STATUS current DESCRIPTION "The replay protection window size." REFERENCE "IEEE 802.1AE Clause 10.7.8, Figure 10-4" DEFVAL { 0 } ::= { secyIfEntry 8 } secyIfCurrentCipherSuite OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The Cipher Suite currently used by this SecY, identified by the secyCipherSuiteTable entry index. Should be read-only if secyIfCipherTable implemented." REFERENCE "IEEE 802.1AE Clause 10.7.25" ::= { secyIfEntry 9 } secyIfAdminPt2PtMAC OBJECT-TYPE SYNTAX INTEGER { forceTrue(1), forceFalse(2), auto(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the value of operPointToPointMAC (secyOperPt2PtMAC) reported to the user(s) of this SecY's Controlled Port. forceTrue(1) : operPointToPointMAC is True, regardless of the configuration and status of the SecY. forceFalse(2) : operPointToPointMAC is False, regardless of the configuration and status of the SecY. auto(3) : OperPointMAC is True if secyIfvalidateFrames is strict and reception is from at most one peer SecY, or if secyIfvalidateFrames is not strict and operPointToPointMAC is True for the Common Port, and is False otherwise." REFERENCE "IEEE 802.1AE Clause 6.5, 10.7.4" DEFVAL { auto } ::= { secyIfEntry 10 } secyIfOperPt2PtMAC OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Reflects the current service connectivity to be assumed by the user(s) of the SecY's Controlled Port. true(1) : connectivity is to at most one other system. false(2) : connectivity is to one or more other systems." REFERENCE "IEEE 802.1AE Clause 6.5, 10.7.4" ::= { secyIfEntry 11 } secyIfIncludeSCIEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Mandates inclusion of an explicit SCI in the SecTAG when transmitting protected frames." REFERENCE "IEEE 802.1AE Clause 10.5.3 alwaysIncludeSCI, 10.7.17" DEFVAL { false } ::= { secyIfEntry 12 } secyIfUseESEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables use of the ES bit in the SecTAG when transmitting protected frames." REFERENCE "IEEE 802.1AE Clause 10.5.3 useES, 10.7.17" DEFVAL { false } ::= { secyIfEntry 13 } secyIfUseSCBEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables use of the SCB bit in the SecTAG when transmitting protected frames." REFERENCE "IEEE 802.1AE Clause 10.5.3 useSCB, 10.7.17" DEFVAL { false } ::= { secyIfEntry 14 } secyIfSCI OBJECT-TYPE SYNTAX SecySCI MAX-ACCESS read-only STATUS current DESCRIPTION "The SCI for the SecY's default traffic class." REFERENCE "IEEE 802.1AE Clause 7.1.2, 10.7.1" ::= { secyIfEntry 15 } secyIfIncludingSCI OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if an explicit SCI is included in the SecTAG when transmitting protected frames." REFERENCE "IEEE 802.1AE Clause 10.5.3 includingSCI, 10.7.17" DEFVAL { false } ::= { secyIfEntry 16 } secyIfMaxTSCs OBJECT-TYPE SYNTAX Unsigned32 UNITS "security connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of transmit SCs for this SecY." REFERENCE "IEEE 802.1AE Clause 10.7.16" ::= { secyIfEntry 17 } -- -- Tx SC Management Table : systems not supporting traffic class SCs -- secyTxSCTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table with an entry for each SecY's transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.17, 10.7.20, Table 13-2" ::= { secyMgmtMIBObjects 2 } secyTxSCEntry OBJECT-TYPE SYNTAX SecyTxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry with transmit SC information for a SecY." INDEX { secyIfInterfaceIndex } ::= { secyTxSCTable 1 } SecyTxSCEntry ::= SEQUENCE { secyTxSCI SecySCI, secyTxSCState INTEGER, secyTxSCEncodingSA RowPointer, secyTxSCEncipheringSA RowPointer, -- deprecated secyTxSCCreatedTime TimeStamp, secyTxSCStartedTime TimeStamp, secyTxSCStoppedTime TimeStamp } secyTxSCI OBJECT-TYPE SYNTAX SecySCI MAX-ACCESS read-only STATUS current DESCRIPTION "The SCI for the SecY's transmit SC." REFERENCE "IEEE 802.1AE Clause 7.1.2, 10.7.1" ::= { secyTxSCEntry 1 } secyTxSCState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The transmitting state of the SecY's transmit SC. inUse(1) : one or more SAs are in use. notInUse(2) : no SAs are in use." REFERENCE "IEEE 802.1AE Clause 10.7.21 transmitting, 10.7.23" ::= { secyTxSCEntry 2 } secyTxSCEncodingSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "The SA currently used to encode the SecTAG for frames awaiting transmission. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.5.1, 10.7.21" ::= { secyTxSCEntry 3 } secyTxSCEncipheringSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The SA currently used to encipher frames for transmission. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.5.4" ::= { secyTxSCEntry 4 } secyTxSCCreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC was created." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSCEntry 5 } secyTxSCStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC last started transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSCEntry 6 } secyTxSCStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC last stopped transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTxSCEntry 7 } -- -- Traffic Class capable transmit SC Management Table : 802.1AEcg -- secyTSCTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of entries for each SecY's traffic class SCs." REFERENCE "IEEE 802.1AE Clause 7.1.2, 10.7.17, 10.7.20" ::= { secyMgmtMIBObjects 10 } secyTSCEntry OBJECT-TYPE SYNTAX SecyTSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry with transmit SC information for one of the system's SecYs and one of its traffic classes." INDEX { secyIfInterfaceIndex, secyTSCI } ::= { secyTSCTable 1 } SecyTSCEntry ::= SEQUENCE { secyTSCI SecySCI, secyTSCState INTEGER, secyTSCEncodingSA RowPointer, secyTSCCreatedTime TimeStamp, secyTSCStartedTime TimeStamp, secyTSCStoppedTime TimeStamp } secyTSCI OBJECT-TYPE SYNTAX SecySCI MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SCI for the transmit SC for this SecY and traffic class." REFERENCE "IEEE 802.1AE Clause 7.1.2, 10.7.17, 10.7.20" ::= { secyTSCEntry 1 } secyTSCState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the transmit SC for this SecY and traffic class. inUse(1) : one or more SAs for the traffic class SC are in use. notInUse(2) : no SAs for the traffic class SC are in use." REFERENCE "IEEE 802.1AE Clause 10.7.20" ::= { secyTSCEntry 2 } secyTSCEncodingSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "The SA currently used to encode the SecTAG for frames awaiting transmission. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.5.1, 10.7.21" ::= { secyTSCEntry 3 } secyTSCCreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC was created." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTSCEntry 4 } secyTSCStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC last started transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTSCEntry 5 } secyTSCStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmitting SC last stopped transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.21" ::= { secyTSCEntry 6 } -- -- Tx SA Management Table : systems not supporting traffic class SCs -- secyTxSATable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table with an entry for each transmit SA for each of the system's SecYs." REFERENCE "IEEE 802.1AE Clause 10.7.22, Table 13-2" ::= { secyMgmtMIBObjects 3 } secyTxSAEntry OBJECT-TYPE SYNTAX SecyTxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry for a transmit SA." INDEX { secyIfInterfaceIndex, secyTxSA } ::= { secyTxSATable 1 } SecyTxSAEntry ::= SEQUENCE { secyTxSA SecyAN, secyTxSAState INTEGER, secyTxSANextPN Unsigned32, secyTxSAConfidentiality TruthValue, secyTxSASAKUnchanged TruthValue, -- deprecated secyTxSACreatedTime TimeStamp, secyTxSAStartedTime TimeStamp, secyTxSAStoppedTime TimeStamp } secyTxSA OBJECT-TYPE SYNTAX SecyAN MAX-ACCESS not-accessible STATUS current DESCRIPTION "The association number (AN) for this transmit SA." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 1 } secyTxSAState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current status of the transmitting SA. inUse(1) : this SA is in use. notInUse(2) : this SA is not in use." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 2 } secyTxSANextPN OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The next packet number (PN) for this SA." REFERENCE "IEEE 802.1AE Clause 10.5, 10.7.23" ::= { secyTxSAEntry 3 } secyTxSAConfidentiality OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the SA provides confidentiality as well as integrity for transmitted frames." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTxSAEntry 4 } secyTxSASAKUnchanged OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "A reference to an SAK that is unchanged for the life of the transmitting SA." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTxSAEntry 5 } secyTxSACreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmit SA was created." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTxSAEntry 6 } secyTxSAStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmit SA last started transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTxSAEntry 7 } secyTxSAStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmit SA last stopped transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTxSAEntry 8 } -- -- Traffic Class capable transmit SA Management Table : 802.1AEcg -- secyTSATable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table with an entry for each transmit SA for each of the system's SecYs." REFERENCE "IEEE 802.1AE Clause 10.7.22, Table 13-2" ::= { secyMgmtMIBObjects 11 } secyTSAEntry OBJECT-TYPE SYNTAX SecyTSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry for a transmit SA." INDEX { secyIfInterfaceIndex, secyTSCI, secyTSA } ::= { secyTSATable 1 } SecyTSAEntry ::= SEQUENCE { secyTSA SecyAN, secyTSAState INTEGER, secyTSANextXPN Counter64, secyTSAConfidentiality TruthValue, secyTSAKeyIdentifier SnmpAdminString, secyTSASSCI Integer32, secyTSACreatedTime TimeStamp, secyTSAStartedTime TimeStamp, secyTSAStoppedTime TimeStamp } secyTSA OBJECT-TYPE SYNTAX SecyAN MAX-ACCESS not-accessible STATUS current DESCRIPTION "The association number (AN) for this transmit SA." REFERENCE "IEEE 802.1AE Clause 10.7.22" ::= { secyTSAEntry 1 } secyTSAState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current status of the transmit SA. inUse(1) : this SA is in use. notInUse(2) : this SA is not in use." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 2 } secyTSANextXPN OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The next packet number (PN) for this SA." REFERENCE "IEEE 802.1AE Clause 10.5, 10.7.23" ::= { secyTSAEntry 3 } secyTSAConfidentiality OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the SA provides confidentiality as well as integrity for transmitted frames." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 4 } secyTSAKeyIdentifier OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The Key Identifier (KI) for the SAK for this SA." REFERENCE "IEEE 802.1X, IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 5 } secyTSASSCI OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The SSCI for this SA, 0 if an XPN Cipher Suite is not being used." REFERENCE "IEEE 802.1X, IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 6 } secyTSACreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmit SA was created." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 7 } secyTSAStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmit SA last started transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 8 } secyTSAStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this transmit SA last stopped transmitting MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.23" ::= { secyTSAEntry 9 } -- -- Rx SC Management Table -- secyRxSCTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for the system's SecY's receive SCs." REFERENCE "IEEE 802.1AE Clause 10.7.11, Table 13-2" ::= { secyMgmtMIBObjects 4 } secyRxSCEntry OBJECT-TYPE SYNTAX SecyRxSCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry for one of the SCs used by one of the system's SecY's to receive protected frames." INDEX { secyIfInterfaceIndex, secyRxSCI } ::= { secyRxSCTable 1 } SecyRxSCEntry ::= SEQUENCE { secyRxSCI SecySCI, secyRxSCState INTEGER, secyRxSCCurrentSA RowPointer, secyRxSCCreatedTime TimeStamp, secyRxSCStartedTime TimeStamp, secyRxSCStoppedTime TimeStamp } secyRxSCI OBJECT-TYPE SYNTAX SecySCI MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SCI for the receive SC." REFERENCE "IEEE 802.1AE Clause 10.7.11" ::= { secyRxSCEntry 1 } secyRxSCState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the receive SC. inUse(1) : one or more SAs for this SC are in use. notInUse(2) : no SAs for this SC is in use." REFERENCE "IEEE 802.1AE Clause 10.7.12 receiving, 10.7.14 inUse, 10.7.15" ::= { secyRxSCEntry 2 } secyRxSCCurrentSA OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The current receiving association number of the SC in use. The row pointer will point to an entry in the secyRxSATable. If no such information can be identified, the value of this object shall be the OBJECT IDENTIFIER { 0 0 }." REFERENCE "IEEE 802.1AE Clause 10.6.1, 10.7.13" ::= { secyRxSCEntry 3 } secyRxSCCreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SC was created." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 4 } secyRxSCStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SC last started receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 5 } secyRxSCStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SC last stopped receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.12" ::= { secyRxSCEntry 6 } -- -- Rx SA Management Table -- secyRxSATable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table with entries for the system's receive SAs." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { secyMgmtMIBObjects 5 } secyRxSAEntry OBJECT-TYPE SYNTAX SecyRxSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry for one of the SAs used by one of the system's SecY's to receive protected frames." INDEX { secyIfInterfaceIndex, secyRxSCI, secyRxSA } ::= { secyRxSATable 1 } SecyRxSAEntry ::= SEQUENCE { secyRxSA SecyAN, secyRxSAState INTEGER, secyRxSANextPN Unsigned32, secyRxSASAKUnchanged TruthValue, secyRxSACreatedTime TimeStamp, secyRxSAStartedTime TimeStamp, secyRxSAStoppedTime TimeStamp, secyRxSANextXPN Counter64, -- 802.1AEcg secyRxSALowestXPN Counter64, -- 802.1AEcg secyRxSAKeyIdentifier SnmpAdminString, -- 802.1AEcg secyRxSASSCI Integer32 -- 802.1AEcg } secyRxSA OBJECT-TYPE SYNTAX SecyAN MAX-ACCESS not-accessible STATUS current DESCRIPTION "The association number (AN) for this receive SA." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { secyRxSAEntry 1 } secyRxSAState OBJECT-TYPE SYNTAX INTEGER { inUse(1), notInUse(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state for this receive SA." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 2 } secyRxSANextPN OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS deprecated -- 802.1AEcg DESCRIPTION "One more than the highest PN conveyed in the SecTAG of a frame received on this SA that has been successfully validated (if validateFrames has not been disabled). Deprecated: use secyRxSANextXPN for both 32-bit PN and 64-bit XPN PN values. If this object is implemented and an XPN Cipher Suite is used, it contains the lowest 32-bits of the XPN." REFERENCE "IEEE 802.1AE Clause 10.6.5, 10.7.14, Figure 10-4" ::= { secyRxSAEntry 3 } secyRxSASAKUnchanged OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "A reference to an SAK that is unchanged for the life of the receiving SA." REFERENCE "IEEE 802.1AE Clause 10.7.13" ::= { secyRxSAEntry 4 } secyRxSACreatedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SA was created." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 5 } secyRxSAStartedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SA last started receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 6 } secyRxSAStoppedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The system time when this receiving SA last stopped receiving MACsec frames." REFERENCE "IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 7 } secyRxSANextXPN OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "One more than the highest PN conveyed in the SecTAG of successfully validates frames received on this SA." REFERENCE "IEEE 802.1AE Clause 10.6.5, 10.7.14, Figure 10-4" ::= { secyRxSAEntry 8 } secyRxSALowestXPN OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The lowest acceptable packet number. A received frame with a lower PN is discarded if secyIfReplayProtectEnable is enabled." REFERENCE "IEEE 802.1AE Clause 10.6.2, 10.6.4, 10.6.5, 10.7.14, Figure 10-4" ::= { secyRxSAEntry 9 } secyRxSAKeyIdentifier OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The Key Identifier (KI) for the SAK for this SA." REFERENCE "IEEE 802.1X, IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 10 } secyRxSASSCI OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The SSCI for this SA, 0 if an XPN Cipher Suite is not being used." REFERENCE "IEEE 802.1X, IEEE 802.1AE Clause 10.7.14" ::= { secyRxSAEntry 11 } -- -- SecY Selectable Cipher Suites -- secyCipherSuiteTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyCipherSuiteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of the system's Cipher Suite capabilities, which can differ by Cipher Suite implementation, so there can be more than one entry with the same secyCipherSuiteId. The secyIfCipherTable lists available entries by SecY, avoiding the need for remote network management to write objects or create rows in this table. Any configured values shall be stored in persistent memory and remain unchanged across a re-initialization of the management system." REFERENCE "IEEE 802.1AE Clause 10.7.25" ::= { secyMgmtMIBObjects 6 } secyCipherSuiteEntry OBJECT-TYPE SYNTAX SecyCipherSuiteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry for a Cipher Suite implementation." INDEX { secyCipherSuiteIndex } ::= { secyCipherSuiteTable 1 } SecyCipherSuiteEntry ::= SEQUENCE { secyCipherSuiteIndex Unsigned32, secyCipherSuiteId OCTET STRING, secyCipherSuiteName SnmpAdminString, secyCipherSuiteCapability BITS, secyCipherSuiteProtection BITS, secyCipherSuiteProtectionOffset INTEGER, secyCipherSuiteDataLengthChange TruthValue, secyCipherSuiteICVLength Unsigned32, secyCipherSuiteRowStatus RowStatus } secyCipherSuiteIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The CipherSuiteTable entry index." ::= { secyCipherSuiteEntry 1 } secyCipherSuiteId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (8)) MAX-ACCESS read-create STATUS current DESCRIPTION "A unique 64-bit (EUI-64) identifier for the Cipher Suite." REFERENCE "IEEE 802.1AE Clause 10.7.25, Table 14-1" ::= { secyCipherSuiteEntry 2 } secyCipherSuiteName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Cipher Suite Name, 128 octets or fewer." REFERENCE "IEEE 802.1AE Clause 10.7.25, Table 14-1" ::= { secyCipherSuiteEntry 3 } secyCipherSuiteCapability OBJECT-TYPE SYNTAX BITS { integrity(0), confidentiality(1), offsetConfidentiality(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Cipher Suite implementation capability information. integrity(0) : integrity protection. confidentiality(1) : confidentiality protection. offsetConfidentiality(2) : offset confidentiality protection." REFERENCE "IEEE 802.1AE Clause 10.7.24, 10.7.25" ::= { secyCipherSuiteEntry 4 } secyCipherSuiteProtection OBJECT-TYPE SYNTAX BITS { integrity(0), confidentiality(1), offsetConfidentiality(2) } MAX-ACCESS read-create STATUS deprecated -- 802.1AEcg DESCRIPTION "The secyIfCipherSuite table should be used instead of this object to allow per SecY Cipher Suite configuration. The options provided by this control are a subset of those defined by the object secyCipherSuiteCapability. If secyCipherSuiteCapability has the integrity bit on,the integrity bit can be turned on for this object. If secyCipherSuiteCapability has the integrity and confidentiality bits on, the confidentiality bit of this object can be turned on and the integrity bit must be on. If secyCipherSuiteCapability has the integrity and offsetConfidentiality bits on, the offsetConfidentiality bit can be turned on and the integrity bit must be on. integrity(0) : on or off the function of supporting integrity protection for this cipher suite. confidentiality(1) : on or off the function of supporting confidentiality for this cipher suite. offsetConfidentiality(2) : on or off the function of supporting offset confidentiality for this cipher suite." REFERENCE "IEEE 802.1AE Clause 10.7.25" DEFVAL { { integrity } } ::= { secyCipherSuiteEntry 5 } secyCipherSuiteProtectionOffset OBJECT-TYPE SYNTAX Integer32 (0 | 30 | 50) UNITS "bytes" MAX-ACCESS read-create STATUS deprecated -- 802.1AEcg DESCRIPTION "The confidentiality protection offset options of this cipher suite. Options should depend on the choice of secyCipherSuiteProtection. If the value of secyCipherSuiteProtection only turns on integrity bit, users can only choose 0 byte for this object. If the value of secyCipherSuiteProtection only turns on integrity and confidentiality bits, users can only choose 0 byte for this object. If the value of secyCipherSuiteProtection only turns on integrity and offsetConfidentiality bits, users can choose 30 or 50 bytes for this object. If the value of secyCipherSuiteProtection turns on integrity and confidentiality and offsetConfidentiality bits, users can choose 0 or 30 or 50 bytes for this object." REFERENCE "IEEE 802.1AE Clause 10.7.25, 10.7.26" DEFVAL { 0 } ::= { secyCipherSuiteEntry 6 } secyCipherSuiteDataLengthChange OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "True if cipher suite changes the length of the data." REFERENCE "IEEE 802.1AE Clause 10.7.25, Figure 9-1" ::= { secyCipherSuiteEntry 7 } secyCipherSuiteICVLength OBJECT-TYPE SYNTAX Unsigned32 (8..16) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The length of the integrity check value (ICV) field." REFERENCE "IEEE 802.1AE Clause 10.7.25, Figure 9-1" ::= { secyCipherSuiteEntry 8 } secyCipherSuiteRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The secyIfCipherTable (if implemented) avoids the need for network manager creation of entries in the secyCipherSuiteTable, and RowStatus should always be valid(1), with any per SecY unavailability indicated by an absence of a corresponding secyIfCipherTable entry or one with secyCipherSuiteAvailable false (the latter can indicate temporary unavailability)." REFERENCE "IEEE 802.1AE Clause 10.7.25" ::= { secyCipherSuiteEntry 9 } -- -- SecY Interface Ciphers Table : 802.1AEcg -- secyIfCipherTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyIfCipherEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table with an entry for the Cipher Suite capabilities implemented for each SecY in this system, providing per SecY control of Cipher Suite use. The configured value of writable objects in each table entry shall be stored in persistent memory and remain unchanged across a re-initialization of the system's management entity." REFERENCE "IEEE 802.1AE Clause 10.7.26, Table 13-1" ::= { secyMgmtMIBObjects 7 } secyIfCipherEntry OBJECT-TYPE SYNTAX SecyIfCipherEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table entry with Cipher Suite control for a SecY." INDEX { secyIfInterfaceIndex, secyCipherSuiteIndex } ::= { secyIfCipherTable 1 } SecyIfCipherEntry ::= SEQUENCE { secyIfCipherImplemented TruthValue, secyIfCipherEnableUse TruthValue, secyIfCipherRqConfidentiality TruthValue } secyIfCipherImplemented OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the Cipher Suite implementation can be used by this SecY (if secIfCipherEnableUse is true)." REFERENCE "IEEE 802.1AE Clause 10.7.26" DEFVAL { true } ::= { secyIfCipherEntry 1 } secyIfCipherEnableUse OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables use of the Cipher Suite by this SecY." REFERENCE "IEEE 802.1AE Clause 10.7.26" DEFVAL { true } ::= { secyIfCipherEntry 2 } secyIfCipherRqConfidentiality OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True if confidentiality protection (without an offset) is required if this Cipher Suite is used." REFERENCE "IEEE 802.1AE Clause 10.7.26" DEFVAL { true } ::= { secyIfCipherEntry 3 } -- -- SecY Interface Traffic Class Table : 802.1AEcg -- secyIfTCTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyIfTCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Traffic Class Table for each SecY in this system. The configured value of writable objects in each table entry shall be stored in persistent memory and remain unchanged across a re-initialization of the system's management entity." REFERENCE "IEEE 802.1AE Clause 10.5.1, 10.7.17, Table 13-1" ::= { secyMgmtMIBObjects 8 } secyIfTCEntry OBJECT-TYPE SYNTAX SecyIfTCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table entry providing Traffic Class selection for a given SecY and User Priority." INDEX { secyIfInterfaceIndex, secyIfTCUserPriority } ::= { secyIfTCTable 1 } SecyIfTCEntry ::= SEQUENCE { secyIfTCUserPriority Integer32, secyIfTCTrafficClass Integer32 } secyIfTCUserPriority OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS not-accessible STATUS current DESCRIPTION "One of the possible User Priority values for a frame." REFERENCE "IEEE 802.1AE Clause 10.7.17" ::= { secyIfTCEntry 1 } secyIfTCTrafficClass OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "The Traffic Class for this SecY and User Priority, as transmitted in the four most significant bits of the Port Identifier component of the SCI of protected frames." REFERENCE "IEEE 802.1AE Clause 10.7.17" DEFVAL { 0 } ::= { secyIfTCEntry 2 } -- -- SecY Interface Access Priority Table : 802.1AEcg -- secyIfAPTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyIfAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Access Priority Table for each SecY in this system. The configured value of writable objects in each table entry shall be stored in persistent memory and remain unchanged across a re-initialization of the system's management entity." REFERENCE "IEEE 802.1AE Clause 10.5.1, 10.7.17, Table 13-1" ::= { secyMgmtMIBObjects 9 } secyIfAPEntry OBJECT-TYPE SYNTAX SecyIfAPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table entry selecting the Access Priority Code Point for a given SecY and User Priority Code Point." INDEX { secyIfInterfaceIndex, secyIfAPUserPCP } ::= { secyIfAPTable 1 } SecyIfAPEntry ::= SEQUENCE { secyIfAPUserPCP Integer32, secyIfAPAccessPCP Integer32 } secyIfAPUserPCP OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A User Priority Code Point." REFERENCE "IEEE 802.1AE Clause 10.5, 10.7.17" ::= { secyIfAPEntry 1 } secyIfAPAccessPCP OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-write STATUS current DESCRIPTION "The Access Priority Code Point for this SecY and User PCP. Defaults to the User PCP value. " REFERENCE "IEEE 802.1AE Clause 10.5, 10.7.17" ::= { secyIfAPEntry 2 } -- -- TX SA Statistics : systems not supporting traffic class SCs -- secyTxSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSAStatsEntry MAX-ACCESS not-accessible STATUS deprecated -- 802.1AEcg DESCRIPTION "A table of statistics for each transmit SA for each of the system's SecYs." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10-4" ::= { secyStatsMIBObjects 1 } secyTxSAStatsEntry OBJECT-TYPE SYNTAX SecyTxSAStatsEntry MAX-ACCESS not-accessible STATUS deprecated -- 802.1AEcg DESCRIPTION "An entry with statistics for a transmit SA. The AN that identifies an SA (for a given SC) and this corresponding entry can be reused. When creating the SA and before (re)using the entry, the SA counters are (re)set to 0. When the SA is stopped (secyTxSA notInuse) the counters will be stop incrementing. The secyTxSATable timestamps SA creation, start, and stop." AUGMENTS { secyTxSAEntry } ::= { secyTxSAStatsTable 1 } SecyTxSAStatsEntry ::= SEQUENCE { secyTxSAStatsProtectedPkts Counter32, secyTxSAStatsEncryptedPkts Counter32 } secyTxSAStatsProtectedPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of integrity protected but not encrypted packets for this transmit SA. Zero if secyTxSAConfidentiality is True, and one less than secyTxSANextPN otherwise." REFERENCE "IEEE 802.1AE Clause 10.7.18, figure 10-4" ::= { secyTxSAStatsEntry 1 } secyTxSAStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of integrity protected and encrypted packets for this transmit SA. Zero if secyTxSAConfidentiality is False, and one less than secyTxSANextPN otherwise." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-4" ::= { secyTxSAStatsEntry 2 } -- -- TX SC Statistics : systems not supporting traffic class SCs -- secyTxSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of statistics for each SecY's transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, 10.7.19, Figure 10-3" ::= { secyStatsMIBObjects 2 } secyTxSCStatsEntry OBJECT-TYPE SYNTAX SecyTxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing counts for a transmit SC. SA counters are reset when the SA's AN is reused, so these SC counts are a summation for all current and prior SAs belonging to the SC." AUGMENTS { secyTxSCEntry } ::= { secyTxSCStatsTable 1 } SecyTxSCStatsEntry ::= SEQUENCE { secyTxSCStatsProtectedPkts Counter64, secyTxSCStatsEncryptedPkts Counter64, secyTxSCStatsOctetsProtected Counter64, -- deprecated secyTxSCStatsOctetsEncrypted Counter64 -- deprecated } secyTxSCStatsProtectedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected but not encrypted packets for this transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-3" ::= { secyTxSCStatsEntry 1 } secyTxSCStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected and encrypted packets for this transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-3" ::= { secyTxSCStatsEntry 4 } secyTxSCStatsOctetsProtected OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of plain text octets that are integrity protected but not encrypted for this transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.19, Figure 10-3" ::= { secyTxSCStatsEntry 10 } secyTxSCStatsOctetsEncrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of plain text octets that are integrity protected and encrypted on the transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.19, Figure 10-3" ::= { secyTxSCStatsEntry 11 } -- -- Traffic Class capable transmit SC Statistics : 802.1AEcg -- secyTSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyTSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of statistics for each SecY's transmit SCs." REFERENCE "IEEE 802.1AE Clause 10.7.18, 10.7.19, Figure 10-3" ::= { secyStatsMIBObjects 12 } secyTSCStatsEntry OBJECT-TYPE SYNTAX SecyTSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A entry containing counts for a transmit SC, since SA counters are reset when the SA's AN is reused these are a summation for all current and prior SAs belonging to the SC." AUGMENTS { secyTSCEntry } ::= { secyTSCStatsTable 1 } SecyTSCStatsEntry ::= SEQUENCE { secyTSCStatsProtectedPkts Counter64, secyTSCStatsEncryptedPkts Counter64 } secyTSCStatsProtectedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected but not encrypted packets for this transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-3" ::= { secyTSCStatsEntry 1 } secyTSCStatsEncryptedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of integrity protected and encrypted packets for this transmit SC." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-3" ::= { secyTSCStatsEntry 2 } -- -- RX SA Statistics Information -- secyRxSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSAStatsEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "A table that contains the statistics objects for each receiving SA in the MAC security entity." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsMIBObjects 3 } secyRxSAStatsEntry OBJECT-TYPE SYNTAX SecyRxSAStatsEntry MAX-ACCESS not-accessible STATUS deprecated -- 802.1AEcg DESCRIPTION "An entry with statistics for a receive SA. The AN that identifies an SA (for a given SC) and this corresponding entry can be reused. When creating the SA and before (re)using the entry, the SA counters are (re)set to 0. When the SA is stopped (secyRxSA notInuse) the counters will be stop incrementing. The secyRxSATable timestamps SA creation, start, and stop." AUGMENTS { secyRxSAEntry } ::= { secyRxSAStatsTable 1 } SecyRxSAStatsEntry ::= SEQUENCE { secyRxSAStatsUnusedSAPkts Counter32, -- deprecated secyRxSAStatsNoUsingSAPkts Counter32, -- deprecated secyRxSAStatsNotValidPkts Counter32, -- deprecated secyRxSAStatsInvalidPkts Counter32, -- deprecated secyRxSAStatsOKPkts Counter32 -- deprecated } secyRxSAStatsUnusedSAPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "For this SA which is not currently in use, the number of received, unencrypted, packets with secyValidateFrames not in the strict mode." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSAStatsEntry 1 } secyRxSAStatsNoUsingSAPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "For this SA which is not currently in use, the number of received packets that have been discarded, and have either the packets encrypted or secyValidateFrames set to strict mode." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSAStatsEntry 4 } secyRxSAStatsNotValidPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "For this SA, the number discarded packets with the condition that the packets are not valid and one of the following conditions are true: either secyValidateFrames in strict mode or the packets encrypted." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSAStatsEntry 13 } secyRxSAStatsInvalidPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "For this SA, the number of packets with the condition that the packets are not valid and secyValidateFrames is in check mode." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSAStatsEntry 16 } secyRxSAStatsOKPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "For this SA, the number of validated packets." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSAStatsEntry 25 } -- -- RX SC Statistics Information -- secyRxSCStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyRxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of statistics for each receive SC for each of the system's SecYs." REFERENCE "IEEE 802.1AE Clause 10.7.9, 10.7.10, Figure 10-4" ::= { secyStatsMIBObjects 4 } secyRxSCStatsEntry OBJECT-TYPE SYNTAX SecyRxSCStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing counts for a receive SC. SA counters are reset when the SA's AN is reused, so these SC counts are a summation for all current and prior SAs belonging to the SC." AUGMENTS { secyRxSCEntry } ::= { secyRxSCStatsTable 1 } SecyRxSCStatsEntry ::= SEQUENCE { secyRxSCStatsUnusedSAPkts Counter64, -- deprecated secyRxSCStatsNoUsingSAPkts Counter64, -- deprecated secyRxSCStatsLatePkts Counter64, secyRxSCStatsNotValidPkts Counter64, secyRxSCStatsInvalidPkts Counter64, secyRxSCStatsDelayedPkts Counter64, secyRxSCStatsUncheckedPkts Counter64, secyRxSCStatsOKPkts Counter64, secyRxSCStatsOctetsValidated Counter64, -- deprecated secyRxSCStatsOctetsDecrypted Counter64 -- deprecated } secyRxSCStatsUnusedSAPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The sum of secyRxSAStatsUnusedSAPkts counts for all current and prior SAs belonging to this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 1 } secyRxSCStatsNoUsingSAPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The sum of secyRxSAStatsNoUsingSAPkts counts for all current and prior SAs belonging to this SC." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 2 } secyRxSCStatsLatePkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded, for this SC, because the the received PN was lower than the lowest acceptable PN (secyRxSALowestXPN) and secyIfReplayProtectEnable was true." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 3 } secyRxSCStatsNotValidPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded, for this SC, because validation failed and secyIfvalidateFrames was 'strict' or the data was encrypted (so the original frame could not be recovered)." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 4 } secyRxSCStatsInvalidPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets, for this SC, that failed validation but could be received because secyIfvalidateFrames was 'check' and the data was not encrypted (so the original frame could be recovered)." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 5 } secyRxSCStatsDelayedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets, for this SC, with PN lower than the lowest acceptable PN (secyRxSALowestXPN) and secyIfReplayProtectEnable false." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 6 } secyRxSCStatsUncheckedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets received for this SC, while secyValidateFrames was 'disabled'." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 7 } secyRxSCStatsOKPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets received for this SC successfully validated and within the replay window." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyRxSCStatsEntry 8 } secyRxSCStatsOctetsValidated OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of plaintext octets recovered from packets that were integrity protected but not encrypted." REFERENCE "Deprecated, the secyIsStatsTable has per SecY counts for cryptographic performance management." ::= { secyRxSCStatsEntry 9 } secyRxSCStatsOctetsDecrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of plaintext octets recovered from packets that were integrity protected and encrypted." REFERENCE "Deprecated, the secyIsStatsTable has per SecY counts for cryptographic performance management." ::= { secyRxSCStatsEntry 10 } -- -- SecY statistics table -- secyStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SecyStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of statistics for each of the system's SecYs." REFERENCE "IEEE 802.1AE Clause 10.7.9, 10.7.18, Figure 10-3, 10.5" ::= { secyStatsMIBObjects 5 } secyStatsEntry OBJECT-TYPE SYNTAX SecyStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing counts for a SecY." AUGMENTS { secyIfEntry } ::= { secyStatsTable 1 } SecyStatsEntry ::= SEQUENCE { secyStatsTxUntaggedPkts Counter64, secyStatsTxTooLongPkts Counter64, secyStatsRxUntaggedPkts Counter64, secyStatsRxNoTagPkts Counter64, secyStatsRxBadTagPkts Counter64, secyStatsRxUnknownSCIPkts Counter64, -- deprecated secyStatsRxNoSCIPkts Counter64, -- deprecated secyStatsRxOverrunPkts Counter64, secyStatsRxNoSAPkts Counter64, -- 802.1AEcg secyStatsRxNoSAErrorPkts Counter64, -- 802.1AEcg secyStatsTxOctetsProtected Counter64, -- 802.1AEcg secyStatsTxOctetsEncrypted Counter64, -- 802.1AEcg secyStatsRxOctetsValidated Counter64, -- 802.1AEcg secyStatsRxOctetsDecrypted Counter64 -- 802.1AEcg } secyStatsTxUntaggedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets transmitted without a SecTAG because secyProtectFramesEnable is configured false." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-3" ::= { secyStatsEntry 1 } secyStatsTxTooLongPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transmit packets discarded because their length is greater than the ifMtu of the Common Port." REFERENCE "IEEE 802.1AE Clause 10.7.18, Figure 10-3" ::= { secyStatsEntry 2 } secyStatsRxUntaggedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets without the MACsec tag (SecTAG) received while secyValidateFrames was not 'strict'." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 3 } secyStatsRxNoTagPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets without a SecTAG discarded because secyValidateFrames was 'strict'." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 4 } secyStatsRxBadTagPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets discarded with an invalid SecTAG, zero value PN, or invalid ICV." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 5 } secyStatsRxUnknownSCIPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of received packets with an unknown SCI." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 6 } secyStatsRxNoSCIPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS deprecated -- 802.1AEcg DESCRIPTION "The number of discarded packets with an unknown SCI." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 7 } secyStatsRxOverrunPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded because they exceeded cryptographic performance capabilities." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 8 } secyStatsRxNoSAPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received packets with an unknown SCI or for an unused SA." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 9 } secyStatsRxNoSAErrorPkts OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded because the received SCI is unknown or the SA is not in use." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 10 } secyStatsTxOctetsProtected OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of plain text octets integrity protected but not encrypted in transmitted frames." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 11 } secyStatsTxOctetsEncrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of plain text octets integrity protected and encrypted in transmitted frames." REFERENCE "IEEE 802.1AE Clause 10.7.9, Figure 10-4" ::= { secyStatsEntry 12 } secyStatsRxOctetsValidated OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of plaintext octets recovered from packets that were integrity protected but not encrypted." REFERENCE "IEEE 802.1AE Clause 10.6.3, Figure 10-3" ::= { secyStatsEntry 13 } secyStatsRxOctetsDecrypted OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of plaintext octets recovered from packets that were integrity protected and encrypted." REFERENCE "IEEE 802.1AE Clause 10.6.3, Figure 10-3" ::= { secyStatsEntry 14 } -- -- Conformance -- secyMIBCompliances OBJECT IDENTIFIER ::= { secyMIBConformance 1 } secyMIBGroups OBJECT IDENTIFIER ::= { secyMIBConformance 2 } -- Compliance secyMIBTcCompliance MODULE-COMPLIANCE STATUS current -- 802.1AEcg DESCRIPTION "The compliance statement for an IEEE8021-SECY-MIB supporting traffic class transmit SCs, added by IEEE 802.1AEcg." MODULE IF-MIB MANDATORY-GROUPS { ifCounterDiscontinuityGroup } MODULE -- this module MANDATORY-GROUPS { secyIfGroup, secyIfCipherGroup, secyIfTCGroup, secyIfAPGroup, secyTSCGroup, secyTSAGroup, secyRSCGroup, secyRSAGroup, secyCipherInfoGroup, secyCipherStatsGroup, secyTSCStatsGroup, secyRSCStatsGroup, secyIfStatsGroup } OBJECT secyIfCurrentCipherSuite MIN-ACCESS read-only DESCRIPTION "should be read-only, use the secyIfCipherTable to control ciper suite use." OBJECT secyCipherSuiteId MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteName MIN-ACCESS read-only DESCRIPTION "read-create not required, should be read-only." OBJECT secyCipherSuiteCapability MIN-ACCESS read-only DESCRIPTION "read-create not required, should be read-only." OBJECT secyCipherSuiteDataLengthChange MIN-ACCESS read-only DESCRIPTION "read-create not required, should be read-only." OBJECT secyCipherSuiteICVLength MIN-ACCESS read-only DESCRIPTION "read-create not required, should be read-only." ::= { secyMIBCompliances 2 } secyMIBCompliance MODULE-COMPLIANCE STATUS deprecated -- 802.1AEcg DESCRIPTION "The compliance statement for the IEEE8021-SECY-MIB as specified in IEEE Std 802.1AE-2006." MODULE -- this module MANDATORY-GROUPS { secyIfCtrlGroup, secyTxSCGroup, secyTxSAGroup, secyRxSCGroup, secyRxSAGroup, secyCipherSuiteGroup, secyTxSAStatsGroup, secyTxSCStatsGroup, secyRxSAStatsGroup, secyRxSCStatsGroup, secyStatsGroup } OBJECT secyIfCurrentCipherSuite MIN-ACCESS read-only DESCRIPTION "write access not required, may be read-only." OBJECT secyCipherSuiteId MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteName MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteCapability MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteProtection MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteProtectionOffset MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteDataLengthChange MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteICVLength MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." OBJECT secyCipherSuiteRowStatus MIN-ACCESS read-only DESCRIPTION "read-create not required, may be read-only." ::= { secyMIBCompliances 1 } -- -- Units of Conformance -- Controlled Port service management MIB Groups secyIfGroup OBJECT-GROUP OBJECTS { secyIfMaxPeerSCs, secyIfRxMaxKeys, secyIfTxMaxKeys, secyIfProtectFramesEnable, secyIfValidateFrames, secyIfReplayProtectEnable, secyIfReplayProtectWindow, secyIfCurrentCipherSuite, secyIfAdminPt2PtMAC, secyIfOperPt2PtMAC, secyIfIncludeSCIEnable, secyIfUseESEnable, secyIfUseSCBEnable, secyIfSCI, -- 802.1AEcg secyIfIncludingSCI, -- 802.1AEcg secyIfMaxTSCs -- 802.1AEcg } STATUS current --- 802.1AEcg, updates secyIfCtrlGroup DESCRIPTION "SecY service management (secyIfTable objects) for systems supporting traffic class SCs." ::= { secyMIBGroups 12 } secyIfCtrlGroup OBJECT-GROUP OBJECTS { secyIfMaxPeerSCs, secyIfRxMaxKeys, secyIfTxMaxKeys, secyIfProtectFramesEnable, secyIfValidateFrames, secyIfReplayProtectEnable, secyIfReplayProtectWindow, secyIfCurrentCipherSuite, secyIfAdminPt2PtMAC, secyIfOperPt2PtMAC, secyIfIncludeSCIEnable, secyIfUseESEnable, secyIfUseSCBEnable } STATUS deprecated DESCRIPTION "SecY service management (secyIfTable) objects." ::= { secyMIBGroups 1 } secyIfTCGroup OBJECT-GROUP OBJECTS { secyIfTCTrafficClass } STATUS current --- 802.1AEcg DESCRIPTION "Traffic class control (secyIfTCTable)." ::= { secyMIBGroups 14 } secyIfAPGroup OBJECT-GROUP OBJECTS { secyIfAPAccessPCP } STATUS current --- 802.1AEcg DESCRIPTION "Access Priority Code Point control (secyIfAPTable)." ::= { secyMIBGroups 15 } -- Transmit SC and SA MIB Groups secyTSCGroup OBJECT-GROUP OBJECTS { secyTSCState, secyTSCEncodingSA, secyTSCCreatedTime, secyTSCStartedTime, secyTSCStoppedTime } STATUS current --- 802.1AEcg, updates secyTxSCGroup DESCRIPTION "Transmit SC management (secyTSCTable objects) for systems supporting traffic class SCs." ::= { secyMIBGroups 16 } secyTxSCGroup OBJECT-GROUP OBJECTS { secyTxSCI, secyTxSCState, secyTxSCEncodingSA, secyTxSCEncipheringSA, secyTxSCCreatedTime, secyTxSCStartedTime, secyTxSCStoppedTime } STATUS deprecated DESCRIPTION "Transmit SC management objects (for systems without traffic class SC capabilities)." ::= { secyMIBGroups 2 } secyTSAGroup OBJECT-GROUP OBJECTS { secyTSAState, secyTSANextXPN, secyTSAConfidentiality, secyTSAKeyIdentifier, secyTSASSCI, secyTSACreatedTime, secyTSAStartedTime, secyTSAStoppedTime } STATUS current --- 802.1AEcg, updates secyTxSAGroup DESCRIPTION "Transmit SA management (secyTSATable objects) for systems supporting traffic class SCs." ::= { secyMIBGroups 17 } secyTxSAGroup OBJECT-GROUP OBJECTS { secyTxSAState, secyTxSANextPN, secyTxSAConfidentiality, secyTxSASAKUnchanged, secyTxSACreatedTime, secyTxSAStartedTime, secyTxSAStoppedTime } STATUS deprecated DESCRIPTION "Transmit SA management objects (for systems without traffic class SC capabilities)." ::= { secyMIBGroups 3 } -- Receive SC and SA MIB Groups secyRSCGroup OBJECT-GROUP OBJECTS { secyRxSCState, secyRxSCCreatedTime, secyRxSCStartedTime, secyRxSCStoppedTime } STATUS current --- 802.1AEcg, updates secyRxSCGroup DESCRIPTION "Receive SC management (secyRxSCTable objects)." ::= { secyMIBGroups 18 } secyRxSCGroup OBJECT-GROUP OBJECTS { secyRxSCState, secyRxSCCurrentSA, secyRxSCCreatedTime, secyRxSCStartedTime, secyRxSCStoppedTime } STATUS deprecated DESCRIPTION "Receive SC management objects." ::= { secyMIBGroups 4 } secyRSAGroup OBJECT-GROUP OBJECTS { secyRxSAState, secyRxSANextXPN, secyRxSALowestXPN, secyRxSAKeyIdentifier, secyRxSASSCI, secyRxSACreatedTime, secyRxSAStartedTime, secyRxSAStoppedTime } STATUS current --- 802.1AEcg, updates secyRxSAGroup DESCRIPTION "Receive SA (secyRxSATable objects)." ::= { secyMIBGroups 19 } secyRxSAGroup OBJECT-GROUP OBJECTS { secyRxSAState, secyRxSANextPN, secyRxSASAKUnchanged, secyRxSACreatedTime, secyRxSAStartedTime, secyRxSAStoppedTime } STATUS deprecated DESCRIPTION "Receive SA management objects." ::= { secyMIBGroups 5 } -- Cipher information, use, and statistics MIB Groups secyCipherInfoGroup OBJECT-GROUP OBJECTS { secyCipherSuiteId, secyCipherSuiteName, secyCipherSuiteCapability, secyCipherSuiteDataLengthChange, secyCipherSuiteICVLength } STATUS current --- 802.1AEcg, updates secyCipherSuiteGroup DESCRIPTION "Cipher Suite implementation information (secyCipherSuiteTable objects)." ::= { secyMIBGroups 21 } secyCipherSuiteGroup OBJECT-GROUP OBJECTS { secyCipherSuiteId, secyCipherSuiteName, secyCipherSuiteCapability, secyCipherSuiteProtection, secyCipherSuiteProtectionOffset, secyCipherSuiteDataLengthChange, secyCipherSuiteICVLength, secyCipherSuiteRowStatus } STATUS deprecated DESCRIPTION "Cipher Suite information objects." ::= { secyMIBGroups 6 } secyIfCipherGroup OBJECT-GROUP OBJECTS { secyIfCipherImplemented, secyIfCipherEnableUse, secyIfCipherRqConfidentiality } STATUS current --- 802.1AEcg DESCRIPTION "Cipher Suite use control (secyIfCipherTable objects)." ::= { secyMIBGroups 13 } secyCipherStatsGroup OBJECT-GROUP OBJECTS { secyStatsTxOctetsProtected, secyStatsTxOctetsEncrypted, secyStatsRxOctetsValidated, secyStatsRxOctetsDecrypted } STATUS current --- 802.1AEcg DESCRIPTION "Cipher Suite performance statistics (from secyStatsTable)." ::= { secyMIBGroups 24 } -- Transmit and Receive SA and SC statistics MIB Groups secyTxSAStatsGroup OBJECT-GROUP OBJECTS { secyTxSAStatsProtectedPkts, secyTxSAStatsEncryptedPkts } STATUS deprecated DESCRIPTION "Transmit SA statistics objects." ::= { secyMIBGroups 7 } secyRxSAStatsGroup OBJECT-GROUP OBJECTS { secyRxSAStatsUnusedSAPkts, secyRxSAStatsNoUsingSAPkts, secyRxSAStatsNotValidPkts, secyRxSAStatsInvalidPkts, secyRxSAStatsOKPkts } STATUS deprecated DESCRIPTION "Receive SA statistics objects." ::= { secyMIBGroups 8 } secyTSCStatsGroup OBJECT-GROUP OBJECTS { secyTSCStatsProtectedPkts, secyTSCStatsEncryptedPkts } STATUS current --- 802.1AEcg, updates secyTxSCStatsGroup DESCRIPTION "Transmit SC statistics (secyTSCStatsTable objects)." ::= { secyMIBGroups 22 } secyTxSCStatsGroup OBJECT-GROUP OBJECTS { secyTxSCStatsProtectedPkts, secyTxSCStatsEncryptedPkts, secyTxSCStatsOctetsProtected, secyTxSCStatsOctetsEncrypted } STATUS deprecated DESCRIPTION "Transmit SC statistics objects." ::= { secyMIBGroups 9 } secyRSCStatsGroup OBJECT-GROUP OBJECTS { secyRxSCStatsLatePkts, secyRxSCStatsNotValidPkts, secyRxSCStatsInvalidPkts, secyRxSCStatsDelayedPkts, secyRxSCStatsUncheckedPkts, secyRxSCStatsOKPkts } STATUS current --- 802.1AEcg, updates secyRxSCStatsGroup DESCRIPTION "Receive SC statistics (secyRxSCStatsTable objects)." ::= { secyMIBGroups 23 } secyRxSCStatsGroup OBJECT-GROUP OBJECTS { secyRxSCStatsUnusedSAPkts, secyRxSCStatsNoUsingSAPkts, secyRxSCStatsLatePkts, secyRxSCStatsNotValidPkts, secyRxSCStatsInvalidPkts, secyRxSCStatsDelayedPkts, secyRxSCStatsUncheckedPkts, secyRxSCStatsOKPkts, secyRxSCStatsOctetsValidated, secyRxSCStatsOctetsDecrypted } STATUS deprecated DESCRIPTION "Receive SC statistics objects." ::= { secyMIBGroups 10 } -- Controlled Port service statistics MIB Groups secyIfStatsGroup OBJECT-GROUP OBJECTS { secyStatsTxUntaggedPkts, secyStatsTxTooLongPkts, secyStatsRxUntaggedPkts, secyStatsRxNoTagPkts, secyStatsRxBadTagPkts, secyStatsRxNoSAPkts, secyStatsRxNoSAErrorPkts, secyStatsRxOverrunPkts } STATUS current --- 802.1AEcg, updates secyRxSCStatsGroup DESCRIPTION "SecY statistics (secyStatsTable objects)." ::= { secyMIBGroups 20 } secyStatsGroup OBJECT-GROUP OBJECTS { secyStatsTxUntaggedPkts, secyStatsTxTooLongPkts, secyStatsRxUntaggedPkts, secyStatsRxNoTagPkts, secyStatsRxBadTagPkts, secyStatsRxUnknownSCIPkts, secyStatsRxNoSCIPkts, secyStatsRxOverrunPkts } STATUS deprecated DESCRIPTION "SecY statistics objects." ::= { secyMIBGroups 11 } END