mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
595 lines
16 KiB
Plaintext
595 lines
16 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-IP-ENCRYPTION-MIB.my: Cisco IP encryption MIB file.
|
|
--
|
|
-- April 1996, Subodh Nijsure
|
|
--
|
|
-- Copyright (c) 1996 by cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
-- *****************************************************************
|
|
--
|
|
|
|
CISCO-IP-ENCRYPTION-MIB DEFINITIONS ::= BEGIN
|
|
|
|
-- MIB definitions for Cisco Crypto management.
|
|
--
|
|
--
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, IpAddress,
|
|
Gauge32, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
DisplayString, TruthValue,TimeStamp, RowStatus
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
OwnerString
|
|
FROM IF-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
-- ***************************************************************
|
|
-- Define IP encryption MIB object
|
|
-- ***************************************************************
|
|
|
|
ciscoIpEncryptionMIB MODULE-IDENTITY
|
|
LAST-UPDATED "9508150000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 West Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"Used to manage the encryption feature."
|
|
::= { ciscoMgmt 52 }
|
|
|
|
ciscoIpEncryptionMIBObjects OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIB 1 }
|
|
|
|
--
|
|
-- Define cisco encryption mib objects
|
|
--
|
|
|
|
cieConfig OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 1 }
|
|
cieEngineStatus OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 2 }
|
|
cieConnections OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 3 }
|
|
cieTestConnection OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 4 }
|
|
|
|
|
|
cieConfiguredAlgorithms OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (16))
|
|
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of encryption configured on a particular router,
|
|
encoded as a bit-string.
|
|
A router can support multiple encryption algorithms
|
|
i.e. 56 bit des with 8 bit cipher feedback AND 40 bit des
|
|
with 64 bit cipher feedback.
|
|
"
|
|
::= { cieConfig 1 }
|
|
|
|
cieEncryptionKeyTimeout OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interval at which keys expire for a session and they are is
|
|
re-negotiated."
|
|
::= { cieConfig 2 }
|
|
|
|
cieNumberOfCryptoEngines OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of encryption engines."
|
|
::= { cieConfig 3 }
|
|
|
|
cieEngineStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CieEngineStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table describing status of all encryption engines present
|
|
within the router."
|
|
::= { cieEngineStatus 1 }
|
|
|
|
cieEngineStatusEntry OBJECT-TYPE
|
|
SYNTAX CieEngineStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in this table describes public key associated with
|
|
each engine, with its unique ID. In case of hardware assisted
|
|
encryption each entry also describes status of encryption port
|
|
adaptor."
|
|
INDEX { cieEngineID }
|
|
::= { cieEngineStatusTable 1 }
|
|
|
|
CieEngineStatusEntry ::=
|
|
SEQUENCE {
|
|
cieEngineID
|
|
Integer32,
|
|
cieEngineCardIndex
|
|
Integer32,
|
|
cieEnginePublicKey
|
|
OCTET STRING,
|
|
cieEsaTampered
|
|
TruthValue,
|
|
cieEsaAuthenticated
|
|
TruthValue,
|
|
cieEsaMode
|
|
INTEGER
|
|
}
|
|
|
|
cieEngineID OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique value identifying the crypto engine, in case
|
|
of RP and other software only platforms, this is the
|
|
processor ID. In case of ESA, this will be a unique ID
|
|
retrieved from ESA."
|
|
::= { cieEngineStatusEntry 1 }
|
|
|
|
cieEngineCardIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Corresponds to cardIndex in the chassis mib, if value is 0
|
|
then this is a software encryption engine."
|
|
::= { cieEngineStatusEntry 2 }
|
|
|
|
|
|
cieEnginePublicKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..1024))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Public key for a particular crypto engine."
|
|
::= { cieEngineStatusEntry 3 }
|
|
|
|
cieEsaTampered OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether encryption port adaptor has been tampered
|
|
with.
|
|
NOTE: This object is not present for software encryption
|
|
engines."
|
|
::= { cieEngineStatusEntry 4 }
|
|
|
|
cieEsaAuthenticated OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether encryption port adaptor has been properly
|
|
authenticated for this router.
|
|
NOTE: This object is not present for software encryption
|
|
engines."
|
|
::= { cieEngineStatusEntry 5 }
|
|
|
|
cieEsaMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enableActive(1),
|
|
boot(2),
|
|
error(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates current operating mode of the ESA card.
|
|
This variable directly corresponds to LED status shown on ESA.
|
|
NOTE: This object is not present for software encryption
|
|
engines."
|
|
|
|
::= { cieEngineStatusEntry 6 }
|
|
|
|
cieNumberOfConnections OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of active, pending and dead crypto connections."
|
|
::= { cieConnections 1 }
|
|
|
|
cieConnTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CieConnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that describes all encrypted IP traffic
|
|
created by the router, between the protected entity
|
|
(cieProtectedAddr) and the unprotected entity
|
|
(cieUnprotectedAddr). Each entry in this table
|
|
describes a virtual encrypted IP tunnel."
|
|
::= { cieConnections 2 }
|
|
|
|
cieConnEntry OBJECT-TYPE
|
|
SYNTAX CieConnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This entry describes a connection viz. the protected and
|
|
unprotected node, status of the connection and number of
|
|
packets encrypted, decrypted per connection and algorithm
|
|
used for encrypting data.
|
|
Each entry also contains a pointer to crypto engine that is
|
|
performing the encryption."
|
|
INDEX { cieEngineID, cieConnIndex }
|
|
::= { cieConnTable 1 }
|
|
|
|
CieConnEntry ::=
|
|
SEQUENCE {
|
|
cieConnIndex
|
|
Integer32,
|
|
cieProtectedAddr
|
|
IpAddress,
|
|
cieUnprotectedAddr
|
|
IpAddress,
|
|
cieConnStatus
|
|
INTEGER,
|
|
ciePktsEncrypted
|
|
Counter32,
|
|
ciePktsDecrypted
|
|
Counter32,
|
|
ciePktsDropped
|
|
Counter32,
|
|
cieLocalTimeEstablished
|
|
TimeStamp,
|
|
cieAlgorithmType INTEGER
|
|
}
|
|
|
|
cieConnIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A monotonically increasing integer for the sole purpose of
|
|
indexing the cieConnTable. When it reaches the
|
|
maximum value, the agent wraps the value back to 1 and
|
|
may flush existing entries."
|
|
::= { cieConnEntry 1 }
|
|
|
|
cieProtectedAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address for protected (secure) node."
|
|
::= { cieConnEntry 2 }
|
|
|
|
cieUnprotectedAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the unprotected (insecure) node in
|
|
the network."
|
|
::= { cieConnEntry 3 }
|
|
|
|
cieConnStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
pendingConnection(1),
|
|
openConnection(2),
|
|
exchangeKeys(3),
|
|
badConnection(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Integer describing status/type of connection. The pending
|
|
and bad connections may be removed after 4 minutes of
|
|
non-activity. Open (active) connections may be removed if
|
|
they have not transmitted/received traffic in the last
|
|
cieEncryptionKeyTimeout minutes."
|
|
::= { cieConnEntry 4 }
|
|
|
|
ciePktsEncrypted OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets encrypted for this connection."
|
|
::= { cieConnEntry 5 }
|
|
|
|
ciePktsDecrypted OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets decrypted for this connection."
|
|
::= { cieConnEntry 6 }
|
|
|
|
ciePktsDropped OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets dropped for this connection. The
|
|
packets are dropped only in cases where encryption keys are
|
|
not established between the protected entity and the
|
|
unprotected entity. An increase in this value indicates the
|
|
possibility of mis-configured keys."
|
|
::= { cieConnEntry 7 }
|
|
|
|
cieLocalTimeEstablished OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of sysUpTime at which the connection was established or
|
|
re-established."
|
|
::= { cieConnEntry 8 }
|
|
|
|
cieAlgorithmType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
des56bitCfb64(1),
|
|
des56bitCfb8(2),
|
|
des40bitCfb64(3),
|
|
des40bitdesCfb8(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of encryption algorithm used for this connection."
|
|
::= { cieConnEntry 9 }
|
|
|
|
cieTestConnTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CieTestConnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of test crypto session entries."
|
|
::= { cieTestConnection 1 }
|
|
|
|
cieTestConnEntry OBJECT-TYPE
|
|
SYNTAX CieTestConnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A encryption test entry.
|
|
A management station wishing to create an entry should
|
|
first generate a pseudo-random serial number to be used
|
|
as the index to this sparse table. The station should
|
|
then create the associated instance of the row status
|
|
and row owner objects. It must also, either in the same
|
|
or in successive PDUs, create the associated instance of
|
|
the address objects.
|
|
|
|
Once the appropriate instance of all the configuration
|
|
objects have been created, either by an explicit SNMP
|
|
set request, the row status should be set
|
|
to active to initiate the request. Note that this entire
|
|
procedure may be initiated via a single set request which
|
|
specifies a row status of createAndGo.
|
|
|
|
Once the connection sequence has been activated, it cannot be
|
|
stopped -- it will run until a crypto connection has been
|
|
established between source and destination.
|
|
|
|
Once the sequence completes, the management station should
|
|
retrieve the values of the status objects of interest, and
|
|
should then delete the entry. In order to prevent old
|
|
entries from clogging the table, entries will be aged out
|
|
30 minutes after they are created."
|
|
INDEX { cieTestConnSerialNumber }
|
|
::= { cieTestConnTable 1 }
|
|
|
|
CieTestConnEntry ::=
|
|
SEQUENCE {
|
|
-- index
|
|
cieTestConnSerialNumber
|
|
Integer32,
|
|
-- configuration items
|
|
cieTestConnProtectedAddr
|
|
IpAddress,
|
|
cieTestConnUnprotectedAddr
|
|
IpAddress,
|
|
cieTestConnTrapOnCompletion
|
|
TruthValue,
|
|
cieTestConnCryptoMapName
|
|
DisplayString,
|
|
cieTestConnCryptoMapTagNumber
|
|
Integer32,
|
|
-- status items
|
|
cieTestConnSessionStatus
|
|
INTEGER,
|
|
cieTestConnEntryOwner
|
|
OwnerString,
|
|
cieTestConnEntryStatus
|
|
RowStatus
|
|
}
|
|
|
|
cieTestConnSerialNumber OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Object which specifies a unique entry in the
|
|
cieTestConnTable. A management station wishing
|
|
to initiate a crypto session test operation should use a
|
|
pseudo-random value for this object when creating
|
|
an instance of a cieTestConnEntry.
|
|
The RowStatus semantics of the cieTestConnEntryStatus
|
|
object will prevent access conflicts."
|
|
::= { cieTestConnEntry 1 }
|
|
|
|
cieTestConnProtectedAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the protected (secure) node, for
|
|
the test connection."
|
|
::= { cieTestConnEntry 2 }
|
|
|
|
cieTestConnUnprotectedAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the unprotected (insecure) node for
|
|
the test connection."
|
|
|
|
::= { cieTestConnEntry 3 }
|
|
|
|
cieTestConnTrapOnCompletion OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether or not a cieTestCompletion
|
|
trap should be issued on completion of test crypto session.
|
|
If such a trap is desired, it is the responsibility of the
|
|
management entity to ensure that the SNMP administrative
|
|
model is configured in such a way as to allow the trap to
|
|
be delivered."
|
|
DEFVAL { false }
|
|
::= { cieTestConnEntry 4 }
|
|
|
|
cieTestConnCryptoMapName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies name of the crypto map already configured on the
|
|
router. A crypto map along with its tag number fully
|
|
specifies the enryption policy, such as type of algorithm to
|
|
be used, the name of the peer router and access list."
|
|
::= { cieTestConnEntry 5 }
|
|
|
|
cieTestConnCryptoMapTagNumber OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies tag number of the crypto map already configured on
|
|
the router. A crypto map along with its tag number fully
|
|
specifies the enryption policy, such as type of algorithm to
|
|
be used, the name of the peer router and access list."
|
|
::= { cieTestConnEntry 6 }
|
|
|
|
cieTestConnSessionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
inProgress(1),
|
|
fail(2),
|
|
success(3),
|
|
badCryptoMapName(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to a value that indicates whether a crypto session was
|
|
successfully established, failed or the connection
|
|
establishment process is in progress. If the specified crypto
|
|
map is not configured, value is set to badCryptoMapName."
|
|
::= { cieTestConnEntry 7 }
|
|
|
|
cieTestConnEntryOwner OBJECT-TYPE
|
|
SYNTAX OwnerString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entity that configured this entry."
|
|
::= { cieTestConnEntry 8 }
|
|
|
|
cieTestConnEntryStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this table entry. Once the entry status is
|
|
set to active, the associate entry cannot be modified until
|
|
the sequence completes (cieTestConnSessionStatus has
|
|
value other than inprogress )."
|
|
DEFVAL { createAndGo }
|
|
::= { cieTestConnEntry 9 }
|
|
|
|
|
|
cieMIBTrapPrefix OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIB 2 }
|
|
cieMIBTraps OBJECT IDENTIFIER ::= { cieMIBTrapPrefix 0 }
|
|
|
|
cieTestCompletion NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cieTestConnSessionStatus,
|
|
cieTestConnProtectedAddr,
|
|
cieTestConnUnprotectedAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cieTestCompletion trap is sent at the completion
|
|
of a crypto session establishment if such a trap was requested
|
|
when the sequence was initiated. "
|
|
::= { cieMIBTraps 1 }
|
|
|
|
-- conformance information
|
|
|
|
cieMIBConformance OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIB 3 }
|
|
|
|
cieMIBCompliances OBJECT IDENTIFIER ::= { cieMIBConformance 1 }
|
|
|
|
cieMIBGroups OBJECT IDENTIFIER ::= { cieMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
cieMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the Cisco Encryption MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cieMIBGroup }
|
|
::= { cieMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
cieMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cieConfiguredAlgorithms,
|
|
cieEncryptionKeyTimeout,
|
|
cieNumberOfCryptoEngines,
|
|
cieEngineID,
|
|
cieEngineCardIndex,
|
|
cieEnginePublicKey,
|
|
cieEsaTampered,
|
|
cieEsaAuthenticated,
|
|
cieEsaMode,
|
|
cieNumberOfConnections,
|
|
cieProtectedAddr,
|
|
cieUnprotectedAddr,
|
|
cieConnStatus,
|
|
ciePktsEncrypted,
|
|
ciePktsDecrypted,
|
|
ciePktsDropped,
|
|
cieLocalTimeEstablished,
|
|
cieAlgorithmType,
|
|
cieTestConnProtectedAddr,
|
|
cieTestConnUnprotectedAddr,
|
|
cieTestConnTrapOnCompletion,
|
|
cieTestConnCryptoMapName,
|
|
cieTestConnCryptoMapTagNumber,
|
|
cieTestConnSessionStatus,
|
|
cieTestConnEntryOwner,
|
|
cieTestConnEntryStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing information about
|
|
IP crypto subsystem."
|
|
::= { cieMIBGroups 1 }
|
|
|
|
END
|