eosn-security.my

-- **********************************************************************
-- EOSN-SECURITY-MIB: McDATA EOSN Santegrity II Enterprise MIB (SMIv2).
-- as supported on Intreprid 10K
--
-- REVISION HISTORY
-- Date      PRG  Description
-- ======================================================================
-- Release 1.0
--
-- 04/15/05  vk  Initial version
--
-- Copyright (c) 2005 McDATA Corp.  All rights reserved.
-- **********************************************************************
--
EOSN-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY,
    NOTIFICATION-TYPE, TimeTicks, IpAddress, 
    Counter32, Counter64, Integer32, 
    Unsigned32, Gauge32                         FROM SNMPv2-SMI

    TEXTUAL-CONVENTION, TruthValue, 
    RowStatus, DisplayString, TimeStamp         FROM SNMPv2-TC

    MODULE-COMPLIANCE, OBJECT-GROUP             FROM SNMPv2-CONF

    SnmpAdminString                             FROM SNMP-FRAMEWORK-MIB
    FcAddressId,
    FcNameId                                    FROM FCMGMT-MIB
    
    eosnModules, eosnMIB                        FROM  EOSN-REG
    
    BbFcAddrType,
    BbEnabledStatus,
    BbDomainId,
    BbPortIndex,
    BbRowStatusWithoutNotInService,
    BbVfID                                      FROM EOSN-TC

    bbSantegrity2,
    bbSysSwitchName,
    bbSysSwitchId,
    bbFcPortEntry                               FROM  EOSN-MIB
     
    bbNotifications                             FROM EOSN-TRAP-MIB;


eosnSecurityModule MODULE-IDENTITY
        LAST-UPDATED    "0504150000Z"
        ORGANIZATION    "McDATA Corporation"
        CONTACT-INFO
        "       McDATA Corporation

        Postal: 4555 Great America Pkw, Suite 401
                Santa Clara, CA 95054 
                USA
 
           Tel: +1-800.752.4572
        E-mail: support@mcdata.com
           Web: www.mcdata.com

       "
        DESCRIPTION
        "This MIB module describes Santegrity II feature 
        supported on the Intrepid 10k family."
        REVISION        "200504150000Z"
        DESCRIPTION
        "Initial version of this module."
        ::= { eosnModules 7 }

bbSecurityObjects  OBJECT IDENTIFIER ::= { bbSantegrity2 1 }

--
-- Global Director security settings
--

bbSecurityGeneral  OBJECT IDENTIFIER ::= { bbSecurityObjects 1 }



--
-- RADIUS server configuration
--

bbRadius  OBJECT IDENTIFIER ::= { bbSecurityObjects 2 }

bbRadiusServerDeadTime    OBJECT-TYPE
    SYNTAX      Integer32  (0..1440)
    UNITS       "minutes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The time in minutes that a RADIUS server is marked as down
        after failing to respond to all retries. If there is another
        RADIUS server available as a backup for this one, no requests
        are sent to the failed server until the recovery time expires.
        This avoids the timeout delay on later RADIUS requests.  If there
        is no backup, then the recovery time has no effect and later
        requests are still sent to this server."
    DEFVAL      { 0 }
    ::= { bbRadius 1 }

bbRadiusServersMax  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of RADIUS servers that may be configured
        on this Director."
    ::= { bbRadius 2 }

bbRadiusServerCount  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of RADIUS servers configured
        on this Director.  This value will always be less than or equal to
        bbRadiusServersMax"
    ::= { bbRadius 3 }

bbRadiusServerAvailableIndex  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unused index in the bbRadiusServerTable.  When management applications
        create a new row in the bbRadiusServerTable, they may (but are not required
        to) read bbRadiusServerAvailableIndex to choose an index value for the new row.
        If bbRadiusServerAvailableIndex is read twice in succession, it may return
        the same value.  An index is not reserved until a management application
        uses it to set bbRadiusServerRowStatus to createAndWait(5).
        If two management stations happen to create a new row at the same time,
        the second createAndWait operation fails, and the second management station
        must repeat the index selection process.
        If no more indexes are available, bbRadiusServerAvailableIndex returns 0."
    ::= { bbRadius 4 }



bbRadiusServerTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF BbRadiusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The list of RADIUS servers configured on this Director."
    ::= { bbRadius 8 }

bbRadiusServerEntry  OBJECT-TYPE
    SYNTAX      BbRadiusServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry describing one RADIUS server."
    INDEX   { bbRadiusServerIndex }
    ::= { bbRadiusServerTable 1 }

BbRadiusServerEntry ::= SEQUENCE {
    bbRadiusServerIndex           Integer32,
    bbRadiusServerAddress         IpAddress,
    bbRadiusServerPort            Integer32,
    bbRadiusServerType                INTEGER,
    bbRadiusServerSecret          OCTET STRING,
    bbRadiusServerTimeout         Integer32,
    bbRadiusServerRetries         Integer32,
    bbRadiusServerRowStatus       RowStatus
    }

bbRadiusServerIndex  OBJECT-TYPE
    SYNTAX      Integer32 (1..3)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An arbitrary index to identify this RADIUS server.  The
         index value is between 1 and bbRadiusMaxServers, inclusive."
    ::= { bbRadiusServerEntry 1 }


bbRadiusServerAddress    OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The IP Address of this RADIUS server."
    ::= { bbRadiusServerEntry 2 }

bbRadiusServerPort    OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The UDP port on which the RADIUS server is listening.
        The default port for RADIUS servers is 1812."
    DEFVAL      { 1812 }
    ::= { bbRadiusServerEntry 3 }

bbRadiusServerType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    primary(1),
                    secondary(2),
                    tertiary(3)  }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Specifies the radius server preference.  It can be primary or
            secondary or tertiary."
    DEFVAL      { primary }
    ::= { bbRadiusServerEntry 4 }

bbRadiusServerSecret    OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (1..255))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The shared secret to authenticate this Director to the RADIUS server.
        When read, bbRadiusServerSecret returns an empty string."
    ::= { bbRadiusServerEntry 5 }

bbRadiusServerTimeout    OBJECT-TYPE
    SYNTAX      Integer32 (1..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The time in seconds to wait for a response from the RADIUS server
        before retrying the request."
    DEFVAL      { 2 }
    ::= { bbRadiusServerEntry 6 }

bbRadiusServerRetries    OBJECT-TYPE
    SYNTAX      Integer32 (1..100)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The number of times to repeat a RADIUS request if no response
        is received from the RADIUS server."
    DEFVAL      { 3 }
    ::= { bbRadiusServerEntry 7 }

bbRadiusServerRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Creates and deletes table entries, using the RowStatus convention.
        To add a new RADIUS Server, set bbRadiusServerRowStatus to createAndGo(4)
        and fill in all the required parameters.
        To delete a RADIUS Server, set bbRadiusServerRowStatus to destroy(6).
        A delete operation would create holes in the index and 
        bbRadiusServerAvailableIndex will return unused index.
        To enable the radius server entry set this object to active(1).
        To disable the radius server entry set this object to notInService(2)."
    ::= { bbRadiusServerEntry 8 }

--
-- RADIUS client (RADIUS user) configuration
--

bbInterfaceCount  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of interfaces (users of the Authentication Service)
        in the bbInterfaceTable.
        This number is constant for a particular firmware version."
    ::= { bbRadius 9 }

bbInterfaceTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF BbInterfaceEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table defines the RADIUS servers used by each interface.
        There is one table entry for interface. An interface is a
        task that uses Authentication Services. Example interfaces
        are CLI/Telnet, xml, NMRU."
    ::= { bbRadius 10 }

bbInterfaceEntry  OBJECT-TYPE
    SYNTAX      BbInterfaceEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry describing one interface."
    INDEX   { bbInterfaceIndex }
    ::= { bbInterfaceTable 1 }

BbInterfaceEntry ::= SEQUENCE  {
    bbInterfaceIndex                    INTEGER,
    bbInterfaceAuthSource               INTEGER,
    bbInterfaceAuthType                 INTEGER
    }

bbInterfaceIndex  OBJECT-TYPE
    SYNTAX      INTEGER {
                    cli(1),
                    xml(2),
                    nmru(4),
                    fcct(5),
                    eport(6),
                    fport(7)  }
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Identifies the interface configured by this table entry."
    ::= { bbInterfaceEntry 1 }

bbInterfaceAuthSource  OBJECT-TYPE
    SYNTAX      INTEGER {
                    radius(1),
                    local(2),
                    radiusOrLocal(3)  }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Specifies the authentication source for this interface:
            radius(1) - use only the listed RADIUS server(s) for authentication.
            local(2) - use only the local authentication database; no RADIUS.
            radiusOrLocal(3) - use the listed RADIUS server(s) if available first,
                or use the local authentication database if none of the servers
                could be reached."
    DEFVAL      { local }
    ::= { bbInterfaceEntry 2 }

bbInterfaceAuthType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    chap(1),
                    pap(2),
                    fcctMsAuth(3)  }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Specifies the authentication Type for this interface
            chap(1) - f and e ports and nmru uses chap by default
            pap(2) -  telnet, ssh uses pap by default
            fcctMsAuth(3) - fcct uses fcctMsAuth by default"
    DEFVAL      { pap }
    ::= { bbInterfaceEntry 3 }



--
-- Local user authentication database configuration
--
-- These tables define the contents of the local authentication database,
-- used as an alternative to RADIUS authentication.
-- The local database contains user login names, port and switch WWNs

bbLocalAuthDb  OBJECT IDENTIFIER ::= { bbSecurityObjects 3 }

bbAuthPapMax  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of user names that may be configured
        on this Director.  The max number is 24."
    ::= { bbLocalAuthDb 1 }

bbAuthPapCount  OBJECT-TYPE
    SYNTAX      Integer32 (0..24)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of user names in the bbAuthPapTable.  This value
        will be less than or equal to bbAuthPapMax."
    ::= { bbLocalAuthDb 2 }

bbAuthPapTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF BbAuthPapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The list of authenticated user names on this Director."
    ::= { bbLocalAuthDb 3 }

bbAuthPapEntry  OBJECT-TYPE
    SYNTAX      BbAuthPapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry describing one user name."
    INDEX   { bbAuthPapIndex }
    ::= { bbAuthPapTable 1 }

BbAuthPapEntry ::= SEQUENCE {
    bbAuthPapIndex           Integer32,
    bbAuthPapName            DisplayString,
    bbAuthPapPassword        OCTET STRING,
    bbAuthPapRole            INTEGER,
    bbAuthPapInterfaces      BITS,
    bbAuthPapRowStatus       RowStatus
    }

bbAuthPapIndex  OBJECT-TYPE
    SYNTAX      Integer32 (1..25)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An arbitrary index to identify this PAP entry.  The
         index value is between 1 and 25, inclusive."
    ::= { bbAuthPapEntry 1 }

bbAuthPapName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..24))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The user login name to be authenticated."
    ::= { bbAuthPapEntry 2 }

bbAuthPapPassword    OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (1..24))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The password for this table entry's user name.  When read, 
        bbAuthPapPassword returns an empty string."
    ::= { bbAuthPapEntry 3 }

bbAuthPapRole    OBJECT-TYPE
    SYNTAX      INTEGER { notApplicable(0), operator(1), administrator(2), partition-administrator(3) }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Identifies the user's role that
        defines which operations are permitted for the user.
        notApplicable(0) - the role is not applicable.
        operator(1) - has only read-only & certain read-write capability
        administrator (2) - Has Device Administratorion privilege + read-write capability
        partition-administrator(3) - parition managment + read-write capability"
    DEFVAL      { operator }
    ::= { bbAuthPapEntry 4 }

bbAuthPapInterfaces    OBJECT-TYPE
    SYNTAX      BITS {
                    cli(1),
                    xml(2)
                    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The interfaces that this authenticated name is allowed to use.
         This is a required field in creation of a row."
    ::= { bbAuthPapEntry 5 }

bbAuthPapRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Creates and deletes entries in the local authorization database,
        using the RowStatus convention.
        Setting userAuthRowStatus to createAndGo(4) 
        ) fails if the index is already in use (as per rfc2579)
        or if the maximum number of users has been reached.
        To delete an authenticated name, set userAuthRowStatus to destroy(6).
        Only createAndGo(4) and destroy(6) is supported."
    ::= { bbAuthPapEntry 6 }


bbAuthChapMax  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of port or node WWNs that may be configured
        in this Director's local authentication database."
    ::= { bbLocalAuthDb 5 }

bbAuthChapCount  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of WWNs in the bbAuthChapTable.  This value will
        be always less than or equal to bbAuthChapMax"
    ::= { bbLocalAuthDb 6 }

bbAuthChapTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF BbAuthChapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The list of authenticated WWNs on this Director."
    ::= { bbLocalAuthDb 8 }

bbAuthChapEntry  OBJECT-TYPE
    SYNTAX      BbAuthChapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry describing authentication attributes for one WWN."
    INDEX   { bbAuthChapIndex }
    ::= { bbAuthChapTable 1 }

BbAuthChapEntry ::= SEQUENCE {
    bbAuthChapIndex        Integer32,
    bbAuthChapName         DisplayString,
    bbAuthChapSecret       OCTET STRING,
    bbAuthChapInterfaces   BITS,
    bbAuthChapRowStatus    RowStatus
    }

bbAuthChapIndex  OBJECT-TYPE
    SYNTAX      Integer32 (1..1024)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An arbitrary index to identify this Chap entry.  The
         index value is between 1 and 1024, inclusive."
    ::= { bbAuthChapEntry 1 }

bbAuthChapName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..24))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The port or node WWN or nmru user to be authenticated."
    ::= { bbAuthChapEntry 2 }

bbAuthChapSecret   OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The CHAP secret for this WWN.  The secret is typically
        a text string, but unprintable bytes are accepted also.
        This secret must match the secret configured on the FC device.
        The Director uses this secret when authenticating
        FC devices attached to an F Port via the local
        authentication database.  When read, bbAuthChapSecret returns an 
        empty string."
    ::= { bbAuthChapEntry 3 }

bbAuthChapInterfaces    OBJECT-TYPE
    SYNTAX      BITS {
                    nmru(4),
                                fcct(5),
                    eport(6),
                    fport(7)
                    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The interfaces that this authenticated name is allowed to use.
         This is a required field in creation of a row."
    ::= { bbAuthChapEntry 4 }

bbAuthChapRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Creates and deletes entries in the local authorization database,
        using the RowStatus convention.
        Setting userRowStatus to createAndGo(4) or
        fails if the index is already in use (as per rfc2579)
        or if the maximum number of WWNs has been reached.
        To delete an authenticated WWN, set wwnAuthRowStatus to destroy(6).
        Only createAndGo(4) and destroy(6) is supported."
    ::= { bbAuthChapEntry 5 }

bbNmruAuthOutgoingState  OBJECT-TYPE
    SYNTAX      BbEnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Specifies whether the Director initiates 
        authentication for NMRU interface."
    DEFVAL      { enabled }
    ::= { bbLocalAuthDb 9 }

bbAuthPapAvailableIndex  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unused index in the bbAuthPapTable.  When management applications
        create a new row in the bbAuthPapTable, they may (but are not required
        to) read bbAuthPapAvailableIndex to choose an index value for the new row.
        If bbAuthPapAvailableIndex is read twice in succession, it may return
        the same value.  An index is not reserved until a management application
        uses it to set bbAuthPapRowStatus to createAndWait(5).
        If two management stations happen to create a new row at the same time,
        the second createAndWait operation fails, and the second management station
        must repeat the index selection process.
        If no more indexes are available, bbAuthPapAvailableIndex returns 0."
    ::= { bbLocalAuthDb 10 }

bbAuthChapAvailableIndex  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unused index in the bbAuthChapTable.  When management applications
        create a new row in the bbAuthChapTable, they may (but are not required
        to) read bbAuthChapAvailableIndex to choose an index value for the new row.
        If bbAuthChapAvailableIndex is read twice in succession, it may return
        the same value.  An index is not reserved until a management application
        uses it to set bbAuthChapRowStatus to createAndWait(5).
        If two management stations happen to create a new row at the same time,
        the second createAndWait operation fails, and the second management station
        must repeat the index selection process.
        If no more indexes are available, bbAuthChapAvailableIndex returns 0."
    ::= { bbLocalAuthDb 11 }


--
-- FC Port Authentication settings
--

bbPortAuthentication  OBJECT IDENTIFIER ::= { bbSecurityObjects 4 }

bbVfGlobalPortAuthTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF BBVfGlobalPortAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table for auth interface parameters for a specific virtual fabric."
    ::= { bbPortAuthentication 1 }

bbVfGlobalPortAuthEntry OBJECT-TYPE
    SYNTAX      BBVfGlobalPortAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry of the auth interface table, containing one
         row for each virtual fabric per partition."
    INDEX   { bbVfGlobalPortAuthVfId }
    ::= { bbVfGlobalPortAuthTable 1}

BBVfGlobalPortAuthEntry ::=
    SEQUENCE {
        bbVfGlobalPortAuthVfId          BbVfID,
        bbVfDefaultFPortAuthEnable      TruthValue,
        bbVfDefaultEPortAuthEnable      TruthValue,
        bbVfDefaultOsmsAuthEnable       TruthValue

    }

bbVfGlobalPortAuthVfId OBJECT-TYPE
    SYNTAX      BbVfID
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION  "The VF ID instance in which auth interface is being authenticated."
    ::= { bbVfGlobalPortAuthEntry 1 }

bbVfDefaultFPortAuthEnable  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Default authentication setting for FC devices attached to ports. 
        If true(1), the default behavior for each FC port is to
        authenticate attached FC devices via CHAP.  If false(2), the default
        behavior is to allow any device to login.  The default behavior can
        be overridden for individual ports in the bbPortAuthTable."
    ::= { bbVfGlobalPortAuthEntry 2 }

bbVfDefaultEPortAuthEnable  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Default authentication setting for FC Switches attached to ports. 
        If true(1), the default behavior for each E port is to
        authenticate attached FC switches via CHAP.  If false(2), the default
        behavior is to allow any switches to login.  The default behavior can
        be overridden for individual ports in the bbPortAuthTable."
    ::= { bbVfGlobalPortAuthEntry 3 }

bbVfDefaultOsmsAuthEnable  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "authentication setting for OSMS.
        If true(1), the default behavior for OSMS is to
        authenticate attached FC switches via fcct.  If false(2), the default
        behavior is to allow any switches to login."
    ::= { bbVfGlobalPortAuthEntry 4 }



bbPortAuthTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF BbPortAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "CHAP Authentication settings for each FC Port on the
        Director. This table contains one entry for each FC-capable port
        on the Director."
    ::= { bbPortAuthentication 2 }

bbPortAuthEntry  OBJECT-TYPE
    SYNTAX      BbPortAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry describing the CHAP authentication enable setting for one port."
    INDEX { bbPortAuthVfId, bbPortAuthPortIndex}
    ::= { bbPortAuthTable 1 }

BbPortAuthEntry ::= SEQUENCE {
    bbPortAuthPortIndex  BbPortIndex,
    bbPortAuthVfId       BbVfID,
    bbPortAuthEnabled    INTEGER
    }

bbPortAuthPortIndex  OBJECT-TYPE
    SYNTAX              BbPortIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The port index used to query the bbPortAuthTable table. 
        It equals the port number +1."
        ::= { bbPortAuthEntry 1 }

bbPortAuthVfId OBJECT-TYPE
    SYNTAX      BbVfID
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION  "The VF ID instance in which the port is being authenticated."
    ::= { bbPortAuthEntry 2 }


bbPortAuthEnabled  OBJECT-TYPE
    SYNTAX      INTEGER {enable(1), disable(2), default(3)}
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Enables CHAP authentication on this FC port.  Values are:
        enable(1) - always perform authentication.
        disable(2) - never perform authentication.
        default(3) - perform authentication according to the default settings
                    defined in bbDefaultFPortAuthEnable."
    ::= { bbPortAuthEntry 3 }


-- **************************************
-- OSMS security parameter configuration
-- **************************************
bbOsmsAuthDb  OBJECT IDENTIFIER ::= { bbSecurityObjects 5 }

bbOsmsAuthTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF BBOsmsAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table for osms secuirty parameters for a specific virtual fabric."
    ::= { bbOsmsAuthDb 1 }

bbOsmsAuthEntry OBJECT-TYPE
    SYNTAX      BBOsmsAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry of the osms secuirty table, containing one
         row for each virtual fabric per partition."
    INDEX   { bbOsmsAuthVfId }
    ::= { bbOsmsAuthTable 1}

BBOsmsAuthEntry ::=
    SEQUENCE {
        bbOsmsAuthVfId          BbVfID,
        bbOsmsAuthSecret        OCTET STRING
    }

bbOsmsAuthVfId OBJECT-TYPE
    SYNTAX      BbVfID
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION  "The VF ID instance in which OSMS is being authenticated."
    ::= { bbOsmsAuthEntry 1 }


bbOsmsAuthSecret    OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The shared secret to authenticate this Director to the OSMS server.
        When read, bbOsmsAuthSecret returns an empty string."
    ::= { bbOsmsAuthEntry 2 }
END
OID .1.3.6.1.4.1.289.2.2.1.1.7OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.1
OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.4OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.4OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.5OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.6OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.7OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.8.1.8OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.9OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.10OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.10.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.10.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.10.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.2.10.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1.4OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1.5OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.3.1.6
OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.5OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.6OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8.1.4OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.8.1.5OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.9OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.10OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.3.11OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.1.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.1.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.1.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.1.1.4OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.2.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.2.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.2.1.2OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.4.2.1.3OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.5OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.5.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.5.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.5.1.1.1OID .1.3.6.1.4.1.289.2.2.3.1.6.13.1.5.1.1.2