-- *****************************************************************
-- CISCO-CRYPTO-ACCELERATOR-MIB.my: A MIB to instrument status and
-- performance of crypto accelerator
-- modules.
--
-- Jan 2005, S Ramakrishnan
--
-- Copyright (c) 2005 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************CISCO-CRYPTO-ACCELERATOR-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,NOTIFICATION-TYPE,OBJECT-TYPE,Unsigned32,Integer32,Counter64,TimeTicksFROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
TruthValue,TEXTUAL-CONVENTIONFROM SNMPv2-TC
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
EntPhysicalIndexOrZero
FROM CISCO-TC
ciscoMgmt
FROM CISCO-SMI
ModuleOperType
FROM CISCO-ENTITY-FRU-CONTROL-MIB;ciscoCryptoAcceleratorMIB MODULE-IDENTITYLAST-UPDATED"200503080000Z"
ORGANIZATION"Cisco Systems, Inc."CONTACT-INFO" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-ipsecurity@cisco.com
"DESCRIPTION"The MIB module for monitoring the identity, status,
activity and faults of crypto accelerator (CA) modules
used in devices implementing security services.
The purpose of this MIB is to facilitate the following:
1) facilitate the discovery of hardware crypto
accelerator modules installed in a security device
2) monitor the activity, faults and performance of
hardware crypto accelerators and help the Network
Management Station (NMS) correlate the performance
of the CA modules with that of the security services
(IPsec, SSL, SSH, PKI etc) using the modules.
"REVISION"200503080000Z"DESCRIPTION"Initial version of this module."::={ ciscoMgmt 467}-- +++++++++++++++++++++++++++++++++++++++++++++++++++
-- Local Textual Conventions
-- +++++++++++++++++++++++++++++++++++++++++++++++++++CAModuleType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"
This type yields the marketing label of the module
type and supplements the corresponding
entPhysicalVendorType MIB variable, if the crypto
accelerator has an entry in entPhysicalTable.
The value 'other' has been provided to keep the MIB
still applicable while new crypto accelerators
emerge.
'software' denotes the software implementation of
crypto functions.
'integrated' denotes crypto accelerator modules which
are integrated into the managed entity and are hence
not modular.
'sep' and 'sepe' are scalable encryption processors
used in VPN3000 series concentrators.
'a1700VpnModule' identifies the crypto accelerator
used in in 1700 series routers.
'aimVpn' series of crypto accelerators are designed
specifically for 2600 and 3700 platforms. Further,
the aimVpnII series also function on 2800 series
routers.
'aimVpn' series of crypto accelerators are designed
specifically for 2600 and 2700 platforms.
'isa' is designed for 7200 series routers.
'vam' series of crypto accelerators are to be used
on 7200 and 7300 series routers.
'vpnsm' denotes the Catalyst 6500 VPN service module,
which is deemed a sophisticated 'crypto accelerator'.
The 'caviumNitrox' series of crypto accelerators
represent the crypto accelerator chipsets used in
ASA devices.
"SYNTAXINTEGER{other(1),software(2),integrated(3),sep(4),sepe(5),a1700VpnModule(6),aimVpnIBp(7),aimVpnIEp(8),aimVpnIIBp(9),aimVpnIIEp(10),aimVpnIIHp(11),isa(12),vam(13),vam2(14),vam2plus(15),vpnsm(16),caviumNitrox(17),caviumNitroxII(18),caviumNitroxLite(19)}CAModuleCount ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"This type denotes the count of crypto accelerators."SYNTAXUnsigned32CAProtocolType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The security protocol using the services of the
crypto accelerator module. The list of protocols
supported commonly by crypto accelerators include
Internet Key Exchange (ike), IP Security Phase-2
protocols (ipsec), Secure Shell (ssh), Secure Socket
Layer (ssl) and Secure Real-time Transport Protocol
(srtp).
The value 'other' has been provided so that the MIB
may still be valid while new protocols emerge and
the MIB has not been updated to enumerate them."SYNTAXINTEGER{other(1),ikev1(2),ikev2(3),ipsec(4),ssl(5),ssh(6),srtp(7)}-- Crypto Accelerator MIB object definitionsciscoCryAcceleratorMIBNotifs OBJECTIDENTIFIER::={ ciscoCryptoAcceleratorMIB 0}ciscoCryAcceleratorMIBObjects OBJECTIDENTIFIER::={ ciscoCryptoAcceleratorMIB 1}ciscoCryAccleratorMIBConform OBJECTIDENTIFIER
::={ ciscoCryptoAcceleratorMIB 2}-- Capability objectsccaCapability OBJECTIDENTIFIER::={ ciscoCryAcceleratorMIBObjects 1}-- Activity/Statstics objectsccaActivity OBJECTIDENTIFIER::={ ciscoCryAcceleratorMIBObjects 2}ccaGlobalStats OBJECTIDENTIFIER::={ ccaActivity 1}-- Protocol-specific Activity/Statstics objectsccaProtocolActivity OBJECTIDENTIFIER::={ ccaActivity 3}-- Control of NotificationsccaAcNotifCntl OBJECTIDENTIFIER::={ ciscoCryAcceleratorMIBObjects 3}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Objects to instrument the capabilities of the feature.
--
-- This group defines the capacity of the managed device
-- in terms of the crypto accelerators
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ccaSupportsHwCrypto OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"This MIB object assumes the value of True if the
managed device is capable of including hardware crypto
accelerator.
"::={ ccaCapability 1}ccaSupportsModularHwCrypto OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This MIB object assumes the value of True if the
managed device supports field removable hardware
crypto accelerators.
"::={ ccaCapability 2}ccaMaxAccelerators OBJECT-TYPESYNTAXInteger32(-1..50)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The maximum number of hardware crypto accelerators
which may be simultaneously operational in this device.
If the managed device can support only software
encryption, the value of this MIB object should be set
to zero.
If there is not set limit on the maximum number of
crypto accelerator modules which the managed device
can support, the agent should return a value of '-1'
for this MIB variable.
"::={ ccaCapability 3}ccaMaxCryptoThroughput OBJECT-TYPESYNTAXUnsigned32
UNITS"megabits per second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The maximum crypto throughput that may be supported
by the managed device with the current number of active
crypto accelerators.
If this value cannot be determined, the agent should
return a value of 0.
"::={ ccaCapability 4}ccaMaxCryptoConnections OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The maximum number of VPN flows (connections) the managed
device can support with the current number of active
crypto accelerators.
If this value cannot be determined, the agent should
return a value of 0.
"::={ ccaCapability 5}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Activity objects
--
-- This group defines the current activity and performance of
-- of the crypto accelerators on the managed device.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ccaGlobalNumActiveAccelerators OBJECT-TYPESYNTAX CAModuleCount
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of crypto accelerators which are in state
'active'."::={ ccaGlobalStats 1}
ccaGlobalNumNonOperAccelerators OBJECT-TYPESYNTAX CAModuleCount
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of crypto accelerators which are in a state
other than 'active'.
"::={ ccaGlobalStats 2}ccaGlobalInOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets input to all the crypto
accelerators installed in the device.
The value is cumulative from last reboot of the
managed entity.
"::={ ccaGlobalStats 3}ccaGlobalOutOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets output by all the crypto
accelerators installed in the device.
The value is cumulative from last reboot of the
managed entity.
"::={ ccaGlobalStats 4}ccaGlobalInPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The total number of packets input to all the crypto
accelerators installed in the device.
The value is cumulative from last reboot of the
managed entity.
"::={ ccaGlobalStats 5}ccaGlobalOutPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets output by all the crypto
accelerators installed in the device.
The value is cumulative from last reboot of the
managed entity.
"::={ ccaGlobalStats 6}ccaGlobalOutErrPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets output by all the crypto
accelerators installed in the device which were found
to be generated with errors (checksum errors, other
errors).
The value is cumulative from last reboot of the
managed entity.
"::={ ccaGlobalStats 7}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Crypto Accelerator table: yields the status, type and activity
-- per card
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ccaAcceleratorTable OBJECT-TYPESYNTAXSEQUENCEOF CcaAcceleratorEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The crypto accelerator table. There is one entry
in this table for each crypto accelerator installed
in the managed device."::={ ccaActivity 2}ccaAcceleratorEntry OBJECT-TYPESYNTAX CcaAcceleratorEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes and statistics
of a crypto accelerator module installed on the managed
device."INDEX{ ccaAcclIndex }::={ ccaAcceleratorTable 1}
CcaAcceleratorEntry ::=SEQUENCE{
ccaAcclIndex Unsigned32,
ccaAcclEntPhysicalIndex EntPhysicalIndexOrZero,
ccaAcclStatus ModuleOperType,
ccaAcclType CAModuleType,
ccaAcclVersion SnmpAdminString,
ccaAcclSlot Unsigned32,
ccaAcclActiveTime TimeTicks,
ccaAcclInPkts Counter64,
ccaAcclOutPkts Counter64,
ccaAcclOutBadPkts Counter64,
ccaAcclInOctets Counter64,
ccaAcclOutOctets Counter64,
ccaAcclHashOutboundPkts Counter64,
ccaAcclHashOutboundOctets Counter64,
ccaAcclHashInboundPkts Counter64,
ccaAcclHashInboundOctets Counter64,
ccaAcclEncryptPkts Counter64,
ccaAcclEncryptOctets Counter64,
ccaAcclDecryptPkts Counter64,
ccaAcclDecryptOctets Counter64,
ccaAcclTransformsTotal Counter64,
ccaAcclDropsPkts Counter64,
ccaAcclRandRequests Counter64,
ccaAcclRandReqFails Counter64,
ccaAcclDHKeysGenerated Counter64,
ccaAcclDHDerivedSecretKeys Counter64,
ccaAcclRSAKeysGenerated Counter64,
ccaAcclRSASignings Counter64,
ccaAcclRSAVerifications Counter64,
ccaAcclRSAEncryptPkts Counter64,
ccaAcclRSAEncryptOctets Counter64,
ccaAcclRSADecryptPkts Counter64,
ccaAcclRSADecryptOctets Counter64,
ccaAcclDSAKeysGenerated Counter64,
ccaAcclDSASignings Counter64,
ccaAcclDSAVerifications Counter64,
ccaAcclOutboundSSLRecords Counter64,
ccaAcclInboundSSLRecords Counter64}ccaAcclIndex OBJECT-TYPESYNTAXUnsigned32(1..50)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index uniquely identifying a specific crypto
accelerator."::={ ccaAcceleratorEntry 1}ccaAcclEntPhysicalIndex OBJECT-TYPESYNTAX EntPhysicalIndexOrZero
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of entPhysicalIndex of the module
corresponding to this conceptual row or zero,
if the module is not an entity listed in
'entPhysicalTable' of rfc2737."::={ ccaAcceleratorEntry 2}ccaAcclStatus OBJECT-TYPESYNTAX ModuleOperType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The state of the crypto accelerator corresponding
to this row."::={ ccaAcceleratorEntry 3}ccaAcclType OBJECT-TYPESYNTAX CAModuleType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of the crypto accelerator corresponding to
this row."::={ ccaAcceleratorEntry 4}ccaAcclVersion OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The version string of the firmware of the crypto
accelerator corresponding to this row."::={ ccaAcceleratorEntry 5}ccaAcclSlot OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The slot number of the crypto accelerator
corresponding to this row."::={ ccaAcceleratorEntry 6}
ccaAcclActiveTime OBJECT-TYPESYNTAXTimeTicksUNITS"seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of seconds elapsed since the crypto
accelerator corresponding to this row transitioned
into the 'active' state."::={ ccaAcceleratorEntry 7}ccaAcclInPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module for
processing since the last reboot of the device."::={ ccaAcceleratorEntry 8}ccaAcclOutPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets output by this module after
processing, since last reboot of the device."::={ ccaAcceleratorEntry 9}ccaAcclOutBadPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The number of packets output by this module after
processing which had crypto errors, since last reboot
of the device."::={ ccaAcceleratorEntry 10}ccaAcclInOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets input to this module for
processing since last reboot of the device."::={ ccaAcceleratorEntry 11}ccaAcclOutOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets output by this module after
processing since last reboot of the device."::={ ccaAcceleratorEntry 12}ccaAcclHashOutboundPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets output by this module which
were prepared for hash validation since the last
reboot of the device.
Hash validation is a cryptographic operation used
to verify the integrity of a block of data received
from a trusted source.
"::={ ccaAcceleratorEntry 13}ccaAcclHashOutboundOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets output by this module which were
prepared for hash validation since the last reboot of
the device."::={ ccaAcceleratorEntry 14}ccaAcclHashInboundPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module which
required hash validation since the last reboot of
the device."::={ ccaAcceleratorEntry 15}ccaAcclHashInboundOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets input to this module which were
authenticated using hash validation since the last
reboot of the device."::={ ccaAcceleratorEntry 16}ccaAcclEncryptPkts OBJECT-TYPE
SYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module which
required encryption since the last reboot of the
device."::={ ccaAcceleratorEntry 17}ccaAcclEncryptOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets input to this module which
required encryption since the last reboot of the
device."::={ ccaAcceleratorEntry 18}ccaAcclDecryptPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module which
required decryption since the last reboot of the
device."::={ ccaAcceleratorEntry 19}ccaAcclDecryptOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"The number of octets input to this module which
required decryption since the last reboot of the
device."::={ ccaAcceleratorEntry 20}ccaAcclTransformsTotal OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of cryptographic transformations performed
by this crypto accelerator since the last reboot of the
device."::={ ccaAcceleratorEntry 21}ccaAcclDropsPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module which were
dropped prior to processing since the last reboot of
the device."::={ ccaAcceleratorEntry 22}ccaAcclRandRequests OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of requests received by this crypto
accelerator to generate random numbers since the last
reboot of the device."::={ ccaAcceleratorEntry 23}
ccaAcclRandReqFails OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of random number requests received by this
module which were not fulfilled, counted since the last
reboot of the device."::={ ccaAcceleratorEntry 24}ccaAcclDHKeysGenerated OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of Diffie Hellman key pairs generated by
this module since the last reboot."::={ ccaAcceleratorEntry 25}ccaAcclDHDerivedSecretKeys OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times this module has derived Diffie Hellman
secret keys since the last reboot of the device."::={ ccaAcceleratorEntry 26}ccaAcclRSAKeysGenerated OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of times a new RSA key pair was generated
by this module, counted since the last time this module
assumed 'active' status."::={ ccaAcceleratorEntry 27}ccaAcclRSASignings OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times an RSA Digital Signature has been
generated by this module, counted since the last time
this module assumed 'active' status."::={ ccaAcceleratorEntry 28}ccaAcclRSAVerifications OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times an RSA Digital Signature has
been verified by this module, counted since the last
time this module assumed 'active' status."::={ ccaAcceleratorEntry 29}ccaAcclRSAEncryptPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module which
required RSA encryption, counted since the last time
this module assumed 'active' status."::={ ccaAcceleratorEntry 30}ccaAcclRSAEncryptOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets input to this module which
required RSA encryption, counted since the last time
this module assumed 'active' status."::={ ccaAcceleratorEntry 31}ccaAcclRSADecryptPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of packets input to this module which
required RSA decryption, counted since the last time
this module assumed 'active' status."::={ ccaAcceleratorEntry 32}ccaAcclRSADecryptOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of octets input to this module which
required RSA decryption, counted since the last time
this module assumed 'active' status."::={ ccaAcceleratorEntry 33}
ccaAcclDSAKeysGenerated OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times DSA key pair has been generated by
this module, counted since the last time this module
assumed 'active' status."::={ ccaAcceleratorEntry 34}ccaAcclDSASignings OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times DSA signature has been generated
by this module, counted since the last time this module
assumed 'active' status."::={ ccaAcceleratorEntry 35}ccaAcclDSAVerifications OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times DSA signature has been verified
by this module, counted since the last time this module
assumed 'active' status."::={ ccaAcceleratorEntry 36}ccaAcclOutboundSSLRecords OBJECT-TYPESYNTAXCounter64
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of combined outbound hash/encrypt SSL
records processed by this module, counted since the
last time this module assumed 'active' status."::={ ccaAcceleratorEntry 37}ccaAcclInboundSSLRecords OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of combined inbound hash/encrypt SSL
records processed by this module, counted since the
last time this module assumed 'active' status."::={ ccaAcceleratorEntry 38}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Protocol-specific crypto accelerator stats: only IKE, IPsec
-- SSL, SSH and sRTP are supported at this time.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ccaProtocolStatsTable OBJECT-TYPESYNTAXSEQUENCEOF CcaProtocolStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The crypto accelerator statistics catalogued by
security protocol causing the activity. There is only
entry in this table for each security protocol listed
in the textual convention 'CAProtocolType'."::={ ccaProtocolActivity 1}
ccaProtocolStatsEntry OBJECT-TYPESYNTAX CcaProtocolStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the statistics corresponding to
a specific security protocol."INDEX{ ccaProtId }::={ ccaProtocolStatsTable 1}
CcaProtocolStatsEntry ::=SEQUENCE{
ccaProtId CAProtocolType,
ccaProtPktEncryptsReqs Counter64,
ccaProtPktDecryptsReqs Counter64,
ccaProtHmacCalcReqs Counter64,
ccaProtSaCreateReqs Counter64,
ccaProtSaRekeyReqs Counter64,
ccaProtSaDeleteReqs Counter64,
ccaProtPktEncapReqs Counter64,
ccaProtPktDecapReqs Counter64,
ccaProtNextPhaseKeyAllocReqs Counter64,
ccaProtRndGenReqs Counter64,
ccaProtFailedReqs Counter64}ccaProtId OBJECT-TYPESYNTAX CAProtocolType
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"The index uniquely identifies the security protocol
for which this row summarizes the statistics."::={ ccaProtocolStatsEntry 1}ccaProtPktEncryptsReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of payload encrypt requests received by
the crypto accelerators from this security protocol,
counted since the last reboot of the device."::={ ccaProtocolStatsEntry 2}ccaProtPktDecryptsReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of payload decrypt requests received by
the crypto accelerators from this security protocol,
counted since the last reboot of the device."::={ ccaProtocolStatsEntry 3}ccaProtHmacCalcReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times keyed HMAC calculation requests
were received by the crypto accelerators due to the
operation of this security protocol, counted since
the last reboot of the device."::={ ccaProtocolStatsEntry 4}ccaProtSaCreateReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for creation of
security associations were received by the crypto
accelerators from this security protocol, counted
since the last reboot of the device."::={ ccaProtocolStatsEntry 5}ccaProtSaRekeyReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for rekeying of
existing security associations were received by
the crypto accelerators from this security protocol,
counted since the last reboot of the device."::={ ccaProtocolStatsEntry 6}ccaProtSaDeleteReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for deletion of
security associations were received by the crypto
accelerators from this security protocol, counted
since the last reboot of the device."::={ ccaProtocolStatsEntry 7}ccaProtPktEncapReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for payload
encapsulation were received by the crypto accelerators
from this security protocol, counted since the last
reboot of the device."::={ ccaProtocolStatsEntry 8}ccaProtPktDecapReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for payload decapsulation
were received by the crypto accelerators from this
security protocol, counted since the last reboot of
the device."::={ ccaProtocolStatsEntry 9}ccaProtNextPhaseKeyAllocReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for allocation of
keys for the next phase of the protocol operation
which were received by the crypto accelerators from
this security protocol, counted since the last reboot
of the device.
As an example, for IKE, this would identify the number
of times key allocation requests for Quick Mode were
received by the crypto accelerator from the IKE protocol
engine."::={ ccaProtocolStatsEntry 10}ccaProtRndGenReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests for generation of
random number(s) were received by the crypto
accelerators from this security protocol, counted
since the last reboot of the device."::={ ccaProtocolStatsEntry 11}ccaProtFailedReqs OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times requests received from this
security protocol could not be fulfilled, counted
since the last reboot of the device."::={ ccaProtocolStatsEntry 12}--
-- Notification Configuration
--ccaNotifCntlAcclInserted OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-write
STATUScurrentDESCRIPTION"This variable controls the generation of
'ciscoCryAccelInserted' notification.
When this variable is set to 'true', generation
of the notification is enabled. When this variable
is set to 'false', generation of the notification
is disabled.
"::={ ccaAcNotifCntl 1}ccaNotifCntlAcclRemoved OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This variable controls the generation of
'ciscoCryAccelRemoved' notification.
When this variable is set to 'true', generation of
the notification is enabled. When this variable is
set to 'false', generation of the notification is
disabled.
"::={ ccaAcNotifCntl 2}ccaNotifCntlAcclOperational OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This variable controls the generation of
'ciscoCryAccelOperational' notification.
When this variable is set to 'true', generation
of the notification is enabled. When this variable
is set to 'false', generation of the notification
is disabled.
"::={ ccaAcNotifCntl 3}
ccaNotifCntlAcclDisabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This variable controls the generation of
'ciscoCryAccelDisabled' notification.
When this variable is set to 'true', generation of
the notification is enabled. When this variable is
set to 'false', generation of the notification is
disabled.
"DEFVAL{ false }::={ ccaAcNotifCntl 4}-- ******************************************************************
-- Notifications
-- ******************************************************************ciscoCryAccelInserted NOTIFICATION-TYPEOBJECTS{ ccaAcclSlot }STATUScurrentDESCRIPTION"A crypto accelerator module has been inserted into the
managed device.
"::={ ciscoCryAcceleratorMIBNotifs 1}ciscoCryAccelRemoved NOTIFICATION-TYPEOBJECTS{ ccaAcclSlot }STATUScurrentDESCRIPTION"A crypto accelerator module has been removed from the
managed device.
"::={ ciscoCryAcceleratorMIBNotifs 2}
ciscoCryAccelOperational NOTIFICATION-TYPEOBJECTS{ ccaAcclSlot }STATUScurrentDESCRIPTION"A crypto accelerator module has become operational."::={ ciscoCryAcceleratorMIBNotifs 3}ciscoCryAccelDisabled NOTIFICATION-TYPEOBJECTS{
ccaAcclSlot,
ccaAcclStatus,
ccaAcclActiveTime
}STATUScurrentDESCRIPTION"A crypto accelerator module has become non-operational."::={ ciscoCryAcceleratorMIBNotifs 4}-- ******************************************************************
-- Conformance and Compliance
-- ******************************************************************ciscoCryAccelMIBCompliances OBJECTIDENTIFIER::={ ciscoCryAccleratorMIBConform 1}ciscoCryAccelMIBGroups OBJECTIDENTIFIER::={ ciscoCryAccleratorMIBConform 2}-- compliance statementsciscoCryAccelMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which
implement the CISCO Crypto Accelerator MIB."MODULE-- this moduleMANDATORY-GROUPS{
ciscoCryAccCapacityGroup,
ciscoCryAccSummaryActivityGroup
}GROUP ciscoCryAccModuleActivityGroup
DESCRIPTION"This group is optional."GROUP ciscoCryAccProtocolActivityGroup
DESCRIPTION"This group is optional."GROUP ciscoCryAccNotifsGroup
DESCRIPTION"This group is optional."GROUP ciscoCryAccNotifsCntlGroup
DESCRIPTION"This group is mandatory if and only if
the SNMP agent on the managed entity
implements the group 'ciscoCryAccNotifsGroup'."::={ ciscoCryAccelMIBCompliances 1}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Units of Conformance
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ciscoCryAccCapacityGroup OBJECT-GROUPOBJECTS{
ccaSupportsHwCrypto,
ccaSupportsModularHwCrypto,
ccaMaxAccelerators,
ccaMaxCryptoThroughput,
ccaMaxCryptoConnections
}STATUScurrentDESCRIPTION"This group consists of all the MIB variables
defined under crAcCapacity using which the management
station may determine the limits of capacity of the
managed device with regards to the support of
crypto accelerators."::={ ciscoCryAccelMIBGroups 1}ciscoCryAccSummaryActivityGroup OBJECT-GROUPOBJECTS{
ccaGlobalNumActiveAccelerators,
ccaGlobalNumNonOperAccelerators,
ccaGlobalInOctets,
ccaGlobalOutOctets,
ccaGlobalInPkts,
ccaGlobalOutPkts,
ccaGlobalOutErrPkts
}STATUScurrentDESCRIPTION"This group consists of the counters which model the
summary activity of the crypto accelerators in the
managed entity."::={ ciscoCryAccelMIBGroups 2}ciscoCryAccModuleActivityGroup OBJECT-GROUPOBJECTS{
ccaAcclEntPhysicalIndex,
ccaAcclStatus,
ccaAcclType ,
ccaAcclVersion,
ccaAcclSlot ,
ccaAcclActiveTime,
ccaAcclInPkts ,
ccaAcclOutPkts ,
ccaAcclOutBadPkts,
ccaAcclInOctets ,
ccaAcclOutOctets ,
ccaAcclHashOutboundPkts,
ccaAcclHashOutboundOctets,
ccaAcclHashInboundPkts ,
ccaAcclHashInboundOctets ,
ccaAcclEncryptPkts,
ccaAcclEncryptOctets,
ccaAcclDecryptPkts ,
ccaAcclDecryptOctets,
ccaAcclTransformsTotal,
ccaAcclDropsPkts,
ccaAcclRandRequests ,
ccaAcclRandReqFails ,
ccaAcclDHKeysGenerated,
ccaAcclDHDerivedSecretKeys,
ccaAcclRSAKeysGenerated ,
ccaAcclRSASignings ,
ccaAcclRSAVerifications ,
ccaAcclRSAEncryptPkts ,
ccaAcclRSAEncryptOctets ,
ccaAcclRSADecryptPkts ,
ccaAcclRSADecryptOctets ,
ccaAcclDSAKeysGenerated ,
ccaAcclDSASignings ,
ccaAcclDSAVerifications ,
ccaAcclOutboundSSLRecords ,
ccaAcclInboundSSLRecords
}STATUScurrentDESCRIPTION"This group consists of the counters which model the
summary activity of the crypto accelerators in the
managed entity.
Following are definitions of some terms used in
this compliance group:
Crypto Accelerator
'Crypto Accelerator' denotes a hardware or software
device which the managed entity uses to offload some
or all computations pertaining to cryptographic
operations. A crypto accelerator module may be
implemented as a Field Removable Unit or an
integrated hardware element such an Application
Specific Integrated Chip (ASIC).
Module
The term 'Module' has been used in this MIB to
denote a hardware crypto accelerator.
Diffie-Hellman
The Diffie-Hellman key agreement protocol (also called
exponential key agreement) was developed by Diffie and
Hellman in 1976. The protocol allows two users to
exchange a secret key over an insecure medium without
any prior secrets.
RSA
An Internet encryption and authentication system that
uses an algorithm developed in 1977 by Ron Rivest,
Adi Shamir, and Leonard Adleman.
DSS
Digital Signature Standard (DSS) is the digital
signature algorithm (DSA) developed by the U.S.
National Security Agency (NSA) to generate a digital
signature for the authentication of electronic
documents.
IPsec
IP security protocol.
SSL
Secure Socket Layer Protocol.
SSH
Secure Shell Protocol.
PKI
Public Key Infrastructure
"::={ ciscoCryAccelMIBGroups 3}ciscoCryAccProtocolActivityGroup OBJECT-GROUPOBJECTS{
ccaProtPktEncryptsReqs ,
ccaProtPktDecryptsReqs ,
ccaProtHmacCalcReqs ,
ccaProtSaCreateReqs ,
ccaProtSaRekeyReqs ,
ccaProtSaDeleteReqs ,
ccaProtPktEncapReqs ,
ccaProtPktDecapReqs ,
ccaProtNextPhaseKeyAllocReqs,
ccaProtRndGenReqs ,
ccaProtFailedReqs
}STATUScurrentDESCRIPTION"This group consists of the counters which model
the protocol-specific activity of the crypto
accelerators in the managed entity."::={ ciscoCryAccelMIBGroups 4}ciscoCryAccNotifsCntlGroup OBJECT-GROUPOBJECTS{
ccaNotifCntlAcclInserted,
ccaNotifCntlAcclRemoved,
ccaNotifCntlAcclOperational,
ccaNotifCntlAcclDisabled
}STATUScurrentDESCRIPTION"This group consists of all the MIB variables which
allow the network management station to control the
emission of the notifications defined in this MIB.
Per a different compliance clause dfined in this
module, the agent is not required to provide write
access to these MIB variables."::={ ciscoCryAccelMIBGroups 5}ciscoCryAccNotifsGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoCryAccelInserted,
ciscoCryAccelRemoved,
ciscoCryAccelOperational,
ciscoCryAccelDisabled
}STATUScurrentDESCRIPTION"This group consists of all the notifications defined
to signal the change in status and operation of crypto
accelerator modules."::={ ciscoCryAccelMIBGroups 6}END