-- *********************************************************************
-- CISCO-FCSP-MIB.my: Fibre Channel Security Protocols MIB.
--
-- October 2003, Charuhas Ghatge
--
-- Copyright (c) 2003, 2004 by cisco Systems, Inc.
-- All rights reserved.
--
-- *********************************************************************CISCO-FCSP-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,Unsigned32,Counter32,NOTIFICATION-TYPEFROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
RowStatusFROM SNMPv2-TC
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
FcNameIdFROM CISCO-ST-TC
ifIndex, ifDescr FROM IF-MIB
ciscoMgmt FROM CISCO-SMI;ciscoFcspMIB MODULE-IDENTITYLAST-UPDATED"200407020000Z"ORGANIZATION"Cisco Systems Inc. "CONTACT-INFO" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553 -NETS
E-mail: cs-san@cisco.com"DESCRIPTION"MIB module for managing Fibre Channel Security for the
fibre channel devices.
This MIB is used to configure and monitor the
Fibre-Channel Security Protocol (FC-SP)
Rev 1.1 of FC-SP, Dated 04/18/03,
T11/Project 1570-D.
Please refer to http://www.t11.org.
"REVISION"200407020000Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 391}ciscoFcspMIBNotifications
OBJECTIDENTIFIER::={ ciscoFcspMIB 0}ciscoFcspMIBObjects
OBJECTIDENTIFIER::={ ciscoFcspMIB 1}ciscoFcspMIBConformance
OBJECTIDENTIFIER::={ ciscoFcspMIB 2}cfcspConfig OBJECTIDENTIFIER::={ ciscoFcspMIBObjects 1}cfcspInfo OBJECTIDENTIFIER::={ ciscoFcspMIBObjects 2}cfcspStatistics OBJECTIDENTIFIER::={ ciscoFcspMIBObjects 3}cfcspNotificationObjects OBJECTIDENTIFIER::={ ciscoFcspMIBObjects 4}--
-- FCSP interface configuration
--cfcspIfTable OBJECT-TYPESYNTAXSEQUENCEOF CfcspIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the FCSP configuration for the
fibre channel interfaces. Note that the ifType for
the fibre channel interfaces is fibreChannel(56)."::={ cfcspConfig 1}cfcspIfEntry OBJECT-TYPESYNTAX CfcspIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) in the cfcspIfTable,
containing FCSP configuration for the
interface identified by ifIndex.
Each entry contains a FCSP mode of the interface,
reauthentication interval and authentication command
object.
"INDEX{ ifIndex }::={ cfcspIfTable 1}
CfcspIfEntry ::=SEQUENCE{
cfcspMode INTEGER,
cfcspReauthInterval Unsigned32,
cfcspReauthenticate INTEGER}cfcspMode OBJECT-TYPESYNTAXINTEGER{off (1),autoPassive (2),autoActive (3),on (4)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The FC-SP mode of this interface.
If off(1), port would never initiate FC-SP
authentication exchange and send reject to any FC-SP
authentication message started from other end.
If autoPassive(2), a port would not initiate any FC-SP
authentication exchange; but would always take part in
FC-SP authentication exchange initiated on this
interface by other devices.
If autoActive(3), a port would always try to initiate
FC-SP authentication exchange after ESC. If otherside
does not support FC-SP authentication, port will
still be brought up. If the authentication fails, the
port will not be brought up.
If on(4), port would always try to initiate FC-SP
authentication exchange and authentication is done
before the port becomes up. If otherside does not
support FC-SP authentication or if authentication
fails, port will not be brought up."
DEFVAL{autoPassive}::={cfcspIfEntry 1}cfcspReauthInterval OBJECT-TYPESYNTAXUnsigned32(0..100000)UNITS"minutes"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The time for which a port has to wait
before trying to re-authenticate the other
end.
0 means re-authentication is not done.
This object is not relevant if cfcspMode is 'off'."DEFVAL{0}::={cfcspIfEntry 2}cfcspReauthenticate OBJECT-TYPESYNTAXINTEGER{enable (1),noOp (2)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"If this object is set to 'enable',
reauthentication is started.
No action is taken if set to 'noOp'.
When read, always 'noOp' is returned."
::={cfcspIfEntry 3}-- fcsp configuration objectscfcspAuthProtocols OBJECT-TYPESYNTAXINTEGER{dhChap(0),fcCap(1)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The FC-SP authentication protocols used by this
device.
Only 1 bit can be set to 1 at any time. The bit
that is set to 1, its corresponding protocol will
be used first and other protocol will be used
as second preference."::={cfcspConfig 2}cfcspTimeout OBJECT-TYPESYNTAXUnsigned32(20..1000)UNITS"seconds"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION" Timeout period for FC-SP messages"DEFVAL{20}::={ cfcspConfig 3}
-- DH-CHAP Configuration objects
--
-- DH-CHAP is a password based Authentication and key exchange
-- protocol that uses the CHAP algorithm [RFC 1994] augmented
-- with an optional Diffie-Hellman exchange.cfcspDhChapObjects OBJECTIDENTIFIER::={ cfcspConfig 4}cfcspDhChapHashList OBJECT-TYPESYNTAXOCTETSTRING(SIZE(2))MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"Each octet in this object contains a IANA
assigned identifier of a proposed hash mechanism, in
the order of preference. The first octet is the most
preferred and the last octet contains the least
preferred."REFERENCE"Rev 1.1 of FC-SP, section 5.4.2.2"::={ cfcspDhChapObjects 1}cfcspDhChapGroupList OBJECT-TYPESYNTAXOCTETSTRING(SIZE(5))MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"Each octet in this object contains
a group number, corresponding to a Diffie-Hellman
group identifier, in order of preference.
Currently there are 5 groups supported,
from value 0 through 4.
Each number corresponds to the Diffie-Hellman group
as follows -
0 - DH_NULL
1 - DH_1024
2 - DH_1280
3 - DH_1536
4 - DH_2048 "REFERENCE"Rev 1.1 of FC-SP, section 5.4.2.3"::={ cfcspDhChapObjects 2}cfcspDhChapGenericPasswd OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..64))MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"DHCHAP Password for this device"::={ cfcspDhChapObjects 3}cfcspLocalPasswdTable OBJECT-TYPESYNTAXSEQUENCEOF CfcspLocalPasswdEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the FCSP DHCHAP password
configuration for the device."::={ cfcspConfig 5}cfcspLocalPasswdEntry OBJECT-TYPE
SYNTAX CfcspLocalPasswdEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) in the cfcspLocalPasswdTable.
Each entry, indexed by the device's World-wide name,
consists of a local password and a rowStatus object."INDEX{ cfcspSwitchWwn }::={ cfcspLocalPasswdTable 1}
CfcspLocalPasswdEntry ::=SEQUENCE{
cfcspSwitchWwn FcNameId,
cfcspLocalPasswd SnmpAdminString,
cfcspLocalPassRowStatus RowStatus}cfcspSwitchWwn OBJECT-TYPESYNTAXFcNameIdMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The World-Wide Name of the host with which this
password has to be used."::={ cfcspLocalPasswdEntry 1}cfcspLocalPasswd OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..64))MAX-ACCESSread-create
STATUScurrentDESCRIPTION"DHCHAP Password of the local device."::={ cfcspLocalPasswdEntry 2}cfcspLocalPassRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The status of this conceptual row. "::={ cfcspLocalPasswdEntry 3}cfcspRemotePasswdTable OBJECT-TYPESYNTAXSEQUENCEOF CfcspRemotePasswdEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the FCSP DHCHAP password
configuration for other devices"::={ cfcspConfig 6}cfcspRemotePasswdEntry OBJECT-TYPESYNTAX CfcspRemotePasswdEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) in the
cfcspRemotePasswdTable.
Each entry, indexed by the remote device's
World-wide name, consists of a DHCHAP
password and a rowStatus object."INDEX{ cfcspRemoteSwitchWwn }::={ cfcspRemotePasswdTable 1}
CfcspRemotePasswdEntry ::=SEQUENCE{
cfcspRemoteSwitchWwn FcNameId,
cfcspRemotePasswd SnmpAdminString,
cfcspRemotePassRowStatus RowStatus}cfcspRemoteSwitchWwn OBJECT-TYPESYNTAXFcNameIdMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The World-Wide Name of other device."::={ cfcspRemotePasswdEntry 1}cfcspRemotePasswd OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..64))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"Password of the other device. "::={ cfcspRemotePasswdEntry 2}cfcspRemotePassRowStatus OBJECT-TYPESYNTAXRowStatus
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The status of this conceptual row."::={ cfcspRemotePasswdEntry 3}--
-- FCSP interface Statistics
--cfcspIfStatsTable OBJECT-TYPESYNTAXSEQUENCEOF CfcspIfStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the FCSP statistics for all the
fibre channel interfaces."::={ cfcspStatistics 1}cfcspIfStatsEntry OBJECT-TYPESYNTAX CfcspIfStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) in the cfcspIfStatsTable."INDEX{ ifIndex }::={ cfcspIfStatsTable 1}
CfcspIfStatsEntry ::=SEQUENCE{
cfcspIfAuthSucceeded Counter32,
cfcspIfAuthFailed Counter32,
cfcspIfAuthByPassed Counter32
}cfcspIfAuthSucceeded OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the FCSP authentication
succeeded on this interface."::={cfcspIfStatsEntry 1}cfcspIfAuthFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the FCSP authentication failed on
this interface."::={cfcspIfStatsEntry 2}cfcspIfAuthByPassed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the FCSP authentication was
bypassed on this interface."::={cfcspIfStatsEntry 3}cfcspAuthFailNotification NOTIFICATION-TYPEOBJECTS{
ifDescr
}STATUScurrent
DESCRIPTION"FCSP Authentication Failure trap"::={ ciscoFcspMIBNotifications 1}-- ConformanceciscoFcspMIBCompliances
OBJECTIDENTIFIER::={ ciscoFcspMIBConformance 1}ciscoFcspMIBGroups
OBJECTIDENTIFIER::={ ciscoFcspMIBConformance 2}ciscoFcspMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which
implement the CISCO-FCSP-MIB."MODULEMANDATORY-GROUPS{ cfcspConfigGroup,
cfcspLocalPasswdGroup,
cfcspIfStatsGroup,
cfcspNotificationGroup
}::={ ciscoFcspMIBCompliances 1}-- Units of ConformancecfcspConfigGroup OBJECT-GROUPOBJECTS{
cfcspMode,
cfcspReauthInterval,
cfcspReauthenticate,
cfcspAuthProtocols,
cfcspTimeout,
cfcspDhChapHashList,
cfcspDhChapGroupList,
cfcspDhChapGenericPasswd
}STATUScurrentDESCRIPTION"A collection of objects for configuring Fibre Channel
security Information."::={ ciscoFcspMIBGroups 1}cfcspLocalPasswdGroup OBJECT-GROUPOBJECTS{
cfcspLocalPasswd,
cfcspLocalPassRowStatus,
cfcspRemotePasswd,
cfcspRemotePassRowStatus
}STATUScurrentDESCRIPTION"A collection of objects for configuring Fibre Channel
security Information."::={ ciscoFcspMIBGroups 2}cfcspIfStatsGroup OBJECT-GROUPOBJECTS{
cfcspIfAuthSucceeded,
cfcspIfAuthFailed,
cfcspIfAuthByPassed
}STATUScurrentDESCRIPTION"A collection of objects for monitoring FCSP
statistics."::={ ciscoFcspMIBGroups 3}cfcspNotificationGroup NOTIFICATION-GROUPNOTIFICATIONS{
cfcspAuthFailNotification
}STATUScurrentDESCRIPTION"A collection of objects for FCSP notifications."::={ ciscoFcspMIBGroups 4}END