CISCO-FCSP-MIB.my

-- *********************************************************************
-- CISCO-FCSP-MIB.my: Fibre Channel Security Protocols MIB.
--
-- October 2003, Charuhas Ghatge
--
-- Copyright (c) 2003, 2004 by cisco Systems, Inc.
-- All rights reserved.
-- 
-- *********************************************************************

CISCO-FCSP-MIB DEFINITIONS ::= BEGIN

IMPORTS        
     MODULE-IDENTITY, OBJECT-TYPE, 
     Unsigned32, Counter32,
     NOTIFICATION-TYPE                      FROM SNMPv2-SMI
     MODULE-COMPLIANCE, OBJECT-GROUP,
     NOTIFICATION-GROUP                     FROM SNMPv2-CONF
     RowStatus                              FROM SNMPv2-TC
     SnmpAdminString                        FROM SNMP-FRAMEWORK-MIB
     FcNameId                               FROM CISCO-ST-TC
     ifIndex, ifDescr                       FROM IF-MIB
     ciscoMgmt                              FROM CISCO-SMI;


ciscoFcspMIB MODULE-IDENTITY
        LAST-UPDATED "200407020000Z"
        ORGANIZATION "Cisco Systems Inc. "
        CONTACT-INFO
                "     Cisco Systems
                      Customer Service
                Postal: 170 W Tasman Drive
                      San Jose, CA  95134
                      USA
                Tel: +1 800 553 -NETS
                E-mail: cs-san@cisco.com"
        DESCRIPTION
                "MIB module for managing Fibre Channel Security for the
                fibre channel devices.

                This MIB is used to configure and monitor the 
                Fibre-Channel Security Protocol (FC-SP)
        
                Rev 1.1 of FC-SP, Dated 04/18/03,
                T11/Project 1570-D.
                Please refer to http://www.t11.org.
                " 

        REVISION   "200407020000Z"
        DESCRIPTION
            "Initial version of this MIB module."
        ::= { ciscoMgmt 391 }


ciscoFcspMIBNotifications
        OBJECT IDENTIFIER ::= { ciscoFcspMIB 0 }
ciscoFcspMIBObjects
        OBJECT IDENTIFIER ::= { ciscoFcspMIB 1 }
ciscoFcspMIBConformance
        OBJECT IDENTIFIER ::= { ciscoFcspMIB 2 }


cfcspConfig OBJECT IDENTIFIER ::=
        { ciscoFcspMIBObjects 1 }    

cfcspInfo OBJECT IDENTIFIER ::=
        { ciscoFcspMIBObjects 2 }    

cfcspStatistics OBJECT IDENTIFIER ::=
        { ciscoFcspMIBObjects 3 }    

cfcspNotificationObjects OBJECT IDENTIFIER ::=
        { ciscoFcspMIBObjects 4 }    



--
-- FCSP interface configuration
--

cfcspIfTable       OBJECT-TYPE
        SYNTAX     SEQUENCE OF CfcspIfEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "This table provides the FCSP configuration for the 
               fibre channel interfaces. Note that the ifType for
               the fibre channel interfaces is fibreChannel(56)."
        ::= { cfcspConfig 1 }

cfcspIfEntry       OBJECT-TYPE
        SYNTAX     CfcspIfEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "An entry (conceptual row) in the cfcspIfTable, 
                containing FCSP configuration for the 
                interface identified by ifIndex.

                Each entry contains a FCSP mode of the interface,
                reauthentication interval and authentication command
                object.
                "
        INDEX { ifIndex } 
        ::= { cfcspIfTable 1 }

CfcspIfEntry ::= SEQUENCE {
        cfcspMode                  INTEGER,
        cfcspReauthInterval        Unsigned32,
        cfcspReauthenticate        INTEGER
}

cfcspMode OBJECT-TYPE
          SYNTAX  INTEGER {
                         off  (1),
                         autoPassive (2),
                         autoActive (3),
                         on   (4)
                  }
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
                "The FC-SP mode of this interface.

                If off(1), port would never initiate  FC-SP
                authentication exchange and send reject to any FC-SP
                authentication message started from other end.

                If autoPassive(2), a port would not initiate any FC-SP
                authentication exchange; but would always take part in
                FC-SP authentication exchange initiated on this 
                interface by other devices. 

                If autoActive(3), a port would always try to initiate
                FC-SP authentication exchange after ESC. If otherside 
                does not support FC-SP authentication, port will
                still be brought up. If the authentication fails, the
                port will not be brought up.

                If on(4), port would always try to initiate FC-SP
                authentication exchange and authentication is done
                before the port becomes up. If otherside does not 
                support FC-SP authentication or if authentication
                fails, port will not be brought up."


          DEFVAL {autoPassive}
          ::= {cfcspIfEntry  1}


cfcspReauthInterval OBJECT-TYPE
        SYNTAX      Unsigned32 (0..100000)
        UNITS       "minutes"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "The time for which a port has to wait 
                 before trying to re-authenticate the other
                 end.
                 0 means re-authentication is not done.
                 This object is not relevant if cfcspMode is 'off'."
        DEFVAL { 0 }
        ::= {cfcspIfEntry  2}


cfcspReauthenticate OBJECT-TYPE
        SYNTAX      INTEGER {
                       enable (1),
                       noOp (2)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "If this object is set to 'enable',  
                 reauthentication is started.
                 No action is taken if set to 'noOp'.
                 When read, always 'noOp' is returned."
        ::= {cfcspIfEntry  3}


-- fcsp configuration objects

cfcspAuthProtocols           OBJECT-TYPE
        SYNTAX               INTEGER {
                                  dhChap(0),
                                  fcCap(1)
                             }
        MAX-ACCESS           read-write
        STATUS               current
        DESCRIPTION
                "The FC-SP authentication protocols used by this
                device. 

                Only 1 bit can be set to 1 at any time. The bit
                that is set to 1, its corresponding protocol will
                be used first and other protocol will be used
                as second preference."
        ::= {cfcspConfig  2}


cfcspTimeout        OBJECT-TYPE
        SYNTAX      Unsigned32 (20..1000) 
        UNITS       "seconds"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                " Timeout period for FC-SP messages"
        DEFVAL { 20 }
        ::= { cfcspConfig 3 }




-- DH-CHAP Configuration objects
--
-- DH-CHAP is a password based Authentication and key exchange 
-- protocol that uses the CHAP algorithm [RFC 1994] augmented
-- with an optional Diffie-Hellman exchange. 

cfcspDhChapObjects OBJECT IDENTIFIER ::=
        { cfcspConfig 4 }

cfcspDhChapHashList OBJECT-TYPE
        SYNTAX      OCTET STRING (SIZE (2))
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Each octet in this object contains a IANA 
                assigned identifier of a proposed hash mechanism, in
                the order of preference. The first octet is the most
                preferred and the last octet contains the least 
                preferred."
        REFERENCE
                "Rev 1.1 of FC-SP, section 5.4.2.2"

        ::= { cfcspDhChapObjects 1 }



cfcspDhChapGroupList OBJECT-TYPE
        SYNTAX       OCTET STRING (SIZE (5))
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
                "Each octet in this object contains 
                 a group number, corresponding to a  Diffie-Hellman 
                 group identifier, in order of preference.
                 Currently there are 5 groups supported,
                 from value 0 through 4. 

                 Each number corresponds to the Diffie-Hellman group
                 as follows -

                 0 - DH_NULL
                 1 - DH_1024
                 2 - DH_1280
                 3 - DH_1536
                 4 - DH_2048  "
        REFERENCE
                "Rev 1.1 of FC-SP, section 5.4.2.3"
        ::= { cfcspDhChapObjects 2 }



cfcspDhChapGenericPasswd  OBJECT-TYPE
        SYNTAX            SnmpAdminString (SIZE (1..64))
        MAX-ACCESS        read-write
        STATUS            current
        DESCRIPTION
                "DHCHAP Password for this device"
        ::= { cfcspDhChapObjects 3 }


cfcspLocalPasswdTable  OBJECT-TYPE
        SYNTAX         SEQUENCE OF CfcspLocalPasswdEntry
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION
               "This table provides the FCSP DHCHAP password 
                configuration for the device." 
        ::= { cfcspConfig 5 }


cfcspLocalPasswdEntry       OBJECT-TYPE
        SYNTAX              CfcspLocalPasswdEntry
        MAX-ACCESS          not-accessible
        STATUS              current
        DESCRIPTION
               "An entry (conceptual row) in the cfcspLocalPasswdTable. 
                Each entry, indexed by the device's World-wide name,
                consists of a local password and a rowStatus object."
        INDEX { cfcspSwitchWwn }
        ::= { cfcspLocalPasswdTable 1 }


CfcspLocalPasswdEntry ::= SEQUENCE {
        cfcspSwitchWwn             FcNameId,
        cfcspLocalPasswd           SnmpAdminString,
        cfcspLocalPassRowStatus    RowStatus
}

cfcspSwitchWwn      OBJECT-TYPE
        SYNTAX      FcNameId
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
              "The World-Wide Name of the host with which this 
               password has to be used."
        ::= { cfcspLocalPasswdEntry 1 }


cfcspLocalPasswd    OBJECT-TYPE
        SYNTAX      SnmpAdminString (SIZE (1..64))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
              "DHCHAP Password of the local device."
        ::= { cfcspLocalPasswdEntry 2 }


cfcspLocalPassRowStatus  OBJECT-TYPE
        SYNTAX           RowStatus
        MAX-ACCESS       read-create
        STATUS           current
        DESCRIPTION
              "The status of this conceptual row. "
        ::= { cfcspLocalPasswdEntry 3 }


cfcspRemotePasswdTable OBJECT-TYPE
        SYNTAX         SEQUENCE OF CfcspRemotePasswdEntry
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION
               "This table provides the FCSP DHCHAP password 
                configuration for other devices"
        ::= { cfcspConfig 6 }


cfcspRemotePasswdEntry      OBJECT-TYPE
        SYNTAX              CfcspRemotePasswdEntry
        MAX-ACCESS          not-accessible
        STATUS              current
        DESCRIPTION
               "An entry (conceptual row) in the 
                cfcspRemotePasswdTable. 

                Each entry, indexed by the remote device's 
                World-wide name, consists of a DHCHAP
                password and a rowStatus object."
        INDEX { cfcspRemoteSwitchWwn }
        ::= { cfcspRemotePasswdTable 1 }


CfcspRemotePasswdEntry ::= SEQUENCE {
        cfcspRemoteSwitchWwn       FcNameId,
        cfcspRemotePasswd          SnmpAdminString,
        cfcspRemotePassRowStatus   RowStatus
}

cfcspRemoteSwitchWwn      OBJECT-TYPE
        SYNTAX            FcNameId
        MAX-ACCESS        not-accessible
        STATUS            current
        DESCRIPTION
              "The World-Wide Name of other device."
        ::= { cfcspRemotePasswdEntry 1 }


cfcspRemotePasswd   OBJECT-TYPE
        SYNTAX      SnmpAdminString (SIZE (1..64))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
              "Password of the other device. "
        ::= { cfcspRemotePasswdEntry 2 }


cfcspRemotePassRowStatus  OBJECT-TYPE
        SYNTAX           RowStatus
        MAX-ACCESS       read-create
        STATUS           current
        DESCRIPTION
              "The status of this conceptual row."
        ::= { cfcspRemotePasswdEntry 3 }




--
-- FCSP interface Statistics
--

cfcspIfStatsTable       OBJECT-TYPE
        SYNTAX          SEQUENCE OF CfcspIfStatsEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
               "This table provides the FCSP statistics for all the 
               fibre channel interfaces."
        ::= { cfcspStatistics 1 }

cfcspIfStatsEntry       OBJECT-TYPE
        SYNTAX          CfcspIfStatsEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
               "An entry (conceptual row) in the cfcspIfStatsTable."
        INDEX { ifIndex } 
        ::= { cfcspIfStatsTable 1 }

CfcspIfStatsEntry ::= SEQUENCE {
        cfcspIfAuthSucceeded    Counter32,
        cfcspIfAuthFailed       Counter32,
        cfcspIfAuthByPassed     Counter32
}

cfcspIfAuthSucceeded  OBJECT-TYPE
          SYNTAX      Counter32 
          MAX-ACCESS  read-only
          STATUS      current
          DESCRIPTION
                "The number of times the FCSP authentication 
                 succeeded on this interface." 
          ::= {cfcspIfStatsEntry  1}


cfcspIfAuthFailed     OBJECT-TYPE
          SYNTAX      Counter32 
          MAX-ACCESS  read-only
          STATUS      current
          DESCRIPTION
                "The number of times the FCSP authentication failed on 
                 this interface." 
          ::= {cfcspIfStatsEntry  2}


cfcspIfAuthByPassed   OBJECT-TYPE
          SYNTAX      Counter32 
          MAX-ACCESS  read-only
          STATUS      current
          DESCRIPTION
                "The number of times the FCSP authentication was 
                 bypassed on this interface." 
          ::= {cfcspIfStatsEntry  3}



cfcspAuthFailNotification NOTIFICATION-TYPE
        OBJECTS {
                 ifDescr
        }
        STATUS current
        DESCRIPTION
          "FCSP Authentication Failure trap"

      ::= { ciscoFcspMIBNotifications 1 }

-- Conformance

ciscoFcspMIBCompliances
       OBJECT IDENTIFIER ::= { ciscoFcspMIBConformance 1 }

ciscoFcspMIBGroups
       OBJECT IDENTIFIER ::= { ciscoFcspMIBConformance 2 }

ciscoFcspMIBCompliance MODULE-COMPLIANCE
        STATUS   current
        DESCRIPTION
                "The compliance statement for entities which
                 implement the CISCO-FCSP-MIB."
        MODULE MANDATORY-GROUPS { cfcspConfigGroup,
                                  cfcspLocalPasswdGroup,
                                  cfcspIfStatsGroup,
                                  cfcspNotificationGroup
        }

        ::= { ciscoFcspMIBCompliances 1 }

-- Units of Conformance



cfcspConfigGroup  OBJECT-GROUP
        OBJECTS  {
                  cfcspMode,
                  cfcspReauthInterval,
                  cfcspReauthenticate,
                  cfcspAuthProtocols,
                  cfcspTimeout,
                  cfcspDhChapHashList,
                  cfcspDhChapGroupList,
                  cfcspDhChapGenericPasswd
        }
        STATUS   current
        DESCRIPTION
                "A collection of objects for configuring Fibre Channel
                 security Information."
        ::= { ciscoFcspMIBGroups 1 }


cfcspLocalPasswdGroup  OBJECT-GROUP
        OBJECTS  { 
                  cfcspLocalPasswd,
                  cfcspLocalPassRowStatus,
                  cfcspRemotePasswd,
                  cfcspRemotePassRowStatus
        }
        STATUS   current
        DESCRIPTION
                "A collection of objects for configuring Fibre Channel
                 security Information."
        ::= { ciscoFcspMIBGroups 2 }




cfcspIfStatsGroup  OBJECT-GROUP
        OBJECTS  { 
                  cfcspIfAuthSucceeded,
                  cfcspIfAuthFailed,
                  cfcspIfAuthByPassed
        }
        STATUS   current
        DESCRIPTION
                "A collection of objects for monitoring FCSP
                 statistics."
        ::= { ciscoFcspMIBGroups 3 }


cfcspNotificationGroup NOTIFICATION-GROUP
        NOTIFICATIONS  {
                  cfcspAuthFailNotification
        }
        STATUS   current
        DESCRIPTION
                "A collection of objects for FCSP notifications."
        ::= { ciscoFcspMIBGroups 4 }

END
OID .1.3.6.1.4.1.9.9.391OID .1.3.6.1.4.1.9.9.391.0TRAP .1.3.6.1.4.1.9.9.391.0.1OID .1.3.6.1.4.1.9.9.391.1OID .1.3.6.1.4.1.9.9.391.1.1OID .1.3.6.1.4.1.9.9.391.1.1.1OID .1.3.6.1.4.1.9.9.391.1.1.1.1OID .1.3.6.1.4.1.9.9.391.1.1.1.1.1OID .1.3.6.1.4.1.9.9.391.1.1.1.1.2OID .1.3.6.1.4.1.9.9.391.1.1.1.1.3OID .1.3.6.1.4.1.9.9.391.1.1.2OID .1.3.6.1.4.1.9.9.391.1.1.3OID .1.3.6.1.4.1.9.9.391.1.1.4OID .1.3.6.1.4.1.9.9.391.1.1.4.1OID .1.3.6.1.4.1.9.9.391.1.1.4.2OID .1.3.6.1.4.1.9.9.391.1.1.4.3OID .1.3.6.1.4.1.9.9.391.1.1.5OID .1.3.6.1.4.1.9.9.391.1.1.5.1OID .1.3.6.1.4.1.9.9.391.1.1.5.1.1OID .1.3.6.1.4.1.9.9.391.1.1.5.1.2OID .1.3.6.1.4.1.9.9.391.1.1.5.1.3OID .1.3.6.1.4.1.9.9.391.1.1.6OID .1.3.6.1.4.1.9.9.391.1.1.6.1OID .1.3.6.1.4.1.9.9.391.1.1.6.1.1OID .1.3.6.1.4.1.9.9.391.1.1.6.1.2OID .1.3.6.1.4.1.9.9.391.1.1.6.1.3OID .1.3.6.1.4.1.9.9.391.1.2OID .1.3.6.1.4.1.9.9.391.1.3OID .1.3.6.1.4.1.9.9.391.1.3.1OID .1.3.6.1.4.1.9.9.391.1.3.1.1OID .1.3.6.1.4.1.9.9.391.1.3.1.1.1OID .1.3.6.1.4.1.9.9.391.1.3.1.1.2OID .1.3.6.1.4.1.9.9.391.1.3.1.1.3OID .1.3.6.1.4.1.9.9.391.1.4OID .1.3.6.1.4.1.9.9.391.2OID .1.3.6.1.4.1.9.9.391.2.1OID .1.3.6.1.4.1.9.9.391.2.1.1OID .1.3.6.1.4.1.9.9.391.2.2OID .1.3.6.1.4.1.9.9.391.2.2.1OID .1.3.6.1.4.1.9.9.391.2.2.2OID .1.3.6.1.4.1.9.9.391.2.2.3OID .1.3.6.1.4.1.9.9.391.2.2.4