IEEE8021-SECY-MIB

File: IEEE8021-SECY-MIB.mib (64437 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMP-FRAMEWORK-MIB
SNMPv2-CONF IF-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
Integer32 Counter32 Counter64
TEXTUAL-CONVENTION RowPointer TimeStamp
TruthValue RowStatus SnmpAdminString
MODULE-COMPLIANCE OBJECT-GROUP InterfaceIndex

Defined Types

SecySCI  
This textual convention indicates a Secure Channel Identifier (SCI). Each SC is identified by an SCI, comprised of a unique 48-bit Universally Administered MAC Address, identifying the system to which the transmitting SecY belongs, concatenated with a 16-bit Port number, identifying the SecY within that system.
TEXTUAL-CONVENTION    
  OCTET STRING Size(8)  

SecyAN  
This textual convention indicates an Association Number (AN). Each SC is comprised of a succession of SAs, each with a different SAK. Each SA is identified by the SC identifier concatenated with a two-bit AN. The Secure Association Identifier (SAI) thus created allows the receiving SecY to identify the SA, and the SAK used to decrypt and authenticate the received frame. The AN, and the SAI, is only unique for the SAs that can be used or recorded by participating SecYs at any instant.
TEXTUAL-CONVENTION    
  Unsigned32 0..3  

SecyIfEntry  
SEQUENCE    
  secyIfInterfaceIndex InterfaceIndex
  secyIfMaxPeerSCs Unsigned32
  secyIfRxMaxKeys Unsigned32
  secyIfTxMaxKeys Unsigned32
  secyIfProtectFramesEnable TruthValue
  secyIfValidateFrames INTEGER
  secyIfReplayProtectEnable TruthValue
  secyIfReplayProtectWindow Unsigned32
  secyIfCurrentCipherSuite Unsigned32
  secyIfAdminPt2PtMAC INTEGER
  secyIfOperPt2PtMAC TruthValue
  secyIfIncludeSCIEnable TruthValue
  secyIfUseESEnable TruthValue
  secyIfUseSCBEnable TruthValue

SecyTxSCEntry  
SEQUENCE    
  secyTxSCI SecySCI
  secyTxSCState INTEGER
  secyTxSCEncodingSA RowPointer
  secyTxSCEncipheringSA RowPointer
  secyTxSCCreatedTime TimeStamp
  secyTxSCStartedTime TimeStamp
  secyTxSCStoppedTime TimeStamp

SecyTxSAEntry  
SEQUENCE    
  secyTxSA SecyAN
  secyTxSAState INTEGER
  secyTxSANextPN Unsigned32
  secyTxSAConfidentiality TruthValue
  secyTxSASAKUnchanged TruthValue
  secyTxSACreatedTime TimeStamp
  secyTxSAStartedTime TimeStamp
  secyTxSAStoppedTime TimeStamp

SecyRxSCEntry  
SEQUENCE    
  secyRxSCI SecySCI
  secyRxSCState INTEGER
  secyRxSCCurrentSA RowPointer
  secyRxSCCreatedTime TimeStamp
  secyRxSCStartedTime TimeStamp
  secyRxSCStoppedTime TimeStamp

SecyRxSAEntry  
SEQUENCE    
  secyRxSA SecyAN
  secyRxSAState INTEGER
  secyRxSANextPN Unsigned32
  secyRxSASAKUnchanged TruthValue
  secyRxSACreatedTime TimeStamp
  secyRxSAStartedTime TimeStamp
  secyRxSAStoppedTime TimeStamp

SecyCipherSuiteEntry  
SEQUENCE    
  secyCipherSuiteIndex Unsigned32
  secyCipherSuiteId OCTET STRING
  secyCipherSuiteName SnmpAdminString
  secyCipherSuiteCapability BITS
  secyCipherSuiteProtection BITS
  secyCipherSuiteProtectionOffset Integer32
  secyCipherSuiteDataLengthChange TruthValue
  secyCipherSuiteICVLength Unsigned32
  secyCipherSuiteRowStatus RowStatus

SecyTxSAStatsEntry  
SEQUENCE    
  secyTxSAStatsProtectedPkts Counter32
  secyTxSAStatsEncryptedPkts Counter32

SecyTxSCStatsEntry  
SEQUENCE    
  secyTxSCStatsProtectedPkts Counter64
  secyTxSCStatsEncryptedPkts Counter64
  secyTxSCStatsOctetsProtected Counter64
  secyTxSCStatsOctetsEncrypted Counter64

SecyRxSAStatsEntry  
SEQUENCE    
  secyRxSAStatsUnusedSAPkts Counter32
  secyRxSAStatsNoUsingSAPkts Counter32
  secyRxSAStatsNotValidPkts Counter32
  secyRxSAStatsInvalidPkts Counter32
  secyRxSAStatsOKPkts Counter32

SecyRxSCStatsEntry  
SEQUENCE    
  secyRxSCStatsUnusedSAPkts Counter64
  secyRxSCStatsNoUsingSAPkts Counter64
  secyRxSCStatsLatePkts Counter64
  secyRxSCStatsNotValidPkts Counter64
  secyRxSCStatsInvalidPkts Counter64
  secyRxSCStatsDelayedPkts Counter64
  secyRxSCStatsUncheckedPkts Counter64
  secyRxSCStatsOKPkts Counter64
  secyRxSCStatsOctetsValidated Counter64
  secyRxSCStatsOctetsDecrypted Counter64

SecyStatsEntry  
SEQUENCE    
  secyStatsTxUntaggedPkts Counter64
  secyStatsTxTooLongPkts Counter64
  secyStatsRxUntaggedPkts Counter64
  secyStatsRxNoTagPkts Counter64
  secyStatsRxBadTagPkts Counter64
  secyStatsRxUnknownSCIPkts Counter64
  secyStatsRxNoSCIPkts Counter64
  secyStatsRxOverrunPkts Counter64

Defined Values

ieee8021SecyMIB 1.0.8802.1.1.3
The MAC security entity (SecY) module for managing IEEE 802.1AE. An SecY is the entity that operates the MAC Security protocol within the system. Each SecY transmits frames conveying secure MAC Service requests on a single Secure Channel (SC), and receives frames conveying secure service indications on separate SCs (one for each of the other SecYs participating in the Secure Connectivity Association (CA)). A CA is a security relationship, established and maintained by key agreement protocols that comprise a fully connected subset of the service access points in stations attached to a single MACsec supported LAN. An SC is a security relationship used to provide security guarantees for frames transmitted from one member of a CA to the others. It is a unidirectional point to multipoint communication, and can be long lived, persisting through Secure Association Key (SAK) changes. Each SC is supported by a sequence of Secure Associations (SAs) thus allowing the periodic use of fresh keys without terminating the relationship. Each SA is supported by a single secret key, or a set of keys where the cryptographic operations used to protect one frame require more than one key. Two different interfaces 'Controlled Port' and 'Uncontrolled Port', are associated with a SecY, and that for each instance of a SecY, two ifTable rows (one for each interface) run on top of an ifTable row representing the 'Common Port' interface, such as a row with ifType = 'ethernetCsmacd(6)'. For example : ----------------------------------------------------------- | | | | Controlled Port | Uncontrolled Port | | Interface | Interface | | (ifEntry = j) | (ifEntry = k) | | (ifType = | (ifType = | | macSecControlledIF(231)) | macSecUncontrolledIF(232))| | | | |---------------------------------------------------------| | | | Physical Interface | | (ifEntry = i) | | (ifType = ethernetCsmacd(6)) | |_________________________________________________________| i, j, k are ifIndex to indicate an interface row in the ifTable. Figure : MACsec Interface Stack The 'Controlled Port' is the service point to provide one instance of the secure MAC service in a SecY. The 'Uncontrolled Port' is the service point to provide one instance of the insecure MAC service in a SecY.
MODULE-IDENTITY    

secyMIBNotifications 1.0.8802.1.1.3.0
OBJECT IDENTIFIER    

secyMIBObjects 1.0.8802.1.1.3.1
OBJECT IDENTIFIER    

secyMIBConformance 1.0.8802.1.1.3.2
OBJECT IDENTIFIER    

secyMgmtMIBObjects 1.0.8802.1.1.3.1.1
OBJECT IDENTIFIER    

secyStatsMIBObjects 1.0.8802.1.1.3.1.2
OBJECT IDENTIFIER    

secyIfTable 1.0.8802.1.1.3.1.1.1
A table of system level information for each interface supported by the MAC security entity. An entry appears in this table for each interface with MAC security capability in this system. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyIfEntry

secyIfEntry 1.0.8802.1.1.3.1.1.1.1
An entry containing SecY management information applicable to a particular interface.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyIfEntry  

secyIfInterfaceIndex 1.0.8802.1.1.3.1.1.1.1.1
An interface index for a port with SecY management ability. This interface index should be aligned with ifIndex in the ifTable to point to the SecY Controlled Port entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  InterfaceIndex  

secyIfMaxPeerSCs 1.0.8802.1.1.3.1.1.1.1.2
Maximum number of peer SCs that this SecY can support.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

secyIfRxMaxKeys 1.0.8802.1.1.3.1.1.1.1.3
Maximum number of keys in simultaneous use for reception that this SecY can support.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

secyIfTxMaxKeys 1.0.8802.1.1.3.1.1.1.1.4
Maximum number of keys in simultaneous use for transmission that this SecY can support.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

secyIfProtectFramesEnable 1.0.8802.1.1.3.1.1.1.1.5
An object to enable or disable the protection function for egress frames.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

secyIfValidateFrames 1.0.8802.1.1.3.1.1.1.1.6
An object to control the validation function for ingress frames. disabled(1) : means to disable the validation function. check(2) : means to enable the validation function but only for checking without filtering out invalid frames. strict(3) : means to enable the validation function and also strictly filter out those invalid frames.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER disabled(1), check(2), strict(3)  

secyIfReplayProtectEnable 1.0.8802.1.1.3.1.1.1.1.7
An object to enable or disable the replay protection function.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

secyIfReplayProtectWindow 1.0.8802.1.1.3.1.1.1.1.8
An object to indicate the replay protection window size. This object only takes effect if the object secyReplayProtectEnable is true.
Status: current Access: read-write
OBJECT-TYPE    
  Unsigned32  

secyIfCurrentCipherSuite 1.0.8802.1.1.3.1.1.1.1.9
An object that points to an entry of the secyCipherSuiteTable with 'active' row status to indicate the cipher Suite which this SecY is currently using. By default, this object should point to the default cipher suite which system provides.
Status: current Access: read-write
OBJECT-TYPE    
  Unsigned32  

secyIfAdminPt2PtMAC 1.0.8802.1.1.3.1.1.1.1.10
An object to control the service connectivity to at most one other system. The secyOperPt2PtMAC indicates operational status of the service connectivity for this SecY. forceTrue(1) : allows only one service connection to the other system. forceFalse(2) : no restriction on the number of service connections to the other systems. auto(3) : means the service connectivity is determined by the service providing entity.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER forceTrue(1), forceFalse(2), auto(3)  

secyIfOperPt2PtMAC 1.0.8802.1.1.3.1.1.1.1.11
An object to reflect the current service connectivity status. true(1) : means the service connectivity of this SecY provides at most one other system. false(2) : means the service connectivity of this SecY could provide more than one other system.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

secyIfIncludeSCIEnable 1.0.8802.1.1.3.1.1.1.1.12
An object indicates to include the SCI information in security TAG (SecTAG) field while transmitting MACsec frames.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

secyIfUseESEnable 1.0.8802.1.1.3.1.1.1.1.13
An object indicates to enable the ES bit in security TAG (SecTAG) field while transmitting MACsec frames.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

secyIfUseSCBEnable 1.0.8802.1.1.3.1.1.1.1.14
An object indicates to enable the SCB bit in security TAG (SecTAG) field while transmitting MACsec frames.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

secyTxSCTable 1.0.8802.1.1.3.1.1.2
A table for providing information about the status of each transmitting SC supported by the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyTxSCEntry

secyTxSCEntry 1.0.8802.1.1.3.1.1.2.1
An entry containing transmitting SC management information applicable to a particular SecY.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyTxSCEntry  

secyTxSCI 1.0.8802.1.1.3.1.1.2.1.1
The SCI information for transmitting MACsec frames of the transmitting SC in the SecY.
Status: current Access: read-only
OBJECT-TYPE    
  SecySCI  

secyTxSCState 1.0.8802.1.1.3.1.1.2.1.2
The state of the current transmitting SC in the SecY. inUse(1) : means any of SAs for this SC is in use. notInUse(2) : means no SAs for this SC is in use.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER inUse(1), notInUse(2)  

secyTxSCEncodingSA 1.0.8802.1.1.3.1.1.2.1.3
The current transmitting SA in use. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }.
Status: current Access: read-only
OBJECT-TYPE    
  RowPointer  

secyTxSCEncipheringSA 1.0.8802.1.1.3.1.1.2.1.4
The previous transmitting SA in use. The row pointer will point to an entry in the secyTxSATable. If no such information is available, the value shall be the OBJECT IDENTIFIER { 0 0 }.
Status: current Access: read-only
OBJECT-TYPE    
  RowPointer  

secyTxSCCreatedTime 1.0.8802.1.1.3.1.1.2.1.5
The system time when this transmitting SC was created.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyTxSCStartedTime 1.0.8802.1.1.3.1.1.2.1.6
The system time when this transmitting SC last started transmitting MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyTxSCStoppedTime 1.0.8802.1.1.3.1.1.2.1.7
The system time when this transmitting SC last stopped transmitting MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyTxSATable 1.0.8802.1.1.3.1.1.3
A table for providing information about the status of each transmitting SA supported by the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyTxSAEntry

secyTxSAEntry 1.0.8802.1.1.3.1.1.3.1
An entry containing transmitting SA management information applicable to a particular SA.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyTxSAEntry  

secyTxSA 1.0.8802.1.1.3.1.1.3.1.1
The association number (AN) for identifying a transmitting SA.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyAN  

secyTxSAState 1.0.8802.1.1.3.1.1.3.1.2
The current status of the transmitting SA. inUse(1) : means this SA is in use. notInUse(2) : means this SA is not in use.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER inUse(1), notInUse(2)  

secyTxSANextPN 1.0.8802.1.1.3.1.1.3.1.3
The next packet number (PN) that will be used in transmitting MACsec frames in the SA.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

secyTxSAConfidentiality 1.0.8802.1.1.3.1.1.3.1.4
Whether this SA supports the confidentiality as well as integrity function in transmitting frames.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

secyTxSASAKUnchanged 1.0.8802.1.1.3.1.1.3.1.5
A reference to an SAK that is unchanged for the life of the transmitting SA.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

secyTxSACreatedTime 1.0.8802.1.1.3.1.1.3.1.6
The system time when this transmitting SA was created.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyTxSAStartedTime 1.0.8802.1.1.3.1.1.3.1.7
The system time when this transmitting SA last started transmitting MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyTxSAStoppedTime 1.0.8802.1.1.3.1.1.3.1.8
The system time when this transmitting SA last stopped transmitting MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyRxSCTable 1.0.8802.1.1.3.1.1.4
A table for providing information about the status of each receiving SC supported by the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyRxSCEntry

secyRxSCEntry 1.0.8802.1.1.3.1.1.4.1
An entry containing receiving SC management information applicable to a particular SC.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyRxSCEntry  

secyRxSCI 1.0.8802.1.1.3.1.1.4.1.1
The SCI for identifying the receiving SC in the SecY.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecySCI  

secyRxSCState 1.0.8802.1.1.3.1.1.4.1.2
The state of the receiving SC in the SecY. inUse(1) : means any of SAs for this SC is in use. notInUse(2) : means no SAs for this SC is in use.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER inUse(1), notInUse(2)  

secyRxSCCurrentSA 1.0.8802.1.1.3.1.1.4.1.3
The current receiving association number of the SC in use. The row pointer will point to an entry in the secyRxSATable. If no such information can be identified, the value of this object shall be set to the OBJECT IDENTIFIER { 0 0 }.
Status: current Access: read-only
OBJECT-TYPE    
  RowPointer  

secyRxSCCreatedTime 1.0.8802.1.1.3.1.1.4.1.4
The system time when this receiving SC was created.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyRxSCStartedTime 1.0.8802.1.1.3.1.1.4.1.5
The system time when this receiving SC last started receiving MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyRxSCStoppedTime 1.0.8802.1.1.3.1.1.4.1.6
The system time when this receiving SC last stopped receiving MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyRxSATable 1.0.8802.1.1.3.1.1.5
A table for providing information about the status of each receiving SA supported by the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyRxSAEntry

secyRxSAEntry 1.0.8802.1.1.3.1.1.5.1
An entry containing receiving SA management information applicable to a particular SA.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyRxSAEntry  

secyRxSA 1.0.8802.1.1.3.1.1.5.1.1
The association number (AN) for identifying a receiving SA.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyAN  

secyRxSAState 1.0.8802.1.1.3.1.1.5.1.2
The current state for the receiving SA.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER inUse(1), notInUse(2)  

secyRxSANextPN 1.0.8802.1.1.3.1.1.5.1.3
The stored packet number (PN) for replay protection in the SA. If the PN of any receiving frames is less than the value of this object minus the value of secyReplayProtectWindow and secyReplayProtectEnable is true, the receiving frames should be discarded.
Status: current Access: read-write
OBJECT-TYPE    
  Unsigned32  

secyRxSASAKUnchanged 1.0.8802.1.1.3.1.1.5.1.4
A reference to an SAK that is unchanged for the life of the receiving SA.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

secyRxSACreatedTime 1.0.8802.1.1.3.1.1.5.1.5
The system time when this receiving SA was created.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyRxSAStartedTime 1.0.8802.1.1.3.1.1.5.1.6
The system time when this receiving SA last started receiving MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyRxSAStoppedTime 1.0.8802.1.1.3.1.1.5.1.7
The system time when this receiving SA last stopped receiving MACsec frames.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

secyCipherSuiteTable 1.0.8802.1.1.3.1.1.6
The table of selectable cipher suites for the MAC security entity. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyCipherSuiteEntry

secyCipherSuiteEntry 1.0.8802.1.1.3.1.1.6.1
An entry containing the management information for a cipher suite.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyCipherSuiteEntry  

secyCipherSuiteIndex 1.0.8802.1.1.3.1.1.6.1.1
The index to recognize a Cipher Suite in the system.
Status: current Access: not-accessible
OBJECT-TYPE    
  Unsigned32 1..4294967295  

secyCipherSuiteId 1.0.8802.1.1.3.1.1.6.1.2
The identifier for the cipher suite. This is a global unique 64-bit (EUI-64) identifier.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(8)  

secyCipherSuiteName 1.0.8802.1.1.3.1.1.6.1.3
The name of the cipher suite. If the name is composed of multi-byte characters, the total length must fit within 128 octets.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..128)  

secyCipherSuiteCapability 1.0.8802.1.1.3.1.1.6.1.4
The capability of this cipher suite. integrity(0) : integrity protection capability for this cipher suite.. confidentiality(1) : confidentiality protection capability for this cipher suite. offsetConfidentiality(2) : offset confidentiality protection capability for this cipher suite.
Status: current Access: read-create
OBJECT-TYPE    
  BITS integrity(0), confidentiality(1), offsetConfidentiality(2)  

secyCipherSuiteProtection 0.1.0.8802.1.1.3.1.1.6.1.5
The protection options of this cipher suite. The options should depend on the object secyCipherSuiteCapability. If the value of secyCipherSuiteCapability is only integerity bit on, users can only choose to turn on integrity bit for this object. If the value of secyCipherSuiteCapability is integrity and confidentiality bits on, users can choose to turn on integrity or confidentiality bits, but if confidentiality bit is on, the integrity bit has to be on. If the value of secyCipherSuiteCapability is integrity and offsetConfidentiality bits on, users can choose to turn on integrity or offsetConfidentiality bits, but if offsetConfidentiality bit is on, the integrity bit has to be on. If the value of secyCipherSuiteCapability is integrity and confidentiality and offsetConfidentiality bits on, users can choose to turn on integrity or confidentiality or offsetConfidentiality bits, but if confidentiality or offsetConfidentiality bits are on, the integrity bit has to be on. integrity(0) : on or off the function of supporting integrity protection for this cipher suite. confidentiality(1) : on or off the function of supporting confidentiality for this cipher suite. offsetConfidentiality(2) : on or off the function of supporting offset confidentiality for this cipher suite.
Status: current Access: read-create
OBJECT-TYPE    
  BITS integrity(0), confidentiality(1), offsetConfidentiality(2)  

secyCipherSuiteProtectionOffset 1.0.8802.1.1.3.1.1.6.1.6
The confidentiality protection offset options of this cipher suite. The options should depend on the choice of secyCipherSuiteProtection. If the value of secyCipherSuiteProtection only turns on integrity bit, users can only choose 0 byte for this object. If the value of secyCipherSuiteProtection only turns on integrity and confidentiality bits, users can only choose 0 byte for this object. If the value of secyCipherSuiteProtection only turns on integrity and offsetConfidentiality bits, users can choose 30 or 50 bytes for this object. If the value of secyCipherSuiteProtection turns on integrity and confidentiality and offsetConfidentiality bits, users can choose 0 or 30 or 50 bytes for this object.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0 | 30 | 50  

secyCipherSuiteDataLengthChange 1.0.8802.1.1.3.1.1.6.1.7
This indicates whether the data length will be changed after encryption by the cipher suite.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

secyCipherSuiteICVLength 1.0.8802.1.1.3.1.1.6.1.8
The length of integrity check value (ICV) field.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 8..16  

secyCipherSuiteRowStatus 1.0.8802.1.1.3.1.1.6.1.9
The object to create the paramaters for the supported Cipher Suites in the system. If the specified secyCipherSuiteId object information is not supported in the system or the secyCipherSuiteCapability object is not matched the capability of the corresponding specified Cipher Suite in the same entry, the corresponding entry should not be active, i.e., this object should not be 'active' or 'notInService'.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

secyTxSAStatsTable 1.0.8802.1.1.3.1.2.1
A table that contains the statistics objects for each transmitting SA in the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyTxSAStatsEntry

secyTxSAStatsEntry 1.0.8802.1.1.3.1.2.1.1
The entry holds the statistics for a transmitting SA. An SA may be reused once a while. When starting using the SA, the counters of the SA should start at 0. When stopping using the SA, the counters will be stopped incrementing. The timestamps of starting and stopping time are recorded in the secyTxSATable.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyTxSAStatsEntry  

secyTxSAStatsProtectedPkts 1.0.8802.1.1.3.1.2.1.1.1
The number of integrity protected but not encrypted packets for this transmitting SA.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyTxSAStatsEncryptedPkts 1.0.8802.1.1.3.1.2.1.1.2
The number of integrity protected and encrypted packets for this transmitting SA.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyTxSCStatsTable 1.0.8802.1.1.3.1.2.2
A table that contains statistics information for each transmitting SC in the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyTxSCStatsEntry

secyTxSCStatsEntry 1.0.8802.1.1.3.1.2.2.1
The entry contains the counters of a transmitting SC. Since some counters in the transmitting SA will be reset while the SA is reused, in order to maintain complete statistics information for the SC, the counters information on the SAs need to be kept in the SC. Those counters that may be reset are : secyTxSAStatsProtectedPkts, secyTxSAStatsEncryptedPkts Each counter for a SC is in the summation of the corresponding counter information for all the SAs, current and prior SAs, belonging to this SC.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyTxSCStatsEntry  

secyTxSCStatsProtectedPkts 1.0.8802.1.1.3.1.2.2.1.1
The number of integrity protected but not encrypted packets for this transmitting SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyTxSCStatsEncryptedPkts 1.0.8802.1.1.3.1.2.2.1.4
The number of integrity protected and encrypted packets for this transmitting SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyTxSCStatsOctetsProtected 1.0.8802.1.1.3.1.2.2.1.10
The number of plain text octets that are integrity protected but not encrypted on the transmitting SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyTxSCStatsOctetsEncrypted 1.0.8802.1.1.3.1.2.2.1.11
The number of plain text octets that are integrity protected and encrypted on the transmitting SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSAStatsTable 1.0.8802.1.1.3.1.2.3
A table that contains the statistics objects for each receiving SA in the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyRxSAStatsEntry

secyRxSAStatsEntry 1.0.8802.1.1.3.1.2.3.1
The entry holds the statistics for a receiving SA. An SA may be reused once a while. When starting using the SA, the counters of the SA should start at 0. When stopping using the SA, the counters will be stopped incrementing. The timestamps of starting and stopping time are recorded in the secyRxSATable.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyRxSAStatsEntry  

secyRxSAStatsUnusedSAPkts 1.0.8802.1.1.3.1.2.3.1.1
For this SA which is not currently in use, the number of received, unencrypted, packets with secyValidateFrames not in the strict mode.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyRxSAStatsNoUsingSAPkts 1.0.8802.1.1.3.1.2.3.1.4
For this SA which is not currently in use, the number of received packets that have been discarded, and have either the packets encrypted or the secyValidateFrames set to strict mode.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyRxSAStatsNotValidPkts 1.0.8802.1.1.3.1.2.3.1.13
For this SA, the number discarded packets with the condition that the packets are not valid and one of the following conditions are true: either secyValidateFrames in strict mode or the packets encrypted.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyRxSAStatsInvalidPkts 1.0.8802.1.1.3.1.2.3.1.16
For this SA, the number of packets with the condition that the packets are not valid and secyValidateFrames is in check mode.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyRxSAStatsOKPkts 1.0.8802.1.1.3.1.2.3.1.25
For this SA, the number of validated packets.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

secyRxSCStatsTable 1.0.8802.1.1.3.1.2.4
A table for the statistics information of each receiving SC supported by the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyRxSCStatsEntry

secyRxSCStatsEntry 1.0.8802.1.1.3.1.2.4.1
The entry contains the counters of a receiving SC. Since some counters in the receiving SA will be reset while the SA is reused, in order to maintain complete statistics information for the SC, the counters information on the SAs need to be kept in the SC. Those counters that may be reset are : secyRxSAStatsUnusedSAPkts, secyRxSAStatsNoUsingSAPkts, secyRxSAStatsNotValidPkts, secyRxSAStatsInvalidPkts, secyRxSAStatsOKPkts Each counter for a SC is in the summation of the corresponding counter information for all the SAs, current and prior SAs, belonging to this SC.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyRxSCStatsEntry  

secyRxSCStatsUnusedSAPkts 1.0.8802.1.1.3.1.2.4.1.1
The summation of counter secyRxSAStatsUnusedSAPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsUnusedSAPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsNoUsingSAPkts 1.0.8802.1.1.3.1.2.4.1.2
The summation of counter secyRxSAStatsNoUsingSAPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsNoUsingSAPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsLatePkts 1.0.8802.1.1.3.1.2.4.1.3
For this SC, the number of received packets that have been discarded with the condition : secyReplayProtect is equal to true and the PN of the packet is lower than the lower bound replay check PN.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsNotValidPkts 1.0.8802.1.1.3.1.2.4.1.4
The summation of counter secyRxSAStatsNotValidPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsNotValidPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsInvalidPkts 1.0.8802.1.1.3.1.2.4.1.5
The summation of counter secyRxSAStatsInvalidPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsInvalidPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsDelayedPkts 1.0.8802.1.1.3.1.2.4.1.6
For this SC, the number of packets with the condition that the PN of the packets is lower than the lower bound replay protection PN.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsUncheckedPkts 1.0.8802.1.1.3.1.2.4.1.7
For this SC, the number of packets with the following condition: -secyValidateFrames is disabled or -secyValidateFrames is not disabled and the packet is not encrypted and the integrity check has failed or -secyValidateFrames is not disable and the packet is encrypted and integrity check has failed.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsOKPkts 1.0.8802.1.1.3.1.2.4.1.8
The summation of counter secyRxSAStatsOKPkts information for all the SAs which belong to this SC. Since the secyRxSAStatsOKPkts counters in the SAs will be reset, in order to maintain complete statistics information for the SC, the counter information on the SAs need to be kept in the SC.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsOctetsValidated 1.0.8802.1.1.3.1.2.4.1.9
The number of octets of plaintext recovered from received packets that were integrity protected but not encrypted.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyRxSCStatsOctetsDecrypted 1.0.8802.1.1.3.1.2.4.1.10
The number of octets of plaintext recovered from received packets that were integrity protected and encrypted.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsTable 1.0.8802.1.1.3.1.2.5
A table for the statistics information of each SecY supported by the MAC security entity.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    SecyStatsEntry

secyStatsEntry 1.0.8802.1.1.3.1.2.5.1
An entry containing counters for statistics or diagnosis for a SecY.
Status: current Access: not-accessible
OBJECT-TYPE    
  SecyStatsEntry  

secyStatsTxUntaggedPkts 1.0.8802.1.1.3.1.2.5.1.1
The number of transmitted packets without the MAC security tag (SecTAG) because secyProtectFramesEnable is configured as false.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsTxTooLongPkts 1.0.8802.1.1.3.1.2.5.1.2
The number of transmitted packets discarded because the packet length is greater than the ifMtu of the Common Port interface.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsRxUntaggedPkts 1.0.8802.1.1.3.1.2.5.1.3
The number of received packets without the MAC security tag (SecTAG) with secyValidateFrames which is not in the strict mode.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsRxNoTagPkts 1.0.8802.1.1.3.1.2.5.1.4
The number of received packets discarded without the MAC security tag (SecTAG) with secyValidateFrames which is in the strict mode.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsRxBadTagPkts 1.0.8802.1.1.3.1.2.5.1.5
The number of received packets discarded with an invalid SecTAG or a zero value PN or an invalid ICV.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsRxUnknownSCIPkts 1.0.8802.1.1.3.1.2.5.1.6
The number of received packets with unknown SCI with the condition : secyValidateFrames is not in the strict mode and the C bit in the SecTAG is not set.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsRxNoSCIPkts 1.0.8802.1.1.3.1.2.5.1.7
The number of received packets discarded with unknown SCI information with the condition : secyValidateFrames is in the strict mode or the C bit in the SecTAG is set.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyStatsRxOverrunPkts 1.0.8802.1.1.3.1.2.5.1.8
The number of packets discarded because the number of received packets exceeded the cryptographic performance capabilities.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

secyMIBCompliances 1.0.8802.1.1.3.2.1
OBJECT IDENTIFIER    

secyMIBGroups 1.0.8802.1.1.3.2.2
OBJECT IDENTIFIER    

secyMIBCompliance 1.0.8802.1.1.3.2.1.1
The compliance statement for entities which implement the IEEE8021-SECY-MIB.
Status: current Access: read-only
MODULE-COMPLIANCE    

secyIfCtrlGroup 1.0.8802.1.1.3.2.2.1
A collection of objects providing a SecY control management information.
Status: current Access: read-only
OBJECT-GROUP    

secyTxSCGroup 1.0.8802.1.1.3.2.2.2
A collection of objects providing a transmitting SC control management information.
Status: current Access: read-only
OBJECT-GROUP    

secyTxSAGroup 1.0.8802.1.1.3.2.2.3
A collection of objects providing a transmitting SA control management information.
Status: current Access: read-only
OBJECT-GROUP    

secyRxSCGroup 1.0.8802.1.1.3.2.2.4
A collection of objects providing a receiving SC control management information.
Status: current Access: read-only
OBJECT-GROUP    

secyRxSAGroup 1.0.8802.1.1.3.2.2.5
A collection of objects providing a receiving SA control management information.
Status: current Access: read-only
OBJECT-GROUP    

secyCipherSuiteGroup 1.0.8802.1.1.3.2.2.6
A collection of objects providing a cipher suite information.
Status: current Access: read-only
OBJECT-GROUP    

secyTxSAStatsGroup 1.0.8802.1.1.3.2.2.7
A collection of objects providing a transmitting SA statistics information.
Status: current Access: read-only
OBJECT-GROUP    

secyRxSAStatsGroup 1.0.8802.1.1.3.2.2.8
A collection of objects providing a receiving SA statistics information.
Status: current Access: read-only
OBJECT-GROUP    

secyTxSCStatsGroup 1.0.8802.1.1.3.2.2.9
A collection of objects providing a transmitting SC statistics information.
Status: current Access: read-only
OBJECT-GROUP    

secyRxSCStatsGroup 1.0.8802.1.1.3.2.2.10
A collection of objects providing a receiving SC statistics information.
Status: current Access: read-only
OBJECT-GROUP    

secyStatsGroup 1.0.8802.1.1.3.2.2.11
A collection of objects providing a SecY statistics information.
Status: current Access: read-only
OBJECT-GROUP