A3Com-IPSO-r1-MIB

File: A3Com-IPSO-r1-MIB.mib (28122 bytes)

Imported modules

RFC1155-SMI RFC-1212

Imported symbols

enterprises OBJECT-TYPE

Defined Types

RowStatus  
INTEGER active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)    

A3IPsecureParamEntry  
SEQUENCE    
  a3IPsecureParamPortIndex INTEGER
  a3IPsecureParamCtl INTEGER
  a3IPsecureLabelDefaultLevel INTEGER
  a3IPsecureLabelDefaultAuth INTEGER
  a3IPsecureLabelSysLevel INTEGER
  a3IPsecureLabelSysAuth INTEGER
  a3IPsecureMinLevel INTEGER
  a3IPsecureMaxLevel INTEGER

A3IPsecureAuthInEntry  
SEQUENCE    
  a3IPsecureAuthInPort INTEGER
  a3IPsecureAuthInFlags INTEGER
  a3IPsecureAuthInMatch INTEGER
  a3IPsecureAuthInStatus RowStatus

A3IPsecureAuthOutEntry  
SEQUENCE    
  a3IPsecureAuthOutPort INTEGER
  a3IPsecureAuthOutFlags INTEGER
  a3IPsecureAuthOutMatch INTEGER
  a3IPsecureAuthOutStatus RowStatus

Defined Values

a3Com 1.3.6.1.4.1.43
OBJECT IDENTIFIER    

brouterMIB 1.3.6.1.4.1.43.2
OBJECT IDENTIFIER    

a3ComIPSO 1.3.6.1.4.1.43.2.12
OBJECT IDENTIFIER    

a3IPsecureCtl 1.3.6.1.4.1.43.2.12.1
This object determines whether this system checks for IP security options. If this object has the value security1108 (1), then the system checks for IP security options (per rfc1108) in each received IP packet and handles them accordingly. If this object has the value security1038 (2), then the system checks and acts on IP security options per rfc1038. If this object has the value noSecurity (3), the system does not check for IP security options.
OBJECT-TYPE    
  INTEGER security1108(1), security1038(2), noSecurity(3)  

a3IPsecureFileServer 1.3.6.1.4.1.43.2.12.2
This determines whether security options are processed when talking to the host identified by the UI parameter FileServerAddr. If set to yes (1), the File Server is treated like any other host on the network. If set to no (2), the File Server is treated specially. Any security options received from this IP address are ignored. Also, all basic security options are stripped before sending a packet to the File Server.
OBJECT-TYPE    
  INTEGER yes(1), no(2)  

a3IPsecureParamTable 1.3.6.1.4.1.43.2.12.3
This table contains a set of parameters relating to the configuration of IP security options.
OBJECT-TYPE    
  SEQUENCE OF  
    A3IPsecureParamEntry

a3IPsecureParamEntry 1.3.6.1.4.1.43.2.12.3.1
Each entry in this table contains a set of IP security parameters specific to a particular port.
OBJECT-TYPE    
  A3IPsecureParamEntry  

a3IPsecureParamPortIndex 1.3.6.1.4.1.43.2.12.3.1.1
This identifies the IP port to which the security parameters in this entry apply.
OBJECT-TYPE    
  INTEGER  

a3IPsecureParamCtl 1.3.6.1.4.1.43.2.12.3.1.2
This object controls a number of parameters associated with IP security. Each parameter is represented by a specific bit. If the bit is set, the parameter is turned on. If the bit is not set, the parameter is turned off. The state of all the parameters is represented by a sum of all the bits, the value of each bit being multiplied by 2 raised to the power of the position of the bit in the integer. With bit 0 being the least significant bit, the table below defines the mapping of security parameters to bits. bit # Parameter 0 Extended 1 BasicFirst 2 LabelAdd 3 LabelStrip If bit 0 is set, the Extended parameter is turned on. This allows datagrams with extended security options to be received and/or transmitted from this port. If bit 1 is set, the BasicFirst parameter is turned on. This indicates that the basic security option is always transmitted as the first option in the datagram, even if the packet has to be rearranged. If this bit is not set, the datagram options are sent as is. If bit 2 is set, the LabelAdd parameter is turned on. This ensures that all datagrams leaving this port have a label attached to them. If an outgoing datagram does not have a label, the default label, computed for the datagram on receipt, is attached to it before transmission. If this parameter is turned off, then datagrams without labels are allowed to be transmitted, and the default label is not attached to the datagram. If bit 3 is set, the LabelStrip parameter is turned on. In this case, any basic security option present in the datagram is stripped before transmission through this port. The stripping is done after all the security processing has been done. If this parameter is turned off, the label is transmitted as is.
OBJECT-TYPE    
  INTEGER  

a3IPsecureLabelDefaultLevel 1.3.6.1.4.1.43.2.12.3.1.3
This parameter applies to packets received over this port that have no classification level or authority flags. When such packets are received, the value of this parameter determines the IP security level that is attached to the packet before any processing is done. If this is set to none (1), any packet that is received without a security level defined in the IP header options is discarded. If this is set to any other value, any packet received without a security level defined in the IP header options will have one added according to the value of this object. A Protection Authority field will also be added to these packets. The contents of the field is determined by the value of a3IPsecureLabelDefaultAuth. Note, this does not imply that the label will be automatically attached to the packet on transmission. This is controlled by the value of a3IPsecureParamCtl -- specifically, the value of the LabelAdd bit
OBJECT-TYPE    
  INTEGER none(1), topSecret(2), secret(3), confidential(4), unclassified(5)  

a3IPsecureLabelDefaultAuth 1.3.6.1.4.1.43.2.12.3.1.4
Like a3IPsecureLabelDefaultLevel, this parameter applies only to packets received over this port that have no classification level or authority flags. When such packets are received, the value of this parameter determines the Protection Authority flag field that is attached to the packet before any processing is done. The individual Protection Authority flags that are included are determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object will be placed in the Protection Authority field of received packets with no IP security options present. (note: this is conditioned on a3IPsecureLabelDefaultLevel for this port having a value other than none (1).) If this object has the value 0, then no Protection Authority field will be added to any received packets, regardless of the value of a3IPsecureLabelDefaultLevel.
OBJECT-TYPE    
  INTEGER  

a3IPsecureLabelSysLevel 1.3.6.1.4.1.43.2.12.3.1.5
This parameter applies to packets originated by this system and sent over this port. When such packets are sent, the value of this parameter determines the IP security level that is attached to the packet before any processing is done. If this is set to none (1), no IP security information is added to these packets. If this is set to any other value, any packet originated by this system and sent over this port will have an IP security level added according to the value of this object. A Protection Authority field will also be added to these packets. The contents of the field is determined by the value of a3IPsecureLabelSysAuth. The security level and Protection Authority flag field must form a label which is legal for transmission on this port. The range of legal values for the security level is defined by a3IPsecureMaxLevel and a3IPsecureMinLevel. The set of legal Protection Authority flags is determined by the entries in a3IPsecureAuthOutTable.
OBJECT-TYPE    
  INTEGER none(1), topSecret(2), secret(3), confidential(4), unclassified(5)  

a3IPsecureLabelSysAuth 1.3.6.1.4.1.43.2.12.3.1.6
Like a3IPsecureLabelSysLevel, this parameter applies only to packets originated by this system and sent over this port. When such packets are sent, the value of this parameter determines the Protection Authority flag field that is attached to the packet before any processing is done. Note, this is assuming a3IPsecureLabelSysLevel has a value other than none (1). The individual Protection Authority flags that are included are determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object will be placed in the Protection Authority field of received packets with no IP security options present. (note: this is conditioned on a3IPsecureLabelDefaultLevel for this port having a value other than none (1).) If this object has the value 0, then no Protection Authority field will be added to any received packets, regardless of the value of a3IPsecureLabelDefaultLevel.
OBJECT-TYPE    
  INTEGER  

a3IPsecureMinLevel 1.3.6.1.4.1.43.2.12.3.1.7
This defines the minimum classification level which is acceptable by this port. This applies to any packet which is entering or leaving this port. If the classification level is outside the range defined by the value of this object and the value of a3IPsecureMaxLevel, the packet is discarded. If a3IPsecureMaxLevel is set to level less than the level indicated by this object, the value of this object will be shifted so it is equal to a3IPsecureMaxLevel. This will ensure that the range of security levels identified by these two objects makes sense.
OBJECT-TYPE    
  INTEGER topSecret(1), secret(2), confidential(3), unclassified(4)  

a3IPsecureMaxLevel 1.3.6.1.4.1.43.2.12.3.1.8
This define the maximum classification level which is acceptable by this port. This applies to any packet which is entering or leaving this port. If the classification level is outside the range defined by the value of this object and the value of a3IPsecureMinLevel, the packet is discarded. If a3IPsecureMinLevel is set to a level greater than the level identified by this object, the value of this object will be shifted so it is equal to a3IPsecureMinLevel.
OBJECT-TYPE    
  INTEGER topSecret(1), secret(2), confidential(3), unclassified(4)  

a3IPsecureAuthInTable 1.3.6.1.4.1.43.2.12.4
This table enumerates all the combinations of Protection Authority flags that may be present in packets received over any of this system's ports.
OBJECT-TYPE    
  SEQUENCE OF  
    A3IPsecureAuthInEntry

a3IPsecureAuthInEntry 1.3.6.1.4.1.43.2.12.4.1
Each entry in this table contains a specific combination of Protection Authority flags that are acceptable in packets received over a specific port.
OBJECT-TYPE    
  A3IPsecureAuthInEntry  

a3IPsecureAuthInPort 1.3.6.1.4.1.43.2.12.4.1.1
This identifies the port to which this entry applies.
OBJECT-TYPE    
  INTEGER  

a3IPsecureAuthInFlags 1.3.6.1.4.1.43.2.12.4.1.2
This identifies one combination of Protection Authority flags that is allowed to be present in any packet received by this port. The combination of Protection Authority flags that is allowed is determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object must be present in any received IP packet. If the value of this object is zero, packets with no Protection Authority flags are accepted by this port.
OBJECT-TYPE    
  INTEGER  

a3IPsecureAuthInMatch 1.3.6.1.4.1.43.2.12.4.1.3
The value of this object determines whether the Protection Authority flags in a received packet must match the flags identified by the corresponding instance of a3IPsecureAuthInFlags exactly, or if they only have to match a subset of those flags. If the value of this object is exact (1), the match must be exact. If this object has the value any (2), only a subset of the flags has to match.
OBJECT-TYPE    
  INTEGER exact(1), any(2)  

a3IPsecureAuthInStatus 1.3.6.1.4.1.43.2.12.4.1.4
This object is used to add and delete entries in this table. See the notes describing RowStatus at the beginning of this MIB.
OBJECT-TYPE    
  RowStatus  

a3IPsecureAuthOutTable 1.3.6.1.4.1.43.2.12.5
This table enumerates all the combinations of Protection Authority flags that are allowed to be present in packets transmitted over any of this system's ports. This does not apply to packets generated by this system.
OBJECT-TYPE    
  SEQUENCE OF  
    A3IPsecureAuthOutEntry

a3IPsecureAuthOutEntry 1.3.6.1.4.1.43.2.12.5.1
Each entry in this table contains a specific combination of Protection Authority flags that are acceptable in packets transmitted over a specific port.
OBJECT-TYPE    
  A3IPsecureAuthOutEntry  

a3IPsecureAuthOutPort 1.3.6.1.4.1.43.2.12.5.1.1
This identifies the port to which this entry applies.
OBJECT-TYPE    
  INTEGER  

a3IPsecureAuthOutFlags 1.3.6.1.4.1.43.2.12.5.1.2
This identifies one combination of Protection Authority flags that is allowed to be present in any packet transmitted by this port. The combination of Protection Authority flags that is allowed is determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object is allowed to be present in any transmitted IP packet. If the value of this object is zero, packets with no Protection Authority flags are allowed to be transmitted by this port.
OBJECT-TYPE    
  INTEGER  

a3IPsecureAuthOutMatch 1.3.6.1.4.1.43.2.12.5.1.3
The value of this object determines whether the Protection Authority flags in a received packet must match the flags identified by the corresponding instance of a3IPsecureAuthOutFlags exactly, or if they only have to match a subset of those flags. If the value of this object is exact (1), the match must be exact. If this object has the value any (2), only a subset of the flags have to match.
OBJECT-TYPE    
  INTEGER exact(1), any(2)  

a3IPsecureAuthOutStatus 1.3.6.1.4.1.43.2.12.5.1.4
This object is used to add and delete entries in this table. See the notes describing RowStatus at the beginning of this MIB.
OBJECT-TYPE    
  RowStatus