-- ********************************************************************* -- CISCO-FCSP-MIB.my: Fibre Channel Security Protocols MIB. -- -- October 2003, Charuhas Ghatge -- -- Copyright (c) 2003, 2004 by cisco Systems, Inc. -- All rights reserved. -- -- ********************************************************************* CISCO-FCSP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF RowStatus FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB FcNameId FROM CISCO-ST-TC ifIndex, ifDescr FROM IF-MIB ciscoMgmt FROM CISCO-SMI; ciscoFcspMIB MODULE-IDENTITY LAST-UPDATED "200407020000Z" ORGANIZATION "Cisco Systems Inc. " CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553 -NETS E-mail: cs-san@cisco.com" DESCRIPTION "MIB module for managing Fibre Channel Security for the fibre channel devices. This MIB is used to configure and monitor the Fibre-Channel Security Protocol (FC-SP) Rev 1.1 of FC-SP, Dated 04/18/03, T11/Project 1570-D. Please refer to http://www.t11.org. " REVISION "200407020000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 391 } ciscoFcspMIBNotifications OBJECT IDENTIFIER ::= { ciscoFcspMIB 0 } ciscoFcspMIBObjects OBJECT IDENTIFIER ::= { ciscoFcspMIB 1 } ciscoFcspMIBConformance OBJECT IDENTIFIER ::= { ciscoFcspMIB 2 } cfcspConfig OBJECT IDENTIFIER ::= { ciscoFcspMIBObjects 1 } cfcspInfo OBJECT IDENTIFIER ::= { ciscoFcspMIBObjects 2 } cfcspStatistics OBJECT IDENTIFIER ::= { ciscoFcspMIBObjects 3 } cfcspNotificationObjects OBJECT IDENTIFIER ::= { ciscoFcspMIBObjects 4 } -- -- FCSP interface configuration -- cfcspIfTable OBJECT-TYPE SYNTAX SEQUENCE OF CfcspIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the FCSP configuration for the fibre channel interfaces. Note that the ifType for the fibre channel interfaces is fibreChannel(56)." ::= { cfcspConfig 1 } cfcspIfEntry OBJECT-TYPE SYNTAX CfcspIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the cfcspIfTable, containing FCSP configuration for the interface identified by ifIndex. Each entry contains a FCSP mode of the interface, reauthentication interval and authentication command object. " INDEX { ifIndex } ::= { cfcspIfTable 1 } CfcspIfEntry ::= SEQUENCE { cfcspMode INTEGER, cfcspReauthInterval Unsigned32, cfcspReauthenticate INTEGER } cfcspMode OBJECT-TYPE SYNTAX INTEGER { off (1), autoPassive (2), autoActive (3), on (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "The FC-SP mode of this interface. If off(1), port would never initiate FC-SP authentication exchange and send reject to any FC-SP authentication message started from other end. If autoPassive(2), a port would not initiate any FC-SP authentication exchange; but would always take part in FC-SP authentication exchange initiated on this interface by other devices. If autoActive(3), a port would always try to initiate FC-SP authentication exchange after ESC. If otherside does not support FC-SP authentication, port will still be brought up. If the authentication fails, the port will not be brought up. If on(4), port would always try to initiate FC-SP authentication exchange and authentication is done before the port becomes up. If otherside does not support FC-SP authentication or if authentication fails, port will not be brought up." DEFVAL {autoPassive} ::= {cfcspIfEntry 1} cfcspReauthInterval OBJECT-TYPE SYNTAX Unsigned32 (0..100000) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The time for which a port has to wait before trying to re-authenticate the other end. 0 means re-authentication is not done. This object is not relevant if cfcspMode is 'off'." DEFVAL { 0 } ::= {cfcspIfEntry 2} cfcspReauthenticate OBJECT-TYPE SYNTAX INTEGER { enable (1), noOp (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is set to 'enable', reauthentication is started. No action is taken if set to 'noOp'. When read, always 'noOp' is returned." ::= {cfcspIfEntry 3} -- fcsp configuration objects cfcspAuthProtocols OBJECT-TYPE SYNTAX INTEGER { dhChap(0), fcCap(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The FC-SP authentication protocols used by this device. Only 1 bit can be set to 1 at any time. The bit that is set to 1, its corresponding protocol will be used first and other protocol will be used as second preference." ::= {cfcspConfig 2} cfcspTimeout OBJECT-TYPE SYNTAX Unsigned32 (20..1000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION " Timeout period for FC-SP messages" DEFVAL { 20 } ::= { cfcspConfig 3 } -- DH-CHAP Configuration objects -- -- DH-CHAP is a password based Authentication and key exchange -- protocol that uses the CHAP algorithm [RFC 1994] augmented -- with an optional Diffie-Hellman exchange. cfcspDhChapObjects OBJECT IDENTIFIER ::= { cfcspConfig 4 } cfcspDhChapHashList OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-write STATUS current DESCRIPTION "Each octet in this object contains a IANA assigned identifier of a proposed hash mechanism, in the order of preference. The first octet is the most preferred and the last octet contains the least preferred." REFERENCE "Rev 1.1 of FC-SP, section 5.4.2.2" ::= { cfcspDhChapObjects 1 } cfcspDhChapGroupList OBJECT-TYPE SYNTAX OCTET STRING (SIZE (5)) MAX-ACCESS read-write STATUS current DESCRIPTION "Each octet in this object contains a group number, corresponding to a Diffie-Hellman group identifier, in order of preference. Currently there are 5 groups supported, from value 0 through 4. Each number corresponds to the Diffie-Hellman group as follows - 0 - DH_NULL 1 - DH_1024 2 - DH_1280 3 - DH_1536 4 - DH_2048 " REFERENCE "Rev 1.1 of FC-SP, section 5.4.2.3" ::= { cfcspDhChapObjects 2 } cfcspDhChapGenericPasswd OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "DHCHAP Password for this device" ::= { cfcspDhChapObjects 3 } cfcspLocalPasswdTable OBJECT-TYPE SYNTAX SEQUENCE OF CfcspLocalPasswdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the FCSP DHCHAP password configuration for the device." ::= { cfcspConfig 5 } cfcspLocalPasswdEntry OBJECT-TYPE SYNTAX CfcspLocalPasswdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the cfcspLocalPasswdTable. Each entry, indexed by the device's World-wide name, consists of a local password and a rowStatus object." INDEX { cfcspSwitchWwn } ::= { cfcspLocalPasswdTable 1 } CfcspLocalPasswdEntry ::= SEQUENCE { cfcspSwitchWwn FcNameId, cfcspLocalPasswd SnmpAdminString, cfcspLocalPassRowStatus RowStatus } cfcspSwitchWwn OBJECT-TYPE SYNTAX FcNameId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The World-Wide Name of the host with which this password has to be used." ::= { cfcspLocalPasswdEntry 1 } cfcspLocalPasswd OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "DHCHAP Password of the local device." ::= { cfcspLocalPasswdEntry 2 } cfcspLocalPassRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. " ::= { cfcspLocalPasswdEntry 3 } cfcspRemotePasswdTable OBJECT-TYPE SYNTAX SEQUENCE OF CfcspRemotePasswdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the FCSP DHCHAP password configuration for other devices" ::= { cfcspConfig 6 } cfcspRemotePasswdEntry OBJECT-TYPE SYNTAX CfcspRemotePasswdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the cfcspRemotePasswdTable. Each entry, indexed by the remote device's World-wide name, consists of a DHCHAP password and a rowStatus object." INDEX { cfcspRemoteSwitchWwn } ::= { cfcspRemotePasswdTable 1 } CfcspRemotePasswdEntry ::= SEQUENCE { cfcspRemoteSwitchWwn FcNameId, cfcspRemotePasswd SnmpAdminString, cfcspRemotePassRowStatus RowStatus } cfcspRemoteSwitchWwn OBJECT-TYPE SYNTAX FcNameId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The World-Wide Name of other device." ::= { cfcspRemotePasswdEntry 1 } cfcspRemotePasswd OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Password of the other device. " ::= { cfcspRemotePasswdEntry 2 } cfcspRemotePassRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row." ::= { cfcspRemotePasswdEntry 3 } -- -- FCSP interface Statistics -- cfcspIfStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CfcspIfStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the FCSP statistics for all the fibre channel interfaces." ::= { cfcspStatistics 1 } cfcspIfStatsEntry OBJECT-TYPE SYNTAX CfcspIfStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the cfcspIfStatsTable." INDEX { ifIndex } ::= { cfcspIfStatsTable 1 } CfcspIfStatsEntry ::= SEQUENCE { cfcspIfAuthSucceeded Counter32, cfcspIfAuthFailed Counter32, cfcspIfAuthByPassed Counter32 } cfcspIfAuthSucceeded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the FCSP authentication succeeded on this interface." ::= {cfcspIfStatsEntry 1} cfcspIfAuthFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the FCSP authentication failed on this interface." ::= {cfcspIfStatsEntry 2} cfcspIfAuthByPassed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the FCSP authentication was bypassed on this interface." ::= {cfcspIfStatsEntry 3} cfcspAuthFailNotification NOTIFICATION-TYPE OBJECTS { ifDescr } STATUS current DESCRIPTION "FCSP Authentication Failure trap" ::= { ciscoFcspMIBNotifications 1 } -- Conformance ciscoFcspMIBCompliances OBJECT IDENTIFIER ::= { ciscoFcspMIBConformance 1 } ciscoFcspMIBGroups OBJECT IDENTIFIER ::= { ciscoFcspMIBConformance 2 } ciscoFcspMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the CISCO-FCSP-MIB." MODULE MANDATORY-GROUPS { cfcspConfigGroup, cfcspLocalPasswdGroup, cfcspIfStatsGroup, cfcspNotificationGroup } ::= { ciscoFcspMIBCompliances 1 } -- Units of Conformance cfcspConfigGroup OBJECT-GROUP OBJECTS { cfcspMode, cfcspReauthInterval, cfcspReauthenticate, cfcspAuthProtocols, cfcspTimeout, cfcspDhChapHashList, cfcspDhChapGroupList, cfcspDhChapGenericPasswd } STATUS current DESCRIPTION "A collection of objects for configuring Fibre Channel security Information." ::= { ciscoFcspMIBGroups 1 } cfcspLocalPasswdGroup OBJECT-GROUP OBJECTS { cfcspLocalPasswd, cfcspLocalPassRowStatus, cfcspRemotePasswd, cfcspRemotePassRowStatus } STATUS current DESCRIPTION "A collection of objects for configuring Fibre Channel security Information." ::= { ciscoFcspMIBGroups 2 } cfcspIfStatsGroup OBJECT-GROUP OBJECTS { cfcspIfAuthSucceeded, cfcspIfAuthFailed, cfcspIfAuthByPassed } STATUS current DESCRIPTION "A collection of objects for monitoring FCSP statistics." ::= { ciscoFcspMIBGroups 3 } cfcspNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { cfcspAuthFailNotification } STATUS current DESCRIPTION "A collection of objects for FCSP notifications." ::= { ciscoFcspMIBGroups 4 } END