draft-ietf-imss-fc-fcsp-mib-02.txt   draft-ietf-imss-fc-fcsp-mib-03.txt 
INTERNET-DRAFT C. DeSanti INTERNET-DRAFT C. DeSanti
F. Maino F. Maino
K. McCloghrie K. McCloghrie
Cisco Systems Cisco Systems
MIB for Fibre-Channel Security Protocols (FC-SP) MIB for Fibre-Channel Security Protocols (FC-SP)
draft-ietf-imss-fc-fcsp-mib-02.txt draft-ietf-imss-fc-fcsp-mib-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 8 skipping to change at page 2, line 8
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes managed objects for information related In particular, it describes managed objects for information related
to FC-SP, the Security Protocols defined for Fibre Channel. to FC-SP, the Security Protocols defined for Fibre Channel.
Table of Contents Table of Contents
1 Introduction ................................................. 3 1 Introduction ................................................. 3
1.1 Change Log ................................................. 3 2 The Internet-Standard Management Framework ................... 3
2 The Internet-Standard Management Framework ................... 10 3 Overview of Fibre Channel .................................... 4
3 Overview of Fibre Channel .................................... 10
3.1 Introduction ............................................... 10 3.1 Introduction ............................................... 10
3.2 Zoning ..................................................... 11 3.2 Zoning ..................................................... 11
3.3 Virtual Fabrics ............................................ 11 3.3 Virtual Fabrics ............................................ 11
3.4 Security ................................................... 12 3.4 Security ................................................... 12
3.4.1 Authentication ........................................... 12 3.4.1 Authentication ........................................... 12
3.4.2 Security Associations .................................... 13 3.4.2 Security Associations .................................... 13
3.4.3 Fabric Security Policies ................................. 14 3.4.3 Fabric Security Policies ................................. 14
3.4.4 Policy Model ............................................. 15 3.4.4 Policy Model ............................................. 15
3.4.5 Policy Objects ........................................... 15 3.4.5 Policy Objects ........................................... 15
3.4.6 Three Kinds of Switches .................................. 17 3.4.6 Three Kinds of Switches .................................. 17
skipping to change at page 3, line 19 skipping to change at page 3, line 19
In particular, it describes managed objects for information In particular, it describes managed objects for information
concerning the Fibre Channel Security Protocols (FC-SP), as specified concerning the Fibre Channel Security Protocols (FC-SP), as specified
in [FC-SP]. The FC-SP standard includes the definition of protocols in [FC-SP]. The FC-SP standard includes the definition of protocols
to authenticate Fibre Channel entities, protocols to set up session to authenticate Fibre Channel entities, protocols to set up session
keys, protocols to negotiate the parameters required to ensure frame- keys, protocols to negotiate the parameters required to ensure frame-
by-frame integrity and confidentiality, and protocols to establish by-frame integrity and confidentiality, and protocols to establish
and distribute policies across a Fibre Channel Fabric. and distribute policies across a Fibre Channel Fabric.
This memo was initially developed by the INCITS T11 committee This memo was initially developed by the INCITS T11 committee
(http://www.t11.org), which subsequently approved it for forwarding (http://www.t11.org), which subsequently approved it for forwarding
to the IETF. This version of the draft has been updated to reflect to the IETF.
comments made during the "WG Last Call" period by the IETF's IMSS
working group, with the intent of forwarding it to the IESG for
approval as an:
"Intended status: Proposed" Internet Standard.
-- RFC Editor: please remove 2nd sentence of above paragraph.
This memo uses one of the following terms: This memo uses one of the following terms:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in BCP 14, RFC in this document are to be interpreted as described in BCP 14, RFC
2119 [RFC2119]. 2119 [RFC2119].
1.1. Change Log
1.1.1. Initial version
The initial version was submitted to T11.5 as T11/06-554v0 on 4
August 2006.
1.1.2. September 2006 version
The following changes were made for the version was submitted to
T11.5 on 29 September 2006 as T11/06-554v1.txt.
- Added t11FcSpZoneSetHashStatus.
- Modified t11FcSpAuSendRejNotifyEnable to be just for sending
AUTH_Reject messages, and added t11FcSpAuRcvRejNotifyEnable.
- Added note in the Security Considerations section to say that DH-
CHAP secrets need to be managed by mechanisms other than the MIB
modules defined here because they are "highly sensitive".
- Added definitions for T11FcSpPolicyObjectType T11FcSpPolicyNameType
T11FcSpPolicyName T11FcSpAlphaNumName T11FcSpAlphaNumNameOrNull in
the T11-FC-SP-TC-MIB module.
- Began defining the T11-FC-SP-POLICY-MIB module.
1.1.3. December 2006 version
The following changes were made for the version was submitted to
T11.5 on 4 December 2006 as T11/06-554v2.txt.
- Added Fibre Channel Overview sub-sections on Zoning, Security,
Authentication, Security Associations, Fabric Security Policies,
Policy Model, Policy Objects, Three Kinds of Switches, Security
Policy Management and FC-SP Zoning.
- Added a MIB Overview sub-section on Entity Names.
- Added the t11FcSpAuServerProtocol object, and defined
t11FcSpAuServerProtocolRadius, t11FcSpAuServerProtocolDiameter and
t11FcSpAuServerProtocolTacacs as possible values.
- Clarified the value of t11FcSpAuEntityName as being either the
value of fcmSwitchWWN (for Switches) or the appropriate value of
fcmInstanceWwn (otherwise).
- Added Compliance section for T11-FC-SP-AUTHENTICATION-MIB.
- Added T11FcSpAlphaNumNameOrNull as a new TC.
- Moved the t11FcSpAuIkev2Auth object to the T11-FC-SP-SA-MIB.
- Completed most of the T11-FC-SP-POLICY-MIB module.
1.1.4. 2 February 2007 version
The following changes were made for the version was submitted to
T11.5 on 2 February 2007 as T11/07-037v0.txt.
- Added the generic t11FcSpPoAttribExtension object to point to
objects for specific information extracted out of Attribute Policy
Objects, and the t11FcSpPoAuthProtTable table to hold
Authentication Protocol Identifiers & Parameters extracted out of
an Attribute Policy Object containing a 'AUTH_Negotiate Message
Payload'.
- Changed the syntax of the Names of IP Management Entries, to use
one InetAddressType object and two InetAddress objects instead of
using one T11FcSpPolicyNameType object and one T11FcSpPolicyName
object.
- Changed the semantics of the t11FcSpPoTmpSummryTable to be non-
volatile and part of the Non-Active Policy Objects, and
correspondingly renamed it to be the t11FcSpPoNaSummaryTable.
- Defined the t11FcSpPoStatsTable.
- Defined the syntax for t11FcSpPoRejectReasonCode and
t11FcSpPoRejectReasonCodeExp in the TC-MIB.
- Completed the Fibre Channel Overview section. Updated the Document
Overview section.
- Added Compliance section in the T11-FC-SP-POLICY-MIB.
- Wrote the T11-FC-SP-SA-MIB and T11-FC-SP-CERTS-MIB modules.
- Edited all six MIB modules to get them to compile.
1.1.5. 26 February 2007 version
The following changes were made for the version was submitted to
T11.5 on 26 February 2007 as T11/07-037v1.txt.
- Added an overview section on Policy Object names to explain when
their syntax is (T11FcSpPolicyNameType, T11FcSpPolicyName) versus
when it is (InetAddressType, InetAddress, InetAddress).
- Clarified t11FcSpPoIpMgmtEntry's DESCRIPTION to explain that an
address range is specified as two addresses: the low and high ends
of the range.
- Added the t11FcSpPoNaAttribExtension object and the
t11FcSpPoNaAuthProtTable table as the non-active Policy
counterparts to the t11FcSpPoAttribExtension object and the
t11FcSpPoAuthProtTable table.
- Added the t11FcSpSaNotifyLifeExceeded notification and its related
objects: t11FcSpSaControlLifeExcdEnable,
t11FcSpSaControlLifeExcdSpi, t11FcSpSaControlLifeExcdDir and
t11FcSpSaControlLifeExcdTime.
- Added text to DESCRIPTIONs of t11FcSpSaTSelPropEntry and
t11FcSpSaTransEntry to explain that they are proposed or accepted
only as a combination pointed to by a row in the
t11FcSpSaPropTable.
- Corrected the MAX-ACCESS of t11FcSpActiveZoneSetHash and
t11FcSpZoneSetDatabaseHash to be read-only.
- Changed the statistics table in the T11-FC-SP-AUTHENTICATION-MIB
module so that it provides a mapping of Authentication entities
onto interfaces, as well as statistics for each such mapping.
Changed its name to be t11FcSpAuIfStatsTable to reflect the
additional purpose. Changed the t11FcSpAuStatTimeouts object to be
mandatory so that implementation of this table is mandatory, so
that management applications can reliably use it to determine which
Authentication Entity is operating on which interfaces.
- Extended the t11FcSpAuRejectSentNotify and
t11FcSpAuRejectReceivedNotify notifications so that are also used
in the case of terminating an Authentication Transaction via an
SW_RJT or LS_RJT.
- Added the Authentication Entity's name in the INDEX clause of the
t11FcSpCertsTable table.
- Completed the Security Considerations section.
- Many editorial changes.
1.1.6. 11 April 2007 version
The following changes were made for the version was submitted to
T11.5 on 11 April 2007 as T11/07-037v2.txt.
- The term "lifesize" was changed to "lifetime in passed bytes".
Also, since 2^^32 is not a large enough range for the number of
passed bytes, the "number of passed bytes" is now specified as two
objects: one object for the value and another object for the units
of that value. This units object is now also used to distinguish
between a time interval in passed bytes and a time interval in
units of seconds.
- Many editorial changes.
1.1.7. 3 May 2007 version
The following changes were made for the version was submitted to
T11.5 on 3 May 2007 as T11/07-037v3.txt.
- Added FCAP in t11FcSpPoAuthProtIdentifier's DESCRIPTION.
- Editorial changes.
1.1.8. 12 June 2007 version
The following changes were made for the version was submitted to IETF
on 12 June 2007 as draft-kzm-imss-fc-fcsp-mib-00.txt :
- The Introduction section was changed to reflect the submission of
this memo to the IETF's IMSS Working Group.
1.1.9. 13 August 2007 version
The following changes were made for the version was submitted to IETF
on 13 August 2007 as draft-ietf-imss-fc-fcsp-mib-00.txt :
- The Introduction section was changed to reflect the submission of
this memo to the IETF's IMSS Working Group.
- The References section was updated to reflect two recently
published RFCs.
1.1.10. 28 November 2007 version
The following changes were made for the version was submitted to the
IMSS WG's mailing-list on 28 November 2007 as a preliminary version
of draft-ietf-imss-fc-fcsp-mib-01.txt :
- Deleted the definition of T11-FC-SP-CERTS-MIB, and all references
to it.
- Changed section 4.6 to say: a) the management of certificates,
Certification Authorities and Certificate Revocation Lists is the
same in Fibre Channel networks as it is in other networks, and b)
that this document assumes that appropriate MIB objects are defined
elsewhere, e.g., in [IPSP-IPSEC-ACTION] and [IPSP-IKE-ACTION].
- Moved [IPSP-IPSEC-ACTION] and [IPSP-IKE-ACTION] to be Informative
references.
- Updated the References section to reflect the publication of RFC
4983.
- Fixed date in T11-FC-SP-TC-MIB's REVISION clause to be the same as
its LAST-UPDATED.
- Fixed inconsistency in syntax of T11FcSaDirection.
- Inserted ranges on Unsigned32 auxiliary objects.
- Minor rewording in the "Rate Control for Notifications" section.
1.1.11. 25 February 2008 version
The following changes were made for the version was created based on
Working Group Last Call comments on 25 February 2008 as draft-ietf-
imss-fc-fcsp-mib-01.txt:
- Wording change to the ORGANIZATION section of all MIB modules.
- Changed T11FcSpAlphaNumNameOrNull to T11FcSpAlphaNumNameOrAbsent.
- Added REFERENCE clauses to OBJECT-IDENTITYs.
- Deleted the definition of t11FcSpSaTSelPropIndex, with
t11FcSpSaTSelPropPrecedence replacing it in the INDEX clause of the
t11FcSpSaTSelPropTable.
- Moved section 3.5 through 3.12 to be sub-sections of section 3.4.
- Re-ordered the top-level OID assignments in T11-FC-SP-
AUTHENTICATION-MIB.
- Changed the syntax of t11FcSpPoSwMembSwitchName,
t11FcSpPoNoMembNodeName, t11FcSpPoNaSwMembSwitchName,
t11FcSpPoNaNoMembNodeName and t11FcSpPoNaSwConnAllowedName to be
consistent.
- Defined T11FcSpSecurityProtocolId as a new TC, and used it for the
several objects which identify an FC-SP "Security Protocol_Id".
- Added a range sub-clause to exclude zero in the values of
t11FcSpSaPairTransListIndex and t11FcSpSaPairTransIndex.
- Defined new TC's for syntax used multiple times:
T11FcSpLifetimeLeft, T11FcSpLifetimeLeftUnits,
T11FcSpHashCalculationStatus and T11FcSpSecurityProtocolId.
- Added SIZE clause to the syntax of t11FcSpPoSwConnAllowedName.
- Added t11FcSpSaControlMaxNotifs as a new object.
- Added t11FcSpSaTSelPropStorageType and t11FcSpSaTransStorageType as
additional StorageType objects for the two tables in the T11-FC-SP-
SA-MIB which are not INDEX-ed by t11FcSpSaIfFabricIndex, i.e., they
have different granularity, and so can not share usage of
t11FcSpSaIfStorageType.
- Many editorial changes and clarifications.
1.1.12. 11 March 2008 version
The following changes were made for the version, named draft-ietf-
imss-fc-fcsp-mib-02.txt, created for submission to the Area Directors
with a request for it to be published as an RFC:
- Text added in section 3.4.5 to observe that the Fabric name is in
the Switch Membership List Object, not in the Policy Summary
Object.
- Fixed screw-up in the Table of Contents.
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
skipping to change at page 11, line 31 skipping to change at page 5, line 12
between Nx_Ports ("Hard Zoning") or to expose selected views of Name between Nx_Ports ("Hard Zoning") or to expose selected views of Name
Server information ("Soft Zoning"). Server information ("Soft Zoning").
Communication is only possible when the communicating endpoints are Communication is only possible when the communicating endpoints are
members of a common zone. This technique is similar to virtual members of a common zone. This technique is similar to virtual
private networks in that the Fabric has the ability to group devices private networks in that the Fabric has the ability to group devices
into Zones. into Zones.
Hard zoning and soft zoning are two different means of realizing Hard zoning and soft zoning are two different means of realizing
this. Hard zoning is enforced in the Fabric (i.e., Switches) whereas this. Hard zoning is enforced in the Fabric (i.e., Switches) whereas
soft zoning is enforced at the endpoints (e.g., HBAs) by relying on soft zoning is enforced at the endpoints (e.g., Host Bus Adapters) by
the endpoints to not send traffic to an N_Port_ID not obtained from relying on the endpoints to not send traffic to an N_Port_ID not
the Name Server with a few exceptions for well known Addresses (e.g., obtained from the Name Server with a few exceptions for well known
the Name Server). Addresses (e.g., the Name Server).
Administrators create Zones to increase network security, and prevent Administrators create Zones to increase network security, and prevent
data loss or corruption, by controlling access between devices or data loss or corruption, by controlling access between devices or
user groups. user groups.
3.3. Virtual Fabrics 3.3. Virtual Fabrics
The standard for an interconnecting Fabric containing multiple Fabric The standard for an interconnecting Fabric containing multiple Fabric
Switch elements is [FC-SW-4]. [FC-SW-4] carries forward the earlier Switch elements is [FC-SW-4]. [FC-SW-4] carries forward the earlier
specification for the operation of a single Fabric in a physical specification for the operation of a single Fabric in a physical
skipping to change at page 13, line 29 skipping to change at page 7, line 12
Protocol is defined: IKEv2-AUTH, which refers to the use of an SA Protocol is defined: IKEv2-AUTH, which refers to the use of an SA
Management Transaction of the Security Association Management Management Transaction of the Security Association Management
Protocol (see below) to perform two functions: not only SA management Protocol (see below) to perform two functions: not only SA management
but also authentication. The credentials used in an IKEv2-AUTH but also authentication. The credentials used in an IKEv2-AUTH
transaction are either strong shared secrets or certificates. transaction are either strong shared secrets or certificates.
3.4.2. Security Associations 3.4.2. Security Associations
A subset of the IKEv2 protocol [RFC4306] suitable for Fibre Channel A subset of the IKEv2 protocol [RFC4306] suitable for Fibre Channel
is defined as the (Fibre Channel) Security Association Management is defined as the (Fibre Channel) Security Association Management
protocol [RFC4595]. This protocol provides the means to establish protocol [RFC4595]. This protocol -- which is *not* IPsec --
Security Associations (SAs) between Fibre Channel entities. Traffic provides the means to establish Security Associations (SAs) between
Selectors are defined to specify which type of traffic has to be Fibre Channel entities. Traffic Selectors are defined to specify
protected by which SA, and what the characteristics of the protection which type of traffic has to be protected by which SA, and what the
are. Two mechanisms are available to protect specific classes of characteristics of the protection are. Two mechanisms are available
traffic: ESP_Header is used to protect FC-2 frames (see [FC-FS-2] and to protect specific classes of traffic:
[RFC4303]), and CT_Authentication is used to protect CT_IUs (Common
Transport Information Units) [FC-GS-5]. - ESP_Header is used to protect FC-2 frames (see [FC-FS-2] and the
conceptually similar mechamisms in [RFC4303]), and
- CT_Authentication is used to protect CT_IUs (Common Transport
Information Units) [FC-GS-5].
An entity protecting specific classes of traffic maintains an An entity protecting specific classes of traffic maintains an
internal Security Association Database (SADB) that contains the internal Security Association Database (SADB) that contains the
currently active Security Associations and Traffic Selectors. currently active Security Associations and Traffic Selectors.
Each active SA has a Security Association entry in the SADB. Each SA Each active SA has a Security Association entry in the SADB. Each SA
entry includes the SA's SPI (the Security Parameters Index which is entry includes the SA's SPI (the Security Parameters Index which is
included in frames transmitted on the SA), a Sequence Number counter, included in frames transmitted on the SA), a Sequence Number counter,
and the parameters for the selected transforms (e.g., encryption and the parameters for the selected transforms (e.g., encryption
algorithm, integrity algorithm, mode of operation of the algorithms, algorithm, integrity algorithm, mode of operation of the algorithms,
skipping to change at page 15, line 32 skipping to change at page 9, line 32
* E *=====================================>* +-------------+ * * E *=====================================>* +-------------+ *
* N * Deactivate Policy Summary * | Policy | * * N * Deactivate Policy Summary * | Policy | *
* T *=====================================>* | Summary | * * T *=====================================>* | Summary | *
* I * * | Object | * * I * * | Object | *
* T * Get Policy Summary * +-------------+ * * T * Get Policy Summary * +-------------+ *
* Y *<-------------------------------------* * * Y *<-------------------------------------* *
* * Get Policy Objects * * * * Get Policy Objects * *
* *<-------------------------------------* * * *<-------------------------------------* *
***** ********************* ***** *********************
Note that the arrows in the picture above are used to indicate the
movement of "data", rather than the direction of "messages", e.g.,
for a "Get" (with no data) in one direction which invokes a
"Response" (typically with data) in the reverse direction, the
diagram has arrows only for the "with data" direction.
3.4.5. Policy Objects 3.4.5. Policy Objects
The Policies to be enforced by a Fabric are specified in a set of The Policies to be enforced by a Fabric are specified in a set of
Policy Objects. The various types of Policy Objects are: Policy Objects. The various types of Policy Objects are:
- The Policy Summary Object is a list of pointers to other Policy - The Policy Summary Object is a list of pointers to other Policy
Objects, one pointer per each other active Policy Object. Each Objects, one pointer per each other active Policy Object. Each
pointer in a Policy Summary Object is paired with a cryptographic pointer in a Policy Summary Object is paired with a cryptographic
hash of the referenced Policy Object. hash of the referenced Policy Object.
skipping to change at page 17, line 47 skipping to change at page 11, line 43
3.4.7. Security Policy Management 3.4.7. Security Policy Management
Security Policy can be changed in a server session [FC-GS-5] with a Security Policy can be changed in a server session [FC-GS-5] with a
Security Policy Server. All write access to a Security Policy Server Security Policy Server. All write access to a Security Policy Server
occurs within a server session. While read access to a Security occurs within a server session. While read access to a Security
Policy Server may occur at any time, the consistency of the returned Policy Server may occur at any time, the consistency of the returned
data is guaranteed only inside a server session. data is guaranteed only inside a server session.
The Enhanced Commit Service [FC-SW-4] is used to perform Fabric The Enhanced Commit Service [FC-SW-4] is used to perform Fabric
operations as and when necessary (see table 144 of [FC-SP]). Each operations as and when necessary (see table 144 of [FC-SP]).
server session begins and ends, with a SSB request and a SSE request Many of these operations are named as if they were acronyms,
respectively, sent to a Security Policy Server. In the Fabric, the e.g., SSB for Server Session Begin; SSE for Server Session End;
SSB requests a lock of the Fabric via an EACA SW_ILS, while the SSE SW_ILS for Switch Fabric Internal Link Services; EACA for Enhanced
requests a release of the lock via the ERCA SW_ILS [FC-SW-4]. Active Acquire Change Authorization; ERCA for Enhanced Release Change
and non-active Policy Objects are persistent in that they survive Authorization; SFC for Stage Fabric Configuration.
after the end of a server session.
Each server session begins and ends, with a SSB request and a SSE
request respectively, sent to a Security Policy Server. In the
Fabric, the SSB requests a lock of the Fabric via an EACA SW_ILS,
while the SSE requests a release of the lock via the ERCA SW_ILS
[FC-SW-4]. Active and non-active Policy Objects are persistent in
that they survive after the end of a server session.
3.4.8. FC-SP Zoning 3.4.8. FC-SP Zoning
To preserve backward compatibility with existing Zoning definitions To preserve backward compatibility with existing Zoning definitions
and implementations, FC-SP Zoning is defined as a variant of the and implementations, FC-SP Zoning is defined as a variant of the
Enhanced Zoning model defined in [FC-SW-4] and [FC-GS-5] that follows Enhanced Zoning model defined in [FC-SW-4] and [FC-GS-5] that follows
the general concepts of the Policy model for Security Policy the general concepts of the Policy model for Security Policy
Management, but keeps Zoning management and enforcement completely Management, but keeps Zoning management and enforcement completely
independent. independent.
skipping to change at page 21, line 47 skipping to change at page 15, line 42
against which received corresponding certificates can be validated. against which received corresponding certificates can be validated.
Support for certificate chains and verification of certificate chains Support for certificate chains and verification of certificate chains
containing more than one certificate is optional. Entities need to containing more than one certificate is optional. Entities need to
be able to access a Certificate Revocation List (CRL) for each be able to access a Certificate Revocation List (CRL) for each
configured Root Certificate, if one is available from the CA. configured Root Certificate, if one is available from the CA.
Certificates on the CRL are considered invalid. Certificates on the CRL are considered invalid.
The management of certificates, Certification Authorities and The management of certificates, Certification Authorities and
Certificate Revocation Lists is the same in Fibre Channel networks as Certificate Revocation Lists is the same in Fibre Channel networks as
it is in other networks. Therefore, this document does not define it is in other networks. Therefore, this document does not define
any MIB objects for such management. Instead, this document assumes any MIB objects for such management.
that appropriate MIB objects are defined elsewhere, e.g., in [IPSP-
IPSEC-ACTION] and [IPSP-IKE-ACTION].
-- RFC Editor: at the future time when you edit this document, if
these
-- two references are problematic, please delete the "e.g., ..." and
-- remove the references from the Informative References section.
4.7. Traffic Selectors 4.7. Traffic Selectors
When Traffic Selectors are compared against an ingress or egress When Traffic Selectors are compared against an ingress or egress
frame in order to determine the security processing to be applied to frame in order to determine the security processing to be applied to
that frame, there are circumstances in which multiple Traffic that frame, there are circumstances in which multiple Traffic
Selectors, specifying different actions, can match with the frame. Selectors, specifying different actions, can match with the frame.
Specifically, when matching against an egress frame to decide which Specifically, when matching against an egress frame to decide which
active Security Association to transmit on, or, against an ingress active Security Association to transmit on, or, against an ingress
frame unprotected by FC-SP, i.e., without an SPI value in it, to frame unprotected by FC-SP, i.e., without an SPI value in it, to
skipping to change at page 25, line 46 skipping to change at page 19, line 36
notifications. notifications.
For t11FcSpSaNotifyAuthFailure, rate control is achieved by For t11FcSpSaNotifyAuthFailure, rate control is achieved by
specifying that a) after the first occurrence of an Authentication specifying that a) after the first occurrence of an Authentication
failure on any particular Security Association, the SNMP failure on any particular Security Association, the SNMP
notifications for second and subsequent failures are suppressed for notifications for second and subsequent failures are suppressed for
the duration of a time window, and b) that even the notification for the duration of a time window, and b) that even the notification for
the first occurrence is suppressed after it is sent in the same time the first occurrence is suppressed after it is sent in the same time
window for a configured (in t11FcSpSaControlMaxNotifs) number of window for a configured (in t11FcSpSaControlMaxNotifs) number of
Security Associations within a Fabric. Note that while these Security Associations within a Fabric. Note that while these
suppressions prevent the the network being flooded with suppressions prevent the network being flooded with notifications,
notifications, the Authentication Failures themselves must still be the Authentication Failures themselves must still be detected and
detected and counted. counted.
The length of the time window is given by t11FcSpSaControlWindow, a The length of the time window is given by t11FcSpSaControlWindow, a
read-write object in the t11FcSpSaControlTable. If and when the time read-write object in the t11FcSpSaControlTable. If and when the time
since the last generation of the notification is less than the value since the last generation of the notification is less than the value
of sysUpTime (e.g., if one or more notifications have occurred since of sysUpTime (e.g., if one or more notifications have occurred since
the last re-initialization of the management system), then the last re-initialization of the management system), then
t11FcSpSaControlElapsed and t11FcSpSaControlSuppressed contain the t11FcSpSaControlElapsed and t11FcSpSaControlSuppressed contain the
elapsed time since the last notification and the number of elapsed time since the last notification and the number of
notifications suppressed in the window after sending the last one, notifications suppressed in the window after sending the last one,
respectively. Otherwise, t11FcSpSaControlElapsed contains the value respectively. Otherwise, t11FcSpSaControlElapsed contains the value
skipping to change at page 27, line 20 skipping to change at page 21, line 20
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-IDENTITY, mib-2, MODULE-IDENTITY, OBJECT-IDENTITY, mib-2,
Unsigned32 FROM SNMPv2-SMI -- [RFC2578] Unsigned32 FROM SNMPv2-SMI -- [RFC2578]
TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579] TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579]
t11FcTcMIB MODULE-IDENTITY t11FcTcMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200801030000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF's IMSS T11 began the development and the IETF (in
Working Group finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
skipping to change at page 28, line 36 skipping to change at page 22, line 36
object with T11FcSpPolicyHashValue as its syntax, and object with T11FcSpPolicyHashValue as its syntax, and
containing the hash value. containing the hash value.
The first two cryptographic hash functions are: The first two cryptographic hash functions are:
Hash Type Hash Tag Hash Length (Bytes) Hash Type Hash Tag Hash Length (Bytes)
SHA-1 '00000001'h 20 SHA-1 '00000001'h 20
SHA-256 '00000002'h 32 SHA-256 '00000002'h 32
" "
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3.1 and table 106. February 2007, section 7.1.3.1 and table 106.
- FIPS PUB 180-2." - FIPS PUB 180-2."
SYNTAX OCTET STRING (SIZE (4)) SYNTAX OCTET STRING (SIZE (4))
T11FcSpPolicyHashValue ::= TEXTUAL-CONVENTION T11FcSpPolicyHashValue ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Represents the value of the cryptographic hash function "Represents the value of the cryptographic hash function
of an FC-SP Policy Object. of an FC-SP Policy Object.
Each definition of an object with this TC as its syntax Each definition of an object with this TC as its syntax
must be accompanied by a corresponding definition of an must be accompanied by a corresponding definition of an
object with T11FcSpPolicyHashFormat as its syntax. object with T11FcSpPolicyHashFormat as its syntax.
The corresponding object identifies the cryptographic The corresponding object identifies the cryptographic
hash function used to create the hash value." hash function used to create the hash value."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3.1 and table 106." February 2007, section 7.1.3.1 and table 106."
SYNTAX OCTET STRING (SIZE (0..64)) SYNTAX OCTET STRING (SIZE (0..64))
T11FcSpHashCalculationStatus ::= TEXTUAL-CONVENTION T11FcSpHashCalculationStatus ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When some kind of 'database' is defined in a set of "When some kind of 'database' is defined in a set of
read-write MIB objects, it is common that multiple changes read-write MIB objects, it is common that multiple changes
in the data need to be made at the same time. So, if hash in the data need to be made at the same time. So, if hash
values are maintained for that data, those hash values are values are maintained for that data, those hash values are
only correct if and when they are re-calculated after every only correct if and when they are re-calculated after every
skipping to change at page 30, line 7 skipping to change at page 24, line 7
When read, the value of an object with this syntax is When read, the value of an object with this syntax is
either: either:
correct -- the identified MIB object instance(s) correct -- the identified MIB object instance(s)
contain the correct hash values; or contain the correct hash values; or
stale -- the identified MIB object instance(s) stale -- the identified MIB object instance(s)
contain stale (possibly incorrect) values. contain stale (possibly incorrect) values.
Writing a value of 'calculate' is a request to re-calculate Writing a value of 'calculate' is a request to re-calculate
and update the values of the corresponding instances of the and update the values of the corresponding instances of the
the identified MIB objects. Writing a value of 'correct' or identified MIB objects. Writing a value of 'correct' or
'stale' to this object is an error ('wrongValue')." 'stale' to this object is an error (e.g., 'wrongValue')."
SYNTAX INTEGER { SYNTAX INTEGER {
calculate(1), calculate(1),
correct(2), correct(2),
stale(3) stale(3)
} }
T11FcSpAuthRejectReasonCode ::= TEXTUAL-CONVENTION T11FcSpAuthRejectReasonCode ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A reason code contained in an AUTH_Reject message, or "A reason code contained in an AUTH_Reject message, or
in an SW_RJT (rejecting an AUTH_ILS), or in an LS_RJT in an SW_RJT (rejecting an AUTH_ILS), or in an LS_RJT
(rejecting an AUTH-ELS)." (rejecting an AUTH-ELS)."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 17, 48, 52." February 2007, Table 17, 48, 52."
SYNTAX INTEGER { SYNTAX INTEGER {
authFailure(1), authFailure(1),
logicalError(2), logicalError(2),
logicalBusy(3), logicalBusy(3),
authILSNotSupported(4), authILSNotSupported(4),
authELSNotSupported(5), authELSNotSupported(5),
notLoggedIn(6) notLoggedIn(6)
} }
T11FcSpAuthRejReasonCodeExp ::= TEXTUAL-CONVENTION T11FcSpAuthRejReasonCodeExp ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A reason code explanation contained in an AUTH_Reject "A reason code explanation contained in an AUTH_Reject
message, or in an SW_RJT (rejecting an AUTH_ILS), or in message, or in an SW_RJT (rejecting an AUTH_ILS), or in
an LS_RJT (rejecting an AUTH-ELS)." an LS_RJT (rejecting an AUTH-ELS)."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Tables 18, 48, 52." February 2007, Tables 18, 48, 52."
SYNTAX INTEGER { SYNTAX INTEGER {
authMechanismNotUsable(1), authMechanismNotUsable(1),
dhGroupNotUsable(2), dhGroupNotUsable(2),
hashFunctionNotUsable(3), hashFunctionNotUsable(3),
authTransactionAlreadyStarted(4), authTransactionAlreadyStarted(4),
authenticationFailed(5), authenticationFailed(5),
incorrectPayload(6), incorrectPayload(6),
incorrectAuthProtocolMessage(7), incorrectAuthProtocolMessage(7),
restartAuthProtocol(8), restartAuthProtocol(8),
authConcatNotSupported(9), authConcatNotSupported(9),
skipping to change at page 31, line 22 skipping to change at page 25, line 22
authELSNotSupported(13), authELSNotSupported(13),
notLoggedIn(14) notLoggedIn(14)
} }
T11FcSpHashFunctions ::= TEXTUAL-CONVENTION T11FcSpHashFunctions ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of zero, one or more hash functions defined for "A set of zero, one or more hash functions defined for
use in FC-SP." use in FC-SP."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 14." February 2007, Table 14."
SYNTAX BITS { SYNTAX BITS {
md5(0), md5(0),
sha1(1) sha1(1)
} }
T11FcSpSignFunctions ::= TEXTUAL-CONVENTION T11FcSpSignFunctions ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of zero, one or more signature functions defined "A set of zero, one or more signature functions defined
for signing certificates for use with FCAP in FC-SP." for signing certificates for use with FCAP in FC-SP."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, tables 38 & 39." February 2007, tables 38 & 39."
SYNTAX BITS { SYNTAX BITS {
rsaSha1(0) rsaSha1(0)
} }
T11FcSpDhGroups ::= TEXTUAL-CONVENTION T11FcSpDhGroups ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of zero, one or more DH Groups defined for use "A set of zero, one or more DH Groups defined for use
in FC-SP." in FC-SP."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 15." February 2007, Table 15."
SYNTAX BITS { SYNTAX BITS {
null(0), null(0),
group1024(1), group1024(1),
group1280(2), group1280(2),
group1536(3), group1536(3),
group2048(4), group2048(4),
group3072(5), group3072(5),
group4096(6), group4096(6),
group6144(7), group6144(7),
group8192(8) group8192(8)
} }
T11FcSpPolicyObjectType ::= TEXTUAL-CONVENTION T11FcSpPolicyObjectType ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value which identifies the type of an FC-SP Policy "A value which identifies the type of an FC-SP Policy
Object." Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 102." February 2007, Table 102."
SYNTAX INTEGER { SYNTAX INTEGER {
summary(1), summary(1),
switchMemberList(2), switchMemberList(2),
nodeMemberList(3), nodeMemberList(3),
switchConnectivity(4), switchConnectivity(4),
ipMgmtList(5), ipMgmtList(5),
attribute(6) attribute(6)
} }
T11FcSpPolicyNameType ::= TEXTUAL-CONVENTION T11FcSpPolicyNameType ::= TEXTUAL-CONVENTION
skipping to change at page 34, line 13 skipping to change at page 28, line 13
dash (-), caret (^), and underscore (_). dash (-), caret (^), and underscore (_).
'ipv6AddressRange' - two IPv6 addresses in network 'ipv6AddressRange' - two IPv6 addresses in network
byte order, the numerically smallest first and the byte order, the numerically smallest first and the
numerically largest second; total length is 32 bytes. numerically largest second; total length is 32 bytes.
'ipv4AddressRange' - two IPv4 addresses in network 'ipv4AddressRange' - two IPv4 addresses in network
byte order, the numerically smallest first and the byte order, the numerically smallest first and the
numerically largest second; total length is 8 bytes." numerically largest second; total length is 8 bytes."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 103." February 2007, Table 103."
SYNTAX INTEGER { SYNTAX INTEGER {
nodeName(1), nodeName(1),
restrictedNodeName(2), restrictedNodeName(2),
portName(3), portName(3),
restrictedPortName(4), restrictedPortName(4),
wildcard(5), wildcard(5),
restrictedWildcard(6), restrictedWildcard(6),
alphaNumericName(7), alphaNumericName(7),
ipv6AddressRange(8), ipv6AddressRange(8),
ipv4AddressRange(9) ipv4AddressRange(9)
skipping to change at page 34, line 43 skipping to change at page 28, line 43
An object which uses this syntax always identifies a An object which uses this syntax always identifies a
a companion object with syntax T11FcSpPolicyNameType a companion object with syntax T11FcSpPolicyNameType
such that the companion object specifies the format such that the companion object specifies the format
and usage of the object with this syntax. and usage of the object with this syntax.
When the companion object has the value 'wildcard' or When the companion object has the value 'wildcard' or
'restrictedWildcard', the value of the T11FcSpPolicyName 'restrictedWildcard', the value of the T11FcSpPolicyName
object is: '0000000000000000'h." object is: '0000000000000000'h."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 103." February 2007, Table 103."
SYNTAX OCTET STRING (SIZE (1..64)) SYNTAX OCTET STRING (SIZE (1..64))
T11FcSpAlphaNumName ::= TEXTUAL-CONVENTION T11FcSpAlphaNumName ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A syntax used when defining Policy Objects for the "A syntax used when defining Policy Objects for the
name of something, where the name is always in the format name of something, where the name is always in the format
specified by: specified by:
T11FcSpPolicyNameType = 'alphaNumericName' T11FcSpPolicyNameType = 'alphaNumericName'
" "
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 103." February 2007, Table 103."
SYNTAX OCTET STRING (SIZE (1..64)) SYNTAX OCTET STRING (SIZE (1..64))
T11FcSpAlphaNumNameOrAbsent ::= TEXTUAL-CONVENTION T11FcSpAlphaNumNameOrAbsent ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An extension of the T11FcSpAlphaNumName TC which "An extension of the T11FcSpAlphaNumName TC which
one additional possible value: the zero-length string one additional possible value: the zero-length string
to indicate the absence of a name." to indicate the absence of a name."
SYNTAX OCTET STRING (SIZE (0..64)) SYNTAX OCTET STRING (SIZE (0..64))
skipping to change at page 36, line 15 skipping to change at page 30, line 15
T11FcSpiIndex ::= TEXTUAL-CONVENTION T11FcSpiIndex ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An SPI (Security Parameter Index) value is carried in the "An SPI (Security Parameter Index) value is carried in the
SPI field of a frame protected by the ESP_Header. An SPI SPI field of a frame protected by the ESP_Header. An SPI
is also carried in the SAID field of a Common Transport is also carried in the SAID field of a Common Transport
Information Unit (CT_IU) protected by CT_Authentication. Information Unit (CT_IU) protected by CT_Authentication.
An SPI value identifies the Security Association on which An SPI value identifies the Security Association on which
the frame is being transmitted." the frame is being transmitted."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 4.7.2 and 4.7.3." February 2007, section 4.7.2 and 4.7.3."
SYNTAX Unsigned32 (0..4294967295) -- the default range!! SYNTAX Unsigned32 (0..4294967295) -- the default range!!
T11FcSpPrecedence ::= TEXTUAL-CONVENTION T11FcSpPrecedence ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The precedence of a Traffic Selector. If a frame "The precedence of a Traffic Selector. If a frame
matches with two or more Traffic Selectors, then the match matches with two or more Traffic Selectors, then the match
which takes precedence is the one with the Traffic Selector which takes precedence is the one with the Traffic Selector
having the numerically smallest precedence value. Note that having the numerically smallest precedence value. Note that
skipping to change at page 37, line 9 skipping to change at page 31, line 9
service/protocol using FC-2. service/protocol using FC-2.
For CT_Authentication, the information field in the R_CTL For CT_Authentication, the information field in the R_CTL
field contains '02'h for Request CT_IUs, and '03'h for field contains '02'h for Request CT_IUs, and '03'h for
Response CT_IUs. Response CT_IUs.
The comparison of two values having this syntax is done The comparison of two values having this syntax is done
by treating each string as an 8-bit numeric value." by treating each string as an 8-bit numeric value."
REFERENCE REFERENCE
" - Fibre Channel - Framing and Signaling-2 (FC-FS-2), " - Fibre Channel - Framing and Signaling-2 (FC-FS-2),
INCITS xxx/200x, Project T11/1619-D Rev 1.01, ANSI INCITS 424-2007, Project T11/1619-D,
8 August 2006, section 9.3. February 2007, section 9.3.
- Fibre Channel - Generic Services-5 (FC-GS-5), - Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, sections 4.5.2.4.2, 4.5.2.4.3 ANSI INCITS 427-2006, sections 4.5.2.4.2, 4.5.2.4.3
and table 12." and table 12."
SYNTAX OCTET STRING (SIZE(1)) SYNTAX OCTET STRING (SIZE(1))
T11FcSpType ::= TEXTUAL-CONVENTION T11FcSpType ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2x" DISPLAY-HINT "2x"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value, or combination of values, contained in a frame "A value, or combination of values, contained in a frame
header used in identifying the link layer service/protocol header used in identifying the link layer service/protocol
of a frame. of a frame. The value is always two octets:
The value is always two octets:
- for FC-2 frames, the first octet is zero and the second - for FC-2 frames, the first octet is zero and the second
octet contains the Data structure type (TYPE) value octet contains the Data structure type (TYPE) value
defined by FC-FS-2. The TYPE value is used in defined by FC-FS-2. The TYPE value is used in
combination with T11FcRoutingControl to identify a link combination with T11FcRoutingControl to identify a link
layer service/protocol. layer service/protocol.
- for Common Transport Information Units (CT_IUs), the - for Common Transport Information Units (CT_IUs), the
first octet contains a GS_Type value and the second first octet contains a GS_Type value and the second
octet contains a GS_Subtype value, defined by FC-GS-5. octet contains a GS_Subtype value, defined by FC-GS-5.
The comparison of two values having this syntax is done The comparison of two values having this syntax is done
by treating each string as the numeric value obtained by by treating each string as the numeric value obtained by
numerically combining the individual octet's value as numerically combining the individual octet's value as
follows: follows:
(256 * 1st-octet) + 2nd-octet (256 * 1st-octet) + 2nd-octet
" "
REFERENCE REFERENCE
" - Fibre Channel - Framing and Signaling-2 (FC-FS-2), " - Fibre Channel - Framing and Signaling-2 (FC-FS-2),
INCITS xxx/200x, Project T11/1619-D Rev 1.01, ANSI INCITS 424-2007, Project T11/1619-D,
8 August 2006, section 9.6. February 2007, section 9.6.
- Fibre Channel - Generic Services-5 (FC-GS-5), - Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, sections 4.3.2.4 and 4.3.2.5." ANSI INCITS 427-2006, sections 4.3.2.4 and 4.3.2.5."
SYNTAX OCTET STRING (SIZE(2)) SYNTAX OCTET STRING (SIZE(2))
T11FcSpTransforms ::= TEXTUAL-CONVENTION T11FcSpTransforms ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of the standardized transforms which are defined "A list of the standardized transforms which are defined
by FC-SP for use with ESP_Header, CT_Authentication and/or by FC-SP for use with ESP_Header, CT_Authentication and/or
IKEv2 Support." IKEv2 Support."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
Appendix A.3.1, tables A.23, A.24, A.25, A.26." Appendix A.3.1, tables A.23, A.24, A.25, A.26."
SYNTAX BITS { SYNTAX BITS {
encrNull(0), encrNull(0),
encrAesCbc(1), encrAesCbc(1),
encrAesCtr(2), encrAesCtr(2),
encrAesGcm(3), encrAesGcm(3),
encr3Des(4), encr3Des(4),
prfHmacMd5(5), prfHmacMd5(5),
prfHmacSha1(6), prfHmacSha1(6),
prfAesCbc(7), prfAesCbc(7),
skipping to change at page 38, line 41 skipping to change at page 32, line 40
dhGroups2048bit(14) dhGroups2048bit(14)
} }
T11FcSpSecurityProtocolId ::= TEXTUAL-CONVENTION T11FcSpSecurityProtocolId ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A Security Protocol identifier to identify "A Security Protocol identifier to identify
the protocol by which traffic is to be protected, the protocol by which traffic is to be protected,
e.g., ESP_Header or CT_Authentication." e.g., ESP_Header or CT_Authentication."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.3.2.2 and table 67." February 2007, section 6.3.2.2 and table 67."
SYNTAX INTEGER { espHeader(1), ctAuth(2) } SYNTAX INTEGER { espHeader(1), ctAuth(2) }
T11FcSpLifetimeLeft ::= TEXTUAL-CONVENTION T11FcSpLifetimeLeft ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This TC is used for one object of an associated pair "This TC is used for one object of an associated pair
of objects. The object with this syntax specifies a of objects. The object with this syntax specifies a
remaining lifetime of something, e.g., of an SA, where remaining lifetime of something, e.g., of an SA, where
the lifetime is given in the units specified by the other the lifetime is given in the units specified by the other
object of the pair which has T11FcSpLifetimeLeftUnits object of the pair which has T11FcSpLifetimeLeftUnits
skipping to change at page 40, line 17 skipping to change at page 34, line 17
-- listed in FC-SP. -- listed in FC-SP.
-- --
t11FcSpEncryptAlgorithms t11FcSpEncryptAlgorithms
OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 1 } OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 1 }
t11FcSpEncrNull OBJECT-IDENTITY t11FcSpEncrNull OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The ENCR_NULL algorithm." DESCRIPTION "The ENCR_NULL algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 70." February 2007, Table 70."
::= { t11FcSpEncryptAlgorithms 1 } ::= { t11FcSpEncryptAlgorithms 1 }
t11FcSpEncrAesCbc OBJECT-IDENTITY t11FcSpEncrAesCbc OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The ENCR_AES_CBC algorithm." DESCRIPTION "The ENCR_AES_CBC algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 70." February 2007, Table 70."
::= { t11FcSpEncryptAlgorithms 2 } ::= { t11FcSpEncryptAlgorithms 2 }
t11FcSpEncrAesCtr OBJECT-IDENTITY t11FcSpEncrAesCtr OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The ENCR_AES_CTR algorithm." DESCRIPTION "The ENCR_AES_CTR algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 70." February 2007, Table 70."
::= { t11FcSpEncryptAlgorithms 3 } ::= { t11FcSpEncryptAlgorithms 3 }
t11FcSpEncrAesGcm OBJECT-IDENTITY t11FcSpEncrAesGcm OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The ENCR_AES_GCM algorithm." DESCRIPTION "The ENCR_AES_GCM algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 70." February 2007, Table 70."
::= { t11FcSpEncryptAlgorithms 4 } ::= { t11FcSpEncryptAlgorithms 4 }
t11FcSpEncr3Des OBJECT-IDENTITY t11FcSpEncr3Des OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The ENCR_3DES algorithm." DESCRIPTION "The ENCR_3DES algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 70." February 2007, Table 70."
::= { t11FcSpEncryptAlgorithms 5 } ::= { t11FcSpEncryptAlgorithms 5 }
t11FcSpAuthAlgorithms t11FcSpAuthAlgorithms
OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 2 } OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 2 }
t11FcSpAuthNull OBJECT-IDENTITY t11FcSpAuthNull OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The AUTH_NONE algorithm." DESCRIPTION "The AUTH_NONE algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 72." February 2007, Table 72."
::= { t11FcSpAuthAlgorithms 1 } ::= { t11FcSpAuthAlgorithms 1 }
t11FcSpAuthHmacMd5L96 OBJECT-IDENTITY t11FcSpAuthHmacMd5L96 OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The AUTH_HMAC_MD5_96 algorithm." DESCRIPTION "The AUTH_HMAC_MD5_96 algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 72." February 2007, Table 72."
::= { t11FcSpAuthAlgorithms 2 } ::= { t11FcSpAuthAlgorithms 2 }
t11FcSpAuthHmacSha1L96 OBJECT-IDENTITY t11FcSpAuthHmacSha1L96 OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The AUTH_HMAC_SHA1_96 algorithm." DESCRIPTION "The AUTH_HMAC_SHA1_96 algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 72." February 2007, Table 72."
::= { t11FcSpAuthAlgorithms 3 } ::= { t11FcSpAuthAlgorithms 3 }
t11FcSpAuthHmacMd5L128 OBJECT-IDENTITY t11FcSpAuthHmacMd5L128 OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The AUTH_HMAC_MD5_128 algorithm." DESCRIPTION "The AUTH_HMAC_MD5_128 algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 72." February 2007, Table 72."
::= { t11FcSpAuthAlgorithms 4 } ::= { t11FcSpAuthAlgorithms 4 }
t11FcSpAuthHmacSha1L160 OBJECT-IDENTITY t11FcSpAuthHmacSha1L160 OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The AUTH_HMAC_SHA1_160 algorithm." DESCRIPTION "The AUTH_HMAC_SHA1_160 algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 72." February 2007, Table 72."
::= { t11FcSpAuthAlgorithms 5 } ::= { t11FcSpAuthAlgorithms 5 }
t11FcSpEncrNullAuthAesGmac OBJECT-IDENTITY t11FcSpEncrNullAuthAesGmac OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION "The ENCR_NULL_AUTH_AES_GMAC algorithm." DESCRIPTION "The ENCR_NULL_AUTH_AES_GMAC algorithm."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 70." February 2007, Table 70."
::= { t11FcSpEncryptAlgorithms 6 } ::= { t11FcSpEncryptAlgorithms 6 }
END END
6.2. The T11-FC-SP-AUTHENTICATION-MIB Module 6.2. The T11-FC-SP-AUTHENTICATION-MIB Module
--******************************************************************** --********************************************************************
-- FC-SP Authentication Protocols -- FC-SP Authentication Protocols
-- --
skipping to change at page 43, line 41 skipping to change at page 37, line 41
T11FcSpSignFunctions, T11FcSpSignFunctions,
T11FcSpLifetimeLeft, T11FcSpLifetimeLeft,
T11FcSpLifetimeLeftUnits, T11FcSpLifetimeLeftUnits,
T11FcSpAuthRejectReasonCode, T11FcSpAuthRejectReasonCode,
T11FcSpAuthRejReasonCodeExp FROM T11-FC-SP-TC-MIB; T11FcSpAuthRejReasonCodeExp FROM T11-FC-SP-TC-MIB;
t11FcSpAuthenticationMIB MODULE-IDENTITY t11FcSpAuthenticationMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200801030000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF's IMSS T11 began the development and the IETF (in
Working Group finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
skipping to change at page 46, line 22 skipping to change at page 40, line 22
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Fibre Channel entities which can be authenticated "A table of Fibre Channel entities which can be authenticated
using FC-SP's Authentication Protocols. using FC-SP's Authentication Protocols.
The purpose of an FC-SP Authentication Protocol is to verify The purpose of an FC-SP Authentication Protocol is to verify
that a claimed name is associated with the claiming entity. that a claimed name is associated with the claiming entity.
The Authentication Protocols can be used to authenticate The Authentication Protocols can be used to authenticate
Nx_Ports, B_Ports, or Switches." Nx_Ports, B_Ports, or Switches."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 3.2.25." February 2007, section 3.2.25."
::= { t11FcSpAuMIBObjects 1 } ::= { t11FcSpAuMIBObjects 1 }
t11FcSpAuEntityEntry OBJECT-TYPE t11FcSpAuEntityEntry OBJECT-TYPE
SYNTAX T11FcSpAuEntityEntry SYNTAX T11FcSpAuEntityEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Information about the configuration and capabilities of an "Information about the configuration and capabilities of an
FC-SP entity (which is managed within the Fibre Channel FC-SP entity (which is managed within the Fibre Channel
management instance identified by fcmInstanceIndex) on a management instance identified by fcmInstanceIndex) on a
skipping to change at page 47, line 29 skipping to change at page 41, line 29
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name used to identify the FC-SP entity. "The name used to identify the FC-SP entity.
For entities which are Fibre Channel Switches, this value For entities which are Fibre Channel Switches, this value
corresponds to the Switch's value of fcmSwitchWWN. For corresponds to the Switch's value of fcmSwitchWWN. For
entities other than Fibre Channel Switches, this value entities other than Fibre Channel Switches, this value
corresponds to the value of fcmInstanceWwn for the corresponds to the value of fcmInstanceWwn for the
corresponding Fibre Channel management instance." corresponding Fibre Channel management instance."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 5.3.3. February 2007, section 5.3.3.
fcmInstanceWwn & fcmSwitchWWN, - fcmInstanceWwn & fcmSwitchWWN,
'Fibre Channel Management MIB', RFC 4044, May 2005." 'Fibre Channel Management MIB', RFC 4044, May 2005."
::= { t11FcSpAuEntityEntry 1 } ::= { t11FcSpAuEntityEntry 1 }
t11FcSpAuFabricIndex OBJECT-TYPE t11FcSpAuFabricIndex OBJECT-TYPE
SYNTAX T11FabricIndex SYNTAX T11FabricIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a "An index value which uniquely identifies a
particular Fabric to which the entity is attached." particular Fabric to which the entity is attached."
skipping to change at page 51, line 12 skipping to change at page 45, line 12
t11FcSpAuFcapHashFunctions OBJECT-TYPE t11FcSpAuFcapHashFunctions OBJECT-TYPE
SYNTAX T11FcSpHashFunctions SYNTAX T11FcSpHashFunctions
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The hash functions which the entity supports when "The hash functions which the entity supports when
specified as Protocol Parameters in the AUTH_Negotiate specified as Protocol Parameters in the AUTH_Negotiate
message for FCAP in FC-SP." message for FCAP in FC-SP."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 5.5.2.1 and table 28." February 2007, section 5.5.2.1 and table 28."
::= { t11FcSpAuEntityEntry 12 } ::= { t11FcSpAuEntityEntry 12 }
t11FcSpAuFcapCertsSignFunctions OBJECT-TYPE t11FcSpAuFcapCertsSignFunctions OBJECT-TYPE
SYNTAX T11FcSpSignFunctions SYNTAX T11FcSpSignFunctions
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The signature functions used within certificates which "The signature functions used within certificates which
the entity supports when using FCAP in FC-SP." the entity supports when using FCAP in FC-SP."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 5.5.4.2 and tables 38 & 39." February 2007, section 5.5.4.2 and tables 38 & 39."
::= { t11FcSpAuEntityEntry 13 } ::= { t11FcSpAuEntityEntry 13 }
t11FcSpAuFcapDhGroups OBJECT-TYPE t11FcSpAuFcapDhGroups OBJECT-TYPE
SYNTAX T11FcSpDhGroups SYNTAX T11FcSpDhGroups
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The DH Groups which the entity supports when using the "The DH Groups which the entity supports when using the
FCAP algorithm in FC-SP." FCAP algorithm in FC-SP."
::= { t11FcSpAuEntityEntry 14 } ::= { t11FcSpAuEntityEntry 14 }
skipping to change at page 58, line 17 skipping to change at page 52, line 17
rows have the same value of this object for the same rows have the same value of this object for the same
entity on the same interface and Fabric, the value of entity on the same interface and Fabric, the value of
this object for the later one is incremented by one." this object for the later one is incremented by one."
::= { t11FcSpAuRejectEntry 3 } ::= { t11FcSpAuRejectEntry 3 }
t11FcSpAuRejDirection OBJECT-TYPE t11FcSpAuRejDirection OBJECT-TYPE
SYNTAX INTEGER { sent(1), received(2) } SYNTAX INTEGER { sent(1), received(2) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An indication of whether the the rejection was sent or "An indication of whether the rejection was sent or
received by the identified entity. received by the identified entity.
The value 'sent(1)' corresponds to a notification of The value 'sent(1)' corresponds to a notification of
type t11FcSpAuRejectSentNotify; the value 'received(2)' type t11FcSpAuRejectSentNotify; the value 'received(2)'
corresponds to t11FcSpAuRejectReceivedNotify." corresponds to t11FcSpAuRejectReceivedNotify."
::= { t11FcSpAuRejectEntry 4 } ::= { t11FcSpAuRejectEntry 4 }
t11FcSpAuRejType OBJECT-TYPE t11FcSpAuRejType OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
authReject(1), authReject(1),
skipping to change at page 59, line 12 skipping to change at page 53, line 12
If the binary content is unavailable, then the If the binary content is unavailable, then the
length is zero. Otherwise, the first octet of the length is zero. Otherwise, the first octet of the
message identifies the type of message: message identifies the type of message:
'90'h - an AUTH_ELS, see Table 6 in FC-SP, '90'h - an AUTH_ELS, see Table 6 in FC-SP,
'40'h - an AUTH_ILS, see Table 3 in FC-SP, or '40'h - an AUTH_ILS, see Table 3 in FC-SP, or
'41'h - an B_AUTH_ILS, see Table 5 in FC-SP. '41'h - an B_AUTH_ILS, see Table 5 in FC-SP.
and the remainder of the message may be truncated." and the remainder of the message may be truncated."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Tables 3, 5 and 6." February 2007, Tables 3, 5 and 6."
::= { t11FcSpAuRejectEntry 6 } ::= { t11FcSpAuRejectEntry 6 }
t11FcSpAuRejReasonCode OBJECT-TYPE t11FcSpAuRejReasonCode OBJECT-TYPE
SYNTAX T11FcSpAuthRejectReasonCode SYNTAX T11FcSpAuthRejectReasonCode
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The reason code with which this AUTH message was "The reason code with which this AUTH message was
rejected." rejected."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 17, 48, 52." February 2007, Table 17, 48, 52."
::= { t11FcSpAuRejectEntry 7 } ::= { t11FcSpAuRejectEntry 7 }
t11FcSpAuRejReasonCodeExp OBJECT-TYPE t11FcSpAuRejReasonCodeExp OBJECT-TYPE
SYNTAX T11FcSpAuthRejReasonCodeExp SYNTAX T11FcSpAuthRejReasonCodeExp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The reason code explanation with which this AUTH "The reason code explanation with which this AUTH
message was rejected." message was rejected."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Table 17, 48, 52." February 2007, Table 17, 48, 52."
::= { t11FcSpAuRejectEntry 8 } ::= { t11FcSpAuRejectEntry 8 }
-- --
-- Notifications -- Notifications
-- --
t11FcSpAuRejectSentNotify NOTIFICATION-TYPE t11FcSpAuRejectSentNotify NOTIFICATION-TYPE
OBJECTS { t11FamLocalSwitchWwn, OBJECTS { t11FamLocalSwitchWwn,
t11FcSpAuRejAuthMsgString, t11FcSpAuRejAuthMsgString,
t11FcSpAuRejType, t11FcSpAuRejType,
skipping to change at page 64, line 36 skipping to change at page 58, line 36
t11ZsFabricIndex FROM T11-FC-ZONE-SERVER-MIB -- [RFC4936] t11ZsFabricIndex FROM T11-FC-ZONE-SERVER-MIB -- [RFC4936]
T11FcSpPolicyHashValue, T11FcSpPolicyHashValue,
T11FcSpPolicyHashFormat, T11FcSpPolicyHashFormat,
T11FcSpHashCalculationStatus T11FcSpHashCalculationStatus
FROM T11-FC-SP-TC-MIB; FROM T11-FC-SP-TC-MIB;
t11FcSpZoningMIB MODULE-IDENTITY t11FcSpZoningMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200801030000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF's IMSS T11 began the development and the IETF (in
Working Group finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
skipping to change at page 67, line 9 skipping to change at page 60, line 39
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Capabilities of the Zone Server for the particular Fabric "Capabilities of the Zone Server for the particular Fabric
on the particular Switch, with respect to FC-SP Zoning: on the particular Switch, with respect to FC-SP Zoning:
fcSpZoning -- set to 1 to indicate the Switch is fcSpZoning -- set to 1 to indicate the Switch is
capable of supporting FC-SP Zoning. capable of supporting FC-SP Zoning.
" "
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel "- ANSI INCITS 426-2007, T11/Project 1570-D,
- Security Protocols (FC-SP), 13 June 2006, Table 184." Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 184."
::= { t11FcSpZsServerEntry 1 } ::= { t11FcSpZsServerEntry 1 }
t11FcSpZsServerEnabled OBJECT-TYPE t11FcSpZsServerEnabled OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether the Zone Server for the "This object indicates whether the Zone Server for the
particular Fabric on the particular Switch, is operating in particular Fabric on the particular Switch, is operating in
FC-SP Zoning mode." FC-SP Zoning mode."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel "- ANSI INCITS 426-2007, T11/Project 1570-D,
- Security Protocols (FC-SP), 13 June 2006, Table 185." Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 185."
::= { t11FcSpZsServerEntry 2 } ::= { t11FcSpZsServerEntry 2 }
t11FcSpZoneSetHashStatus OBJECT-TYPE t11FcSpZoneSetHashStatus OBJECT-TYPE
SYNTAX T11FcSpHashCalculationStatus SYNTAX T11FcSpHashCalculationStatus
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When read, the value of this object is either: "When read, the value of this object is either:
correct -- the corresponding instances of both correct -- the corresponding instances of both
skipping to change at page 67, line 46 skipping to change at page 61, line 33
the correct hash values; or the correct hash values; or
stale -- the corresponding instances of stale -- the corresponding instances of
t11FcSpActiveZoneSetHash and t11FcSpActiveZoneSetHash and
t11FcSpZoneSetDatabaseHash contain t11FcSpZoneSetDatabaseHash contain
stale (possibly incorrect) values; stale (possibly incorrect) values;
Writing a value of 'calculate' is a request to re-calculate Writing a value of 'calculate' is a request to re-calculate
and update the values of the corresponding instances of both and update the values of the corresponding instances of both
t11FcSpActiveZoneSetHash and t11FcSpZoneSetDatabaseHash. t11FcSpActiveZoneSetHash and t11FcSpZoneSetDatabaseHash.
Writing a value of 'correct' or 'stale' to this object Writing a value of 'correct' or 'stale' to this object
is an error ('wrongValue'). is an error (e.g., 'wrongValue').
When the Active Zone Set and/or the Zone Set Database are When the Active Zone Set and/or the Zone Set Database are
updated, it is common that multiple changes need to be made updated, it is common that multiple changes need to be made
at the same time. In such circumstances, the use of this at the same time. In such circumstances, the use of this
object allows the hash values to be updated only once after object allows the hash values to be updated only once after
all changes, rather than repeatedly/after each individual all changes, rather than repeatedly/after each individual
change. change.
If and when the corresponding instance of If and when the corresponding instance of
t11ZsServerDatabaseStorageType has the value 'permanent(4)', t11ZsServerDatabaseStorageType has the value 'permanent(4)',
skipping to change at page 68, line 40 skipping to change at page 62, line 28
t11FcSpActiveZoneSetHash OBJECT-TYPE t11FcSpActiveZoneSetHash OBJECT-TYPE
SYNTAX T11FcSpPolicyHashValue SYNTAX T11FcSpPolicyHashValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of the hash for the current Active Zone Set. "The value of the hash for the current Active Zone Set.
The format of this value is given by the corresponding The format of this value is given by the corresponding
instance of t11FcSpActiveZoneSetHashType." instance of t11FcSpActiveZoneSetHashType."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel "- ANSI INCITS 426-2007, T11/Project 1570-D,
- Security Protocols (FC-SP), 13 June 2006, Table 187." Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 187."
::= { t11FcSpZsServerEntry 5 } ::= { t11FcSpZsServerEntry 5 }
t11FcSpZoneSetDatabaseHashType OBJECT-TYPE t11FcSpZoneSetDatabaseHashType OBJECT-TYPE
SYNTAX T11FcSpPolicyHashFormat SYNTAX T11FcSpPolicyHashFormat
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The format used for the hash value contained in the "The format used for the hash value contained in the
corresponding instance of t11FcSpZoneSetDatabaseHash." corresponding instance of t11FcSpZoneSetDatabaseHash."
::= { t11FcSpZsServerEntry 6 } ::= { t11FcSpZsServerEntry 6 }
t11FcSpZoneSetDatabaseHash OBJECT-TYPE t11FcSpZoneSetDatabaseHash OBJECT-TYPE
SYNTAX T11FcSpPolicyHashValue SYNTAX T11FcSpPolicyHashValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of the hash for the current Zone Set Database. "The value of the hash for the current Zone Set Database.
The format of this value is given by the corresponding The format of this value is given by the corresponding
instance of t11FcSpZoneSetDatabaseHashType." instance of t11FcSpZoneSetDatabaseHashType."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel "- ANSI INCITS 426-2007, T11/Project 1570-D,
- Security Protocols (FC-SP), 13 June 2006, Table 187." Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 187."
::= { t11FcSpZsServerEntry 7 } ::= { t11FcSpZsServerEntry 7 }
-- --
-- Additional Statistics for FC-SP Zoning -- Additional Statistics for FC-SP Zoning
-- --
t11FcSpZsStatsTable OBJECT-TYPE t11FcSpZsStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpZsStatsEntry SYNTAX SEQUENCE OF T11FcSpZsStatsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
skipping to change at page 77, line 44 skipping to change at page 71, line 44
T11FcSpPolicyNameType, T11FcSpPolicyNameType,
T11FcSpPolicyObjectType, T11FcSpPolicyObjectType,
T11FcSpPolicyHashFormat, T11FcSpPolicyHashFormat,
T11FcSpPolicyHashValue, T11FcSpPolicyHashValue,
T11FcSpHashCalculationStatus FROM T11-FC-SP-TC-MIB; T11FcSpHashCalculationStatus FROM T11-FC-SP-TC-MIB;
t11FcSpPolicyMIB MODULE-IDENTITY t11FcSpPolicyMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200801030000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF's IMSS T11 began the development and the IETF (in
Working Group finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
skipping to change at page 81, line 6 skipping to change at page 75, line 6
Fabric." Fabric."
::= { t11FcSpPoEntry 1 } ::= { t11FcSpPoEntry 1 }
t11FcSpPoPolicySummaryObjName OBJECT-TYPE t11FcSpPoPolicySummaryObjName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of this Fabric's (active) Policy Summary Object." "The name of this Fabric's (active) Policy Summary Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3 and table 104." February 2007, section 7.1.3 and table 104."
::= { t11FcSpPoEntry 2 } ::= { t11FcSpPoEntry 2 }
t11FcSpPoAdminFabricName OBJECT-TYPE t11FcSpPoAdminFabricName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The administratively-specified name for this Fabric, as "The administratively-specified name for this Fabric, as
specified in the active Switch Membership List Object. specified in the active Switch Membership List Object.
This value is meaningful only when Static Domain_IDs are This value is meaningful only when Static Domain_IDs are
skipping to change at page 81, line 36 skipping to change at page 75, line 36
t11FamConfigDomainIdType objects defined in the t11FamConfigDomainIdType objects defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module are also concerned with T11-FC-FABRIC-ADDR-MGR-MIB module are also concerned with
the use of an administratively-specified name for a Fabric the use of an administratively-specified name for a Fabric
and Static Domain_IDs. When FC-SP Policy is in use in a and Static Domain_IDs. When FC-SP Policy is in use in a
Fabric, the values of t11FamEnable, t11FamFabricName and Fabric, the values of t11FamEnable, t11FamFabricName and
t11FamConfigDomainIdType must be read-only and reflect the t11FamConfigDomainIdType must be read-only and reflect the
active Policy Objects. For example, the value of active Policy Objects. For example, the value of
t11FamFabricName must reflect the value of t11FamFabricName must reflect the value of
t11FcSpPoAdminFabricName." t11FcSpPoAdminFabricName."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.4.1 and table 108. February 2007, section 7.1.4.1 and table 108.
- Fibre Channel - Switch Fabric-4 (FC-SW-4), - Fibre Channel - Switch Fabric-4 (FC-SW-4),
ANSI INCITS 418-2006, April 2006, section 7.1. ANSI INCITS 418-2006, April 2006, section 7.1.
- Fibre Channel Fabric Address Manager MIB', RFC 4439, - Fibre Channel Fabric Address Manager MIB', RFC 4439,
March 2006." March 2006."
::= { t11FcSpPoEntry 3 } ::= { t11FcSpPoEntry 3 }
t11FcSpPoActivatedTimeStamp OBJECT-TYPE t11FcSpPoActivatedTimeStamp OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
skipping to change at page 82, line 44 skipping to change at page 76, line 44
How many Policy Objects of a given type can be active at How many Policy Objects of a given type can be active at
any one time for a given Fabric depends on the type, as any one time for a given Fabric depends on the type, as
specified in FC-SP. For some types, it is one per Fabric; specified in FC-SP. For some types, it is one per Fabric;
for other types, more than one can be active per Fabric. for other types, more than one can be active per Fabric.
In both of these cases, the absence of any entries in this In both of these cases, the absence of any entries in this
table for a particular type is equivalent to there being one table for a particular type is equivalent to there being one
Policy Object of that type which is empty, e.g., a Switch Policy Object of that type which is empty, e.g., a Switch
Membership List Object which identifies zero Switches." Membership List Object which identifies zero Switches."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3 and table 104." February 2007, section 7.1.3 and table 104."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoSummaryPolicyNameType, t11FcSpPoSummaryPolicyNameType,
t11FcSpPoSummaryPolicyName } t11FcSpPoSummaryPolicyName }
::= { t11FcSpPoSummaryTable 1 } ::= { t11FcSpPoSummaryTable 1 }
T11FcSpPoSummaryEntry ::= SEQUENCE { T11FcSpPoSummaryEntry ::= SEQUENCE {
t11FcSpPoSummaryPolicyNameType T11FcSpPolicyNameType, t11FcSpPoSummaryPolicyNameType T11FcSpPolicyNameType,
t11FcSpPoSummaryPolicyName T11FcSpPolicyName, t11FcSpPoSummaryPolicyName T11FcSpPolicyName,
t11FcSpPoSummaryPolicyType T11FcSpPolicyObjectType, t11FcSpPoSummaryPolicyType T11FcSpPolicyObjectType,
t11FcSpPoSummaryHashFormat T11FcSpPolicyHashFormat, t11FcSpPoSummaryHashFormat T11FcSpPolicyHashFormat,
skipping to change at page 84, line 5 skipping to change at page 78, line 5
::= { t11FcSpPoSummaryEntry 2 } ::= { t11FcSpPoSummaryEntry 2 }
t11FcSpPoSummaryPolicyType OBJECT-TYPE t11FcSpPoSummaryPolicyType OBJECT-TYPE
SYNTAX T11FcSpPolicyObjectType SYNTAX T11FcSpPolicyObjectType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 'Identifier' which specifies the type of this "The 'Identifier' which specifies the type of this
Policy Object." Policy Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3.1 and table 104." February 2007, section 7.1.3.1 and table 104."
::= { t11FcSpPoSummaryEntry 3 } ::= { t11FcSpPoSummaryEntry 3 }
t11FcSpPoSummaryHashFormat OBJECT-TYPE t11FcSpPoSummaryHashFormat OBJECT-TYPE
SYNTAX T11FcSpPolicyHashFormat SYNTAX T11FcSpPolicyHashFormat
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The format of this Policy Object's hash value as "The format of this Policy Object's hash value as
contained in the corresponding instance of the contained in the corresponding instance of the
t11FcSpPoSummaryHashValue object." t11FcSpPoSummaryHashValue object."
skipping to change at page 85, line 21 skipping to change at page 79, line 21
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Switch Entries in active Switch Membership List "A table of Switch Entries in active Switch Membership List
Objects. Objects.
One Switch Membership List Object is represented by all One Switch Membership List Object is represented by all
of the rows of this table which have the same values of the rows of this table which have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex." of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoActive 3 } ::= { t11FcSpPoActive 3 }
t11FcSpPoSwMembEntry OBJECT-TYPE t11FcSpPoSwMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoSwMembEntry SYNTAX T11FcSpPoSwMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Switch Entry "Each entry contains information about one Switch Entry
within the active Switch Membership List Object for the within the active Switch Membership List Object for the
Fabric identified by t11FcSpPoFabricIndex and managed Fabric identified by t11FcSpPoFabricIndex and managed
skipping to change at page 86, line 33 skipping to change at page 80, line 33
specific Switch Connectivity Object. Unrestricted specific Switch Connectivity Object. Unrestricted
membership means that the Switch is allowed to be part of membership means that the Switch is allowed to be part of
the Fabric unless disallowed by a specific Switch the Fabric unless disallowed by a specific Switch
Connectivity Object. Connectivity Object.
The values of 'wildcard' and 'restrictedWildcard' provide The values of 'wildcard' and 'restrictedWildcard' provide
the means to specify whether to allow/deny membership for the means to specify whether to allow/deny membership for
Switches not explicitly named in the Switch Membership Switches not explicitly named in the Switch Membership
List Object." List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 1 } ::= { t11FcSpPoSwMembEntry 1 }
t11FcSpPoSwMembSwitchName OBJECT-TYPE t11FcSpPoSwMembSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of t11FcSpPoSwMembSwitchNameType is "When the value of t11FcSpPoSwMembSwitchNameType is
'wildcard' or 'restrictedWildcard', this object has the 'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h. value '0000000000000000'h.
Otherwise, the combination of t11FcSpPoSwMembSwitchNameType Otherwise, the combination of t11FcSpPoSwMembSwitchNameType
and this object specify the Switch Name of this Switch and this object specify the Switch Name of this Switch
Entry." Entry."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 2 } ::= { t11FcSpPoSwMembEntry 2 }
t11FcSpPoSwMembSwitchFlags OBJECT-TYPE t11FcSpPoSwMembSwitchFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
staticDomainID(0), staticDomainID(0),
insistentDomainID(1), insistentDomainID(1),
serialPortsAccess(2), serialPortsAccess(2),
physicalPortsAccess(3), physicalPortsAccess(3),
managerRole(4) managerRole(4)
} }
skipping to change at page 88, line 11 skipping to change at page 82, line 11
the Fabric Policy configuration (on receipt of any of the the Fabric Policy configuration (on receipt of any of the
EACA, ESFC, EUFC, ACA, SFC, or UFC SW_ILSs) if and only if EACA, ESFC, EUFC, ACA, SFC, or UFC SW_ILSs) if and only if
this bit is set. this bit is set.
Whenever a Fabric has Active Policy Objects, the value of Whenever a Fabric has Active Policy Objects, the value of
the t11FamConfigDomainIdType object defined in the the t11FamConfigDomainIdType object defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and
reflect the values of the 'staticDomainID' and reflect the values of the 'staticDomainID' and
'insistentDomainID' bits of this object." 'insistentDomainID' bits of this object."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 112. February 2007, section 7.1.4.1 and table 112.
- Fibre Channel - Switch Fabric-4 (FC-SW-4), - Fibre Channel - Switch Fabric-4 (FC-SW-4),
ANSI INCITS 418-2006, April 2006, section 7.1. ANSI INCITS 418-2006, April 2006, section 7.1.
- t11FamConfigDomainIdType, T11-FC-FABRIC-ADDR-MGR-MIB, - t11FamConfigDomainIdType, T11-FC-FABRIC-ADDR-MGR-MIB,
Fibre Channel Fabric Address Manager MIB, RFC 4439." Fibre Channel Fabric Address Manager MIB, RFC 4439."
::= { t11FcSpPoSwMembEntry 3 } ::= { t11FcSpPoSwMembEntry 3 }
t11FcSpPoSwMembDomainID OBJECT-TYPE t11FcSpPoSwMembDomainID OBJECT-TYPE
SYNTAX FcDomainIdOrZero SYNTAX FcDomainIdOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The specified Domain_ID value when either of the "The specified Domain_ID value when either of the
'staticDomainID' or 'insistentDomainID' bits are set in 'staticDomainID' or 'insistentDomainID' bits are set in
the corresponding instance of t11FcSpPoSwMembSwitchFlags. the corresponding instance of t11FcSpPoSwMembSwitchFlags.
Whenever a Fabric has Active Policy Objects, the value Whenever a Fabric has Active Policy Objects, the value
of the t11FamConfigDomainId object defined in the of the t11FamConfigDomainId object defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and
reflect the value of this object." reflect the value of this object."
REFERENCE REFERENCE
" - INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and tables 111 and 112. February 2007, section 7.1.4.1 and tables 111 and 112.
- t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB, - t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB,
Fibre Channel Fabric Address Manager MIB, RFC 4439." Fibre Channel Fabric Address Manager MIB, RFC 4439."
::= { t11FcSpPoSwMembEntry 4 } ::= { t11FcSpPoSwMembEntry 4 }
t11FcSpPoSwMembPolicyDataRole OBJECT-TYPE t11FcSpPoSwMembPolicyDataRole OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
client(1), client(1),
autonomous(2), autonomous(2),
server(3) server(3)
} }
skipping to change at page 89, line 27 skipping to change at page 83, line 27
This is the same as 'client' except that if FC-SP Zoning This is the same as 'client' except that if FC-SP Zoning
is used, an Autonomous Switch maintains a complete copy is used, an Autonomous Switch maintains a complete copy
of the Fabric Zoning Database. of the Fabric Zoning Database.
'server' - the Switch operates as a Server Switch. 'server' - the Switch operates as a Server Switch.
A Server Switch maintains all Fabric-wide List Objects A Server Switch maintains all Fabric-wide List Objects
and the Switch Connectivity Objects of each Switch in and the Switch Connectivity Objects of each Switch in
the Fabric. If FC-SP Zoning is used, a Server Switch the Fabric. If FC-SP Zoning is used, a Server Switch
maintains a complete copy of the Fabric Zoning Database." maintains a complete copy of the Fabric Zoning Database."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 113." February 2007, section 7.1.4.1 and table 113."
::= { t11FcSpPoSwMembEntry 5 } ::= { t11FcSpPoSwMembEntry 5 }
t11FcSpPoSwMembAuthBehaviour OBJECT-TYPE t11FcSpPoSwMembAuthBehaviour OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
mustAuthenticate(0), mustAuthenticate(0),
rejectIsFailure(1) rejectIsFailure(1)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authentication behaviour of the Switch: "The authentication behaviour of the Switch:
'mustAuthenticate' - if this bit is set, all connections 'mustAuthenticate' - if this bit is set, all connections
between this Switch and neighbour Switches must be between this Switch and neighbour Switches must be
authenticated. authenticated.
'rejectIsFailure' - if this bit is set, the rejection of 'rejectIsFailure' - if this bit is set, the rejection of
an AUTH_Negotiate message must be considered as an an AUTH_Negotiate message must be considered as an
authentication failure by this Switch." authentication failure by this Switch."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 114." February 2007, section 7.1.4.1 and table 114."
::= { t11FcSpPoSwMembEntry 6 } ::= { t11FcSpPoSwMembEntry 6 }
t11FcSpPoSwMembAttribute OBJECT-TYPE t11FcSpPoSwMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of an active Attribute Policy Object which is "The name of an active Attribute Policy Object which is
defined for this Switch, or the zero-length string. The defined for this Switch, or the zero-length string. The
zero-length string indicates that no Attribute Policy zero-length string indicates that no Attribute Policy
Object is defined for this Switch." Object is defined for this Switch."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 7 } ::= { t11FcSpPoSwMembEntry 7 }
-- --
-- Node Entries in Active Node Membership List Objects -- Node Entries in Active Node Membership List Objects
-- --
t11FcSpPoNoMembTable OBJECT-TYPE t11FcSpPoNoMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNoMembEntry SYNTAX SEQUENCE OF T11FcSpPoNoMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
skipping to change at page 91, line 48 skipping to change at page 85, line 48
in the active Node Membership List Object. A Node is in the active Node Membership List Object. A Node is
identified by its Node Name or by one or more of its Port identified by its Node Name or by one or more of its Port
Names. Names.
Restricted membership means that a Node is not allowed to be Restricted membership means that a Node is not allowed to be
connected to the Fabric unless allowed by a specific Switch connected to the Fabric unless allowed by a specific Switch
Connectivity Object. Unrestricted membership means that a Connectivity Object. Unrestricted membership means that a
Node is allowed to be connected to the Fabric unless Node is allowed to be connected to the Fabric unless
disallowed by a specific Switch Connectivity Object." disallowed by a specific Switch Connectivity Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 1 } ::= { t11FcSpPoNoMembEntry 1 }
t11FcSpPoNoMembNodeName OBJECT-TYPE t11FcSpPoNoMembNodeName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of t11FcSpPoNoMembNodeNameType is "If the value of t11FcSpPoNoMembNodeNameType is
'wildcard' or 'restrictedWildcard', this object has the 'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h. value '0000000000000000'h.
Otherwise, the combination of t11FcSpPoNoMembNodeNameType Otherwise, the combination of t11FcSpPoNoMembNodeNameType
and this object specify the name of this Node Entry is the and this object specify the name of this Node Entry is the
active Node Membership List Object." active Node Membership List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 2 } ::= { t11FcSpPoNoMembEntry 2 }
t11FcSpPoNoMembFlags OBJECT-TYPE t11FcSpPoNoMembFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
scsiEnclosureAccess(0), scsiEnclosureAccess(0),
authenticationRequired(1) authenticationRequired(1)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 92, line 46 skipping to change at page 86, line 46
'scsiEnclosureAccess' - the Node is allowed to 'scsiEnclosureAccess' - the Node is allowed to
control any Switch through SCSI Enclosure Services if this control any Switch through SCSI Enclosure Services if this
bit is set. If a Switch does not support SCSI Enclosure bit is set. If a Switch does not support SCSI Enclosure
Services, this bit is ignored. Services, this bit is ignored.
'authenticationRequired' - the Node is required to 'authenticationRequired' - the Node is required to
authenticate itself to any Switch to which it is connected authenticate itself to any Switch to which it is connected
if and only if this bit is set." if and only if this bit is set."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 118." February 2007, section 7.1.4.1 and table 118."
::= { t11FcSpPoNoMembEntry 3 } ::= { t11FcSpPoNoMembEntry 3 }
t11FcSpPoNoMembCtAccessIndex OBJECT-TYPE t11FcSpPoNoMembCtAccessIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of this object is zero, then access by this "If the value of this object is zero, then access by this
Node to Generic Services is not limited by a Common Node to Generic Services is not limited by a Common
Transport Access Specifier. Transport Access Specifier.
Otherwise, the limits are specified by the set of Common Otherwise, the limits are specified by the set of Common
Transport Access Descriptors contained in those rows of Transport Access Descriptors contained in those rows of
the t11FcSpPoCtDescrTable for the same Fabric and for which the t11FcSpPoCtDescrTable for the same Fabric and for which
the value of t11FcSpPoCtDescrSpecifierIndex is the same as the value of t11FcSpPoCtDescrSpecifierIndex is the same as
the value of this object." the value of this object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.4.1 and tables 118/119/120/121." section 7.1.4.1 and tables 118/119/120/121."
::= { t11FcSpPoNoMembEntry 4 } ::= { t11FcSpPoNoMembEntry 4 }
t11FcSpPoNoMembAttribute OBJECT-TYPE t11FcSpPoNoMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of an active Attribute Policy Object which is "The name of an active Attribute Policy Object which is
defined for this Node, or the zero-length string. The defined for this Node, or the zero-length string. The
zero-length string indicates that no Attribute Policy zero-length string indicates that no Attribute Policy
Object is defined for this Node." Object is defined for this Node."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 5 } ::= { t11FcSpPoNoMembEntry 5 }
-- --
-- --
-- Common Transport Access Descriptors -- Common Transport Access Descriptors
-- --
t11FcSpPoCtDescrTable OBJECT-TYPE t11FcSpPoCtDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoCtDescrEntry SYNTAX SEQUENCE OF T11FcSpPoCtDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Common Transport Access Descriptors being used "A table of Common Transport Access Descriptors being used
skipping to change at page 97, line 20 skipping to change at page 91, line 21
SYNTAX SEQUENCE OF T11FcSpPoSwConnEntry SYNTAX SEQUENCE OF T11FcSpPoSwConnEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of active Switch Connectivity Objects. "A table of active Switch Connectivity Objects.
A Switch Connectivity Object defines to which other A Switch Connectivity Object defines to which other
Switches or Nodes a particular Switch may/may not be Switches or Nodes a particular Switch may/may not be
connected at the Node level and/or at the Port level." connected at the Node level and/or at the Port level."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.6.1, tables 123/124." February 2007, section 7.1.6.1, tables 123/124."
::= { t11FcSpPoActive 6 } ::= { t11FcSpPoActive 6 }
t11FcSpPoSwConnEntry OBJECT-TYPE t11FcSpPoSwConnEntry OBJECT-TYPE
SYNTAX T11FcSpPoSwConnEntry SYNTAX T11FcSpPoSwConnEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains the name of either a Switch or a Node "Each entry contains the name of either a Switch or a Node
with which any port of a particular Switch, or a particular with which any port of a particular Switch, or a particular
port of that Switch, is allowed or not allowed to be port of that Switch, is allowed or not allowed to be
skipping to change at page 98, line 45 skipping to change at page 92, line 46
zero-length string, that the topology restriction applies zero-length string, that the topology restriction applies
to all ports on the particular Switch. to all ports on the particular Switch.
In the FC-SP Policy Database, restrictions for a particular In the FC-SP Policy Database, restrictions for a particular
port are formatted within a Port Connectivity Entry of a port are formatted within a Port Connectivity Entry of a
Switch Connectivity Object, whereas restrictions for all Switch Connectivity Object, whereas restrictions for all
ports on the Switch are specified in the main part of a ports on the Switch are specified in the main part of a
Switch Connectivity Object, i.e., not in a Port Connectivity Switch Connectivity Object, i.e., not in a Port Connectivity
Entry." Entry."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.6.1, tables 123/124." February 2007, section 7.1.6.1, tables 123/124."
::= { t11FcSpPoSwConnEntry 3 } ::= { t11FcSpPoSwConnEntry 3 }
t11FcSpPoSwConnAllowedIndex OBJECT-TYPE t11FcSpPoSwConnAllowedIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When multiple rows in this table apply to the same "When multiple rows in this table apply to the same
port(s) in the same Switch's Switch Connectivity Object, port(s) in the same Switch's Switch Connectivity Object,
this object provides a unique index value to distinguish this object provides a unique index value to distinguish
skipping to change at page 99, line 41 skipping to change at page 93, line 42
explicitly named by other rows. explicitly named by other rows.
Otherwise, the combination of t11FcSpPoSwConnAllowedNameType Otherwise, the combination of t11FcSpPoSwConnAllowedNameType
and t11FcSpPoSwConnAllowedName specify the name of: and t11FcSpPoSwConnAllowedName specify the name of:
- a Switch (if t11FcSpPoSwConnAllowedType = 'switch'), or - a Switch (if t11FcSpPoSwConnAllowedType = 'switch'), or
- a Node (if t11FcSpPoSwConnAllowedType = 'node') - a Node (if t11FcSpPoSwConnAllowedType = 'node')
to which connectivity is: to which connectivity is:
- allowed by 'nodeName' and 'portname', - allowed by 'nodeName' and 'portName',
- not allowed by 'restrictedNodeName' and - not allowed by 'restrictedNodeName' and
'restrictedPortName'." 'restrictedPortName'."
::= { t11FcSpPoSwConnEntry 5 } ::= { t11FcSpPoSwConnEntry 5 }
t11FcSpPoSwConnAllowedName OBJECT-TYPE t11FcSpPoSwConnAllowedName OBJECT-TYPE
SYNTAX T11FcSpPolicyName (SIZE (8)) SYNTAX T11FcSpPolicyName (SIZE (8))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of t11FcSpPoSwConnAllowedNameType is "If the value of t11FcSpPoSwConnAllowedNameType is
skipping to change at page 100, line 36 skipping to change at page 94, line 38
DESCRIPTION DESCRIPTION
"A table of IP Management Entries in active IP Management "A table of IP Management Entries in active IP Management
List Objects. A IP Management List Object is a List Objects. A IP Management List Object is a
Fabric-wide Policy Object that describes which IP hosts Fabric-wide Policy Object that describes which IP hosts
are allowed to manage a Fabric. are allowed to manage a Fabric.
One IP Management List Object is represented by all One IP Management List Object is represented by all
of the rows of this table which have the same values of the rows of this table which have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex." of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7" February 2007, section 7.1.7"
::= { t11FcSpPoActive 7 } ::= { t11FcSpPoActive 7 }
t11FcSpPoIpMgmtEntry OBJECT-TYPE t11FcSpPoIpMgmtEntry OBJECT-TYPE
SYNTAX T11FcSpPoIpMgmtEntry SYNTAX T11FcSpPoIpMgmtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one IP Management "Each entry contains information about one IP Management
Entry within the active IP Management List Object for the Entry within the active IP Management List Object for the
Fabric identified by t11FcSpPoFabricIndex and managed Fabric identified by t11FcSpPoFabricIndex and managed
skipping to change at page 102, line 12 skipping to change at page 96, line 14
t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the IP Address range of this IP Management
Entry in the IP Management List Object. Entry in the IP Management List Object.
The FC-SP specification does not allow the use of a The FC-SP specification does not allow the use of a
DNS domain name to specify the address at the lower end DNS domain name to specify the address at the lower end
or at the higher end of the IP Address range, nor does it or at the higher end of the IP Address range, nor does it
allow the specification of a zone index. Therefore, the allow the specification of a zone index. Therefore, the
type of address must be one of: 'ipv4', or 'ipv6'." type of address must be one of: 'ipv4', or 'ipv6'."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
sections 7.1.7.1 & 7.1.2, tables 103/126." sections 7.1.7.1 & 7.1.2, tables 103/126."
::= { t11FcSpPoIpMgmtEntry 1 } ::= { t11FcSpPoIpMgmtEntry 1 }
t11FcSpPoIpMgmtEntryNameLow OBJECT-TYPE t11FcSpPoIpMgmtEntryNameLow OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The lower end of an Internet address range. The type "The lower end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoIpMgmtEntryNameType. of t11FcSpPoIpMgmtEntryNameType.
The combination of t11FcSpPoIpMgmtNameType, The combination of t11FcSpPoIpMgmtNameType,
t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the IP Address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
sections 7.1.7.1 & 7.1.2, tables 103/126." sections 7.1.7.1 & 7.1.2, tables 103/126."
::= { t11FcSpPoIpMgmtEntry 2 } ::= { t11FcSpPoIpMgmtEntry 2 }
t11FcSpPoIpMgmtEntryNameHigh OBJECT-TYPE t11FcSpPoIpMgmtEntryNameHigh OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The higher end of an Internet address range. The type "The higher end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoIpMgmtEntryNameType. of t11FcSpPoIpMgmtEntryNameType.
The combination of t11FcSpPoIpMgmtNameType, The combination of t11FcSpPoIpMgmtNameType,
t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the IP Address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
sections 7.1.7.1 & 7.1.2, tables 103/126." February 2007, sections 7.1.7.1 & 7.1.2, tables 103/126."
::= { t11FcSpPoIpMgmtEntry 3 } ::= { t11FcSpPoIpMgmtEntry 3 }
t11FcSpPoIpMgmtWkpIndex OBJECT-TYPE t11FcSpPoIpMgmtWkpIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object identifies the restrictions for IP management "This object identifies the restrictions for IP management
access by IP hosts in this range of IP addresses, specified access by IP hosts in this range of IP addresses, specified
as the set of Well Known Protocols Access Descriptors as the set of Well Known Protocols Access Descriptors
contained in those rows of the t11FcSpPoWkpDescrTable for contained in those rows of the t11FcSpPoWkpDescrTable for
which the value of t11FcSpPoWkpDescrSpecifierIndex is the which the value of t11FcSpPoWkpDescrSpecifierIndex is the
same as the value of this object. A value of zero indicates same as the value of this object. A value of zero indicates
that this IP Management Entry does not identify a Well Known that this IP Management Entry does not identify a Well Known
Protocols Access Specifier." Protocols Access Specifier."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and tables 127/129." February 2007, section 7.1.7.1 and tables 127/129."
::= { t11FcSpPoIpMgmtEntry 4 } ::= { t11FcSpPoIpMgmtEntry 4 }
t11FcSpPoIpMgmtAttribute OBJECT-TYPE t11FcSpPoIpMgmtAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of an active Attribute Policy Object which is "The name of an active Attribute Policy Object which is
defined for this IP Management entry, or the zero-length defined for this IP Management entry, or the zero-length
string. The zero-length string indicates that no Attribute string. The zero-length string indicates that no Attribute
Policy Object is defined for this IP Management entry." Policy Object is defined for this IP Management entry."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 128." February 2007, section 7.1.7.1 and table 128."
::= { t11FcSpPoIpMgmtEntry 5 } ::= { t11FcSpPoIpMgmtEntry 5 }
-- --
-- Well-Known Protocol Access Descriptors -- Well-Known Protocol Access Descriptors
-- --
t11FcSpPoWkpDescrTable OBJECT-TYPE t11FcSpPoWkpDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoWkpDescrEntry SYNTAX SEQUENCE OF T11FcSpPoWkpDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
skipping to change at page 106, line 8 skipping to change at page 100, line 8
specified by the value of t11FcSpPoWkpDescrWkpNumber. specified by the value of t11FcSpPoWkpDescrWkpNumber.
- destPortWildcard -- if this bit is set, the Destination - destPortWildcard -- if this bit is set, the Destination
(TCP/UDP) Port number of the Well-Known Protocol to be (TCP/UDP) Port number of the Well-Known Protocol to be
allowed/denied is specified by the value of allowed/denied is specified by the value of
t11FcSpPoWkpDescrDestPort. t11FcSpPoWkpDescrDestPort.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set then access is to be
granted only for reading." granted only for reading."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 131." February 2007, section 7.1.7.1 and table 131."
::= { t11FcSpPoWkpDescrEntry 3 } ::= { t11FcSpPoWkpDescrEntry 3 }
t11FcSpPoWkpDescrWkpNumber OBJECT-TYPE t11FcSpPoWkpDescrWkpNumber OBJECT-TYPE
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the 'wkpWildcard' bit is set in the corresponding "When the 'wkpWildcard' bit is set in the corresponding
instance of t11FcSpPoWkpDescrFlags, this object specifies instance of t11FcSpPoWkpDescrFlags, this object specifies
the IP protocol number of the Well-Known Protocol." the IP protocol number of the Well-Known Protocol."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 131. February 2007, section 7.1.7.1 and table 131.
- http://www.iana.org/assignments/protocol-numbers." - http://www.iana.org/assignments/protocol-numbers."
::= { t11FcSpPoWkpDescrEntry 4 } ::= { t11FcSpPoWkpDescrEntry 4 }
t11FcSpPoWkpDescrDestPort OBJECT-TYPE t11FcSpPoWkpDescrDestPort OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the 'destPortWildcard' bit is set in the corresponding "When the 'destPortWildcard' bit is set in the corresponding
instance of t11FcSpPoWkpDescrFlags, this object specifies instance of t11FcSpPoWkpDescrFlags, this object specifies
the Destination (TCP/UDP) Port number of the Well-Known the Destination (TCP/UDP) Port number of the Well-Known
Protocol. When the 'destPortWildcard' bit is reset, this Protocol. When the 'destPortWildcard' bit is reset, this
object is ignored (and can have the value zero)." object is ignored (and can have the value zero)."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 131. February 2007, section 7.1.7.1 and table 131.
- http://www.iana.org/assignments/port-numbers." - http://www.iana.org/assignments/port-numbers."
::= { t11FcSpPoWkpDescrEntry 5 } ::= { t11FcSpPoWkpDescrEntry 5 }
-- --
-- Attribute Entries in Active Attribute Policy Objects -- Attribute Entries in Active Attribute Policy Objects
-- --
t11FcSpPoAttribTable OBJECT-TYPE t11FcSpPoAttribTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoAttribEntry SYNTAX SEQUENCE OF T11FcSpPoAttribEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 108, line 29 skipping to change at page 102, line 29
} }
t11FcSpPoAttribName OBJECT-TYPE t11FcSpPoAttribName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the Attribute Policy Object containing one "The name of the Attribute Policy Object containing one
or more Attribute Entries." or more Attribute Entries."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.8.1 and table 133." February 2007, section 7.1.8.1 and table 133."
::= { t11FcSpPoAttribEntry 1 } ::= { t11FcSpPoAttribEntry 1 }
t11FcSpPoAttribEntryIndex OBJECT-TYPE t11FcSpPoAttribEntryIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique value to distinguish this Attribute Entry "A unique value to distinguish this Attribute Entry
from other Attribute Entries contained in the same from other Attribute Entries contained in the same
Attribute Policy Object." Attribute Policy Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.8.1, tables 133/134." February 2007, section 7.1.8.1, tables 133/134."
::= { t11FcSpPoAttribEntry 2 } ::= { t11FcSpPoAttribEntry 2 }
t11FcSpPoAttribPartIndex OBJECT-TYPE t11FcSpPoAttribPartIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Entry is shorter than 257 "When the value of an Attribute Entry is shorter than 257
bytes, the whole value is contained in one instance of bytes, the whole value is contained in one instance of
t11FcSpPoAttribValue, and the value of this object is 1. t11FcSpPoAttribValue, and the value of this object is 1.
If the value of an Attribute Entry is longer than 256 bytes, If the value of an Attribute Entry is longer than 256 bytes,
then that value is divided up on 256 byte boundaries such then that value is divided up on 256 byte boundaries such
that all parts are 256 bytes long except the last part which that all parts are 256 bytes long except the last part which
is shorter if necessary, with each such part contained in is shorter if necessary, with each such part contained in
a separate row of this table, and the value of this object a separate row of this table, and the value of this object
is set to the part number. That is, this object has the is set to the part number. That is, this object has the
value of 1 for bytes 0-255, the value of 2 for bytes value of 1 for bytes 0-255, the value of 2 for bytes
256-511, ... etc." 256-511, ... etc."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.8.1, tables 134/135." February 2007, section 7.1.8.1, tables 134/135."
::= { t11FcSpPoAttribEntry 3 } ::= { t11FcSpPoAttribEntry 3 }
t11FcSpPoAttribType OBJECT-TYPE t11FcSpPoAttribType OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of attribute. The first type to be defined is: "The type of attribute. The first type to be defined is:
t11FcSpPoAttribType t11FcSpPoAttribValue t11FcSpPoAttribType t11FcSpPoAttribValue
=================== ==================== =================== ====================
'00000001'h The AUTH_Negotiate Message Payload '00000001'h The AUTH_Negotiate Message Payload
" "
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoAttribEntry 4 } ::= { t11FcSpPoAttribEntry 4 }
t11FcSpPoAttribValue OBJECT-TYPE t11FcSpPoAttribValue OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Attribute Entry is divided up on 256 byte "The value of an Attribute Entry is divided up on 256 byte
boundaries such that all parts are 256 bytes long except the boundaries such that all parts are 256 bytes long except the
last part which is shorter if necessary, and each such part last part which is shorter if necessary, and each such part
is contained in a separate instance of this object. is contained in a separate instance of this object.
The value of this object is independent of whether some The value of this object is independent of whether some
parts of its value are broken-out into separate MIB objects parts of its value are broken-out into separate MIB objects
pointed to by the corresponding instance of pointed to by the corresponding instance of
t11FcSpPoAttribExtension." t11FcSpPoAttribExtension."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoAttribEntry 5 } ::= { t11FcSpPoAttribEntry 5 }
t11FcSpPoAttribExtension OBJECT-TYPE t11FcSpPoAttribExtension OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For some types of Attribute Policy Object, the value of "For some types of Attribute Policy Object, the value of
this MIB object points to type-specific MIB objects which this MIB object points to type-specific MIB objects which
skipping to change at page 111, line 24 skipping to change at page 105, line 24
"A table of Authentication Protocol Identifier and "A table of Authentication Protocol Identifier and
Authentication Protocol Parameters which are embedded in Authentication Protocol Parameters which are embedded in
Attribute Policy Objects being used within active Policy Attribute Policy Objects being used within active Policy
Objects. Objects.
This table is used for Attribute Entries of Attribute Policy This table is used for Attribute Entries of Attribute Policy
Objects for which the value of t11FcSpPoAttribType indicates Objects for which the value of t11FcSpPoAttribType indicates
'AUTH_Negotiate Message Payload' and the value of 'AUTH_Negotiate Message Payload' and the value of
t11FcSpPoAttribExtension contains the OID of this table." t11FcSpPoAttribExtension contains the OID of this table."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
sections 5.3.2 & 7.1.8.1, tables 134/135 and tables 10/11." sections 5.3.2 & 7.1.8.1, tables 134/135 and tables 10/11."
::= { t11FcSpPoActive 10 } ::= { t11FcSpPoActive 10 }
t11FcSpPoAuthProtEntry OBJECT-TYPE t11FcSpPoAuthProtEntry OBJECT-TYPE
SYNTAX T11FcSpPoAuthProtEntry SYNTAX T11FcSpPoAuthProtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about an Authentication "Each entry contains information about an Authentication
Protocol which is extracted out of the Attribute Entry Protocol which is extracted out of the Attribute Entry
skipping to change at page 112, line 30 skipping to change at page 106, line 30
1 = DH-CHAP 1 = DH-CHAP
2 = FCAP 2 = FCAP
3 = FCPAP 3 = FCPAP
4 = IKEv2 4 = IKEv2
5 = IKEv2-AUTH 5 = IKEv2-AUTH
240 thru 255 = Vendor Specific Protocols 240 thru 255 = Vendor Specific Protocols
all other values are 'Reserved' (by T11)." all other values are 'Reserved' (by T11)."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 5.3.2, table 11." February 2007, section 5.3.2, table 11."
::= { t11FcSpPoAuthProtEntry 1 } ::= { t11FcSpPoAuthProtEntry 1 }
t11FcSpPoAuthProtPartIndex OBJECT-TYPE t11FcSpPoAuthProtPartIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Protocol Parameters string "When the value of an Attribute Protocol Parameters string
is shorter than 257 bytes, the whole value is contained in is shorter than 257 bytes, the whole value is contained in
one instance of t11FcSpPoAuthProtParams, and the value of one instance of t11FcSpPoAuthProtParams, and the value of
skipping to change at page 113, line 10 skipping to change at page 107, line 10
If the value of an Authentication Protocol Parameters string If the value of an Authentication Protocol Parameters string
is longer than 256 bytes, then that value is divided up on is longer than 256 bytes, then that value is divided up on
256 byte boundaries such that all parts are 256 bytes long 256 byte boundaries such that all parts are 256 bytes long
except the last part which is shorter if necessary, with except the last part which is shorter if necessary, with
each such part contained in a separate row of this table, each such part contained in a separate row of this table,
and the value of this object is set to the part number. and the value of this object is set to the part number.
That is, this object has the value of 1 for bytes 0-255, That is, this object has the value of 1 for bytes 0-255,
the value of 2 for bytes 256-511, ... etc." the value of 2 for bytes 256-511, ... etc."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoAuthProtEntry 2 } ::= { t11FcSpPoAuthProtEntry 2 }
t11FcSpPoAuthProtParams OBJECT-TYPE t11FcSpPoAuthProtParams OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Authentication Protocol Parameters string "The value of an Authentication Protocol Parameters string
is divided up on 256 byte boundaries such that all parts is divided up on 256 byte boundaries such that all parts
are 256 bytes long except the last part which is shorter are 256 bytes long except the last part which is shorter
if necessary, and each such part is contained in a if necessary, and each such part is contained in a
separate instance of this object." separate instance of this object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoAuthProtEntry 3 } ::= { t11FcSpPoAuthProtEntry 3 }
-- --
-- Part 2 - Activate/De-Activate Operations -- Part 2 - Activate/De-Activate Operations
-- --
-- --
-- Objects to Invoke Activate/De-Activate Operations -- Objects to Invoke Activate/De-Activate Operations
-- --
skipping to change at page 115, line 33 skipping to change at page 109, line 33
request will fail with t11FcSpPoOperResult having the request will fail with t11FcSpPoOperResult having the
'badSummaryObject' value. 'badSummaryObject' value.
When read, the value of this object is always the zero- When read, the value of this object is always the zero-
length string. length string.
Writing to this object does not delete (or in any way Writing to this object does not delete (or in any way
affect) any rows in the MIB tables for non-active affect) any rows in the MIB tables for non-active
Policy Objects." Policy Objects."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.2" February 2007, section 7.3.6.2"
::= { t11FcSpPoOperEntry 1 } ::= { t11FcSpPoOperEntry 1 }
t11FcSpPoOperDeActivate OBJECT-TYPE t11FcSpPoOperDeActivate OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Writing the current value of t11FcSpPoPolicySummaryObjName "Writing the current value of t11FcSpPoPolicySummaryObjName
into this object (for a particular Fabric) is a request into this object (for a particular Fabric) is a request
to deactivate that Fabric's current policy configuration. to deactivate that Fabric's current policy configuration.
Writing any other value into this object is a Writing any other value into this object is an error
('wrongValue') error. (e.g., 'wrongValue').
When read, the value of this object is always the zero- When read, the value of this object is always the zero-
length string." length string."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.3" February 2007, section 7.3.6.3"
::= { t11FcSpPoOperEntry 2 } ::= { t11FcSpPoOperEntry 2 }
t11FcSpPoOperResult OBJECT-TYPE t11FcSpPoOperResult OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
activateSuccess(1), activateSuccess(1),
badSummaryObject(2), badSummaryObject(2),
activateFailure(3), activateFailure(3),
deactivateSuccess(4), deactivateSuccess(4),
deactivateFailure(5), deactivateFailure(5),
inProgress(6), inProgress(6),
skipping to change at page 119, line 27 skipping to change at page 113, line 27
successful, existing rows (if any) in MIB tables for active successful, existing rows (if any) in MIB tables for active
Policy Objects are deleted and replaced by the appropriate Policy Objects are deleted and replaced by the appropriate
new set of rows. Existing rows in this table and/or in new set of rows. Existing rows in this table and/or in
other tables for non-active Policy Objects are not other tables for non-active Policy Objects are not
affected by the activate operation. affected by the activate operation.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType which is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3 and table 104." February 2007, section 7.1.3 and table 104."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaSummaryName, t11FcSpPoNaSummaryPolicyType, t11FcSpPoNaSummaryName, t11FcSpPoNaSummaryPolicyType,
t11FcSpPoNaSummaryPolicyIndex } t11FcSpPoNaSummaryPolicyIndex }
::= { t11FcSpPoNaSummaryTable 1 } ::= { t11FcSpPoNaSummaryTable 1 }
T11FcSpPoNaSummaryEntry ::= SEQUENCE { T11FcSpPoNaSummaryEntry ::= SEQUENCE {
t11FcSpPoNaSummaryName T11FcSpAlphaNumName, t11FcSpPoNaSummaryName T11FcSpAlphaNumName,
t11FcSpPoNaSummaryPolicyType T11FcSpPolicyObjectType, t11FcSpPoNaSummaryPolicyType T11FcSpPolicyObjectType,
t11FcSpPoNaSummaryPolicyIndex Unsigned32, t11FcSpPoNaSummaryPolicyIndex Unsigned32,
t11FcSpPoNaSummaryPolicyNameType T11FcSpPolicyNameType, t11FcSpPoNaSummaryPolicyNameType T11FcSpPolicyNameType,
skipping to change at page 120, line 18 skipping to change at page 114, line 18
contains this Policy Object." contains this Policy Object."
::= { t11FcSpPoNaSummaryEntry 1 } ::= { t11FcSpPoNaSummaryEntry 1 }
t11FcSpPoNaSummaryPolicyType OBJECT-TYPE t11FcSpPoNaSummaryPolicyType OBJECT-TYPE
SYNTAX T11FcSpPolicyObjectType SYNTAX T11FcSpPolicyObjectType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 'Identifier' (i.e., the type) of this Policy Object." "The 'Identifier' (i.e., the type) of this Policy Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.3.1 and table 104." February 2007, section 7.1.3.1 and table 104."
::= { t11FcSpPoNaSummaryEntry 2 } ::= { t11FcSpPoNaSummaryEntry 2 }
t11FcSpPoNaSummaryPolicyIndex OBJECT-TYPE t11FcSpPoNaSummaryPolicyIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique integer value to distinguish this Policy Object "A unique integer value to distinguish this Policy Object
from any others which have the same type and which are from any others which have the same type and which are
contained in the same Policy Summary Object." contained in the same Policy Summary Object."
skipping to change at page 121, line 32 skipping to change at page 115, line 32
correct -- the corresponding instance of correct -- the corresponding instance of
t11FcSpPoNaSummaryHashValue contains t11FcSpPoNaSummaryHashValue contains
the correct value; or the correct value; or
stale -- the corresponding instance of stale -- the corresponding instance of
t11FcSpPoNaSummaryHashValue contains t11FcSpPoNaSummaryHashValue contains
a stale (possibly incorrect) value; a stale (possibly incorrect) value;
Writing a value of 'calculate' is a request to re-calculate Writing a value of 'calculate' is a request to re-calculate
and update the value of the corresponding instance of and update the value of the corresponding instance of
t11FcSpPoNaSummaryHashValue. Writing a value of 'correct' t11FcSpPoNaSummaryHashValue. Writing a value of 'correct'
or 'stale' to this object is a ('wrongValue') error." or 'stale' to this object is an error (e.g., 'wrongValue')."
DEFVAL { stale } DEFVAL { stale }
::= { t11FcSpPoNaSummaryEntry 6 } ::= { t11FcSpPoNaSummaryEntry 6 }
t11FcSpPoNaSummaryHashFormat OBJECT-TYPE t11FcSpPoNaSummaryHashFormat OBJECT-TYPE
SYNTAX T11FcSpPolicyHashFormat SYNTAX T11FcSpPolicyHashFormat
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The format of this Policy Object's hash value as "The format of this Policy Object's hash value as
contained in the corresponding instance of the contained in the corresponding instance of the
skipping to change at page 123, line 16 skipping to change at page 117, line 16
-- Non-Active Switch Membership List Objects -- Non-Active Switch Membership List Objects
-- --
t11FcSpPoNaSwListTable OBJECT-TYPE t11FcSpPoNaSwListTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaSwListEntry SYNTAX SEQUENCE OF T11FcSpPoNaSwListEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of non-active Switch Membership List Objects." "A table of non-active Switch Membership List Objects."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 108." February 2007, section 7.1.4.1 and table 108."
::= { t11FcSpPoNonActive 2 } ::= { t11FcSpPoNonActive 2 }
t11FcSpPoNaSwListEntry OBJECT-TYPE t11FcSpPoNaSwListEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaSwListEntry SYNTAX T11FcSpPoNaSwListEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one non-active "Each entry contains information about one non-active
Switch Membership List Object for the Fabric identified Switch Membership List Object for the Fabric identified
by t11FcSpPoFabricIndex and managed within the Fibre by t11FcSpPoFabricIndex and managed within the Fibre
skipping to change at page 124, line 6 skipping to change at page 118, line 6
t11FcSpPoNaSwListRowStatus RowStatus t11FcSpPoNaSwListRowStatus RowStatus
} }
t11FcSpPoNaSwListName OBJECT-TYPE t11FcSpPoNaSwListName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the Switch Membership List Object." "The name of the Switch Membership List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 108." February 2007, section 7.1.4.1 and table 108."
::= { t11FcSpPoNaSwListEntry 1 } ::= { t11FcSpPoNaSwListEntry 1 }
t11FcSpPoNaSwListFabricName OBJECT-TYPE t11FcSpPoNaSwListFabricName OBJECT-TYPE
SYNTAX FcNameIdOrZero SYNTAX FcNameIdOrZero
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The administratively-specified Fabric_Name. This value "The administratively-specified Fabric_Name. This value
is meaningful only when static Domain_IDs are used in a is meaningful only when static Domain_IDs are used in a
Fabric. If Static Domain_IDs are not used, the Fabric_Name Fabric. If Static Domain_IDs are not used, the Fabric_Name
is dynamically determined, in which case the value of this is dynamically determined, in which case the value of this
object can be '0000000000000000'h or the zero-length object can be '0000000000000000'h or the zero-length
string." string."
REFERENCE REFERENCE
"- t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB, "- t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB,
Fibre Channel Fabric Address Manager MIB, RFC 4439; Fibre Channel Fabric Address Manager MIB, RFC 4439;
- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, table 108." February 2007, table 108."
::= { t11FcSpPoNaSwListEntry 2 } ::= { t11FcSpPoNaSwListEntry 2 }
t11FcSpPoNaSwListRowStatus OBJECT-TYPE t11FcSpPoNaSwListRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time. within the row can be modified at any time.
skipping to change at page 125, line 17 skipping to change at page 119, line 17
-- --
t11FcSpPoNaSwMembTable OBJECT-TYPE t11FcSpPoNaSwMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaSwMembEntry SYNTAX SEQUENCE OF T11FcSpPoNaSwMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Switch Entries in non-active Switch Membership "A table of Switch Entries in non-active Switch Membership
List Objects." List Objects."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoNonActive 3 } ::= { t11FcSpPoNonActive 3 }
t11FcSpPoNaSwMembEntry OBJECT-TYPE t11FcSpPoNaSwMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaSwMembEntry SYNTAX T11FcSpPoNaSwMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Switch which "Each entry contains information about one Switch which
is listed in a Switch Entry of a non-active Switch Membership is listed in a Switch Entry of a non-active Switch Membership
List Object for the Fabric identified by t11FcSpPoFabricIndex List Object for the Fabric identified by t11FcSpPoFabricIndex
skipping to change at page 126, line 45 skipping to change at page 120, line 45
specific Switch Connectivity Object. Unrestricted specific Switch Connectivity Object. Unrestricted
membership means that the Switch is allowed to be part of membership means that the Switch is allowed to be part of
the Fabric unless disallowed by a specific Switch the Fabric unless disallowed by a specific Switch
Connectivity Object. Connectivity Object.
The values of 'wildcard' and 'restrictedWildcard' provide The values of 'wildcard' and 'restrictedWildcard' provide
the means to specify whether to allow/deny membership for the means to specify whether to allow/deny membership for
Switches not explicitly named in the Switch Membership Switches not explicitly named in the Switch Membership
List Object." List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoNaSwMembEntry 1 } ::= { t11FcSpPoNaSwMembEntry 1 }
t11FcSpPoNaSwMembSwitchName OBJECT-TYPE t11FcSpPoNaSwMembSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of t11FcSpPoSwMembSwitchNameType is "If the value of t11FcSpPoSwMembSwitchNameType is
'wildcard' or 'restrictedWildcard', this object has the 'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h. value '0000000000000000'h.
Otherwise, the combination of Otherwise, the combination of
t11FcSpPoNaSwMembSwitchNameType and this object specify the t11FcSpPoNaSwMembSwitchNameType and this object specify the
Switch Name of this Switch Entry." Switch Name of this Switch Entry."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoNaSwMembEntry 2 } ::= { t11FcSpPoNaSwMembEntry 2 }
t11FcSpPoNaSwMembFlags OBJECT-TYPE t11FcSpPoNaSwMembFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
staticDomainID(0), staticDomainID(0),
insistentDomainID(1), insistentDomainID(1),
serialPortsAccess(2), serialPortsAccess(2),
physicalPortsAccess(3), physicalPortsAccess(3),
managerRole(4) managerRole(4)
} }
skipping to change at page 128, line 14 skipping to change at page 122, line 14
'physicalPortsAccess' - the Switch allows management 'physicalPortsAccess' - the Switch allows management
through the physical panel when and only when this bit through the physical panel when and only when this bit
is set. is set.
'managerRole' - the Switch is allowed to change 'managerRole' - the Switch is allowed to change
the Fabric Policy configuration (on receipt of any of the the Fabric Policy configuration (on receipt of any of the
EACA, ESFC, EUFC, ACA, SFC, or UFC SW_ILSs) if this bit is EACA, ESFC, EUFC, ACA, SFC, or UFC SW_ILSs) if this bit is
set." set."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.4.1 and table 112." ::= { February 2007, section 7.1.4.1 and table 112."
t11FcSpPoNaSwMembEntry 3 } ::= { t11FcSpPoNaSwMembEntry 3 }
t11FcSpPoNaSwMembDomainID OBJECT-TYPE t11FcSpPoNaSwMembDomainID OBJECT-TYPE
SYNTAX FcDomainIdOrZero SYNTAX FcDomainIdOrZero
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Domain_ID to be used when either the 'staticDomainID' "The Domain_ID to be used when either the 'staticDomainID'
bit or the 'insistentDomainID' bit is set in the bit or the 'insistentDomainID' bit is set in the
corresponding value of t11FcSpPoNaSwMembFlags." corresponding value of t11FcSpPoNaSwMembFlags."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and tables 111 and 112." February 2007, section 7.1.4.1 and tables 111 and 112."
::= { t11FcSpPoNaSwMembEntry 4 } ::= { t11FcSpPoNaSwMembEntry 4 }
t11FcSpPoNaSwMembPolicyDataRole OBJECT-TYPE t11FcSpPoNaSwMembPolicyDataRole OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
client(1), client(1),
autonomous(2), autonomous(2),
server(3) server(3)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
skipping to change at page 129, line 20 skipping to change at page 123, line 20
This is the same as 'client' except that if FC-SP Zoning This is the same as 'client' except that if FC-SP Zoning
is used, an Autonomous Switch maintains a complete copy is used, an Autonomous Switch maintains a complete copy
of the Fabric Zoning Database. of the Fabric Zoning Database.
'server' - the Switch operates as a Server Switch. 'server' - the Switch operates as a Server Switch.
A Server Switch maintains all Fabric-wide List Objects A Server Switch maintains all Fabric-wide List Objects
and the Switch Connectivity Objects of each Switch in and the Switch Connectivity Objects of each Switch in
the Fabric. If FC-SP Zoning is used, a Server Switch the Fabric. If FC-SP Zoning is used, a Server Switch
maintains a complete copy of the Fabric Zoning Database." maintains a complete copy of the Fabric Zoning Database."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 113." February 2007, section 7.1.4.1 and table 113."
::= { t11FcSpPoNaSwMembEntry 5 } ::= { t11FcSpPoNaSwMembEntry 5 }
t11FcSpPoNaSwMembAuthBehaviour OBJECT-TYPE t11FcSpPoNaSwMembAuthBehaviour OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
mustAuthenticate(0), mustAuthenticate(0),
rejectIsFailure(1) rejectIsFailure(1)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authentication behaviour of the Switch: "The authentication behaviour of the Switch:
'mustAuthenticate' - if this bit is set, all connections 'mustAuthenticate' - if this bit is set, all connections
between this Switch and neighbour Switches must be between this Switch and neighbour Switches must be
authenticated. authenticated.
'rejectIsFailure' - if this bit is set, the rejection of 'rejectIsFailure' - if this bit is set, the rejection of
an AUTH_Negotiate message must be considered as an an AUTH_Negotiate message must be considered as an
authentication failure by this Switch." authentication failure by this Switch."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 114." February 2007, section 7.1.4.1 and table 114."
::= { t11FcSpPoNaSwMembEntry 6 } ::= { t11FcSpPoNaSwMembEntry 6 }
t11FcSpPoNaSwMembAttribute OBJECT-TYPE t11FcSpPoNaSwMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Attribute Policy Object which "The name of a non-active Attribute Policy Object which
is defined for this Switch. The zero-length string is defined for this Switch. The zero-length string
indicates that no non-active Attribute Policy Object is indicates that no non-active Attribute Policy Object is
defined for this Switch. defined for this Switch.
The effect of having no rows in the t11FcSpPoNaAttribTable The effect of having no rows in the t11FcSpPoNaAttribTable
for which the value of t11FcSpPoNaAttribName is the for which the value of t11FcSpPoNaAttribName is the
same as the value of this object, is the same as same as the value of this object, is the same as
this object's value being the zero-length string." this object's value being the zero-length string."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoNaSwMembEntry 7 } ::= { t11FcSpPoNaSwMembEntry 7 }
t11FcSpPoNaSwMembRowStatus OBJECT-TYPE t11FcSpPoNaSwMembRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time. within the row can be modified at any time.
skipping to change at page 132, line 14 skipping to change at page 126, line 14
} }
t11FcSpPoNaNoMembListName OBJECT-TYPE t11FcSpPoNaNoMembListName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the non-active Node Membership List Object." "The name of the non-active Node Membership List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNaNoMembEntry 1 } ::= { t11FcSpPoNaNoMembEntry 1 }
t11FcSpPoNaNoMembNodeNameType OBJECT-TYPE t11FcSpPoNaNoMembNodeNameType OBJECT-TYPE
SYNTAX T11FcSpPolicyNameType { SYNTAX T11FcSpPolicyNameType {
nodeName(1), nodeName(1),
restrictedNodeName(2), restrictedNodeName(2),
portName(3), portName(3),
restrictedPortName(4), restrictedPortName(4),
wildcard(5), wildcard(5),
restrictedWildcard(6) restrictedWildcard(6)
skipping to change at page 132, line 47 skipping to change at page 126, line 47
in the active Node Membership List Object. A Node is in the active Node Membership List Object. A Node is
identified by its Node Name or by one or more of its Port identified by its Node Name or by one or more of its Port
Names. Names.
Restricted membership means that a Node is not allowed to be Restricted membership means that a Node is not allowed to be
connected to the Fabric unless allowed by a specific Switch connected to the Fabric unless allowed by a specific Switch
Connectivity Object. Unrestricted membership means that a Connectivity Object. Unrestricted membership means that a
Node is allowed to be connected to the Fabric unless Node is allowed to be connected to the Fabric unless
disallowed by a specific Switch Connectivity Object." disallowed by a specific Switch Connectivity Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNaNoMembEntry 2 } ::= { t11FcSpPoNaNoMembEntry 2 }
t11FcSpPoNaNoMembNodeName OBJECT-TYPE t11FcSpPoNaNoMembNodeName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of t11FcSpPoNaNoMembNodeNameType is "If the value of t11FcSpPoNaNoMembNodeNameType is
'wildcard' or 'restrictedWildcard', this object has the 'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h. value '0000000000000000'h.
Otherwise, the combination of t11FcSpPoNaNoMembNodeNameType Otherwise, the combination of t11FcSpPoNaNoMembNodeNameType
and this object specify the name of this Node Entry is the and this object specify the name of this Node Entry is the
active Node Membership List Object." active Node Membership List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNaNoMembEntry 3 } ::= { t11FcSpPoNaNoMembEntry 3 }
t11FcSpPoNaNoMembFlags OBJECT-TYPE t11FcSpPoNaNoMembFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
scsiEnclosureAccess(0), scsiEnclosureAccess(0),
authenticationRequired(1) authenticationRequired(1)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 133, line 44 skipping to change at page 127, line 44
'scsiEnclosureAccess' - the Node is allowed to 'scsiEnclosureAccess' - the Node is allowed to
control any Switch through SCSI Enclosure Services if this control any Switch through SCSI Enclosure Services if this
bit is set. If a Switch does not support SCSI Enclosure bit is set. If a Switch does not support SCSI Enclosure
Services, this bit is ignored. Services, this bit is ignored.
'authenticationRequired' - the Node is required to 'authenticationRequired' - the Node is required to
authenticate itself to any Switch to which it is connected authenticate itself to any Switch to which it is connected
if and only if this bit is set." if and only if this bit is set."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.4.1 and table 118." February 2007, section 7.1.4.1 and table 118."
::= { t11FcSpPoNaNoMembEntry 4 } ::= { t11FcSpPoNaNoMembEntry 4 }
t11FcSpPoNaNoMembCtAccessIndex OBJECT-TYPE t11FcSpPoNaNoMembCtAccessIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of this object is zero, then access by this "If the value of this object is zero, then access by this
Node to Generic Services is not limited by a Common Node to Generic Services is not limited by a Common
Transport Access Specifier. Transport Access Specifier.
Otherwise, the limits are specified by the set of Common Otherwise, the limits are specified by the set of Common
Transport Access Descriptors contained in those rows of Transport Access Descriptors contained in those rows of
the t11FcSpPoNaCtDescrTable for which the value of the t11FcSpPoNaCtDescrTable for which the value of
t11FcSpPoNaCtDescrSpecifierIndex is the same as the value t11FcSpPoNaCtDescrSpecifierIndex is the same as the value
of this object. No such rows in t11FcSpPoNaCtDescrTable of this object. No such rows in t11FcSpPoNaCtDescrTable
has the same effect as this object's value being zero." has the same effect as this object's value being zero."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.4.1 and tables 118/119/120/121." section 7.1.4.1 and tables 118/119/120/121."
::= { t11FcSpPoNaNoMembEntry 5 } ::= { t11FcSpPoNaNoMembEntry 5 }
t11FcSpPoNaNoMembAttribute OBJECT-TYPE t11FcSpPoNaNoMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Attribute Policy Object which "The name of a non-active Attribute Policy Object which
is defined for this Node. The zero-length string indicates is defined for this Node. The zero-length string indicates
that no non-active Attribute Policy Object is defined for that no non-active Attribute Policy Object is defined for
this Node. this Node.
The effect of having no rows in the t11FcSpPoNaAttribTable The effect of having no rows in the t11FcSpPoNaAttribTable
for which the value of t11FcSpPoNaAttribName is the for which the value of t11FcSpPoNaAttribName is the
same as the value of this object, is the same as same as the value of this object, is the same as
this object's value being the zero-length string." this object's value being the zero-length string."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNaNoMembEntry 6 } ::= { t11FcSpPoNaNoMembEntry 6 }
t11FcSpPoNaNoMembRowStatus OBJECT-TYPE t11FcSpPoNaNoMembRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time." within the row can be modified at any time."
::= { t11FcSpPoNaNoMembEntry 7 } ::= { t11FcSpPoNaNoMembEntry 7 }
skipping to change at page 135, line 31 skipping to change at page 129, line 31
A Common Transport Access Specifier is a list of Common A Common Transport Access Specifier is a list of Common
Transport Access Descriptors which specify whether a Node Transport Access Descriptors which specify whether a Node
is allowed to access a Generic Service or Sub-Server. is allowed to access a Generic Service or Sub-Server.
A non-active Common Transport Access Specifier is A non-active Common Transport Access Specifier is
represented by all rows of this table which have the same represented by all rows of this table which have the same
values of fcmInstanceIndex, t11FcSpPoFabricIndex, and values of fcmInstanceIndex, t11FcSpPoFabricIndex, and
t11FcSpPoNaCtDescrSpecifierIndex." t11FcSpPoNaCtDescrSpecifierIndex."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.5" February 2007, section 7.1.5"
::= { t11FcSpPoNonActive 5 } ::= { t11FcSpPoNonActive 5 }
t11FcSpPoNaCtDescrEntry OBJECT-TYPE t11FcSpPoNaCtDescrEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaCtDescrEntry SYNTAX T11FcSpPoNaCtDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Common Transport "Each entry contains information about one Common Transport
Access Descriptor of an non-active Common Transport Access Access Descriptor of an non-active Common Transport Access
Specifier used within the Fabric identified by Specifier used within the Fabric identified by
skipping to change at page 137, line 22 skipping to change at page 131, line 22
must not also be set. must not also be set.
- gsSubTypeWildcard -- if this bit is set, the Generic - gsSubTypeWildcard -- if this bit is set, the Generic
Service to be allowed/denied is specified by the value of Service to be allowed/denied is specified by the value of
t11FcSpPoNaCtDescrGsSubType, and the gsTypeWildcard bit t11FcSpPoNaCtDescrGsSubType, and the gsTypeWildcard bit
must not also be set. must not also be set.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set then access is to be
granted only for reading." granted only for reading."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.5.1, and tables 117, 118, and 120." section 7.1.5.1, and tables 117, 118, and 120."
::= { t11FcSpPoNaCtDescrEntry 3 } ::= { t11FcSpPoNaCtDescrEntry 3 }
t11FcSpPoNaCtDescrGsType OBJECT-TYPE t11FcSpPoNaCtDescrGsType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1)) SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The GS_Type of the Generic Service (e.g., the FC-GS-5 "The GS_Type of the Generic Service (e.g., the FC-GS-5
Management Service) which is subject to access control. Management Service) which is subject to access control.
This value is ignored if the gsTypeWildcard bit is not set This value is ignored if the gsTypeWildcard bit is not set
in the corresponding value of t11FcSpPoNaCtDescrFlags." in the corresponding value of t11FcSpPoNaCtDescrFlags."
REFERENCE REFERENCE
"- ANSI INCITS 427-2006, "- ANSI INCITS 427-2006,
Fibre Channel - Generic Services-5 (FC-GS-5), Fibre Channel - Generic Services-5 (FC-GS-5),
section 4.3.2.4. section 4.3.2.4.
- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.5.1 and table 120." February 2007, section 7.1.5.1 and table 120."
::= { t11FcSpPoNaCtDescrEntry 4 } ::= { t11FcSpPoNaCtDescrEntry 4 }
t11FcSpPoNaCtDescrGsSubType OBJECT-TYPE t11FcSpPoNaCtDescrGsSubType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1)) SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The GS_Subtype of the Generic Server (e.g., the Fabric Zone "The GS_Subtype of the Generic Server (e.g., the Fabric Zone
Server) which is subject to access control. This value is Server) which is subject to access control. This value is
ignored if the gsSubTypeWildcard bit is not set in the ignored if the gsSubTypeWildcard bit is not set in the
corresponding value of t11FcSpPoNaCtDescrFlags." corresponding value of t11FcSpPoNaCtDescrFlags."
REFERENCE REFERENCE
"- ANSI INCITS 427-2006, "- ANSI INCITS 427-2006,
Fibre Channel - Generic Services-5 (FC-GS-5), Fibre Channel - Generic Services-5 (FC-GS-5),
section 4.3.2.5. section 4.3.2.5.
- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.5.1 and table 120." February 2007, section 7.1.5.1 and table 120."
::= { t11FcSpPoNaCtDescrEntry 5 } ::= { t11FcSpPoNaCtDescrEntry 5 }
t11FcSpPoNaCtDescrRowStatus OBJECT-TYPE t11FcSpPoNaCtDescrRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time." within the row can be modified at any time."
::= { t11FcSpPoNaCtDescrEntry 6 } ::= { t11FcSpPoNaCtDescrEntry 6 }
skipping to change at page 138, line 41 skipping to change at page 132, line 41
SYNTAX SEQUENCE OF T11FcSpPoNaSwConnEntry SYNTAX SEQUENCE OF T11FcSpPoNaSwConnEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of non-active Switch Connectivity Objects. "A table of non-active Switch Connectivity Objects.
A Switch Connectivity Object defines to which other A Switch Connectivity Object defines to which other
Switches or Nodes a particular Switch may/may not be Switches or Nodes a particular Switch may/may not be
connected at the Node level and/or at the Port level." connected at the Node level and/or at the Port level."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.6." February 2007, section 7.1.6."
::= { t11FcSpPoNonActive 6 } ::= { t11FcSpPoNonActive 6 }
t11FcSpPoNaSwConnEntry OBJECT-TYPE t11FcSpPoNaSwConnEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaSwConnEntry SYNTAX T11FcSpPoNaSwConnEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains the name of a Switch/Node with which "Each entry contains the name of a Switch/Node with which
any port of a particular Switch on a particular Fabric, or any port of a particular Switch on a particular Fabric, or
a particular port on that Switch, is allowed or not allowed a particular port on that Switch, is allowed or not allowed
skipping to change at page 139, line 44 skipping to change at page 133, line 44
} }
t11FcSpPoNaSwConnSwitchName OBJECT-TYPE t11FcSpPoNaSwConnSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the Switch for which this Switch Connectivity "The name of the Switch for which this Switch Connectivity
Object specifies topology restrictions." Object specifies topology restrictions."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.6.1 and table 123." February 2007, section 7.1.6.1 and table 123."
::= { t11FcSpPoNaSwConnEntry 1 } ::= { t11FcSpPoNaSwConnEntry 1 }
t11FcSpPoNaSwConnAllowedType OBJECT-TYPE t11FcSpPoNaSwConnAllowedType OBJECT-TYPE
SYNTAX INTEGER { switch(1), node(2) } SYNTAX INTEGER { switch(1), node(2) }
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies whether this row refers to an "This object specifies whether this row refers to an
'Allowed Switch' which concerns Switch-to-Switch 'Allowed Switch' which concerns Switch-to-Switch
connectivity, or an 'Allowed Node' which concerns connectivity, or an 'Allowed Node' which concerns
Switch-to-Node connectivity. Consequently, this object's Switch-to-Node connectivity. Consequently, this object's
value indicates whether the corresponding instance of value indicates whether the corresponding instance of
t11FcSpPoNaSwConnAllowedName specifies the name of a Switch t11FcSpPoNaSwConnAllowedName specifies the name of a Switch
or the name of a Node." or the name of a Node."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.6.1 and table 123." February 2007, section 7.1.6.1 and table 123."
::= { t11FcSpPoNaSwConnEntry 2 } ::= { t11FcSpPoNaSwConnEntry 2 }
t11FcSpPoNaSwConnPortNameOrAll OBJECT-TYPE t11FcSpPoNaSwConnPortNameOrAll OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE(0 | 8)) SYNTAX FcNameIdOrZero (SIZE(0 | 8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies either the particular port on which "This object specifies either the particular port on which
this topology restriction applies, or if the value is the this topology restriction applies, or if the value is the
zero-length string, that the topology restriction applies zero-length string, that the topology restriction applies
to all ports of the Switch. to all ports of the Switch.
In other words, if this object's value contains the name of In other words, if this object's value contains the name of
a port, then this row represents a 'Port Connectivity Entry' a port, then this row represents a 'Port Connectivity Entry'
(as described in FC-SP) within a Switch Connectivity Object." (as described in FC-SP) within a Switch Connectivity Object."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.6.1 and tables 123/124." February 2007, section 7.1.6.1 and tables 123/124."
::= { t11FcSpPoNaSwConnEntry 3 } ::= { t11FcSpPoNaSwConnEntry 3 }
t11FcSpPoNaSwConnAllowedIndex OBJECT-TYPE t11FcSpPoNaSwConnAllowedIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When multiple rows in this table refer to different "When multiple rows in this table refer to different
'Allowed Switches' or to different 'Allowed Nodes' for the 'Allowed Switches' or to different 'Allowed Nodes' for the
same port(s) in the same Switch Connectivity Object, this same port(s) in the same Switch Connectivity Object, this
skipping to change at page 141, line 34 skipping to change at page 135, line 34
Otherwise, the combination of Otherwise, the combination of
t11FcSpPoNaSwConnAllowedNameType and t11FcSpPoNaSwConnAllowedNameType and
t11FcSpPoNaSwConnAllowedName specify the name of: t11FcSpPoNaSwConnAllowedName specify the name of:
- a Switch (if t11FcSpPoNaSwConnAllowedType = 'switch'), or - a Switch (if t11FcSpPoNaSwConnAllowedType = 'switch'), or
- a Node (if t11FcSpPoNaSwConnAllowedType = 'node') - a Node (if t11FcSpPoNaSwConnAllowedType = 'node')
to which connectivity is allowed/not allowed." to which connectivity is allowed/not allowed."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.6.1 and tables 123/124." February 2007, section 7.1.6.1 and tables 123/124."
::= { t11FcSpPoNaSwConnEntry 5 } ::= { t11FcSpPoNaSwConnEntry 5 }
t11FcSpPoNaSwConnAllowedName OBJECT-TYPE t11FcSpPoNaSwConnAllowedName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If t11FcSpPoNaSwConnAllowedNameType has the value "If t11FcSpPoNaSwConnAllowedNameType has the value
'wildcard' or 'restrictedWildcard', this object has the 'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h. value '0000000000000000'h.
Otherwise, the combination of Otherwise, the combination of
t11FcSpPoNaSwConnAllowedNameType and t11FcSpPoNaSwConnAllowedNameType and
t11FcSpPoNaSwConnAllowedName specify the name of: t11FcSpPoNaSwConnAllowedName specify the name of:
- a Switch (if t11FcSpPoNaSwConnAllowedType = 'switch'), or - a Switch (if t11FcSpPoNaSwConnAllowedType = 'switch'), or
- a Node (if t11FcSpPoNaSwConnAllowedType = 'node') - a Node (if t11FcSpPoNaSwConnAllowedType = 'node')
to which connectivity is allowed/not allowed." to which connectivity is allowed/not allowed."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.6.1 and tables 123/124." February 2007, section 7.1.6.1 and tables 123/124."
::= { t11FcSpPoNaSwConnEntry 6 } ::= { t11FcSpPoNaSwConnEntry 6 }
t11FcSpPoNaSwConnRowStatus OBJECT-TYPE t11FcSpPoNaSwConnRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time." within the row can be modified at any time."
::= { t11FcSpPoNaSwConnEntry 7 } ::= { t11FcSpPoNaSwConnEntry 7 }
skipping to change at page 144, line 12 skipping to change at page 138, line 12
t11FcSpPoNaIpMgmtRowStatus RowStatus t11FcSpPoNaIpMgmtRowStatus RowStatus
} }
t11FcSpPoNaIpMgmtListName OBJECT-TYPE t11FcSpPoNaIpMgmtListName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Node Membership List Object." "The name of a non-active Node Membership List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.1.7.1 and table 125." February 2007, section 7.1.7.1 and table 125."
::= { t11FcSpPoNaIpMgmtEntry 1 } ::= { t11FcSpPoNaIpMgmtEntry 1 }
t11FcSpPoNaIpMgmtEntryNameType OBJECT-TYPE t11FcSpPoNaIpMgmtEntryNameType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddressType { ipv4(1), ipv6(2) }
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The combination of t11FcSpPoNaIpMgmtEntryNameType, "The combination of t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtNameLow and t11FcSpPoNaIpMgmtNameHigh t11FcSpPoNaIpMgmtNameLow and t11FcSpPoNaIpMgmtNameHigh
specify the IP Address range of this IP Management specify the IP Address range of this IP Management
Entry in the IP Management List Object. Entry in the IP Management List Object.
The FC-SP specification does not allow this address to The FC-SP specification does not allow this address to
be specified using a DNS domain name, nor does it allow be specified using a DNS domain name, nor does it allow
the specification of zone indexes. Therefore, the the specification of zone indexes. Therefore, the
type of address must be one of: 'ipv4', or 'ipv6'." type of address must be one of: 'ipv4', or 'ipv6'."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
sections 7.1.7.1 and table 126." February 2007, sections 7.1.7.1 and table 126."
::= { t11FcSpPoNaIpMgmtEntry 2 } ::= { t11FcSpPoNaIpMgmtEntry 2 }
t11FcSpPoNaIpMgmtEntryNameLow OBJECT-TYPE t11FcSpPoNaIpMgmtEntryNameLow OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The lower end of an Internet address range. The type "The lower end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoNaIpMgmtEntryNameType. of t11FcSpPoNaIpMgmtEntryNameType.
The combination of t11FcSpPoNaIpMgmtEntryNameType, The combination of t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoNaIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the IP Address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
sections 7.1.7.1 and table 126." February 2007, sections 7.1.7.1 and table 126."
::= { t11FcSpPoNaIpMgmtEntry 3 } ::= { t11FcSpPoNaIpMgmtEntry 3 }
t11FcSpPoNaIpMgmtEntryNameHigh OBJECT-TYPE t11FcSpPoNaIpMgmtEntryNameHigh OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The higher end of an Internet address range. The type "The higher end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoNaIpMgmtEntryNameType. of t11FcSpPoNaIpMgmtEntryNameType.
The combination of t11FcSpPoNaIpMgmtEntryNameType, The combination of t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtNameLow and t11FcSpPoNaIpMgmtNameHigh t11FcSpPoNaIpMgmtNameLow and t11FcSpPoNaIpMgmtNameHigh
specify the IP Address range of this IP Management specify the IP Address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
sections 7.1.7.1 and table 126." February 2007, sections 7.1.7.1 and table 126."
::= { t11FcSpPoNaIpMgmtEntry 4 } ::= { t11FcSpPoNaIpMgmtEntry 4 }
t11FcSpPoNaIpMgmtWkpIndex OBJECT-TYPE t11FcSpPoNaIpMgmtWkpIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object identifies the restrictions for IP management "This object identifies the restrictions for IP management
access by IP hosts in this range of IP addresses. access by IP hosts in this range of IP addresses.
The restrictions are specified as the set of Well Known The restrictions are specified as the set of Well Known
Protocols Access Descriptors contained in those rows of the Protocols Access Descriptors contained in those rows of the
t11FcSpPoNaWkpDescrTable for which the value of t11FcSpPoNaWkpDescrTable for which the value of
t11FcSpPoNaWkpDescrSpecifierIndx is the same as the value t11FcSpPoNaWkpDescrSpecifierIndx is the same as the value
of this object. If there are no such rows or if the value of this object. If there are no such rows or if the value
of this object is zero, then this IP Management Entry does of this object is zero, then this IP Management Entry does
not identify any Well Known Protocols Access restrictions." not identify any Well Known Protocols Access restrictions."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and tables 127/129." February 2007, section 7.1.7.1 and tables 127/129."
::= { t11FcSpPoNaIpMgmtEntry 5 } ::= { t11FcSpPoNaIpMgmtEntry 5 }
t11FcSpPoNaIpMgmtAttribute OBJECT-TYPE t11FcSpPoNaIpMgmtAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Attribute Policy Object which "The name of a non-active Attribute Policy Object which
is defined for this IP Management entry. The zero-length is defined for this IP Management entry. The zero-length
string indicates that no non-active Attribute Policy Object string indicates that no non-active Attribute Policy Object
is defined for it. is defined for it.
The effect of having no rows in the t11FcSpPoNaAttribTable The effect of having no rows in the t11FcSpPoNaAttribTable
for which the value of t11FcSpPoNaAttribName is the same for which the value of t11FcSpPoNaAttribName is the same
as the value of this object, is the same as this object's as the value of this object, is the same as this object's
value being the zero-length string." value being the zero-length string."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 128." February 2007, section 7.1.7.1 and table 128."
::= { t11FcSpPoNaIpMgmtEntry 6 } ::= { t11FcSpPoNaIpMgmtEntry 6 }
t11FcSpPoNaIpMgmtRowStatus OBJECT-TYPE t11FcSpPoNaIpMgmtRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time." within the row can be modified at any time."
::= { t11FcSpPoNaIpMgmtEntry 7 } ::= { t11FcSpPoNaIpMgmtEntry 7 }
skipping to change at page 149, line 14 skipping to change at page 143, line 14
specified by the value of t11FcSpPoNaWkpDescrWkpNumber. specified by the value of t11FcSpPoNaWkpDescrWkpNumber.
- destPortWildcard -- if this bit is set, the Destination - destPortWildcard -- if this bit is set, the Destination
(TCP/UDP) Port number of the Well-Known Protocol to be (TCP/UDP) Port number of the Well-Known Protocol to be
allowed/denied is specified by the value of allowed/denied is specified by the value of
t11FcSpPoNaWkpDescrDestPort. t11FcSpPoNaWkpDescrDestPort.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set then access is to be
granted only for reading." granted only for reading."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 131." February 2007, section 7.1.7.1 and table 131."
::= { t11FcSpPoNaWkpDescrEntry 3 } ::= { t11FcSpPoNaWkpDescrEntry 3 }
t11FcSpPoNaWkpDescrWkpNumber OBJECT-TYPE t11FcSpPoNaWkpDescrWkpNumber OBJECT-TYPE
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the 'wkpWildcard' bit is set in the corresponding "When the 'wkpWildcard' bit is set in the corresponding
instance of t11FcSpPoNaWkpDescrFlags, this object specifies instance of t11FcSpPoNaWkpDescrFlags, this object specifies
the IP protocol number of the Well-Known Protocol." the IP protocol number of the Well-Known Protocol."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 131. February 2007, section 7.1.7.1 and table 131.
- http://www.iana.org/assignments/protocol-numbers." - http://www.iana.org/assignments/protocol-numbers."
::= { t11FcSpPoNaWkpDescrEntry 4 } ::= { t11FcSpPoNaWkpDescrEntry 4 }
t11FcSpPoNaWkpDescrDestPort OBJECT-TYPE t11FcSpPoNaWkpDescrDestPort OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the 'destPortWildcard' bit is set in the corresponding "When the 'destPortWildcard' bit is set in the corresponding
instance of t11FcSpPoNaWkpDescrFlags, this object specifies instance of t11FcSpPoNaWkpDescrFlags, this object specifies
the Destination (TCP/UDP) Port number of the Well-Known the Destination (TCP/UDP) Port number of the Well-Known
Protocol. When the 'destPortWildcard' bit is reset, this Protocol. When the 'destPortWildcard' bit is reset, this
object is ignored (and can have the value zero)." object is ignored (and can have the value zero)."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.7.1 and table 131. February 2007, section 7.1.7.1 and table 131.
- http://www.iana.org/assignments/port-numbers." - http://www.iana.org/assignments/port-numbers."
::= { t11FcSpPoNaWkpDescrEntry 5 } ::= { t11FcSpPoNaWkpDescrEntry 5 }
t11FcSpPoNaWkpDescrRowStatus OBJECT-TYPE t11FcSpPoNaWkpDescrRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time." within the row can be modified at any time."
skipping to change at page 151, line 44 skipping to change at page 145, line 44
} }
t11FcSpPoNaAttribName OBJECT-TYPE t11FcSpPoNaAttribName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the Attribute Policy Object containing one "The name of the Attribute Policy Object containing one
or more Attribute Entries." or more Attribute Entries."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.8.1 and table 133." February 2007, section 7.1.8.1 and table 133."
::= { t11FcSpPoNaAttribEntry 1 } ::= { t11FcSpPoNaAttribEntry 1 }
t11FcSpPoNaAttribEntryIndex OBJECT-TYPE t11FcSpPoNaAttribEntryIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique value to distinguish this Attribute Entry "A unique value to distinguish this Attribute Entry
from other Attribute Entries contained in the same from other Attribute Entries contained in the same
Attribute Policy Object." Attribute Policy Object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.8.1, tables 133/134." February 2007, section 7.1.8.1, tables 133/134."
::= { t11FcSpPoNaAttribEntry 2 } ::= { t11FcSpPoNaAttribEntry 2 }
t11FcSpPoNaAttribPartIndex OBJECT-TYPE t11FcSpPoNaAttribPartIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Entry is shorter than 257 "When the value of an Attribute Entry is shorter than 257
bytes, the whole value is contained in one instance of bytes, the whole value is contained in one instance of
t11FcSpPoNaAttribValue, and the value of this object is 1. t11FcSpPoNaAttribValue, and the value of this object is 1.
If the value of an Attribute Entry is longer than 256 bytes, If the value of an Attribute Entry is longer than 256 bytes,
then that value is divided up on 256 byte boundaries such then that value is divided up on 256 byte boundaries such
that all parts are 256 bytes long except the last part which that all parts are 256 bytes long except the last part which
is shorter if necessary, with each such part contained in is shorter if necessary, with each such part contained in
a separate row of this table, and the value of this object a separate row of this table, and the value of this object
is set to the part number. That is, this object has the is set to the part number. That is, this object has the
value of 1 for bytes 0-255, the value of 2 for bytes value of 1 for bytes 0-255, the value of 2 for bytes
256-511, ... etc." 256-511, ... etc."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.1.8.1, tables 134/135." February 2007, section 7.1.8.1, tables 134/135."
::= { t11FcSpPoNaAttribEntry 3 } ::= { t11FcSpPoNaAttribEntry 3 }
t11FcSpPoNaAttribType OBJECT-TYPE t11FcSpPoNaAttribType OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of attribute. The first type to be defined is: "The type of attribute. The first type to be defined is:
t11FcSpPoNaAttribType t11FcSpPoNaAttribValue t11FcSpPoNaAttribType t11FcSpPoNaAttribValue
=================== ==================== ===================== ======================
'00000001'h The AUTH_Negotiate Message Payload '00000001'h The AUTH_Negotiate Message Payload
" "
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoNaAttribEntry 4 } ::= { t11FcSpPoNaAttribEntry 4 }
t11FcSpPoNaAttribValue OBJECT-TYPE t11FcSpPoNaAttribValue OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Attribute Entry is divided up on 256 byte "The value of an Attribute Entry is divided up on 256 byte
boundaries such that all parts are 256 bytes long except the boundaries such that all parts are 256 bytes long except the
skipping to change at page 153, line 33 skipping to change at page 147, line 35
When the value of the corresponding instance of When the value of the corresponding instance of
t11FcSpPoNaAttribExtension is not zeroDotZero, then the same t11FcSpPoNaAttribExtension is not zeroDotZero, then the same
underlying management data has its value contained both in underlying management data has its value contained both in
this object and in the individual/broken-out parts pointed this object and in the individual/broken-out parts pointed
to by t11FcSpPoNaAttribExtension. Thus, after any to by t11FcSpPoNaAttribExtension. Thus, after any
modification of the underlying management data, e.g., after modification of the underlying management data, e.g., after
a Set operation to the value of either MIB representation, a Set operation to the value of either MIB representation,
then that modification is reflected in the values of both then that modification is reflected in the values of both
MIB representations." MIB representations."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoNaAttribEntry 5 } ::= { t11FcSpPoNaAttribEntry 5 }
t11FcSpPoNaAttribExtension OBJECT-TYPE t11FcSpPoNaAttribExtension OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For some types of Attribute Policy Object, the value of "For some types of Attribute Policy Object, the value of
this MIB object points to type-specific MIB objects which this MIB object points to type-specific MIB objects which
skipping to change at page 155, line 24 skipping to change at page 149, line 24
"A table of Authentication Protocol Identifier and "A table of Authentication Protocol Identifier and
Authentication Protocol Parameters which are embedded in Authentication Protocol Parameters which are embedded in
Attribute Policy Objects being used within non-active Attribute Policy Objects being used within non-active
Policy Objects. Policy Objects.
This table is used for Attribute Entries of Attribute Policy This table is used for Attribute Entries of Attribute Policy
Objects for which the value of t11FcSpPoNaAttribType Objects for which the value of t11FcSpPoNaAttribType
indicates 'AUTH_Negotiate Message Payload' and the value of indicates 'AUTH_Negotiate Message Payload' and the value of
t11FcSpPoNaAttribExtension contains the OID of this table." t11FcSpPoNaAttribExtension contains the OID of this table."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
sections 5.3.2 & 7.1.8.1, tables 134/135 and tables 10/11." February 2007, sections 5.3.2 & 7.1.8.1,
tables 134/135 and tables 10/11."
::= { t11FcSpPoNonActive 10 } ::= { t11FcSpPoNonActive 10 }
t11FcSpPoNaAuthProtEntry OBJECT-TYPE t11FcSpPoNaAuthProtEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaAuthProtEntry SYNTAX T11FcSpPoNaAuthProtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each row contains information about an Authentication "Each row contains information about an Authentication
Protocol which is extracted out of the Attribute Entry Protocol which is extracted out of the Attribute Entry
(identified by t11FcSpPoNaAttribEntryIndex) of the (identified by t11FcSpPoNaAttribEntryIndex) of the
skipping to change at page 156, line 38 skipping to change at page 150, line 40
"The Authentication Protocol Identifier: "The Authentication Protocol Identifier:
1 = DH-CHAP 1 = DH-CHAP
3 = FCPAP 3 = FCPAP
4 = IKEv2 4 = IKEv2
5 = IKEv2-AUTH 5 = IKEv2-AUTH
240 thru 255 = Vendor Specific Protocols 240 thru 255 = Vendor Specific Protocols
all other values are 'Reserved' (by T11)." all other values are 'Reserved' (by T11)."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 5.3.2, table 11." February 2007, section 5.3.2, table 11."
::= { t11FcSpPoNaAuthProtEntry 1 } ::= { t11FcSpPoNaAuthProtEntry 1 }
t11FcSpPoNaAuthProtPartIndex OBJECT-TYPE t11FcSpPoNaAuthProtPartIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Protocol Parameters string "When the value of an Attribute Protocol Parameters string
is shorter than 257 bytes, the whole value is contained in is shorter than 257 bytes, the whole value is contained in
one instance of t11FcSpPoNaAuthProtParams, and the value of one instance of t11FcSpPoNaAuthProtParams, and the value of
skipping to change at page 157, line 18 skipping to change at page 151, line 19
If the value of an Authentication Protocol Parameters string If the value of an Authentication Protocol Parameters string
is longer than 256 bytes, then that value is divided up on is longer than 256 bytes, then that value is divided up on
256 byte boundaries such that all parts are 256 bytes long 256 byte boundaries such that all parts are 256 bytes long
except the last part which is shorter if necessary, with except the last part which is shorter if necessary, with
each such part contained in a separate row of this table, each such part contained in a separate row of this table,
and the value of this object is set to the part number. and the value of this object is set to the part number.
That is, this object has the value of 1 for bytes 0-255, That is, this object has the value of 1 for bytes 0-255,
the value of 2 for bytes 256-511, ... etc." the value of 2 for bytes 256-511, ... etc."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoNaAuthProtEntry 2 } ::= { t11FcSpPoNaAuthProtEntry 2 }
t11FcSpPoNaAuthProtParams OBJECT-TYPE t11FcSpPoNaAuthProtParams OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Authentication Protocol Parameters string "The value of an Authentication Protocol Parameters string
is divided up on 256 byte boundaries such that all parts is divided up on 256 byte boundaries such that all parts
are 256 bytes long except the last part which is shorter are 256 bytes long except the last part which is shorter
if necessary, and each such part is contained in a if necessary, and each such part is contained in a
separate instance of this object." separate instance of this object."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoNaAuthProtEntry 3 } ::= { t11FcSpPoNaAuthProtEntry 3 }
t11FcSpPoNaAuthProtRowStatus OBJECT-TYPE t11FcSpPoNaAuthProtRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
within the row can be modified at any time." within the row can be modified at any time."
::= { t11FcSpPoNaAuthProtEntry 4 } ::= { t11FcSpPoNaAuthProtEntry 4 }
skipping to change at page 158, line 48 skipping to change at page 152, line 48
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Policy Management Requests "The number of FC-SP Policy Management Requests
(e.g., GPS, APS, etc.) received by this FC-SP (e.g., GPS, APS, etc.) received by this FC-SP
Security Policy Server on this Fabric. Security Policy Server on this Fabric.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." which all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.3." February 2007, section 7.3."
::= { t11FcSpPoStatsEntry 1 } ::= { t11FcSpPoStatsEntry 1 }
t11FcSpPoInAccepts OBJECT-TYPE t11FcSpPoInAccepts OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of times that this FC-SP Security Policy Server "The number of times that this FC-SP Security Policy Server
sent an Accept CT_IU on this Fabric in response to a sent an Accept CT_IU on this Fabric in response to a
received FC-SP Policy Management Request (e.g., GPS, APS, received FC-SP Policy Management Request (e.g., GPS, APS,
etc.). etc.).
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." which all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.3." February 2007, section 7.3."
::= { t11FcSpPoStatsEntry 2 } ::= { t11FcSpPoStatsEntry 2 }
t11FcSpPoInRejects OBJECT-TYPE t11FcSpPoInRejects OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of times that this FC-SP Security Policy Server "The number of times that this FC-SP Security Policy Server
sent a Reject CT_IU on this Fabric in response to a sent a Reject CT_IU on this Fabric in response to a
received FC-SP Policy Management Request (e.g., GPS, APS, received FC-SP Policy Management Request (e.g., GPS, APS,
etc.). etc.).
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." which all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 7.3." February 2007, section 7.3."
::= { t11FcSpPoStatsEntry 3 } ::= { t11FcSpPoStatsEntry 3 }
-- --
-- Part 5 - Control Information & Notifications -- Part 5 - Control Information & Notifications
-- --
-- --
-- Control Information -- Control Information
-- --
skipping to change at page 163, line 34 skipping to change at page 157, line 34
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The reason code associated with the failure which is "The reason code associated with the failure which is
indicated when the value of the corresponding instance indicated when the value of the corresponding instance
of t11FcSpPoLastNotifyType is 'activateFail' or of t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. 'deactivateFail'.
For other values of t11FcSpPoLastNotifyType, the value For other values of t11FcSpPoLastNotifyType, the value
of this object is 'none(1)'." of this object is 'none(1)'."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.2 & 7.3.6.3" February 2007, section 7.3.6.2 & 7.3.6.3"
::= { t11FcSpPoControlEntry 5 } ::= { t11FcSpPoControlEntry 5 }
t11FcSpPoCtCommandString OBJECT-TYPE t11FcSpPoCtCommandString OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255)) SYNTAX OCTET STRING (SIZE (0..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The binary content of the failed request which is "The binary content of the failed request which is
indicated when the value of the corresponding instance of indicated when the value of the corresponding instance of
t11FcSpPoLastNotifyType is 'activateFail' or t11FcSpPoLastNotifyType is 'activateFail' or
skipping to change at page 164, line 28 skipping to change at page 158, line 28
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The reason code explanation associated with the failure "The reason code explanation associated with the failure
which is indicated when the value of the corresponding which is indicated when the value of the corresponding
instance of t11FcSpPoLastNotifyType is 'activateFail' or instance of t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. 'deactivateFail'.
For other values of t11FcSpPoLastNotifyType, the value For other values of t11FcSpPoLastNotifyType, the value
of this object is zero." of this object is zero."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.2 & 7.3.6.3" February 2007, section 7.3.6.2 & 7.3.6.3"
::= { t11FcSpPoControlEntry 7 } ::= { t11FcSpPoControlEntry 7 }
t11FcSpPoReasonVendorCode OBJECT-TYPE t11FcSpPoReasonVendorCode OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0 | 1)) SYNTAX OCTET STRING (SIZE (0 | 1))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The vendor-specific reason code associated with the failure "The vendor-specific reason code associated with the failure
which is indicated when the value of the corresponding which is indicated when the value of the corresponding
instance of t11FcSpPoLastNotifyType is 'activateFail' or instance of t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. 'deactivateFail'.
For other values of t11FcSpPoLastNotifyType, or if no For other values of t11FcSpPoLastNotifyType, or if no
vendor-specific reason code is available, the value vendor-specific reason code is available, the value
of this object is the zero-length string." of this object is the zero-length string."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.2 & 7.3.6.3" February 2007, section 7.3.6.2 & 7.3.6.3"
::= { t11FcSpPoControlEntry 8 } ::= { t11FcSpPoControlEntry 8 }
-- --
-- Notification definitions -- Notification definitions
-- --
t11FcSpPoNotifyActivation NOTIFICATION-TYPE t11FcSpPoNotifyActivation NOTIFICATION-TYPE
OBJECTS { t11FcSpPoServerAddress, OBJECTS { t11FcSpPoServerAddress,
t11FcSpPoPolicySummaryObjName, t11FcSpPoPolicySummaryObjName,
t11FcSpPoRequestSource } t11FcSpPoRequestSource }
skipping to change at page 166, line 4 skipping to change at page 160, line 4
fails to complete the execution of an Activate Policy fails to complete the execution of an Activate Policy
Summary request. Summary request.
The value of t11FcSpPoCtCommandString indicates the The value of t11FcSpPoCtCommandString indicates the
rejected request, and the values of t11FcSpPoReasonCode, rejected request, and the values of t11FcSpPoReasonCode,
t11FcSpPoReasonCodeExp and t11FcSpPoReasonVendorCode t11FcSpPoReasonCodeExp and t11FcSpPoReasonVendorCode
indicate the reason for the rejection. The value of indicate the reason for the rejection. The value of
t11FcSpPoRequestSource indicates the source of the t11FcSpPoRequestSource indicates the source of the
request." request."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.2." February 2007, section 7.3.6.2."
::= { t11FcSpPoMIBNotifications 2 } ::= { t11FcSpPoMIBNotifications 2 }
t11FcSpPoNotifyDeactivation NOTIFICATION-TYPE t11FcSpPoNotifyDeactivation NOTIFICATION-TYPE
OBJECTS { t11FcSpPoServerAddress, OBJECTS { t11FcSpPoServerAddress,
t11FcSpPoRequestSource } t11FcSpPoRequestSource }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is generated whenever a Security "This notification is generated whenever a Security
Policy Server (indicated by the value of Policy Server (indicated by the value of
t11FcSpPoServerAddress) successfully completes the t11FcSpPoServerAddress) successfully completes the
execution of a Deactivate Policy Summary request. execution of a Deactivate Policy Summary request.
The value of t11FcSpPoRequestSource indicates The value of t11FcSpPoRequestSource indicates
the source of the DPS request." the source of the DPS request."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 7.3.6.3." February 2007, section 7.3.6.3."
::= { t11FcSpPoMIBNotifications 3 } ::= { t11FcSpPoMIBNotifications 3 }
t11FcSpPoNotifyDeactivateFail NOTIFICATION-TYPE t11FcSpPoNotifyDeactivateFail NOTIFICATION-TYPE
OBJECTS { t11FcSpPoServerAddress, OBJECTS { t11FcSpPoServerAddress,
t11FcSpPoRequestSource, t11FcSpPoRequestSource,
t11FcSpPoCtCommandString, t11FcSpPoCtCommandString,
t11FcSpPoReasonCode, t11FcSpPoReasonCode,
t11FcSpPoReasonCodeExp, t11FcSpPoReasonCodeExp,
t11FcSpPoReasonVendorCode } t11FcSpPoReasonVendorCode }
STATUS current STATUS current
skipping to change at page 176, line 41 skipping to change at page 170, line 41
T11FcSpSecurityProtocolId, T11FcSpSecurityProtocolId,
T11FcRoutingControl, T11FcRoutingControl,
T11FcSaDirection, T11FcSaDirection,
T11FcSpPrecedence, T11FcSpPrecedence,
T11FcSpTransforms FROM T11-FC-SP-TC-MIB; T11FcSpTransforms FROM T11-FC-SP-TC-MIB;
t11FcSpSaMIB MODULE-IDENTITY t11FcSpSaMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200801030000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF's IMSS T11 began the development and the IETF (in
Working Group finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
skipping to change at page 181, line 5 skipping to change at page 175, line 5
::= { t11FcSpSaIfEntry 2 } ::= { t11FcSpSaIfEntry 2 }
t11FcSpSaIfEspHeaderCapab OBJECT-TYPE t11FcSpSaIfEspHeaderCapab OBJECT-TYPE
SYNTAX T11FcSpTransforms SYNTAX T11FcSpTransforms
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of the standardized transforms supported by this "A list of the standardized transforms supported by this
entity on this interface for ESP_Header protection." entity on this interface for ESP_Header protection."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Appendix A.3.1, tables A.23, A.25." February 2007, Appendix A.3.1, tables A.23, A.25."
::= { t11FcSpSaIfEntry 3 } ::= { t11FcSpSaIfEntry 3 }
t11FcSpSaIfCTAuthCapab OBJECT-TYPE t11FcSpSaIfCTAuthCapab OBJECT-TYPE
SYNTAX T11FcSpTransforms SYNTAX T11FcSpTransforms
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of the standardized transforms supported by this "A list of the standardized transforms supported by this
entity on this interface for CT_Authentication protection." entity on this interface for CT_Authentication protection."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Appendix A.3.1, tables A.23, A.25." February 2007, Appendix A.3.1, tables A.23, A.25."
::= { t11FcSpSaIfEntry 4 } ::= { t11FcSpSaIfEntry 4 }
t11FcSpSaIfIKEv2Capab OBJECT-TYPE t11FcSpSaIfIKEv2Capab OBJECT-TYPE
SYNTAX T11FcSpTransforms SYNTAX T11FcSpTransforms
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of the standardized transforms supported by this "A list of the standardized transforms supported by this
entity on this interface with IKEv2 protection." entity on this interface with IKEv2 protection."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, Appendix A.3.1, tables A.23, A.24, A.25, A.26." February 2007, Appendix A.3.1, tables A.23, A.24,
A.25, A.26."
::= { t11FcSpSaIfEntry 5 } ::= { t11FcSpSaIfEntry 5 }
t11FcSpSaIfIkev2AuthCapab OBJECT-TYPE t11FcSpSaIfIkev2AuthCapab OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An indication of whether the entity is capable of "An indication of whether the entity is capable of
supporting the IKEv2-AUTH protocol on this interface, i.e., supporting the IKEv2-AUTH protocol on this interface, i.e.,
concatenation of Authentication and SA Management concatenation of Authentication and SA Management
Transactions, such that an SA Management Transaction is Transactions, such that an SA Management Transaction is
used to perform both the authentication function and used to perform both the authentication function and
SA management." SA management."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Fibre Channel - Security Protocols (FC-SP),
section 6.7.2, and table A.27." February 2007, section 6.7.2, and table A.27."
::= { t11FcSpSaIfEntry 6 } ::= { t11FcSpSaIfEntry 6 }
t11FcSpSaIfStorageType OBJECT-TYPE t11FcSpSaIfStorageType OBJECT-TYPE
SYNTAX StorageType SYNTAX StorageType
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies the memory realization of "This object specifies the memory realization of
information related to FC-SP Security Associations information related to FC-SP Security Associations
for interface(s) to a particular Fabric; specifically, for interface(s) to a particular Fabric; specifically,
skipping to change at page 182, line 37 skipping to change at page 176, line 38
this MIB module for interface(s) to the given Fabric this MIB module for interface(s) to the given Fabric
need to be writable." need to be writable."
::= { t11FcSpSaIfEntry 7 } ::= { t11FcSpSaIfEntry 7 }
t11FcSpSaIfReplayPrevention OBJECT-TYPE t11FcSpSaIfReplayPrevention OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether anti-replay protection is "This object indicates whether anti-replay protection is
enabled for frame reception on this interface." enabled for frame reception on this interface.
Note that the replay-protection mechanism in FC-SP is
conceptually similar to the corresponding mechanism in
IPsec ESP."
REFERENCE REFERENCE
"IP Encapsulating Security Payload (ESP), "IP Encapsulating Security Payload (ESP),
RFC 4303, December 2005, section 3.3.3." RFC 4303, December 2005, section 3.3.3."
::= { t11FcSpSaIfEntry 8 } ::= { t11FcSpSaIfEntry 8 }
t11FcSpSaIfReplayWindowSize OBJECT-TYPE t11FcSpSaIfReplayWindowSize OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The size of the replay window to be used when "The size of the replay window to be used when
anti-replay protection is enabled for frame reception anti-replay protection is enabled for frame reception
on this interface." on this interface.
Note that the replay-protection mechanism in FC-SP is
conceptually similar to the corresponding mechanism in
IPsec ESP."
REFERENCE REFERENCE
"IP Encapsulating Security Payload (ESP), "IP Encapsulating Security Payload (ESP),
RFC 4303, December 2005, section 3.4.3." RFC 4303, December 2005, section 3.4.3."
::= { t11FcSpSaIfEntry 9 } ::= { t11FcSpSaIfEntry 9 }
t11FcSpSaIfDeadPeerDetections OBJECT-TYPE t11FcSpSaIfDeadPeerDetections OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of times that a dead peer condition has been "The number of times that a dead peer condition has been
detected on this interface. detected on this interface.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." which all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 8.5.3.3." February 2007, section 8.5.3.3."
::= { t11FcSpSaIfEntry 10 } ::= { t11FcSpSaIfEntry 10 }
t11FcSpSaIfTerminateAllSas OBJECT-TYPE t11FcSpSaIfTerminateAllSas OBJECT-TYPE
SYNTAX INTEGER { noop(1), terminate(2) } SYNTAX INTEGER { noop(1), terminate(2) }
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Setting this object to 'terminate' is a request to "Setting this object to 'terminate' is a request to
terminate all outsanding Security Associations on this terminate all outstanding Security Associations on this
interface. interface.
When read, the value of this object is always 'noop'. When read, the value of this object is always 'noop'.
Setting this object to 'noop' has no effect." Setting this object to 'noop' has no effect."
::= { t11FcSpSaIfEntry 11 } ::= { t11FcSpSaIfEntry 11 }
t11FcSpSaIfOutDrops OBJECT-TYPE t11FcSpSaIfOutDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
skipping to change at page 188, line 26 skipping to change at page 182, line 34
t11FcSpSaPropSecurityProt OBJECT-TYPE t11FcSpSaPropSecurityProt OBJECT-TYPE
SYNTAX T11FcSpSecurityProtocolId SYNTAX T11FcSpSecurityProtocolId
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Security Protocol identifier for this proposal, i.e., "The Security Protocol identifier for this proposal, i.e.,
whether the proposal is for traffic to be protected using whether the proposal is for traffic to be protected using
ESP_Header or CT_Authentication." ESP_Header or CT_Authentication."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.3.2.2 and table 67." February 2007, section 6.3.2.2 and table 67."
::= { t11FcSpSaPropEntry 2 } ::= { t11FcSpSaPropEntry 2 }
t11FcSpSaPropTSelListIndex OBJECT-TYPE t11FcSpSaPropTSelListIndex OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of this object is non-zero, it points "When the value of this object is non-zero, it points
to the proposal's list of Traffic Selectors. The value to the proposal's list of Traffic Selectors. The value
must be non-zero in an active row of this table. must be non-zero in an active row of this table.
skipping to change at page 191, line 18 skipping to change at page 185, line 18
t11FcSpSaTSelPropTable OBJECT-TYPE t11FcSpSaTSelPropTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpSaTSelPropEntry SYNTAX SEQUENCE OF T11FcSpSaTSelPropEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table containing information about Traffic Selectors "A table containing information about Traffic Selectors
to propose and/or to accept during the negotiation of to propose and/or to accept during the negotiation of
Security Associations." Security Associations."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5. February 2007, section 6.4.5.
- Use of IKEv2 in FC-SP, RFC 4595, - Use of IKEv2 in FC-SP, RFC 4595,
July 2006, section 4.4." July 2006, section 4.4."
::= { t11FcSpSaConfig 2 } ::= { t11FcSpSaConfig 2 }
t11FcSpSaTSelPropEntry OBJECT-TYPE t11FcSpSaTSelPropEntry OBJECT-TYPE
SYNTAX T11FcSpSaTSelPropEntry SYNTAX T11FcSpSaTSelPropEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Traffic "Each entry contains information about one Traffic
skipping to change at page 193, line 21 skipping to change at page 187, line 21
t11FcSpSaTSelPropStartSrcAddr OBJECT-TYPE t11FcSpSaTSelPropStartSrcAddr OBJECT-TYPE
SYNTAX FcAddressIdOrZero (SIZE (3)) SYNTAX FcAddressIdOrZero (SIZE (3))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically smallest 24-bit value of a source address "The numerically smallest 24-bit value of a source address
(S_ID) of a frame which will match with this Traffic (S_ID) of a frame which will match with this Traffic
Selector." Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { '000000'h } DEFVAL { '000000'h }
::= { t11FcSpSaTSelPropEntry 4 } ::= { t11FcSpSaTSelPropEntry 4 }
t11FcSpSaTSelPropEndSrcAddr OBJECT-TYPE t11FcSpSaTSelPropEndSrcAddr OBJECT-TYPE
SYNTAX FcAddressIdOrZero (SIZE (3)) SYNTAX FcAddressIdOrZero (SIZE (3))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically largest 24-bit value of a source address "The numerically largest 24-bit value of a source address
(S_ID) of a frame which will match with this Traffic (S_ID) of a frame which will match with this Traffic
Selector." Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { 'FFFFFF'h } DEFVAL { 'FFFFFF'h }
::= { t11FcSpSaTSelPropEntry 5 } ::= { t11FcSpSaTSelPropEntry 5 }
t11FcSpSaTSelPropStartDstAddr OBJECT-TYPE t11FcSpSaTSelPropStartDstAddr OBJECT-TYPE
SYNTAX FcAddressIdOrZero (SIZE (3)) SYNTAX FcAddressIdOrZero (SIZE (3))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically smallest 24-bit value of a destination "The numerically smallest 24-bit value of a destination
address (D_ID) of a frame which will match with this address (D_ID) of a frame which will match with this
Traffic Selector." Traffic Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { '000000'h } DEFVAL { '000000'h }
::= { t11FcSpSaTSelPropEntry 6 } ::= { t11FcSpSaTSelPropEntry 6 }
t11FcSpSaTSelPropEndDstAddr OBJECT-TYPE t11FcSpSaTSelPropEndDstAddr OBJECT-TYPE
SYNTAX FcAddressIdOrZero (SIZE (3)) SYNTAX FcAddressIdOrZero (SIZE (3))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically largest 24-bit value of a destination "The numerically largest 24-bit value of a destination
address (D_ID) of a frame which will match with this address (D_ID) of a frame which will match with this
Traffic Selector." Traffic Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { 'FFFFFF'h } DEFVAL { 'FFFFFF'h }
::= { t11FcSpSaTSelPropEntry 7 } ::= { t11FcSpSaTSelPropEntry 7 }
t11FcSpSaTSelPropStartRCtl OBJECT-TYPE t11FcSpSaTSelPropStartRCtl OBJECT-TYPE
SYNTAX T11FcRoutingControl SYNTAX T11FcRoutingControl
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically smallest 8-bit value contained within a "The numerically smallest 8-bit value contained within a
Routing Control (R_CTL) field of a frame which will match Routing Control (R_CTL) field of a frame which will match
with this Traffic Selector." with this Traffic Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { '00'h } DEFVAL { '00'h }
::= { t11FcSpSaTSelPropEntry 8 } ::= { t11FcSpSaTSelPropEntry 8 }
t11FcSpSaTSelPropEndRCtl OBJECT-TYPE t11FcSpSaTSelPropEndRCtl OBJECT-TYPE
SYNTAX T11FcRoutingControl SYNTAX T11FcRoutingControl
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically largest 8-bit value contained within a "The numerically largest 8-bit value contained within a
Routing Control (R_CTL) field of a frame which will match Routing Control (R_CTL) field of a frame which will match
with this Traffic Selector." with this Traffic Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { 'FF'h } DEFVAL { 'FF'h }
::= { t11FcSpSaTSelPropEntry 9 } ::= { t11FcSpSaTSelPropEntry 9 }
t11FcSpSaTSelPropStartType OBJECT-TYPE t11FcSpSaTSelPropStartType OBJECT-TYPE
SYNTAX T11FcSpType SYNTAX T11FcSpType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically smallest of a range of possible 'type' "The numerically smallest of a range of possible 'type'
values of frames which will match with this Traffic values of frames which will match with this Traffic
Selector." Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { '0000'h } DEFVAL { '0000'h }
::= { t11FcSpSaTSelPropEntry 10 } ::= { t11FcSpSaTSelPropEntry 10 }
t11FcSpSaTSelPropEndType OBJECT-TYPE t11FcSpSaTSelPropEndType OBJECT-TYPE
SYNTAX T11FcSpType SYNTAX T11FcSpType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The numerically largest of a range of possible 'type' "The numerically largest of a range of possible 'type'
values of frames which will match with this Traffic values of frames which will match with this Traffic
Selector." Selector."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.4.5." February 2007, section 6.4.5."
DEFVAL { 'FFFF'h } DEFVAL { 'FFFF'h }
::= { t11FcSpSaTSelPropEntry 11 } ::= { t11FcSpSaTSelPropEntry 11 }
t11FcSpSaTSelPropStorageType OBJECT-TYPE t11FcSpSaTSelPropStorageType OBJECT-TYPE
SYNTAX StorageType SYNTAX StorageType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies the memory realization of "This object specifies the memory realization of
the information in this row. the information in this row.
skipping to change at page 198, line 19 skipping to change at page 192, line 19
t11FcSpSaTransSecurityProt OBJECT-TYPE t11FcSpSaTransSecurityProt OBJECT-TYPE
SYNTAX T11FcSpSecurityProtocolId SYNTAX T11FcSpSecurityProtocolId
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Security Protocol identifier which indicates "The Security Protocol identifier which indicates
whether this transform is for traffic to be protected whether this transform is for traffic to be protected
using ESP_Header or using CT_Authentication." using ESP_Header or using CT_Authentication."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.3.2.2 and table 67." February 2007, section 6.3.2.2 and table 67."
::= { t11FcSpSaTransEntry 3 } ::= { t11FcSpSaTransEntry 3 }
t11FcSpSaTransEncryptAlg OBJECT-TYPE t11FcSpSaTransEncryptAlg OBJECT-TYPE
SYNTAX AutonomousType SYNTAX AutonomousType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Encryption Algorithm for this transform." "The Encryption Algorithm for this transform."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.3.2.3 and tables 69 & 70." February 2007, section 6.3.2.3 and tables 69 & 70."
::= { t11FcSpSaTransEntry 4 } ::= { t11FcSpSaTransEntry 4 }
t11FcSpSaTransEncryptKeyLen OBJECT-TYPE t11FcSpSaTransEncryptKeyLen OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The key length in bits to be used with an encryption "The key length in bits to be used with an encryption
algorithm which has a variable length key. This object algorithm which has a variable length key. This object
is ignored when the corresponding instance of is ignored when the corresponding instance of
t11FcSpSaTransEncryptAlg specifies an algorithm with a t11FcSpSaTransEncryptAlg specifies an algorithm with a
fixed length key." fixed length key."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.3.2.5 and table 77." February 2007, section 6.3.2.5 and table 77."
::= { t11FcSpSaTransEntry 5 } ::= { t11FcSpSaTransEntry 5 }
t11FcSpSaTransIntegrityAlg OBJECT-TYPE t11FcSpSaTransIntegrityAlg OBJECT-TYPE
SYNTAX AutonomousType SYNTAX AutonomousType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Integrity Algorithm for this transform." "The Integrity Algorithm for this transform."
REFERENCE REFERENCE
"INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, section 6.3.2.3 and tables 69 & 72." February 2007, section 6.3.2.3 and tables 69 & 72."
::= { t11FcSpSaTransEntry 6 } ::= { t11FcSpSaTransEntry 6 }
t11FcSpSaTransStorageType OBJECT-TYPE t11FcSpSaTransStorageType OBJECT-TYPE
SYNTAX StorageType SYNTAX StorageType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies the memory realization of "This object specifies the memory realization of
the information in this row. the information in this row.
skipping to change at page 200, line 18 skipping to change at page 194, line 18
t11FcSpSaTSelDrByTable OBJECT-TYPE t11FcSpSaTSelDrByTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpSaTSelDrByEntry SYNTAX SEQUENCE OF T11FcSpSaTSelDrByEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table containing Traffic Selectors to select which "A table containing Traffic Selectors to select which
traffic is to be dropped or is to bypass further traffic is to be dropped or is to bypass further
security processing." security processing."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, sections 4.6, 4.7, and 6.4.5. February 2007, sections 4.6, 4.7, and 6.4.5.
- Use of IKEv2 in FC-SP, RFC 4595, - Use of IKEv2 in FC-SP, RFC 4595,
July 2006, section 4.4." July 2006, section 4.4."
::= { t11FcSpSaConfig 4 } ::= { t11FcSpSaConfig 4 }
t11FcSpSaTSelDrByEntry OBJECT-TYPE t11FcSpSaTSelDrByEntry OBJECT-TYPE
SYNTAX T11FcSpSaTSelDrByEntry SYNTAX T11FcSpSaTSelDrByEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry represents one Traffic Selector having the "Each entry represents one Traffic Selector having the
skipping to change at page 208, line 35 skipping to change at page 202, line 35
t11FcSpSaTSelNegInTable OBJECT-TYPE t11FcSpSaTSelNegInTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpSaTSelNegInEntry SYNTAX SEQUENCE OF T11FcSpSaTSelNegInEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table containing information about ingress Traffic "A table containing information about ingress Traffic
Selectors which are in use on active Security Selectors which are in use on active Security
Associations." Associations."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, sections 4.6, 4.7, and 6.4.5. February 2007, sections 4.6, 4.7, and 6.4.5.
- Use of IKEv2 in FC-SP, RFC 4595, - Use of IKEv2 in FC-SP, RFC 4595,
July 2006, section 4.4." July 2006, section 4.4."
::= { t11FcSpSaActive 2 } ::= { t11FcSpSaActive 2 }
t11FcSpSaTSelNegInEntry OBJECT-TYPE t11FcSpSaTSelNegInEntry OBJECT-TYPE
SYNTAX T11FcSpSaTSelNegInEntry SYNTAX T11FcSpSaTSelNegInEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one ingress Traffic "Each entry contains information about one ingress Traffic
skipping to change at page 212, line 20 skipping to change at page 206, line 20
t11FcSpSaTSelNegOutTable OBJECT-TYPE t11FcSpSaTSelNegOutTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpSaTSelNegOutEntry SYNTAX SEQUENCE OF T11FcSpSaTSelNegOutEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table containing information about egress Traffic "A table containing information about egress Traffic
Selectors which are in use on active Security Selectors which are in use on active Security
Associations." Associations."
REFERENCE REFERENCE
"- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
13 June 2006, sections 4.6, 4.7, and 6.4.5. February 2007, sections 4.6, 4.7, and 6.4.5.
- Use of IKEv2 in FC-SP, RFC 4595, - Use of IKEv2 in FC-SP, RFC 4595,
July 2006, section 4.4." July 2006, section 4.4."
::= { t11FcSpSaActive 3 } ::= { t11FcSpSaActive 3 }
t11FcSpSaTSelNegOutEntry OBJECT-TYPE t11FcSpSaTSelNegOutEntry OBJECT-TYPE
SYNTAX T11FcSpSaTSelNegOutEntry SYNTAX T11FcSpSaTSelNegOutEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one egress Traffic "Each entry contains information about one egress Traffic
skipping to change at page 217, line 11 skipping to change at page 211, line 11
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object contains a pointer into another table which "This object contains a pointer into another table which
can be used to obtain more information about this Traffic can be used to obtain more information about this Traffic
Selector. Selector.
If the corresponding instance of t11FcSpSaTSelSpiDirection If the corresponding instance of t11FcSpSaTSelSpiDirection
has the value 'egress', then this object contains the has the value 'egress', then this object contains the
the value of t11FcSpSaTSelNegOutPrecedence in the row of value of t11FcSpSaTSelNegOutPrecedence in the row of
t11FcSpSaTSelNegOutTable which contains more information. t11FcSpSaTSelNegOutTable which contains more information.
If the corresponding instance of t11FcSpSaTSelSpiDirection If the corresponding instance of t11FcSpSaTSelSpiDirection
has the value 'ingress', then this object contains the has the value 'ingress', then this object contains the
value of t11FcSpSaTSelNegInIndex which identifies the row value of t11FcSpSaTSelNegInIndex which identifies the row
in t11FcSpSaTSelNegInTable containing more information." in t11FcSpSaTSelNegInTable containing more information."
::= { t11FcSpSaTSelSpiEntry 4 } ::= { t11FcSpSaTSelSpiEntry 4 }
-- --
-- Notification information & control -- Notification information & control
skipping to change at page 232, line 47 skipping to change at page 226, line 47
T11 Chair: Robert Snively, Brocade T11 Chair: Robert Snively, Brocade
T11 Vice Chair: Claudio DeSanti, Cisco Systems T11 Vice Chair: Claudio DeSanti, Cisco Systems
T11.5 Chair: Roger Cummings, Symantec T11.5 Chair: Roger Cummings, Symantec
T11.5 members: T11.5 members:
David Black, EMC David Black, EMC
Don Fraser, HP Don Fraser, HP
Larry Hofer, Brocade Larry Hofer, Brocade
Scott Kipp, Brocade Scott Kipp, Brocade
Ralph Weber, ENDL Ralph Weber, ENDL
The document was subsequently a work item of the IETF's IMSS Working The document was subsequently a work item of the IMSS Working Group
Group, chaired by David Black (EMC Corporation). Bert Wijnen (of the IETF), chaired by David Black (EMC Corporation). Bert Wijnen
(Alcatel-Lucent) deserves many thanks for his thorough review of all (Alcatel-Lucent) deserves many thanks for his thorough review of all
five MIB modules in this (large!) document. We also wish to five MIB modules in this (large!) document. We also wish to
acknowledge Dan Romascanu (Avaya), the IETF Area Director, for his acknowledge Dan Romascanu (Avaya), the IETF Area Director, for his
comments and assistance. comments and assistance.
8. Normative References 8. Normative References
[RFC2578] [RFC2578]
McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.
and S. Waldbusser, "Structure of Management Information Version 2 and S. Waldbusser, "Structure of Management Information Version 2
skipping to change at page 234, line 23 skipping to change at page 228, line 23
[RFC4439] [RFC4439]
DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai, "Fibre DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai, "Fibre
Channel Fabric Address Manager MIB", RFC 4439, March 2006. Channel Fabric Address Manager MIB", RFC 4439, March 2006.
[RFC4936] [RFC4936]
DeSanti, C., Vivek, H.K., McCloghrie, K., and S. Gai, "Fibre DeSanti, C., Vivek, H.K., McCloghrie, K., and S. Gai, "Fibre
Channel Zone Server MIB", RFC 4936, August 2007. Channel Zone Server MIB", RFC 4936, August 2007.
[FC-FS-2] [FC-FS-2]
"Fibre Channel - Framing and Signaling-2 (FC-FS-2)", ANSI INCITS "Fibre Channel - Framing and Signaling-2 (FC-FS-2)", ANSI INCITS
424:2007, http://www.t11.org/t11/stat.nsf/upnum/1619-d, August 424-2007, http://www.t11.org/t11/stat.nsf/upnum/1619-d, February
2006. 2007.
[FC-GS-5] [FC-GS-5]
"Fibre Channel - Generic Services - 5 (FC-GS-5)", ANSI INCITS "Fibre Channel - Generic Services - 5 (FC-GS-5)", ANSI INCITS
427-2006, http://www.t11.org/t11/stat.nsf/upnum/1677-d, December 427-2006, http://www.t11.org/t11/stat.nsf/upnum/1677-d, December
2006. 2006.
[FC-SP] [FC-SP]
"Fibre Channel - Security Protocols (FC-SP)", ANSI INCITS xxx-200x, "Fibre Channel - Security Protocols (FC-SP)", ANSI INCITS 426-2007,
http://www.t11.org/t11/stat.nsf/upnum/1570-d, T11/Project http://www.t11.org/t11/stat.nsf/upnum/1570-d, T11/Project
1570-D/Rev 1.8, 13 June 2003. 1570-D, February 2007.
[FC-SW-4] [FC-SW-4]
"Fibre Channel - Switch Fabric-4 (FC-SW-4)", "Fibre Channel - Switch Fabric-4 (FC-SW-4)",
http://www.t11.org/t11/stat.nsf/upnum/1674-d, ANSI INCITS 418-2006, http://www.t11.org/t11/stat.nsf/upnum/1674-d, ANSI INCITS 418-2006,
April 2006. April 2006.
[RFC2119] [RFC2119]
S. Bradner, "Key words for use in RFCs to Indicate Requirement S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, BCP 0014, March 1997. Levels", RFC 2119, BCP 0014, March 1997.
skipping to change at page 236, line 18 skipping to change at page 230, line 12
[RFC4935] [RFC4935]
DeSanti, C., Vivek, H.K., McCloghrie, K., and S. Gai, "Fibre DeSanti, C., Vivek, H.K., McCloghrie, K., and S. Gai, "Fibre
Channel Fabric Configuration Server MIB", RFC 4935, August 2007. Channel Fabric Configuration Server MIB", RFC 4935, August 2007.
[RFC4983] [RFC4983]
DeSanti, C., Vivek, H.K., McCloghrie, K., and S. Gai, "Fibre DeSanti, C., Vivek, H.K., McCloghrie, K., and S. Gai, "Fibre
Channel Registered State Change Notification (RSCN) MIB", RFC 4983, Channel Registered State Change Notification (RSCN) MIB", RFC 4983,
August 2007. August 2007.
[IPSP-IKE-ACTION]
Baer, M., Charlet, R., Hardaker, W., Story, R., and C. Wang, "IPsec
Security Policy IKE Action MIB", draft-ietf-ipsp-ikeaction-mib-
nn.txt, work-in-progress, October 2006.
[IPSP-IPSEC-ACTION]
Baer, M., Charlet, R., Hardaker, W., Story, R., and C. Wang, "IPsec
Security Policy IPsec Action MIB", draft-ietf-ipsp-ipsecaction-mib-
nn.txt, work-in-progress, October 2006.
10. IANA Considerations 10. IANA Considerations
IANA is requested to make one MIB OID assignment, under the IANA is requested to make one MIB OID assignment, under the
appropriate subtree, for each of the five MIB modules defined in this appropriate subtree, for each of the five MIB modules defined in this
document. document.
11. Security Considerations 11. Security Considerations
In this section, the first sub-section states some Security In this section, the first sub-section explains why this document
Considerations due to which information was excluded from this does not define MIB objects for particular items of (management)
document. This is followed by one sub-section for each of the MIB information. This is followed by one sub-section for each of the
modules defined in section 6, listing their individual Security MIB modules defined in section 6, listing their individual Security
Considerations. The section concludes with Security Considerations Considerations. The section concludes with Security Considerations
common to all of these MIB modules. common to all of these MIB modules.
The key word "RECOMMENDED" contained in this section is to be The key word "RECOMMENDED" contained in this section is to be
interpreted as described in BCP 14 [RFC2119]. interpreted as described in BCP 14 [RFC2119].
11.1. Information not defined in this document 11.1. Information not defined in this document
This document doesn't define any MIB objects for the secrets which This document doesn't define any MIB objects for the secrets which
need to be known/determined by FC-SP entities in order to use DH-CHAP need to be known/determined by FC-SP entities in order to use DH-CHAP
skipping to change at page 238, line 25 skipping to change at page 232, line 25
- could cause the lifetimes of Security Associations to be - could cause the lifetimes of Security Associations to be
extended longer than might be secure, or shortened to cause extended longer than might be secure, or shortened to cause
an increase in the overhead of using security. an increase in the overhead of using security.
t11FcSpAuRejectMaxRows t11FcSpAuRejectMaxRows
- could cause a smaller audit trail of Authentication rejects, - could cause a smaller audit trail of Authentication rejects,
thereby hiding the tracks of an attacker, or a larger audit thereby hiding the tracks of an attacker, or a larger audit
trail of Authentication rejects causing resources to be trail of Authentication rejects causing resources to be
wasted. wasted.
The support for SET operations in a non-secure environment without
proper protection can have a negative effect on network operations.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
t11FcSpAuEntityTable t11FcSpAuEntityTable
- the capabilities of FC-SP Authentication entities in terms of - the capabilities of FC-SP Authentication entities in terms of
skipping to change at page 239, line 31 skipping to change at page 233, line 28
of the Active Zone Set Hash and the Zone Set Database Hash of the Active Zone Set Hash and the Zone Set Database Hash
more frequently than is required by management. more frequently than is required by management.
t11FcSpZsNotifyJoinSuccessEnable t11FcSpZsNotifyJoinSuccessEnable
t11FcSpZsNotifyJoinFailureEnable t11FcSpZsNotifyJoinFailureEnable
- could cause the suppression of SNMP notifications that a - could cause the suppression of SNMP notifications that a
Switch in one Fabric has successfully joined/failed to join Switch in one Fabric has successfully joined/failed to join
with a Switch in another Fabric, or the disruption of network with a Switch in another Fabric, or the disruption of network
operations due to the generation of unwanted notifications. operations due to the generation of unwanted notifications.
The support for SET operations in a non-secure environment without
proper protection can have a negative effect on network operations.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the objects and their the network via SNMP. These are the objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
t11FcSpZsServerCapabilityObject t11FcSpZsServerCapabilityObject
t11FcSpZsServerEnabled t11FcSpZsServerEnabled
skipping to change at page 241, line 23 skipping to change at page 235, line 13
Fabric Policies to be retained or not retained over restarts, Fabric Policies to be retained or not retained over restarts,
against the wishes of management. against the wishes of management.
t11FcSpPoNotificationEnable t11FcSpPoNotificationEnable
- could cause the suppression of SNMP notifications on the - could cause the suppression of SNMP notifications on the
successful/unsuccessful activation/de-activation of Fabric successful/unsuccessful activation/de-activation of Fabric
Policies, and thereby hide successful/failed attempts to make Policies, and thereby hide successful/failed attempts to make
unauthorized changes, or cause the disruption of network unauthorized changes, or cause the disruption of network
operations due to the generation of unwanted notifications. operations due to the generation of unwanted notifications.
The support for SET operations in a non-secure environment without
proper protection can have a negative effect on network operations.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and their the network via SNMP. These are the tables and their
sensitivity/vulnerability: sensitivity/vulnerability:
t11FcSpPoTable t11FcSpPoTable
t11FcSpPoSummaryTable t11FcSpPoSummaryTable
skipping to change at page 243, line 39 skipping to change at page 237, line 27
t11FcSpSaTSelDrByTable t11FcSpSaTSelDrByTable
- could cause an FC-SP entity to select different sets of - could cause an FC-SP entity to select different sets of
traffic which are: a) to be sent/received without being traffic which are: a) to be sent/received without being
protected by FC-SP security, thereby providing an attacker protected by FC-SP security, thereby providing an attacker
with access to read authentic traffic or the ability to with access to read authentic traffic or the ability to
introduce unauthentic traffic; or b) to be dropped instead of introduce unauthentic traffic; or b) to be dropped instead of
being sent/after being received, thereby causing disruption being sent/after being received, thereby causing disruption
to network usage. to network usage.
The support for SET operations in a non-secure environment without
proper protection can have a negative effect on network operations.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
t11FcSpSaIfTable t11FcSpSaIfTable
- information concerning the capabilities, parameters and - information concerning the capabilities, parameters and
skipping to change at page 245, line 5 skipping to change at page 238, line 34
authentication and privacy). authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
Because the two algorithms currently specified for
T11FcSpPolicyHashFormat are SHA-1 and SHA-256, the definition of
T11FcSpHashCalculationStatus expresses a concern in regard to not
incrementally recomputing the hashes after each change when a series
of multiple related changes are being made. This method of reducing
computation is intended as a responsiveness measure (i.e.,
cooperating SNMP managers and agents can get things done faster),
not as a DoS countermeasure. Nevertheless, implementations should
also consider the DoS possibilities in these scenarios; potential
countermeasures include: requiring authentication for SETs and the
rate-limiting of SET operations if they can cause significant
computation.
12. Authors' Addresses 12. Authors' Addresses
Claudio DeSanti Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
Phone: +1 408 853-9172 Phone: +1 408 853-9172
EMail: cds@cisco.com EMail: cds@cisco.com
Fabio Maino Fabio Maino
 End of changes. 284 change blocks. 
733 lines changed or deleted 460 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/