draft-ietf-imss-fc-fcsp-mib-03.txt   rfc5324.txt 
INTERNET-DRAFT C. DeSanti Network Working Group C. DeSanti
F. Maino Request for Comments: 5324 F. Maino
K. McCloghrie Category: Standards Track K. McCloghrie
Cisco Systems Cisco Systems
MIB for Fibre-Channel Security Protocols (FC-SP) September 2008
draft-ietf-imss-fc-fcsp-mib-03.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months MIB for Fibre-Channel Security Protocols (FC-SP)
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at Status of This Memo
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at This document specifies an Internet standards track protocol for the
http://www.ietf.org/shadow.html. Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes managed objects for information related In particular, it describes managed objects for information related
to FC-SP, the Security Protocols defined for Fibre Channel. to FC-SP, the Security Protocols defined for Fibre Channel.
Table of Contents Table of Contents
1 Introduction ................................................. 3 1. Introduction ....................................................3
2 The Internet-Standard Management Framework ................... 3 2. The Internet-Standard Management Framework ......................3
3 Overview of Fibre Channel .................................... 4 3. Overview of Fibre Channel .......................................3
3.1 Introduction ............................................... 10 3.1. Introduction ...............................................3
3.2 Zoning ..................................................... 11 3.2. Zoning .....................................................4
3.3 Virtual Fabrics ............................................ 11 3.3. Virtual Fabrics ............................................5
3.4 Security ................................................... 12 3.4. Security ...................................................5
3.4.1 Authentication ........................................... 12 3.4.1. Authentication ......................................5
3.4.2 Security Associations .................................... 13 3.4.2. Security Associations ...............................6
3.4.3 Fabric Security Policies ................................. 14 3.4.3. Fabric Security Policies ............................7
3.4.4 Policy Model ............................................. 15 3.4.4. Policy Model ........................................8
3.4.5 Policy Objects ........................................... 15 3.4.5. Policy Objects ......................................9
3.4.6 Three Kinds of Switches .................................. 17 3.4.5.1. Policy Object Names .......................10
3.4.7 Security Policy Management ............................... 17 3.4.6. Three Kinds of Switches ............................10
3.4.8 FC-SP Zoning ............................................. 18 3.4.7. Security Policy Management .........................11
4 Document Overview ............................................ 19 3.4.8. FC-SP Zoning .......................................11
4.1 Fibre Channel management instance .......................... 19 4. Document Overview ..............................................12
4.2 Entity Name ................................................ 19 4.1. Fibre Channel Management Instance .........................12
4.3 Fabric Index ............................................... 20 4.2. Entity Name ...............................................12
4.4 Interface Index ............................................ 20 4.3. Fabric Index ..............................................13
4.5 Syntax for Policy Object Names ............................. 20 4.4. Interface Index ...........................................13
4.6 Certificates, CAs and CRLs ................................. 21 4.5. Syntax for Policy Object Names ............................14
4.7 Traffic Selectors .......................................... 22 4.6. Certificates, CAs, and CRLs ...............................14
4.8 The MIB Modules ............................................ 22 4.7. Traffic Selectors .........................................15
4.9 Rate Control for Notifications ............................. 25 4.8. The MIB Modules ...........................................16
5 Relationship to Other MIB Modules ............................ 26 4.8.1. The T11-FC-SP-TC-MIB Module ........................16
6 MIB Module Definitions ....................................... 27 4.8.2. The T11-FC-SP-AUTHENTICATION-MIB Module ............16
6.1 The T11-FC-SP-TC-MIB Module ................................ 27 4.8.3. The T11-FC-SP-ZONING-MIB Module ....................16
6.2 The T11-FC-SP-AUTHENTICATION-MIB Module .................... 43 4.8.4. The T11-FC-SP-POLICY-MIB Module ....................17
6.3 The T11-FC-SP-ZONING-MIB Module ............................ 64 4.8.5. The T11-FC-SP-SA-MIB Module ........................17
6.4 The T11-FC-SP-POLICY-MIB Module ............................ 77 4.9. Rate Control for Notifications ............................18
6.5 The T11-FC-SP-SA-MIB Module ................................ 176 5. Relationship to Other MIB Modules ..............................19
7 Acknowledgements ............................................. 232 6. MIB Module Definitions .........................................20
8 Normative References ......................................... 233 6.1. The T11-FC-SP-TC-MIB Module ...............................20
9 Informative References ....................................... 235 6.2. The T11-FC-SP-AUTHENTICATION-MIB Module ...................33
10 IANA Considerations ......................................... 236 6.3. The T11-FC-SP-ZONING-MIB Module ...........................52
11 Security Considerations ..................................... 237 6.4. The T11-FC-SP-POLICY-MIB Module ...........................64
12 Authors' Addresses .......................................... 245 6.5. The T11-FC-SP-SA-MIB Module ..............................152
7. IANA Considerations ...........................................204
8. Security Considerations .......................................204
8.1. Information Not Defined in This Document .................204
8.2. The T11-FC-SP-TC-MIB Module ..............................204
8.3. The T11-FC-SP-AUTHENTICATION-MIB Module ..................205
8.4. The T11-FC-SP-ZONING-MIB Module ..........................206
8.5. The T11-FC-SP-POLICY-MIB Module ..........................207
8.6. The T11-FC-SP-SA-MIB Module ..............................209
8.7. Recommendations Common to All MIB Modules ................211
9. Normative References ..........................................212
10. Informative References .......................................213
11. Acknowledgements .............................................215
1. Introduction 1. Introduction
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes managed objects for information In particular, it describes managed objects for information
concerning the Fibre Channel Security Protocols (FC-SP), as specified concerning the Fibre Channel Security Protocols (FC-SP), as specified
in [FC-SP]. The FC-SP standard includes the definition of protocols in [FC-SP]. The FC-SP standard includes the definition of protocols
to authenticate Fibre Channel entities, protocols to set up session to authenticate Fibre Channel entities, protocols to set up session
keys, protocols to negotiate the parameters required to ensure frame- keys, protocols to negotiate the parameters required to ensure frame-
by-frame integrity and confidentiality, and protocols to establish by-frame integrity and confidentiality, and protocols to establish
and distribute policies across a Fibre Channel Fabric. and distribute policies across a Fibre Channel Fabric.
This memo was initially developed by the INCITS T11 committee This memo was initially developed by the INCITS T11 committee
(http://www.t11.org), which subsequently approved it for forwarding (http://www.t11.org), which subsequently approved it for forwarding
to the IETF. to the IETF.
This memo uses one of the following terms: This memo uses one of the following terms:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
in this document are to be interpreted as described in BCP 14, RFC document are to be interpreted as described in BCP 14, RFC 2119
2119 [RFC2119]. [RFC2119].
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base, or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58, module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580
[RFC2580]. [RFC2580].
3. Overview of Fibre Channel 3. Overview of Fibre Channel
3.1. Introduction 3.1. Introduction
Fibre Channel (FC) is logically a bidirectional point-to-point serial Fibre Channel (FC) is logically a bidirectional point-to-point serial
data channel, structured for high performance. Fibre Channel data channel, structured for high performance. Fibre Channel
provides a general transport vehicle for higher level protocols such provides a general transport vehicle for higher-level protocols such
as Small Computer System Interface (SCSI) command sets, the High- as Small Computer System Interface (SCSI) command sets, the High-
Performance Parallel Interface (HIPPI) data framing, IP (Internet Performance Parallel Interface (HIPPI) data framing, IP (Internet
Protocol), IEEE 802.2, and others. Protocol), IEEE 802.2, and others.
Physically, Fibre Channel is an interconnection of multiple Physically, Fibre Channel is an interconnection of multiple
communication points, called N_Ports, interconnected either by a communication points, called N_Ports, interconnected either by a
switching network, called a Fabric, or by a point-to-point link. A switching network, called a Fabric, or by a point-to-point link. A
Fibre Channel "Node" consists of one or more N_Ports. A Fabric may Fibre Channel "Node" consists of one or more N_Ports. A Fabric may
consist of multiple Interconnect Elements, some of which are consist of multiple Interconnect Elements, some of which are
Switches. An N_Port connects to the Fabric via a port on a Switch Switches. An N_Port connects to the Fabric via a port on a Switch
skipping to change at page 4, line 33 skipping to change at page 4, line 22
port on a Switch via an "Arbitrated Loop" topology, the Switch port port on a Switch via an "Arbitrated Loop" topology, the Switch port
is called an FL_Port, and the Nodes' ports are called NL_Ports. The is called an FL_Port, and the Nodes' ports are called NL_Ports. The
term Nx_Port is used to refer to either an N_Port or an NL_Port. The term Nx_Port is used to refer to either an N_Port or an NL_Port. The
term Fx_Port is used to refer to either an F_Port or an FL_Port. A term Fx_Port is used to refer to either an F_Port or an FL_Port. A
Switch port, which is interconnected to another Switch port via an Switch port, which is interconnected to another Switch port via an
Inter-Switch Link (ISL), is called an E_Port. A B_Port connects a Inter-Switch Link (ISL), is called an E_Port. A B_Port connects a
bridge device with an E_Port on a Switch; a B_Port provides a subset bridge device with an E_Port on a Switch; a B_Port provides a subset
of E_Port functionality. of E_Port functionality.
Many Fibre Channel components, including the Fabric, each Node, and Many Fibre Channel components, including the Fabric, each Node, and
most ports, have globally-unique names. These globally-unique names most ports, have globally unique names. These globally unique names
are typically formatted as World Wide Names (WWNs). More information are typically formatted as World Wide Names (WWNs). More information
on WWNs can be found in [FC-FS-2]. WWNs are expected to be on WWNs can be found in [FC-FS-2]. WWNs are expected to be
persistent across agent and unit resets. persistent across agent and unit resets.
Fibre Channel frames contain 24-bit address identifiers which Fibre Channel frames contain 24-bit address identifiers that identify
identify the frame's source and destination ports. Each FC port has the frame's source and destination ports. Each FC port has both an
both an address identifier and a WWN. When a Fabric is in use, the address identifier and a WWN. When a Fabric is in use, the FC
FC address identifiers are dynamic and are assigned by a Switch. address identifiers are dynamic and are assigned by a Switch. Each
Each octet of a 24-bit address represents a level in an address octet of a 24-bit address represents a level in an address hierarchy,
hierarchy, with a Domain_ID being the highest level of the hierarchy. with a Domain_ID being the highest level of the hierarchy.
3.2. Zoning 3.2. Zoning
Zones within a Fabric provide a mechanism to control frame delivery Zones within a Fabric provide a mechanism to control frame delivery
between Nx_Ports ("Hard Zoning") or to expose selected views of Name between Nx_Ports ("Hard Zoning") or to expose selected views of Name
Server information ("Soft Zoning"). Server information ("Soft Zoning").
Communication is only possible when the communicating endpoints are Communication is only possible when the communicating endpoints are
members of a common zone. This technique is similar to virtual members of a common zone. This technique is similar to virtual
private networks in that the Fabric has the ability to group devices private networks in that the Fabric has the ability to group devices
into Zones. into Zones.
Hard zoning and soft zoning are two different means of realizing Hard zoning and soft zoning are two different means of realizing
this. Hard zoning is enforced in the Fabric (i.e., Switches) whereas this. Hard zoning is enforced in the Fabric (i.e., Switches),
soft zoning is enforced at the endpoints (e.g., Host Bus Adapters) by whereas soft zoning is enforced at the endpoints (e.g., Host Bus
relying on the endpoints to not send traffic to an N_Port_ID not Adapters) by relying on the endpoints to not send traffic to an
obtained from the Name Server with a few exceptions for well known N_Port_ID not obtained from the Name Server with a few exceptions for
Addresses (e.g., the Name Server). well known Addresses (e.g., the Name Server).
Administrators create Zones to increase network security, and prevent Administrators create Zones to increase network security, and prevent
data loss or corruption, by controlling access between devices or data loss or corruption, by controlling access between devices or
user groups. user groups.
3.3. Virtual Fabrics 3.3. Virtual Fabrics
The standard for an interconnecting Fabric containing multiple Fabric The standard for an interconnecting Fabric containing multiple Fabric
Switch elements is [FC-SW-4]. [FC-SW-4] carries forward the earlier Switch elements is [FC-SW-4]. [FC-SW-4] carries forward the earlier
specification for the operation of a single Fabric in a physical specification for the operation of a single Fabric in a physical
infrastructure, and augments it with the definition of Virtual infrastructure, and augments it with the definition of Virtual
Fabrics and with the specification of how multiple Virtual Fabrics Fabrics and with the specification of how multiple Virtual Fabrics
can operate within one (or more) physical infrastructures. The use can operate within one or more physical infrastructures. The use of
of Virtual Fabrics provides for each frame to be tagged in its header Virtual Fabrics provides for each frame to be tagged in its header to
to indicate which one of several Virtual Fabrics that frame is being indicate which one of several Virtual Fabrics that frame is being
transmitted on. All frames entering a particular "Core Switch" [FC- transmitted on. All frames entering a particular "Core Switch"
SW-4] (i.e., a physical Switch) on the same Virtual Fabric are [FC-SW-4] (i.e., a physical Switch) on the same Virtual Fabric are
processed by the same "Virtual Switch" within that Core Switch. processed by the same "Virtual Switch" within that Core Switch.
3.4. Security 3.4. Security
The Fibre Channel Security Protocols (FC-SP) standard [FC-SP] The Fibre Channel Security Protocols (FC-SP) standard [FC-SP]
describes the protocols used to implement security in a Fibre Channel describes the protocols used to implement security in a Fibre Channel
Fabric, including the definition of: Fabric, including the definition of:
- protocols to authenticate Fibre Channel entities, - protocols to authenticate Fibre Channel entities,
- protocols to set up session keys, - protocols to set up session keys,
- protocols to negotiate the parameters required to ensure frame- - protocols to negotiate the parameters required to ensure frame-
by-frame integrity and confidentiality, and by-frame integrity and confidentiality, and
- protocols to establish and distribute (security) policies across - protocols to establish and distribute (security) policies across
a Fibre Channel Fabric. a Fibre Channel Fabric.
3.4.1. Authentication 3.4.1. Authentication
Two entities may negotiate whether authentication is required and Two entities may negotiate whether authentication is required and
which Authentication Protocol is to be used. Authentication can be which Authentication Protocol is to be used. Authentication can be
used in Switch to Switch, Node to Switch, and Node to Node used in Switch-to-Switch, Node-to-Switch, and Node-to-Node
communication. The defined Authentication Protocols are able to communication. The defined Authentication Protocols are able to
perform mutual authentication with optional shared key establishment. perform mutual authentication with optional shared key establishment.
The shared key computed at the end of an Authentication Transaction The shared key computed at the end of an Authentication Transaction
may be used to establish Security Associations. may be used to establish Security Associations.
The Fabric security architecture is defined for several The Fabric security architecture is defined for several
authentication infrastructures. Secret-based, certificate-based, and authentication infrastructures. Secret-based, certificate-based, and
password-based authentication infrastructures are accommodated. password-based authentication infrastructures are accommodated.
Specific authentication protocols that directly leverage these three Specific authentication protocols that directly leverage these three
authentication infrastructures are defined. authentication infrastructures are defined.
With a secret-based infrastructure, entities within the Fabric With a secret-based infrastructure, entities within the Fabric
environment that establish a security relationship share a common environment that establish a security relationship share a common
secret or centralize the secret administration in an external (e.g., secret or centralize the secret administration in an external (e.g.,
RADIUS [RFC2865], Diameter [RFC3588] or TACACS [RFC1492]) server. RADIUS [RFC2865], Diameter [RFC3588], or Terminal Access Controller
Entities may mutually authenticate with other entities by using the Access Control System (TACACS) [RFC1492]) server. Entities may
Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) mutually authenticate with other entities by using the Diffie-Hellman
[FC-SP]. Security Associations may be set up using the session key Challenge Handshake Authentication Protocol (DH-CHAP) [FC-SP].
computed at the end of the DH-CHAP transaction. Security Associations may be set up using the session key computed at
the end of the DH-CHAP transaction.
With a certificate-based infrastructure, entities within the Fabric With a certificate-based infrastructure, entities within the Fabric
environment are certified by a trusted Certificate Authority (CA). environment are certified by a trusted Certificate Authority (CA).
The resulting certificates bind each entity to a public-private key The resulting certificates bind each entity to a public-private key
pair that may be used to mutually authenticate with other certified pair that may be used to mutually authenticate with other certified
entities via the Fibre Channel Certificate Authentication Protocol entities via the Fibre Channel Certificate Authentication Protocol
(FCAP) [FC-SP]. Security Associations may be set up by using these (FCAP) [FC-SP]. Security Associations may be set up by using these
entity certificates and associated keys or by using the session key entity certificates and associated keys or by using the session key
computed at the end of the FCAP transaction. computed at the end of the FCAP transaction.
With a password-based infrastructure, entities within the Fabric With a password-based infrastructure, entities within the Fabric
environment that establish a security relationship have knowledge of environment that establish a security relationship have knowledge of
the password-based credential material of other entities. Entities the password-based credential material of other entities. Entities
may use this credential material to mutually authenticate with other may use this credential material to mutually authenticate with other
entities using the Fibre Channel Password Authentication Protocol entities using the Fibre Channel Password Authentication Protocol
(FCPAP) [FC-SP]. Security Associations may be set up using the (FCPAP) [FC-SP]. Security Associations may be set up using the
session key computed at the end of the FCPAP transaction. session key computed at the end of the FCPAP transaction.
In addition to DH-CHAP, FCAP and FCPAP, one other Authentication In addition to DH-CHAP, FCAP, and FCPAP, one other Authentication
Protocol is defined: IKEv2-AUTH, which refers to the use of an SA Protocol is defined: Internet Key Exchange Protocol version 2-AUTH
Management Transaction of the Security Association Management (IKEv2-AUTH), which refers to the use of an SA Management Transaction
Protocol (see below) to perform two functions: not only SA management of the Security Association Management Protocol (see below) to
but also authentication. The credentials used in an IKEv2-AUTH perform two functions: not only SA management but also
transaction are either strong shared secrets or certificates. authentication. The credentials used in an IKEv2-AUTH transaction
are either strong shared secrets or certificates.
3.4.2. Security Associations 3.4.2. Security Associations
A subset of the IKEv2 protocol [RFC4306] suitable for Fibre Channel A subset of the IKEv2 protocol [RFC4306] suitable for Fibre Channel
is defined as the (Fibre Channel) Security Association Management is defined as the (Fibre Channel) Security Association Management
protocol [RFC4595]. This protocol -- which is *not* IPsec -- protocol [RFC4595]. This protocol -- which is *not* IPsec --
provides the means to establish Security Associations (SAs) between provides the means to establish Security Associations (SAs) between
Fibre Channel entities. Traffic Selectors are defined to specify Fibre Channel entities. Traffic Selectors are defined to specify
which type of traffic has to be protected by which SA, and what the which type of traffic has to be protected by which SA, and what the
characteristics of the protection are. Two mechanisms are available characteristics of the protection are. Two mechanisms are available
to protect specific classes of traffic: to protect specific classes of traffic:
- ESP_Header is used to protect FC-2 frames (see [FC-FS-2] and the - ESP_Header is used to protect FC-2 frames (see [FC-FS-2] and the
conceptually similar mechamisms in [RFC4303]), and conceptually similar mechanisms in [RFC4303]), and
- CT_Authentication is used to protect CT_IUs (Common Transport - CT_Authentication is used to protect CT_IUs (Common Transport
Information Units) [FC-GS-5]. Information Units) [FC-GS-5].
An entity protecting specific classes of traffic maintains an An entity protecting specific classes of traffic maintains an
internal Security Association Database (SADB) that contains the internal Security Association Database (SADB) that contains the
currently active Security Associations and Traffic Selectors. currently active Security Associations and Traffic Selectors.
Each active SA has a Security Association entry in the SADB. Each SA Each active SA has a Security Association entry in the SADB. Each SA
entry includes the SA's SPI (the Security Parameters Index which is entry includes the SA's SPI (the Security Parameters Index, which is
included in frames transmitted on the SA), a Sequence Number counter, included in frames transmitted on the SA), a Sequence Number counter,
and the parameters for the selected transforms (e.g., encryption and the parameters for the selected transforms (e.g., encryption
algorithm, integrity algorithm, mode of operation of the algorithms, algorithm, integrity algorithm, mode of operation of the algorithms,
keys). keys).
Each active Traffic Selector has an entry in the SADB which indicates Each active Traffic Selector has an entry in the SADB that indicates
whether it is used for ingress traffic or for egress traffic. These whether it is used for ingress traffic or for egress traffic. These
Traffic Selector entries are ordered such that they are searched Traffic Selector entries are ordered such that they are searched
(when checking for a match) in the given order. Two types of Traffic (when checking for a match) in the given order. Two types of Traffic
Selector entries may be present: Selector entries may be present:
- Traffic Selectors entries identifying FC-2 frames or CT_IUs to be - Traffic Selector entries identifying FC-2 frames or CT_IUs to be
bypassed or discarded; and bypassed or discarded; and
- Traffic Selectors entries identifying FC-2 frames or CT_IUs to be - Traffic Selector entries identifying FC-2 frames or CT_IUs to be
protected or verified. These entries point to the corresponding SA protected or verified. These entries point to the corresponding
entry defining the parameters and the security processing to be SA entry defining the parameters and the security processing to
performed. be performed.
SAs are unidirectional but they always exist as an SA pair of the SAs are unidirectional, but they always exist as an SA pair of the
same type, one in each direction. same type, one in each direction.
3.4.3. Fabric Security Policies 3.4.3. Fabric Security Policies
Two separate approaches to defining Policies are adopted in FC-SP, Two separate approaches to defining Policies are adopted in FC-SP,
but both approaches follow the same general concept for their Policy but both approaches follow the same general concept for their Policy
model. One is the definition of a Policy Model for Fabric Policies model. One is the definition of a Policy Model for Fabric Policies
which focus on Security. These Security Policies specify the that focus on Security. These Security Policies specify the
membership and connectivity allowed within a Fabric, and also which membership and connectivity allowed within a Fabric, and also which
IP hosts are allowed to manage a Fabric. IP hosts are allowed to manage a Fabric.
The other approach is to define a variant of the Enhanced Zoning The other approach is to define a variant of the Enhanced Zoning
model defined in [FC-SW-4] and [FC-GS-5], such that the variant model defined in [FC-SW-4] and [FC-GS-5], such that the variant
specifies extensions for use in a secure environment. This variant specifies extensions for use in a secure environment. This variant
of Zoning, denoted as "FC-SP Zoning", follows the same general of Zoning, denoted as "FC-SP Zoning", follows the same general
concepts of the Policy model for Security Policies, but keeps Zoning concepts of the Policy model for Security Policies, but keeps Zoning
management and enforcement completely independent from the management management and enforcement completely independent from the management
and enforcement of other policies. and enforcement of other policies.
skipping to change at page 9, line 45 skipping to change at page 9, line 12
"Response" (typically with data) in the reverse direction, the "Response" (typically with data) in the reverse direction, the
diagram has arrows only for the "with data" direction. diagram has arrows only for the "with data" direction.
3.4.5. Policy Objects 3.4.5. Policy Objects
The Policies to be enforced by a Fabric are specified in a set of The Policies to be enforced by a Fabric are specified in a set of
Policy Objects. The various types of Policy Objects are: Policy Objects. The various types of Policy Objects are:
- The Policy Summary Object is a list of pointers to other Policy - The Policy Summary Object is a list of pointers to other Policy
Objects, one pointer per each other active Policy Object. Each Objects, one pointer per each other active Policy Object. Each
pointer in a Policy Summary Object is paired with a cryptographic pointer in a Policy Summary Object is paired with a
hash of the referenced Policy Object. cryptographic hash of the referenced Policy Object.
- The Switch Membership List Object is a Fabric-wide Policy Object - The Switch Membership List Object is a Fabric-wide Policy Object
that defines which Switches are allowed to be part of a Fabric. that defines which Switches are allowed to be part of a Fabric.
- The Node Membership List Object is a Fabric-wide Policy Object that - The Node Membership List Object is a Fabric-wide Policy Object
defines which Nodes are allowed to be connected to a Fabric. that defines which Nodes are allowed to be connected to a
Fabric.
- The IP Management List Object is a Fabric-wide Policy Object that - The IP Management List Object is a Fabric-wide Policy Object
describes which IP hosts are allowed to manage a Fabric. that describes which IP hosts are allowed to manage a Fabric.
- A Switch Connectivity Object is a per-Switch Policy Object that - A Switch Connectivity Object is a per-Switch Policy Object that
describes the topology restrictions for a specific Switch; it describes the topology restrictions for a specific Switch; it
specifies the other Switches or Nodes to which the particular specifies the other Switches or Nodes to which the particular
Switch may be connected at the Node level and/or at the Port level. Switch may be connected at the Node level and/or at the Port
level.
- Attribute Objects are Fabric-wide Policy Objects that define - Attribute Objects are Fabric-wide Policy Objects that define
optional attributes to be associated with Switches or Nodes. They optional attributes to be associated with Switches or Nodes.
allow the extension of this policy model by defining new attributes They allow the extension of this policy model by defining new
as required. attributes as required.
Note that the administratively-specified name for a Fabric is Note that the administratively specified name for a Fabric is
contained in the Switch Membership List Object (not in the Policy contained in the Switch Membership List Object (not in the Policy
Summary Object). Summary Object).
When FC-SP is in use, each Fabric has a set of active Policy Objects: When FC-SP is in use, each Fabric has a set of active Policy Objects:
- one Policy Summary Object, - one Policy Summary Object,
- one Switch Membership List Object, - one Switch Membership List Object,
- one Node Membership List Object, - one Node Membership List Object,
- one IP Management List Object, - one IP Management List Object,
- zero or more Switch Connectivity Objects, and - zero or more Switch Connectivity Objects, and
- zero or more Attribute Objects. - zero or more Attribute Objects.
The active Policy Objects specify the Policies currently being The active Policy Objects specify the Policies currently being
enforced. In addition, policies not currently being enforced are enforced. In addition, policies not currently being enforced are
contained in non-active Policy Objects. To change the active Policy contained in non-active Policy Objects. To change the active Policy
Objects, the non-active Policy Objects are edited as necessary and a Objects, the non-active Policy Objects are edited as necessary and a
new Policy Summary Object which includes/references the changed new Policy Summary Object that includes/references the changed Policy
Policy Objects is activated. Objects is activated.
3.4.5.1. Policy Object Names 3.4.5.1. Policy Object Names
Every Policy Object has a name. In a Fabric's database of Policy Every Policy Object has a name. In a Fabric's database of Policy
Objects, a Policy Object Name is specified as a type/length/value Objects, a Policy Object Name is specified as a type/length/value
(see section 7.2 of [FC-SP]). The possible types are: (see section 7.2 of [FC-SP]). The possible types are:
- Node_Name - Node_Name
- Restricted Node_Name - Restricted Node_Name
- Port_Name - Port_Name
- Restricted Port_Name - Restricted Port_Name
- Wildcard - Wildcard
- Negated Wildcard - Negated Wildcard
- Alphanumeric Name - Alphanumeric Name
- IPv6 Address Range - IPv6 Address Range
- IPv4 Address Range - IPv4 Address Range
3.4.6. Three Kinds of Switches 3.4.6. Three Kinds of Switches
For a Fabric composed of n Switches and m Nodes, the potential For a Fabric composed of n Switches and m Nodes, the potential
complexity of Switch Connectivity Objects is O(n**2) to describe complexity of Switch Connectivity Objects is O(n**2) to describe
Switch to Switch connections, and O(n*m) for Switch to Node Switch to Switch connections, and O(n*m) for Switch to Node
connections. To provide better scaling, the Switch Connectivity connections. To provide better scaling, the Switch Connectivity
Objects are not Fabric-wide information, but are distributed only to Objects are not Fabric-wide information, but are distributed only to
where they are needed. To support this, the policy model supports where they are needed. To support this, the policy model supports
skipping to change at page 11, line 21 skipping to change at page 10, line 46
3.4.6. Three Kinds of Switches 3.4.6. Three Kinds of Switches
For a Fabric composed of n Switches and m Nodes, the potential For a Fabric composed of n Switches and m Nodes, the potential
complexity of Switch Connectivity Objects is O(n**2) to describe complexity of Switch Connectivity Objects is O(n**2) to describe
Switch to Switch connections, and O(n*m) for Switch to Node Switch to Switch connections, and O(n*m) for Switch to Node
connections. To provide better scaling, the Switch Connectivity connections. To provide better scaling, the Switch Connectivity
Objects are not Fabric-wide information, but are distributed only to Objects are not Fabric-wide information, but are distributed only to
where they are needed. To support this, the policy model supports where they are needed. To support this, the policy model supports
three kinds of Switches in a Fabric: three kinds of Switches in a Fabric:
- Server Switches, that maintain the Fabric-wide Policy Objects, all - Server Switches, which maintain the Fabric-wide Policy Objects,
the Switch Connectivity Objects, and a full copy of the FC-SP all the Switch Connectivity Objects, and a full copy of the FC-
Zoning Database; SP Zoning Database;
- Autonomous Switches, that maintain the Fabric-wide Policy Objects,
their own Switch Connectivity Object, and a full copy of the FC-SP
Zoning Database; and
- Client Switches, that maintain the Fabric-wide Policy Objects, - Autonomous Switches, which maintain the Fabric-wide Policy
Objects, their own Switch Connectivity Object, and a full copy
of the FC-SP Zoning Database; and
- Client Switches, which maintain the Fabric-wide Policy Objects,
their own Switch Connectivity Object, and a subset of the FC-SP their own Switch Connectivity Object, and a subset of the FC-SP
Active Zone Set (which is the configurations of zones currently Active Zone Set (which is the configurations of zones currently
being enforced by a Fabric, see section 10.4.3.3 of [FC-SW-4]). being enforced by a Fabric, see section 10.4.3.3 of [FC-SW-4]).
3.4.7. Security Policy Management 3.4.7. Security Policy Management
Security Policy can be changed in a server session [FC-GS-5] with a Security Policy can be changed in a server session [FC-GS-5] with a
Security Policy Server. All write access to a Security Policy Server Security Policy Server. All write access to a Security Policy Server
occurs within a server session. While read access to a Security occurs within a server session. While read access to a Security
Policy Server may occur at any time, the consistency of the returned Policy Server may occur at any time, the consistency of the returned
data is guaranteed only inside a server session. data is guaranteed only inside a server session.
The Enhanced Commit Service [FC-SW-4] is used to perform Fabric The Enhanced Commit Service [FC-SW-4] is used to perform Fabric
operations as and when necessary (see table 144 of [FC-SP]). operations as and when necessary (see table 144 of [FC-SP]). Many of
Many of these operations are named as if they were acronyms, these operations are named as if they were acronyms, e.g., SSB for
e.g., SSB for Server Session Begin; SSE for Server Session End; Server Session Begin; SSE for Server Session End; SW_ILS for Switch
SW_ILS for Switch Fabric Internal Link Services; EACA for Enhanced Fabric Internal Link Services; EACA for Enhanced Acquire Change
Acquire Change Authorization; ERCA for Enhanced Release Change Authorization; ERCA for Enhanced Release Change Authorization; SFC
Authorization; SFC for Stage Fabric Configuration. for Stage Fabric Configuration.
Each server session begins and ends, with a SSB request and a SSE Each server session begins and ends, with a SSB request and a SSE
request respectively, sent to a Security Policy Server. In the request respectively, sent to a Security Policy Server. In the
Fabric, the SSB requests a lock of the Fabric via an EACA SW_ILS, Fabric, the SSB requests a lock of the Fabric via an EACA SW_ILS,
while the SSE requests a release of the lock via the ERCA SW_ILS while the SSE requests a release of the lock via the ERCA SW_ILS
[FC-SW-4]. Active and non-active Policy Objects are persistent in [FC-SW-4]. Active and non-active Policy Objects are persistent in
that they survive after the end of a server session. that they survive after the end of a server session.
3.4.8. FC-SP Zoning 3.4.8. FC-SP Zoning
skipping to change at page 12, line 31 skipping to change at page 12, line 4
FC-SP Zoning allows for some Switches to retain less than a complete FC-SP Zoning allows for some Switches to retain less than a complete
replicated copy of the Zoning Database, as follows: replicated copy of the Zoning Database, as follows:
- Server Switches maintain the policies data structures for all - Server Switches maintain the policies data structures for all
Switches in the Fabric plus a replica of the Zoning data Switches in the Fabric plus a replica of the Zoning data
structures; structures;
- Autonomous Switches maintain only the subset of policies data - Autonomous Switches maintain only the subset of policies data
structures relevant for their operations plus a replica of the structures relevant for their operations plus a replica of the
Zoning Database; and Zoning Database; and
- Client Switches maintain only the subset of policies data - Client Switches maintain only the subset of policies data
structures and the subset of the Active Zone Set relevant for their structures and the subset of the Active Zone Set relevant for
operations. their operations.
When Client Switches are deployed in a Fabric, at least one Server When Client Switches are deployed in a Fabric, at least one Server
Switch must also be deployed in the same Fabric. A client-server Switch must also be deployed in the same Fabric. A client-server
protocol allows Client Switches to dynamically retrieve the Zoning protocol allows Client Switches to dynamically retrieve the Zoning
information they may require from the Server Switches. information they may require from the Server Switches.
A management application manages the Fabric Zoning configuration A management application manages the Fabric Zoning configuration
through the Fabric Zone Server, while other policies are managed through the Fabric Zone Server, while other policies are managed
through the Security Policy Server. A new Zoning Check Protocol through the Security Policy Server. A new Zoning Check Protocol
replaces the Zone Merge Protocol [FC-SW-4], and new command codes are replaces the Zone Merge Protocol [FC-SW-4], and new command codes are
defined for the SFC SW_ILS to distribute the FC-SP Zoning defined for the SFC SW_ILS to distribute the FC-SP Zoning
configuration on a Fabric. The Zoning definitions are ordered to configuration on a Fabric. The Zoning definitions are ordered to
allow for the computation of a hash of the Active Zone Set and a hash allow for the computation of a hash of the Active Zone Set and a hash
of the Zone Set Database, plus other optional security data (e.g., of the Zone Set Database, plus other optional security data (e.g.,
for integrity protection of Zoning information). for integrity protection of Zoning information).
4. Document Overview 4. Document Overview
This document defines five MIB modules which together provide the This document defines five MIB modules that together provide the
means for monitoring the operation of, and configuring some means for monitoring the operation of, and configuring some
parameters of, one or more instances of the FC-SP protocols. parameters of, one or more instances of the FC-SP protocols.
4.1. Fibre Channel management instance 4.1. Fibre Channel Management Instance
A Fibre Channel management instance is defined in [RFC4044] as a A Fibre Channel management instance is defined in [RFC4044] as a
separable managed instance of Fibre Channel functionality. Fibre separable managed instance of Fibre Channel functionality. Fibre
Channel functionality may be grouped into Fibre Channel management Channel functionality may be grouped into Fibre Channel management
instances in whatever way is most convenient for the instances in whatever way is most convenient for the
implementation(s). For example, one such grouping accommodates a implementation(s). For example, one such grouping accommodates a
single SNMP agent having multiple AgentX [RFC2741] sub-agents, with single SNMP agent having multiple AgentX [RFC2741] sub-agents, with
each sub-agent implementing a different Fibre Channel management each sub-agent implementing a different Fibre Channel management
instance. instance.
The object, fcmInstanceIndex, is IMPORTed from the FC-MGMT-MIB The object, fcmInstanceIndex, is IMPORTed from the FC-MGMT-MIB
[RFC4044] as the index value to uniquely identify each Fibre Channel [RFC4044] as the index value to uniquely identify each Fibre Channel
management instance, for example within the same SNMP context management instance, for example, within the same SNMP context
([RFC3411] section 3.3.1). ([RFC3411] section 3.3.1).
4.2. Entity Name 4.2. Entity Name
A central capability of FC-SP is the use of an Authentication A central capability of FC-SP is the use of an Authentication
Protocol. The purpose of each of the possible Authentication Protocol. The purpose of each of the possible Authentication
Protocols is to allow a Fibre Channel entity to be assured of the Protocols is to allow a Fibre Channel entity to be assured of the
identity of each entity with which it is communicating. Examples of identity of each entity with which it is communicating. Examples of
such entities are Fibre Channel Switches and Fibre Channel Nx_Ports. such entities are Fibre Channel Switches and Fibre Channel Nx_Ports.
Each entity is identified by a name. The FC-MGMT-MIB [RFC4044] Each entity is identified by a name. The FC-MGMT-MIB [RFC4044]
defines MIB objects for such names: defines MIB objects for such names:
- for entities which are Fibre Channel Switches, the definition of a - for entities that are Fibre Channel Switches, the definition of
Fibre Channel management instance allows multiple Switches to be a Fibre Channel management instance allows multiple Switches to
managed by the same Fibre Channel management instance. In this be managed by the same Fibre Channel management instance. In
case, each entity is a Switch and has the name given by the MIB this case, each entity is a Switch and has the name given by the
object, fcmSwitchWWN. MIB object, fcmSwitchWWN.
- for entities other than Fibre Channel Switches, a Fibre Channel - for entities other than Fibre Channel Switches, a Fibre Channel
management instance can manage only one entity, and the name of the management instance can manage only one entity, and the name of
entity is given by the MIB object, fcmInstanceWwn. the entity is given by the MIB object, fcmInstanceWwn.
4.3. Fabric Index 4.3. Fabric Index
With multiple Fabrics, each Fabric has its own instances of the With multiple Fabrics, each Fabric has its own instances of the
Fabric-related management instrumentation. Thus, these MIB modules Fabric-related management instrumentation. Thus, these MIB modules
define all Fabric-related information in tables which are INDEX-ed by define all Fabric-related information in tables that are INDEX-ed by
an arbitrary integer, named a "Fabric Index". The syntax of a Fabric an arbitrary integer, named a "Fabric Index". The syntax of a Fabric
Index is T11FabricIndex, imported from T11-TC-MIB [RFC4439]. When a Index is T11FabricIndex, imported from T11-TC-MIB [RFC4439]. When a
device is connected to a single physical Fabric, without use of any device is connected to a single physical Fabric, without use of any
virtual Fabrics, the value of this Fabric Index will always be 1. In virtual Fabrics, the value of this Fabric Index will always be 1. In
an environment of multiple virtual and/or physical Fabrics, this an environment of multiple virtual and/or physical Fabrics, this
index provides a means to distinguish one Fabric from another. index provides a means to distinguish one Fabric from another.
4.4. Interface Index 4.4. Interface Index
Several of the MIB modules defined in this document use the Several of the MIB modules defined in this document use the
skipping to change at page 14, line 30 skipping to change at page 13, line 47
for each of multiple ports/interfaces, or when multiple interfaces for each of multiple ports/interfaces, or when multiple interfaces
are represented by a single row. The use of a zero value supports are represented by a single row. The use of a zero value supports
the simpler cases of: a) when there is only one port/interface, b) the simpler cases of: a) when there is only one port/interface, b)
where the implementation chooses to aggregate the information for where the implementation chooses to aggregate the information for
multiple ports/interfaces. The minimum (for compliance) requirement multiple ports/interfaces. The minimum (for compliance) requirement
is to implement any one of the above cases. is to implement any one of the above cases.
When a Fabric Index and an object with the InterfaceIndexOrZero When a Fabric Index and an object with the InterfaceIndexOrZero
syntax are used together in a single INDEX clause, the syntax are used together in a single INDEX clause, the
InterfaceIndexOrZero object is listed before the Fabric Index in InterfaceIndexOrZero object is listed before the Fabric Index in
order to simplify management queries which retrieve information order to simplify management queries that retrieve information
concerning multiple Fabrics connected to the same port/interface. concerning multiple Fabrics connected to the same port/interface.
4.5. Syntax for Policy Object Names 4.5. Syntax for Policy Object Names
T11FcSpPolicyNameType and T11FcSpPolicyName are two Textual T11FcSpPolicyNameType and T11FcSpPolicyName are two Textual
Conventions defined in this document (in the T11-FC-SP-TC-MIB module) Conventions defined in this document (in the T11-FC-SP-TC-MIB module)
to represent the types and values of Policy Object Names (see section to represent the types and values of Policy Object Names (see section
3.9.1 above). However, two of the nine possible types are IPv4 3.4.5.1 above). However, two of the nine possible types are IPv4
Address Range and IPv6 Address Range. It is standard practice in MIB Address Range and IPv6 Address Range. It is standard practice in MIB
modules to represent all IP addresses using the standard Textual modules to represent all IP addresses using the standard Textual
Conventions defined in [RFC4001] for IP addresses, specifically: Conventions defined in [RFC4001] for IP addresses: specifically,
InetAddressType and InetAddress. This document adheres to such InetAddressType and InetAddress. This document adheres to such
standard practice to the following extent: standard practice to the following extent:
- for MIB objects representing a Policy Object Name which can *only* - for MIB objects representing a Policy Object Name that can
be an IPv4 address range or an IPv6 address range, then those MIB *only* be an IPv4 Address Range or an IPv6 Address Range, then
objects are defined as a 3-tuple: (InetAddressType, InetAddress, those MIB objects are defined as a 3-tuple: (InetAddressType,
InetAddress), in which the first address is the low end of the InetAddress, InetAddress), in which the first address is the low
range, the second address is the high end of the range, and both end of the range, the second address is the high end of the
addresses are of the type given by InetAddressType. range, and both addresses are of the type given by
InetAddressType.
- for MIB objects representing a Policy Object Name which is - for MIB objects representing a Policy Object Name that is
(possibly) of a different type, i.e., it is not (necessarily) an (possibly) of a different type, i.e., it is not (necessarily) an
IPv4 or IPv6 address range, then those MIB objects are defined as a IPv4 or IPv6 Address Range, then those MIB objects are defined
2-tuple: (T11FcSpPolicyNameType, T11FcSpPolicyName), in which the as a 2-tuple: (T11FcSpPolicyNameType, T11FcSpPolicyName), in
first object represents the type of Policy Object Name and the which the first object represents the type of Policy Object Name
second object represents the value of the Policy Object Name. For and the second object represents the value of the Policy Object
MIB objects defined in this manner, if and when they represent a Name. For MIB objects defined in this manner, if and when they
range of IP addresses: a) the value of T11FcSpPolicyNameType represent a range of IP addresses: a) the value of
differentiates between an IPv4 Address Range and an IPv6 Address T11FcSpPolicyNameType differentiates between an IPv4 Address
Range; and b) the value of T11FcSpPolicyName is one string Range and an IPv6 Address Range; and b) the value of
containing the concatenation of the two addresses which are the low T11FcSpPolicyName is one string containing the concatenation of
and high addresses of the range. This is the same format as used the two addresses that are the low and high addresses of the
within FC-SP Policy Objects [FC-SP]. range. This is the same format as used within FC-SP Policy
Objects [FC-SP].
4.6. Certificates, CAs and CRLs 4.6. Certificates, CAs, and CRLs
In order to authenticate with the FCAP protocol, each entity, In order to authenticate with the FCAP protocol, each entity,
identified by a unique Name, is provided with: a digital certificate identified by a unique Name, is provided with: a digital certificate
associated with that Name, the private/public key pair that associated with that Name, the private/public key pair that
corresponds to the certificate, and with the Root Certificate (the corresponds to the certificate, and with the Root Certificate (the
certificate of the signing Certification Authority). To authenticate certificate of the signing Certification Authority). To authenticate
another entity, an entity is required to be provided with the another entity, an entity is required to be provided with the
certificate of the associated Certification Authority. certificate of the associated Certification Authority.
FCAP requires entities to support at least four Root Certificates FCAP requires entities to support at least four Root Certificates
against which received corresponding certificates can be validated. against which received corresponding certificates can be validated.
Support for certificate chains and verification of certificate chains Support for certificate chains and verification of certificate chains
containing more than one certificate is optional. Entities need to containing more than one certificate is optional. Entities need to
be able to access a Certificate Revocation List (CRL) for each be able to access a Certificate Revocation List (CRL) for each
configured Root Certificate, if one is available from the CA. configured Root Certificate, if one is available from the CA.
Certificates on the CRL are considered invalid. Certificates on the CRL are considered invalid.
The management of certificates, Certification Authorities and The management of certificates, Certification Authorities, and
Certificate Revocation Lists is the same in Fibre Channel networks as Certificate Revocation Lists is the same in Fibre Channel networks as
it is in other networks. Therefore, this document does not define it is in other networks. Therefore, this document does not define
any MIB objects for such management. any MIB objects for such management.
4.7. Traffic Selectors 4.7. Traffic Selectors
When Traffic Selectors are compared against an ingress or egress When Traffic Selectors are compared against an ingress or egress
frame in order to determine the security processing to be applied to frame in order to determine the security processing to be applied to
that frame, there are circumstances in which multiple Traffic that frame, there are circumstances in which multiple Traffic
Selectors, specifying different actions, can match with the frame. Selectors, specifying different actions, can match with the frame.
skipping to change at page 16, line 23 skipping to change at page 15, line 37
on active Security Associations (i.e., protected by FC-SP) are on active Security Associations (i.e., protected by FC-SP) are
compared against the set of traffic selectors negotiated when the compared against the set of traffic selectors negotiated when the
Security Association was setup and identified by the SPI value Security Association was setup and identified by the SPI value
contained in the frame; the action taken depends on whether any contained in the frame; the action taken depends on whether any
Traffic Selector matches, but not on which one. Traffic Selector matches, but not on which one.
This difference between ingress and egress Traffic Selectors on This difference between ingress and egress Traffic Selectors on
active Security Associations is reflected in having separate MIB active Security Associations is reflected in having separate MIB
tables defined for them: the table for Traffic Selectors on egress tables defined for them: the table for Traffic Selectors on egress
SAs, t11FcSpSaTSelNegOutTable, has a precedence value in its INDEX SAs, t11FcSpSaTSelNegOutTable, has a precedence value in its INDEX
clause, whereas the table for Traffic Selectors on ingress SAs, clause; whereas the table for Traffic Selectors on ingress SAs,
t11FcSpSaTSelNegInTable, has an arbitrary integer value in its INDEX t11FcSpSaTSelNegInTable, has an arbitrary integer value in its INDEX
clause. For 'drop' and 'bypass' Traffic Selectors, one table, clause. For 'drop' and 'bypass' Traffic Selectors, one table,
t11FcSpSaTSelDrByTable, having a precedence value in its INDEX t11FcSpSaTSelDrByTable, having a precedence value in its INDEX
clause, is sufficient for both ingress and egress traffic. clause, is sufficient for both ingress and egress traffic.
4.8. The MIB Modules 4.8. The MIB Modules
4.8.1. The T11-FC-SP-TC-MIB Module 4.8.1. The T11-FC-SP-TC-MIB Module
This MIB module defines Textual Conventions which are being, or have This MIB module defines Textual Conventions that are being, or have
the potential to be, used in more than one MIB module. The module the potential to be, used in more than one MIB module. The module
also defines Object Identifiers to identify the Cryptographic also defines Object Identifiers to identify the Cryptographic
Algorithms listed in [FC-SP] so that they can be used as the value of Algorithms listed in [FC-SP] so that they can be used as the value of
various MIB objects which specify the algorithms being/to be used by various MIB objects that specify the algorithms being/to be used by
an FC-SP implementation. an FC-SP implementation.
4.8.2. The T11-FC-SP-AUTHENTICATION-MIB Module 4.8.2. The T11-FC-SP-AUTHENTICATION-MIB Module
This MIB module specifies the management information required to This MIB module specifies the management information required to
manage FC-SP Authentication Protocols. It defines three tables: manage FC-SP Authentication Protocols. It defines three tables:
- t11FcSpAuEntityTable -- a table of Fibre Channel entities which can - t11FcSpAuEntityTable -- a table of Fibre Channel entities that
be authenticated using FC-SP's Authentication Protocols, including can be authenticated using FC-SP's Authentication Protocols,
the names, capabilities and basic configuration parameters of the including the names, capabilities, and basic configuration
entities. parameters of the entities.
- t11FcSpAuIfStatTable -- this table has two purposes: to be a list - t11FcSpAuIfStatTable -- this table has two purposes: to be a
of the mappings of a FC-SP Authentication entity onto an interface, list of the mappings of a FC-SP Authentication entity onto an
and to contain Authentication Protocol per-interface statistics. interface and to contain Authentication Protocol per-interface
statistics.
- t11FcSpAuRejectTable -- a table of FC-SP Authentication Protocol - t11FcSpAuRejectTable -- a table of FC-SP Authentication Protocol
transactions which were recently rejected. transactions that were recently rejected.
It also defines two notifications: one for sending a reject in It also defines two notifications: one for sending a reject in
response to an AUTH message, and another for receiving a reject in response to an AUTH message and another for receiving a reject in
response to an AUTH message. response to an AUTH message.
4.8.3. The T11-FC-SP-ZONING-MIB Module 4.8.3. The T11-FC-SP-ZONING-MIB Module
This MIB module specifies the extensions to the T11-FC-ZONE-SERVER- This MIB module specifies the extensions to the T11-FC-ZONE-SERVER-
MIB module [RFC4936] for the management of FC-SP Zoning Servers. MIB module [RFC4936] for the management of FC-SP Zoning Servers.
Specifically, it augments three tables defined in T11-FC-ZONE-SERVER- Specifically, it augments three tables defined in T11-FC-ZONE-SERVER-
MIB: MIB:
- t11FcSpZsServerTable -- to this table, it adds FC-SP Zoning - t11FcSpZsServerTable -- to this table, it adds FC-SP Zoning
information defined for Zone Servers. information defined for Zone Servers.
- t11ZsStatsTable -- to this table, it adds FC-SP Zoning statistics - t11ZsStatsTable -- to this table, it adds FC-SP Zoning
for Zone Servers. statistics for Zone Servers.
- t11ZsNotifyControlTable -- to this table, it adds control - t11ZsNotifyControlTable -- to this table, it adds control
information for FC-SP Zoning notifications. information for FC-SP Zoning notifications.
It also defines two FC-SP Zoning notifications: one for success and It also defines two FC-SP Zoning notifications: one for success and
one for failure in the joining of two Fabrics. one for failure in the joining of two Fabrics.
4.8.4. The T11-FC-SP-POLICY-MIB Module 4.8.4. The T11-FC-SP-POLICY-MIB Module
This MIB module specifies management information which is used to This MIB module specifies management information that is used to
manage FC-SP policies. The MIB module has five parts: manage FC-SP policies. The MIB module has five parts:
- Active Policy Objects - read-only MIB objects representing the set - Active Policy Objects - read-only MIB objects representing the
of active Policy Objects for each Fabric; set of active Policy Objects for each Fabric;
- Activate/Deactivate Operations - read-write MIB objects for - Activate/Deactivate Operations - read-write MIB objects for
invoking operations, either 1) to activate policies which are invoking operations, either 1) to activate policies that are
specified as a set of non-active Policy Objects, or 2) to specified as a set of non-active Policy Objects, or 2) to
deactivate the currently-active policies; also included are objects deactivate the currently active policies; also included are
giving the status of invoked operations; objects giving the status of invoked operations;
- Non-active Policy Objects - read-create MIB objects to create and - Non-Active Policy Objects - read-create MIB objects to create
modify non-active Policy Objects; and modify non-active Policy Objects;
- Statistics for FC-SP Security Policy Servers; - Statistics for FC-SP Security Policy Servers;
- The definition and control of notifications for the success or - The definition and control of notifications for the success or
failure of the activation or deactivation of FC-SP policies. failure of the activation or deactivation of FC-SP policies.
4.8.5. The T11-FC-SP-SA-MIB Module 4.8.5. The T11-FC-SP-SA-MIB Module
This MIB module specifies the management information required to This MIB module specifies the management information required to
manage Security Associations established via FC-SP. All of the manage Security Associations established via FC-SP. All of the
tables in this MIB module are INDEX-ed by t11FcSpSaIfIndex, with tables in this MIB module are INDEX-ed by t11FcSpSaIfIndex, with
syntax InterfaceIndexOrZero, which is either non-zero for a specific syntax InterfaceIndexOrZero, which is either non-zero for a specific
interface or zero for all (of the management instance's) interfaces interface or zero for all (of the management instance's) interfaces
to the particular Fabric. to the particular Fabric.
The MIB module consists of six parts: The MIB module consists of six parts:
- a per-Fabric table, t11FcSpSaIfTable, of capabilities, parameters, - a per-Fabric table, t11FcSpSaIfTable, of capabilities,
status information and counters; the counters include non-transient parameters, status information, and counters; the counters
aggregates of per-SA transient counters; include non-transient aggregates of per-SA transient counters;
- three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable and - three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable, and
t11FcSpSaTransTable, specifying the proposals for an FC-SP entity t11FcSpSaTransTable, specifying the proposals for an FC-SP
acting as an SA_Initiator to present to the SA_Responder during the entity acting as an SA_Initiator to present to the SA_Responder
negotiation of Security Associations. The same information is also during the negotiation of Security Associations. The same
used by an FC-SP entity acting as an SA_Responder to decide what to information is also used by an FC-SP entity acting as an
accept during the negotiation of Security Associations. One of SA_Responder to decide what to accept during the negotiation of
these tables, t11FcSpSaTransTable, is used not only for information Security Associations. One of these tables,
about security transforms to propose and to accept, but also as t11FcSpSaTransTable, is used not only for information about
agreed upon during the negotiation of Security Associations; security transforms to propose and to accept, but also as agreed
upon during the negotiation of Security Associations;
- a table, t11FcSpSaTSelDrByTable, of Traffic Selectors having the - a table, t11FcSpSaTSelDrByTable, of Traffic Selectors having the
security action of 'drop' or 'bypass' to be applied either to security action of 'drop' or 'bypass' to be applied either to
ingress traffic which is unprotected by FC-SP, or to all egress ingress traffic, which is unprotected by FC-SP, or to all egress
traffic; traffic;
- four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable, - four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable,
t11FcSpSaTSelNegOutTable and t11FcSpSaTSelSpiTable, containing t11FcSpSaTSelNegOutTable, and t11FcSpSaTSelSpiTable, containing
information about active bidirectional pairs of Security information about active bidirectional pairs of Security
Associations; in particular, t11FcSpSaPairTable has one row per Associations; in particular, t11FcSpSaPairTable has one row per
active bidirectional SA pair, t11FcSpSaTSelNegInTable and active bidirectional SA pair, t11FcSpSaTSelNegInTable and
t11FcSpSaTSelNegOutTable contain information on the Traffic t11FcSpSaTSelNegOutTable contain information on the Traffic
Selectors negotiated on the SAs, and the t11FcSpSaTSelSpiTable is Selectors negotiated on the SAs, and the t11FcSpSaTSelSpiTable
an alternate lookup table such that the Traffic Selector(s) in use is an alternate lookup table such that the Traffic Selector(s)
on a particular Security Association can be quickly determined in use on a particular Security Association can be quickly
based on its (ingress) SPI value; determined based on its (ingress) SPI value;
- a table, t11FcSpSaControlTable, of control and other information - a table, t11FcSpSaControlTable, of control and other information
concerning the generation of notifications for events related to concerning the generation of notifications for events related to
FC-SP Security Associations; FC-SP Security Associations;
- one notification, t11FcSpSaNotifyAuthFailure, generated on the - one notification, t11FcSpSaNotifyAuthFailure, generated on the
occurrence of an Authentication failure for a received FC-2 or occurrence of an Authentication failure for a received FC-2 or
CT_IU frame. CT_IU frame.
4.9. Rate Control for Notifications 4.9. Rate Control for Notifications
All but one of the notifications defined in the five MIB modules in All but one of the notifications defined in the five MIB modules in
this document are notifications which are generated based on events this document are notifications that are generated based on events
occurring in the "control plane", e.g., notifications which are occurring in the "control plane", e.g., notifications that are
generated at the frequency of operator-initiated activities. The one generated at the frequency of operator-initiated activities. The one
exception is t11FcSpSaNotifyAuthFailure, which is generated based on exception is t11FcSpSaNotifyAuthFailure, which is generated based on
an event occurring in the "data plane", and could (in a worst case an event occurring in the "data plane", and could (in a worst case
scenario) occur for every received ingress frame. Therefore, a scenario) occur for every received ingress frame. Therefore, a
method of rate controlling the generation of notifications is needed method of rate controlling the generation of notifications is needed
for t11FcSpSaNotifyAuthFailure, but not for any of the other for t11FcSpSaNotifyAuthFailure, but not for any of the other
notifications. notifications.
For t11FcSpSaNotifyAuthFailure, rate control is achieved by For t11FcSpSaNotifyAuthFailure, rate control is achieved by
specifying that a) after the first occurrence of an Authentication specifying that a) after the first occurrence of an Authentication
failure on any particular Security Association, the SNMP failure on any particular Security Association, the SNMP
notifications for second and subsequent failures are suppressed for notifications for second and subsequent failures are suppressed for
the duration of a time window, and b) that even the notification for the duration of a time window and b) that even the notification for
the first occurrence is suppressed after it is sent in the same time the first occurrence is suppressed after it is sent in the same time
window for a configured (in t11FcSpSaControlMaxNotifs) number of window for a configured (in t11FcSpSaControlMaxNotifs) number of
Security Associations within a Fabric. Note that while these Security Associations within a Fabric. Note that while these
suppressions prevent the network being flooded with notifications, suppressions prevent the network from being flooded with
the Authentication Failures themselves must still be detected and notifications, the Authentication Failures themselves must still be
counted. detected and counted.
The length of the time window is given by t11FcSpSaControlWindow, a The length of the time window is given by t11FcSpSaControlWindow, a
read-write object in the t11FcSpSaControlTable. If and when the time read-write object in the t11FcSpSaControlTable. If and when the time
since the last generation of the notification is less than the value since the last generation of the notification is less than the value
of sysUpTime (e.g., if one or more notifications have occurred since of sysUpTime (e.g., if one or more notifications have occurred since
the last re-initialization of the management system), then the last re-initialization of the management system), then
t11FcSpSaControlElapsed and t11FcSpSaControlSuppressed contain the t11FcSpSaControlElapsed and t11FcSpSaControlSuppressed contain the
elapsed time since the last notification and the number of elapsed time since the last notification and the number of
notifications suppressed in the window after sending the last one, notifications suppressed in the window after sending the last one,
respectively. Otherwise, t11FcSpSaControlElapsed contains the value respectively. Otherwise, t11FcSpSaControlElapsed contains the value
of sysUpTime and t11FcSpSaControlSuppressed has the value zero. of sysUpTime and t11FcSpSaControlSuppressed has the value zero.
5. Relationship to Other MIB Modules 5. Relationship to Other MIB Modules
The first standardized MIB module for Fibre Channel [RFC2837] was The first standardized MIB module for Fibre Channel [RFC2837] was
focussed on Fibre Channel Switches. It was obsoleted by the more focused on Fibre Channel Switches. It was obsoleted by the more
generic Fibre Channel Management MIB [RFC4044] which defines basic generic Fibre Channel Management MIB [RFC4044], which defines basic
information for Fibre Channel Nodes and Switches, including information for Fibre Channel Nodes and Switches, including
extensions to the standard IF-MIB [RFC2863] for Fibre Channel extensions to the standard IF-MIB [RFC2863] for Fibre Channel
interfaces. Several other MIB modules have since been defined to interfaces. Several other MIB modules have since been defined to
extend [RFC4044] for various specific Fibre Channel functionality, extend [RFC4044] for various specific Fibre Channel functionality,
(e.g., [RFC4438], [RFC4439], [RFC4625], [RFC4626], [RFC4747], (e.g., [RFC4438], [RFC4439], [RFC4625], [RFC4626], [RFC4747],
[RFC4936], [RFC4935], [RFC4983]). [RFC4936], [RFC4935], and [RFC4983]).
The MIB modules defined in this memo further extend [RFC4044] to The MIB modules defined in this memo further extend [RFC4044] to
cover the operation of Fibre Channel Security Protocols, as specified cover the operation of Fibre Channel Security Protocols, as specified
in [FC-SP]. in [FC-SP].
One part of the FC-SP specification is "FC-SP Zoning" which is an One part of the FC-SP specification is "FC-SP Zoning", which is an
extension/variant of the Fibre Channel Zoning defined in [FC-GS-5]. extension/variant of the Fibre Channel Zoning defined in [FC-GS-5].
Management information for the latter is defined in the T11-FC-ZONE- Management information for the latter is defined in the T11-FC-ZONE-
SERVER-MIB module [RFC4936]. Consequently, the T11-FC-SP-ZONING-MIB SERVER-MIB module [RFC4936]. Consequently, the T11-FC-SP-ZONING-MIB
module defined in this document defines the extensions to the T11-FC- module defined in this document defines the extensions to the T11-FC-
ZONE-SERVER-MIB module which are needed to manage FC-SP Zoning. ZONE-SERVER-MIB module that are needed to manage FC-SP Zoning.
The MIB modules in this memo import some common Textual Conventions The MIB modules in this memo import some common Textual Conventions
from T11-TC-MIB defined in [RFC4439] and from INET-ADDRESS-MIB from T11-TC-MIB, defined in [RFC4439], and from INET-ADDRESS-MIB,
defined in [RFC4001]. defined in [RFC4001].
If the RADIUS protocol is used for access to an external server, If the RADIUS protocol is used for access to an external server,
information about RADIUS Servers is likely to be available from the information about RADIUS Servers is likely to be available from the
RADIUS-AUTH-CLIENT-MIB [RFC4668]. RADIUS-AUTH-CLIENT-MIB [RFC4668].
6. MIB Module Definitions 6. MIB Module Definitions
6.1. The T11-FC-SP-TC-MIB Module 6.1. The T11-FC-SP-TC-MIB Module
T11-FC-SP-TC-MIB DEFINITIONS ::= BEGIN T11-FC-SP-TC-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-IDENTITY, mib-2, MODULE-IDENTITY, OBJECT-IDENTITY, mib-2,
Unsigned32 FROM SNMPv2-SMI -- [RFC2578] Unsigned32 FROM SNMPv2-SMI -- [RFC2578]
TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579] TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579]
t11FcTcMIB MODULE-IDENTITY t11FcTcMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200808200000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF (in T11 began the development and the IETF (in
the IMSS Working Group) finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
Email: kzm@cisco.com" Email: kzm@cisco.com"
DESCRIPTION DESCRIPTION
"This MIB module defines Textual Conventions for use in "This MIB module defines Textual Conventions for use in
the multiple MIB modules which together define the the multiple MIB modules, which together define the
instrumentation for an implementation of the Fibre Channel instrumentation for an implementation of the Fibre Channel
Security Protocols (FC-SP) specification. Security Protocols (FC-SP) specification.
This MIB module also defines Object Identities (for use as This MIB module also defines Object Identities (for use as
possible values of MIB objects with syntax AutonomousType), possible values of MIB objects with syntax AutonomousType),
including OIDs for the Cryptographic Algorithms defined including OIDs for the Cryptographic Algorithms defined
in FC-SP. in FC-SP.
Copyright (C) The IETF Trust (2008). This version Copyright (C) The IETF Trust (2008). This version
of this MIB module is part of RFC yyyy; see the RFC of this MIB module is part of RFC 5324; see the RFC
itself for full legal notices." itself for full legal notices."
REVISION "200801030000Z" REVISION "200808200000Z"
DESCRIPTION DESCRIPTION
"Initial version of this MIB module, published as RFCyyyy." "Initial version of this MIB module, published as RFC 5324."
::= { mib-2 nnn } -- to be assigned by IANA ::= { mib-2 175 }
t11FcSpIdentities OBJECT IDENTIFIER ::= { t11FcTcMIB 1 } t11FcSpIdentities OBJECT IDENTIFIER ::= { t11FcTcMIB 1 }
t11FcSpAlgorithms OBJECT IDENTIFIER ::= { t11FcSpIdentities 1 } t11FcSpAlgorithms OBJECT IDENTIFIER ::= { t11FcSpIdentities 1 }
-- --
-- Textual Conventions -- Textual Conventions
-- --
T11FcSpPolicyHashFormat ::= TEXTUAL-CONVENTION T11FcSpPolicyHashFormat ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Identifies a cryptographic hash function used to create "Identifies a cryptographic hash function used to create
a hash value which summarizes an FC-SP Policy Object. a hash value that summarizes an FC-SP Policy Object.
Each definition of an object with this TC as its syntax Each definition of an object with this TC as its syntax
must be accompanied by a corresponding definition of an must be accompanied by a corresponding definition of an
object with T11FcSpPolicyHashValue as its syntax, and object with T11FcSpPolicyHashValue as its syntax, and
containing the hash value. containing the hash value.
The first two cryptographic hash functions are: The first two cryptographic hash functions are:
Hash Type Hash Tag Hash Length (Bytes) Hash Type Hash Tag Hash Length (Bytes)
SHA-1 '00000001'h 20 SHA-1 '00000001'h 20
skipping to change at page 23, line 32 skipping to change at page 22, line 15
T11FcSpHashCalculationStatus ::= TEXTUAL-CONVENTION T11FcSpHashCalculationStatus ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When some kind of 'database' is defined in a set of "When some kind of 'database' is defined in a set of
read-write MIB objects, it is common that multiple changes read-write MIB objects, it is common that multiple changes
in the data need to be made at the same time. So, if hash in the data need to be made at the same time. So, if hash
values are maintained for that data, those hash values are values are maintained for that data, those hash values are
only correct if and when they are re-calculated after every only correct if and when they are re-calculated after every
change. In such circumstances, the use of an object with change. In such circumstances, the use of an object with
this syntax allows the re-calculation of the hash values to this syntax allows the re-calculation of the hash values to
be deferred until all changes have been made and therefore be deferred until all changes have been made, and therefore
the calculation need only be done once after all changes, the calculation need only be done once after all changes,
rather than repeatedly/after each individual change. rather than repeatedly/after each individual change.
The definition of an object defined using this TC is The definition of an object defined using this TC is
required to specify which one or more instances of which required to specify which one or more instances of which
MIB objects contain the hash values operated upon (or MIB objects contain the hash values operated upon (or
whose status is given) by the value of this TC. whose status is given) by the value of this TC.
When read, the value of an object with this syntax is When read, the value of an object with this syntax is
either: either:
skipping to change at page 25, line 19 skipping to change at page 23, line 42
unsupportedProtocolVersion(10), unsupportedProtocolVersion(10),
logicalBusy(11), logicalBusy(11),
authILSNotSupported(12), authILSNotSupported(12),
authELSNotSupported(13), authELSNotSupported(13),
notLoggedIn(14) notLoggedIn(14)
} }
T11FcSpHashFunctions ::= TEXTUAL-CONVENTION T11FcSpHashFunctions ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of zero, one or more hash functions defined for "A set of zero, one, or more hash functions defined for
use in FC-SP." use in FC-SP."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 14." February 2007, Table 14."
SYNTAX BITS { SYNTAX BITS {
md5(0), md5(0),
sha1(1) sha1(1)
} }
T11FcSpSignFunctions ::= TEXTUAL-CONVENTION T11FcSpSignFunctions ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of zero, one or more signature functions defined "A set of zero, one, or more signature functions defined
for signing certificates for use with FCAP in FC-SP." for signing certificates for use with FCAP in FC-SP."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, tables 38 & 39." February 2007, tables 38 & 39."
SYNTAX BITS { SYNTAX BITS {
rsaSha1(0) rsaSha1(0)
} }
T11FcSpDhGroups ::= TEXTUAL-CONVENTION T11FcSpDhGroups ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of zero, one or more DH Groups defined for use "A set of zero, one, or more DH Groups defined for use
in FC-SP." in FC-SP."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 15." February 2007, Table 15."
SYNTAX BITS { SYNTAX BITS {
null(0), null(0),
group1024(1), group1024(1),
group1280(2), group1280(2),
group1536(3), group1536(3),
group2048(4), group2048(4),
group3072(5), group3072(5),
group4096(6), group4096(6),
group6144(7), group6144(7),
group8192(8) group8192(8)
} }
T11FcSpPolicyObjectType ::= TEXTUAL-CONVENTION T11FcSpPolicyObjectType ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value which identifies the type of an FC-SP Policy "A value that identifies the type of an FC-SP Policy
Object." Object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 102." February 2007, Table 102."
SYNTAX INTEGER { SYNTAX INTEGER {
summary(1), summary(1),
switchMemberList(2), switchMemberList(2),
nodeMemberList(3), nodeMemberList(3),
switchConnectivity(4), switchConnectivity(4),
skipping to change at page 27, line 18 skipping to change at page 25, line 21
"The format and usage of a companion object having "The format and usage of a companion object having
T11FcSpPolicyName as its syntax. T11FcSpPolicyName as its syntax.
Six of the values indicate the same format, i.e., they Six of the values indicate the same format, i.e., they
differ only in semantics. That common format is a Fibre differ only in semantics. That common format is a Fibre
Channel 'Name_Identifier', i.e., the same syntax as Channel 'Name_Identifier', i.e., the same syntax as
'FcNameIdOrZero (SIZE(8))'. 'FcNameIdOrZero (SIZE(8))'.
These six are three pairs of one restricted and one These six are three pairs of one restricted and one
unrestricted. Each usage of this syntax must specify unrestricted. Each usage of this syntax must specify
what the meaning of "restricted" is for that usage, and what the meaning of 'restricted' is for that usage and
how the characteristics and behavior of restricted how the characteristics and behavior of restricted
names differ from unrestricted names. names differ from unrestricted names.
The six are: The six are:
'nodeName' - a Node_Name, which is the 'nodeName' - a Node_Name, which is the
Name_Identifier associated Name_Identifier associated
with a Fibre Channel Node. with a Fibre Channel Node.
'restrictedNodeName' - a Restricted Node_Name. 'restrictedNodeName' - a Restricted Node_Name.
'portName' - the Name_Identifier associated 'portName' - the Name_Identifier associated
with a Fibre Channel Port. with a Fibre Channel Port.
'restrictedPortName' - a Restricted Port_Name. 'restrictedPortName' - a Restricted Port_Name.
'wildcard' - a Wildcard value which is used to 'wildcard' - a Wildcard value that is used to
identify 'all others' (typically, identify 'all others' (typically,
all other members of a Policy all other members of a Policy
Object, not all other Policy Object, not all other Policy
Objects). Objects).
'restrictedWildcard' - a Restricted Wildcard value. 'restrictedWildcard' - a Restricted Wildcard value.
Other possible values are: Other possible values are:
'alphaNumericName' - the value begins with an ASCII 'alphaNumericName' - the value begins with an ASCII
skipping to change at page 28, line 34 skipping to change at page 26, line 35
ipv6AddressRange(8), ipv6AddressRange(8),
ipv4AddressRange(9) ipv4AddressRange(9)
} }
T11FcSpPolicyName ::= TEXTUAL-CONVENTION T11FcSpPolicyName ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A syntax used, when defining Policy Objects, for the "A syntax used, when defining Policy Objects, for the
name of something. name of something.
An object which uses this syntax always identifies a An object that uses this syntax always identifies a
a companion object with syntax T11FcSpPolicyNameType companion object with syntax T11FcSpPolicyNameType
such that the companion object specifies the format such that the companion object specifies the format
and usage of the object with this syntax. and usage of the object with this syntax.
When the companion object has the value 'wildcard' or When the companion object has the value 'wildcard' or
'restrictedWildcard', the value of the T11FcSpPolicyName 'restrictedWildcard', the value of the T11FcSpPolicyName
object is: '0000000000000000'h." object is: '0000000000000000'h."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 103." February 2007, Table 103."
skipping to change at page 29, line 23 skipping to change at page 27, line 19
" "
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, Table 103." February 2007, Table 103."
SYNTAX OCTET STRING (SIZE (1..64)) SYNTAX OCTET STRING (SIZE (1..64))
T11FcSpAlphaNumNameOrAbsent ::= TEXTUAL-CONVENTION T11FcSpAlphaNumNameOrAbsent ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An extension of the T11FcSpAlphaNumName TC which "An extension of the T11FcSpAlphaNumName TC with
one additional possible value: the zero-length string one additional possible value: the zero-length string
to indicate the absence of a name." to indicate the absence of a name."
SYNTAX OCTET STRING (SIZE (0..64)) SYNTAX OCTET STRING (SIZE (0..64))
T11FcSaDirection ::= TEXTUAL-CONVENTION T11FcSaDirection ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The direction of frame transmission on a Security "The direction of frame transmission on a Security
Association. Note that Security Associations are Association. Note that Security Associations are
unidirectional but they always exist as part of an unidirectional, but they always exist as part of an
SA pair of the same type in opposite directions." SA pair of the same type in opposite directions."
SYNTAX INTEGER { ingress(1), egress(2) } SYNTAX INTEGER { ingress(1), egress(2) }
T11FcSpiIndex ::= TEXTUAL-CONVENTION T11FcSpiIndex ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An SPI (Security Parameter Index) value is carried in the "An SPI (Security Parameter Index) value is carried in the
SPI field of a frame protected by the ESP_Header. An SPI SPI field of a frame protected by the ESP_Header. An SPI
is also carried in the SAID field of a Common Transport is also carried in the SAID field of a Common Transport
Information Unit (CT_IU) protected by CT_Authentication. Information Unit (CT_IU) protected by CT_Authentication.
skipping to change at page 30, line 26 skipping to change at page 28, line 6
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 4.7.2 and 4.7.3." February 2007, section 4.7.2 and 4.7.3."
SYNTAX Unsigned32 (0..4294967295) -- the default range!! SYNTAX Unsigned32 (0..4294967295) -- the default range!!
T11FcSpPrecedence ::= TEXTUAL-CONVENTION T11FcSpPrecedence ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The precedence of a Traffic Selector. If a frame "The precedence of a Traffic Selector. If a frame
matches with two or more Traffic Selectors, then the match matches with two or more Traffic Selectors, then the match
which takes precedence is the one with the Traffic Selector that takes precedence is the one with the Traffic Selector
having the numerically smallest precedence value. Note that having the numerically smallest precedence value. Note that
precedence values are not necessarily contiguous." precedence values are not necessarily contiguous."
SYNTAX Unsigned32 (0..4294967295) -- the default range!! SYNTAX Unsigned32 (0..4294967295) -- the default range!!
T11FcRoutingControl ::= TEXTUAL-CONVENTION T11FcRoutingControl ::= TEXTUAL-CONVENTION
DISPLAY-HINT "1x" DISPLAY-HINT "1x"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value stored in the R_CTL (Routing Control) 8-bit field "A value stored in the R_CTL (Routing Control) 8-bit field
of an FC-2 frame containing routing and information bits to of an FC-2 frame containing routing and information bits to
categorize the frame function. categorize the frame function.
For FC-2 frames, an R_CTL value typically distinguishes For FC-2 frames, an R_CTL value typically distinguishes
between control versus data frames, and/or solicited versus between control versus data frames and/or solicited versus
unsolicited frames, and in combination with the TYPE field unsolicited frames, and in combination with the TYPE field
(see T11FcSpType) identifies a particular link layer (see T11FcSpType), identifies a particular link-layer
service/protocol using FC-2. service/protocol using FC-2.
For CT_Authentication, the information field in the R_CTL For CT_Authentication, the information field in the R_CTL
field contains '02'h for Request CT_IUs, and '03'h for field contains '02'h for Request CT_IUs and '03'h for
Response CT_IUs. Response CT_IUs.
The comparison of two values having this syntax is done The comparison of two values having this syntax is done
by treating each string as an 8-bit numeric value." by treating each string as an 8-bit numeric value."
REFERENCE REFERENCE
" - Fibre Channel - Framing and Signaling-2 (FC-FS-2), " - Fibre Channel - Framing and Signaling-2 (FC-FS-2),
ANSI INCITS 424-2007, Project T11/1619-D, ANSI INCITS 424-2007, Project T11/1619-D,
February 2007, section 9.3. February 2007, section 9.3.
- Fibre Channel - Generic Services-5 (FC-GS-5), - Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, sections 4.5.2.4.2, 4.5.2.4.3 ANSI INCITS 427-2006, sections 4.5.2.4.2, 4.5.2.4.3
skipping to change at page 32, line 8 skipping to change at page 29, line 28
" - Fibre Channel - Framing and Signaling-2 (FC-FS-2), " - Fibre Channel - Framing and Signaling-2 (FC-FS-2),
ANSI INCITS 424-2007, Project T11/1619-D, ANSI INCITS 424-2007, Project T11/1619-D,
February 2007, section 9.6. February 2007, section 9.6.
- Fibre Channel - Generic Services-5 (FC-GS-5), - Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, sections 4.3.2.4 and 4.3.2.5." ANSI INCITS 427-2006, sections 4.3.2.4 and 4.3.2.5."
SYNTAX OCTET STRING (SIZE(2)) SYNTAX OCTET STRING (SIZE(2))
T11FcSpTransforms ::= TEXTUAL-CONVENTION T11FcSpTransforms ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A list of the standardized transforms which are defined "A list of the standardized transforms that are defined
by FC-SP for use with ESP_Header, CT_Authentication and/or by FC-SP for use with ESP_Header, CT_Authentication, and/or
IKEv2 Support." IKEv2 Support."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
Appendix A.3.1, tables A.23, A.24, A.25, A.26." Appendix A.3.1, tables A.23, A.24, A.25, A.26."
SYNTAX BITS { SYNTAX BITS {
encrNull(0), encrNull(0),
encrAesCbc(1), encrAesCbc(1),
encrAesCtr(2), encrAesCtr(2),
encrAesGcm(3), encrAesGcm(3),
skipping to change at page 37, line 38 skipping to change at page 33, line 50
T11FabricIndex FROM T11-TC-MIB -- [RFC4439] T11FabricIndex FROM T11-TC-MIB -- [RFC4439]
T11FcSpDhGroups, T11FcSpDhGroups,
T11FcSpHashFunctions, T11FcSpHashFunctions,
T11FcSpSignFunctions, T11FcSpSignFunctions,
T11FcSpLifetimeLeft, T11FcSpLifetimeLeft,
T11FcSpLifetimeLeftUnits, T11FcSpLifetimeLeftUnits,
T11FcSpAuthRejectReasonCode, T11FcSpAuthRejectReasonCode,
T11FcSpAuthRejReasonCodeExp FROM T11-FC-SP-TC-MIB; T11FcSpAuthRejReasonCodeExp FROM T11-FC-SP-TC-MIB;
t11FcSpAuthenticationMIB MODULE-IDENTITY t11FcSpAuthenticationMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200808200000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF (in T11 began the development and the IETF (in
the IMSS Working Group) finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
skipping to change at page 38, line 17 skipping to change at page 34, line 27
San Jose, CA 95134 USA San Jose, CA 95134 USA
Email: kzm@cisco.com" Email: kzm@cisco.com"
DESCRIPTION DESCRIPTION
"This MIB module specifies the management information "This MIB module specifies the management information
required to manage the Authentication Protocols defined by required to manage the Authentication Protocols defined by
Fibre Channel's FC-SP specification. Fibre Channel's FC-SP specification.
This MIB module defines three tables: This MIB module defines three tables:
- t11FcSpAuEntityTable is a table of Fibre Channel - t11FcSpAuEntityTable is a table of Fibre Channel
entities which can be authenticated using FC-SP's entities that can be authenticated using FC-SP's
Authentication Protocols. Authentication Protocols.
- t11FcSpAuIfStatTable is a table with one row for each - t11FcSpAuIfStatTable is a table with one row for each
mapping of an Authentication entity onto an interface, mapping of an Authentication entity onto an interface,
containing statistics information. containing statistics information.
- t11FcSpAuRejectTable is a table of volatile information - t11FcSpAuRejectTable is a table of volatile information
about FC-SP Authentication Protocol transactions about FC-SP Authentication Protocol transactions
which were most recently rejected. that were most recently rejected.
Copyright (C) The IETF Trust (2008). This version Copyright (C) The IETF Trust (2008). This version
of this MIB module is part of RFC yyyy; see the RFC of this MIB module is part of RFC 5324; see the RFC
itself for full legal notices." itself for full legal notices."
REVISION "200801030000Z" REVISION "200808200000Z"
DESCRIPTION DESCRIPTION
"Initial version of this MIB module, published as RFCyyyy." "Initial version of this MIB module, published as RFC 5324."
::= { mib-2 nnn } -- to be assigned by IANA ::= { mib-2 176 }
t11FcSpAuMIBNotifications t11FcSpAuMIBNotifications
OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 0 } OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 0 }
t11FcSpAuMIBObjects t11FcSpAuMIBObjects
OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 1 } OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 1 }
t11FcSpAuMIBConformance t11FcSpAuMIBConformance
OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 2 } OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 2 }
t11FcSpAuMIBIdentities t11FcSpAuMIBIdentities
OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 3 } OBJECT IDENTIFIER ::= { t11FcSpAuthenticationMIB 3 }
-- --
-- OIDs defined for use as values of t11FcSpAuServerProtocol -- OIDs defined for use as values of t11FcSpAuServerProtocol
-- --
t11FcSpAuServerProtocolRadius OBJECT-IDENTITY t11FcSpAuServerProtocolRadius OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 40, line 14 skipping to change at page 36, line 6
-- --
-- Configuration for the Authentication Protocols -- Configuration for the Authentication Protocols
-- --
t11FcSpAuEntityTable OBJECT-TYPE t11FcSpAuEntityTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpAuEntityEntry SYNTAX SEQUENCE OF T11FcSpAuEntityEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Fibre Channel entities which can be authenticated "A table of Fibre Channel entities that can be authenticated
using FC-SP's Authentication Protocols. using FC-SP's Authentication Protocols.
The purpose of an FC-SP Authentication Protocol is to verify The purpose of an FC-SP Authentication Protocol is to verify
that a claimed name is associated with the claiming entity. that a claimed name is associated with the claiming entity.
The Authentication Protocols can be used to authenticate The Authentication Protocols can be used to authenticate
Nx_Ports, B_Ports, or Switches." Nx_Ports, B_Ports, or Switches."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 3.2.25." February 2007, section 3.2.25."
skipping to change at page 40, line 49 skipping to change at page 36, line 41
::= { t11FcSpAuEntityTable 1 } ::= { t11FcSpAuEntityTable 1 }
T11FcSpAuEntityEntry ::= SEQUENCE { T11FcSpAuEntityEntry ::= SEQUENCE {
t11FcSpAuEntityName FcNameIdOrZero, t11FcSpAuEntityName FcNameIdOrZero,
t11FcSpAuFabricIndex T11FabricIndex, t11FcSpAuFabricIndex T11FabricIndex,
t11FcSpAuServerProtocol AutonomousType, t11FcSpAuServerProtocol AutonomousType,
-- Config parameters -- Config parameters
t11FcSpAuStorageType StorageType, t11FcSpAuStorageType StorageType,
t11FcSpAuSendRejNotifyEnable TruthValue, t11FcSpAuSendRejNotifyEnable TruthValue,
t11FcSpAuRcvRejNotifyEnable TruthValue, t11FcSpAuRcvRejNotifyEnable TruthValue,
t11FcSpAuDefaultLifetime Unsigned32, t11FcSpAuDefaultLifetime T11FcSpLifetimeLeft,
t11FcSpAuDefaultLifetimeUnits INTEGER, t11FcSpAuDefaultLifetimeUnits T11FcSpLifetimeLeftUnits,
t11FcSpAuRejectMaxRows Unsigned32, t11FcSpAuRejectMaxRows Unsigned32,
-- Capabilities -- Capabilities
t11FcSpAuDhChapHashFunctions T11FcSpHashFunctions, t11FcSpAuDhChapHashFunctions T11FcSpHashFunctions,
t11FcSpAuDhChapDhGroups T11FcSpDhGroups, t11FcSpAuDhChapDhGroups T11FcSpDhGroups,
t11FcSpAuFcapHashFunctions T11FcSpHashFunctions, t11FcSpAuFcapHashFunctions T11FcSpHashFunctions,
t11FcSpAuFcapCertsSignFunctions T11FcSpSignFunctions, t11FcSpAuFcapCertsSignFunctions T11FcSpSignFunctions,
t11FcSpAuFcapDhGroups T11FcSpDhGroups, t11FcSpAuFcapDhGroups T11FcSpDhGroups,
t11FcSpAuFcpapHashFunctions T11FcSpHashFunctions, t11FcSpAuFcpapHashFunctions T11FcSpHashFunctions,
t11FcSpAuFcpapDhGroups T11FcSpDhGroups t11FcSpAuFcpapDhGroups T11FcSpDhGroups
} }
t11FcSpAuEntityName OBJECT-TYPE t11FcSpAuEntityName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8)) SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name used to identify the FC-SP entity. "The name used to identify the FC-SP entity.
For entities which are Fibre Channel Switches, this value For entities that are Fibre Channel Switches, this value
corresponds to the Switch's value of fcmSwitchWWN. For corresponds to the Switch's value of fcmSwitchWWN. For
entities other than Fibre Channel Switches, this value entities other than Fibre Channel Switches, this value
corresponds to the value of fcmInstanceWwn for the corresponds to the value of fcmInstanceWwn for the
corresponding Fibre Channel management instance." corresponding Fibre Channel management instance."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.3.3. February 2007, section 5.3.3.
- fcmInstanceWwn & fcmSwitchWWN, - fcmInstanceWwn & fcmSwitchWWN,
'Fibre Channel Management MIB', RFC 4044, May 2005." 'Fibre Channel Management MIB', RFC 4044, May 2005."
::= { t11FcSpAuEntityEntry 1 } ::= { t11FcSpAuEntityEntry 1 }
t11FcSpAuFabricIndex OBJECT-TYPE t11FcSpAuFabricIndex OBJECT-TYPE
SYNTAX T11FabricIndex SYNTAX T11FabricIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a "An index value that uniquely identifies a
particular Fabric to which the entity is attached." particular Fabric to which the entity is attached."
::= { t11FcSpAuEntityEntry 2 } ::= { t11FcSpAuEntityEntry 2 }
t11FcSpAuServerProtocol OBJECT-TYPE t11FcSpAuServerProtocol OBJECT-TYPE
SYNTAX AutonomousType SYNTAX AutonomousType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The protocol, if any, used by the entity to communicate "The protocol, if any, used by the entity to communicate
with a third party (i.e., an External Server) as part of with a third party (i.e., an External Server) as part of
skipping to change at page 42, line 28 skipping to change at page 38, line 15
configured information (if any) may be used instead." configured information (if any) may be used instead."
::= { t11FcSpAuEntityEntry 3 } ::= { t11FcSpAuEntityEntry 3 }
t11FcSpAuStorageType OBJECT-TYPE t11FcSpAuStorageType OBJECT-TYPE
SYNTAX StorageType SYNTAX StorageType
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies the memory realization of "This object specifies the memory realization of
configuration information related to an FC-SP configuration information related to an FC-SP
Entity on a particular Fabric; specifically, for Entity on a particular Fabric: specifically, for
MIB objects in the row containing this object. MIB objects in the row containing this object.
Even if an instance of this object has the value Even if an instance of this object has the value
'permanent(4)', none of the information in the 'permanent(4)', none of the information in the
corresponding row of this table needs to be writable." corresponding row of this table needs to be writable."
::= { t11FcSpAuEntityEntry 4 } ::= { t11FcSpAuEntityEntry 4 }
t11FcSpAuSendRejNotifyEnable OBJECT-TYPE t11FcSpAuSendRejNotifyEnable OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
skipping to change at page 43, line 30 skipping to change at page 39, line 14
t11FcSpAuDefaultLifetime OBJECT-TYPE t11FcSpAuDefaultLifetime OBJECT-TYPE
SYNTAX T11FcSpLifetimeLeft SYNTAX T11FcSpLifetimeLeft
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of this object is non-zero, it specifies the "When the value of this object is non-zero, it specifies the
default value of a lifetime, specified in units given by default value of a lifetime, specified in units given by
the corresponding instance of t11FcSpAuDefaultLifetimeUnits. the corresponding instance of t11FcSpAuDefaultLifetimeUnits.
This default lifetime is to be used for any Security This default lifetime is to be used for any Security
Association which has no explicitly-specified value for its Association that has no explicitly specified value for its
lifetime. lifetime.
An SA's lifetime is either the time interval or the number An SA's lifetime is either the time interval or the number
of passed bytes, after which the SA has to be terminated and of passed bytes, after which the SA has to be terminated and
(if necessary) replaced with a new SA. (if necessary) replaced with a new SA.
If this object is zero, then there is no default value for If this object is zero, then there is no default value for
lifetime." lifetime."
DEFVAL { 28800 } -- 8 hours (in units of seconds) DEFVAL { 28800 } -- 8 hours (in units of seconds)
::= { t11FcSpAuEntityEntry 7 } ::= { t11FcSpAuEntityEntry 7 }
t11FcSpAuDefaultLifetimeUnits OBJECT-TYPE t11FcSpAuDefaultLifetimeUnits OBJECT-TYPE
SYNTAX T11FcSpLifetimeLeftUnits SYNTAX T11FcSpLifetimeLeftUnits
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The units in which the value of the corresponding "The units in which the value of the corresponding
instance of t11FcSpAuDefaultLifetime specifies a instance of t11FcSpAuDefaultLifetime specifies a
default lifetime for a Security Association which has default lifetime for a Security Association that has
no explicitly-specified value for its lifetime." no explicitly-specified value for its lifetime."
DEFVAL { seconds } DEFVAL { seconds }
::= { t11FcSpAuEntityEntry 8 } ::= { t11FcSpAuEntityEntry 8 }
t11FcSpAuRejectMaxRows OBJECT-TYPE t11FcSpAuRejectMaxRows OBJECT-TYPE
SYNTAX Unsigned32 (0..1000) SYNTAX Unsigned32 (0..1000)
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum number of rows in the t11FcSpAuRejectTable for "The maximum number of rows in the t11FcSpAuRejectTable for
this entity on this Fabric. If and when an AUTH message is this entity on this Fabric. If and when an AUTH message is
rejected and the t11FcSpAuRejectTable already contains this rejected, and the t11FcSpAuRejectTable already contains this
maximum number of rows for the specific entity and Fabric, maximum number of rows for the specific entity and Fabric,
the row containing the oldest information is discarded and the row containing the oldest information is discarded and
replaced by a row containing information about the new replaced by a row containing information about the new
rejection. rejection.
There will be less than this maximum number of rows in There will be less than this maximum number of rows in
the t11FcSpAuRejectTable in exceptional circumstances, the t11FcSpAuRejectTable in exceptional circumstances,
e.g., after an agent restart. e.g., after an agent restart.
In an implementation which does not support the In an implementation that does not support the
t11FcSpAuRejectTable, this object will always be zero." t11FcSpAuRejectTable, this object will always be zero."
::= { t11FcSpAuEntityEntry 9 } ::= { t11FcSpAuEntityEntry 9 }
t11FcSpAuDhChapHashFunctions OBJECT-TYPE t11FcSpAuDhChapHashFunctions OBJECT-TYPE
SYNTAX T11FcSpHashFunctions SYNTAX T11FcSpHashFunctions
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The hash functions which the entity supports when using "The hash functions that the entity supports when using
the DH-CHAP algorithm." the DH-CHAP algorithm."
::= { t11FcSpAuEntityEntry 10 } ::= { t11FcSpAuEntityEntry 10 }
t11FcSpAuDhChapDhGroups OBJECT-TYPE t11FcSpAuDhChapDhGroups OBJECT-TYPE
SYNTAX T11FcSpDhGroups SYNTAX T11FcSpDhGroups
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The DH Groups which the entity supports when using the "The DH Groups that the entity supports when using the
DH-CHAP algorithm in FC-SP." DH-CHAP algorithm in FC-SP."
::= { t11FcSpAuEntityEntry 11 } ::= { t11FcSpAuEntityEntry 11 }
t11FcSpAuFcapHashFunctions OBJECT-TYPE t11FcSpAuFcapHashFunctions OBJECT-TYPE
SYNTAX T11FcSpHashFunctions SYNTAX T11FcSpHashFunctions
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The hash functions which the entity supports when "The hash functions that the entity supports when
specified as Protocol Parameters in the AUTH_Negotiate specified as Protocol Parameters in the AUTH_Negotiate
message for FCAP in FC-SP." message for FCAP in FC-SP."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.5.2.1 and table 28." February 2007, section 5.5.2.1 and table 28."
::= { t11FcSpAuEntityEntry 12 } ::= { t11FcSpAuEntityEntry 12 }
t11FcSpAuFcapCertsSignFunctions OBJECT-TYPE t11FcSpAuFcapCertsSignFunctions OBJECT-TYPE
SYNTAX T11FcSpSignFunctions SYNTAX T11FcSpSignFunctions
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The signature functions used within certificates which "The signature functions used within certificates that
the entity supports when using FCAP in FC-SP." the entity supports when using FCAP in FC-SP."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.5.4.2 and tables 38 & 39." February 2007, section 5.5.4.2 and tables 38 & 39."
::= { t11FcSpAuEntityEntry 13 } ::= { t11FcSpAuEntityEntry 13 }
t11FcSpAuFcapDhGroups OBJECT-TYPE t11FcSpAuFcapDhGroups OBJECT-TYPE
SYNTAX T11FcSpDhGroups SYNTAX T11FcSpDhGroups
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The DH Groups which the entity supports when using the "The DH Groups that the entity supports when using the
FCAP algorithm in FC-SP." FCAP algorithm in FC-SP."
::= { t11FcSpAuEntityEntry 14 } ::= { t11FcSpAuEntityEntry 14 }
t11FcSpAuFcpapHashFunctions OBJECT-TYPE t11FcSpAuFcpapHashFunctions OBJECT-TYPE
SYNTAX T11FcSpHashFunctions SYNTAX T11FcSpHashFunctions
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The hash functions which the entity supports when using "The hash functions that the entity supports when using
the FCPAP algorithm in FC-SP." the FCPAP algorithm in FC-SP."
::= { t11FcSpAuEntityEntry 15 } ::= { t11FcSpAuEntityEntry 15 }
t11FcSpAuFcpapDhGroups OBJECT-TYPE t11FcSpAuFcpapDhGroups OBJECT-TYPE
SYNTAX T11FcSpDhGroups SYNTAX T11FcSpDhGroups
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The DH Groups which the entity supports when using the "The DH Groups that the entity supports when using the
FCPAP algorithm in FC-SP." FCPAP algorithm in FC-SP."
::= { t11FcSpAuEntityEntry 16 } ::= { t11FcSpAuEntityEntry 16 }
-- --
-- The Mapping of Authentication Entities onto Interfaces -- The Mapping of Authentication Entities onto Interfaces
-- and Statistics -- and Statistics
-- --
t11FcSpAuIfStatTable OBJECT-TYPE t11FcSpAuIfStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpAuIfStatEntry SYNTAX SEQUENCE OF T11FcSpAuIfStatEntry
skipping to change at page 47, line 28 skipping to change at page 42, line 46
DESCRIPTION DESCRIPTION
"The interface on which the FC-SP Authentication entity "The interface on which the FC-SP Authentication entity
operates and for which the statistics are collected." operates and for which the statistics are collected."
::= { t11FcSpAuIfStatEntry 1 } ::= { t11FcSpAuIfStatEntry 1 }
t11FcSpAuIfStatFabricIndex OBJECT-TYPE t11FcSpAuIfStatFabricIndex OBJECT-TYPE
SYNTAX T11FabricIndex SYNTAX T11FabricIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A index value identifying the particular Fabric for "An index value identifying the particular Fabric for
which the statistics are collected." which the statistics are collected."
::= { t11FcSpAuIfStatEntry 2 } ::= { t11FcSpAuIfStatEntry 2 }
t11FcSpAuIfStatTimeouts OBJECT-TYPE t11FcSpAuIfStatTimeouts OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages sent "The number of FC-SP Authentication Protocol messages sent
by the particular entity on the particular Fabric on the by the particular entity on the particular Fabric on the
particular interface, for which no response was received particular interface, for which no response was received
within a timeout period. within a timeout period.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.11." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.11."
::= { t11FcSpAuIfStatEntry 3 } ::= { t11FcSpAuIfStatEntry 3 }
t11FcSpAuIfStatInAcceptedMsgs OBJECT-TYPE t11FcSpAuIfStatInAcceptedMsgs OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages "The number of FC-SP Authentication Protocol messages
received and accepted by the particular entity on the received and accepted by the particular entity on the
particular Fabric on the particular interface. particular Fabric on the particular interface.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.1." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.1."
::= { t11FcSpAuIfStatEntry 4 } ::= { t11FcSpAuIfStatEntry 4 }
t11FcSpAuIfStatInLsSwRejectedMsgs OBJECT-TYPE t11FcSpAuIfStatInLsSwRejectedMsgs OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages "The number of FC-SP Authentication Protocol messages
received by the particular entity on the particular Fabric received by the particular entity on the particular Fabric
on particular interface, and rejected by a lower-level on the particular interface, and rejected by a lower-level
(SW_RJT or LS_RJT) reject. (SW_RJT or LS_RJT) reject.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.1." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.1."
::= { t11FcSpAuIfStatEntry 5 } ::= { t11FcSpAuIfStatEntry 5 }
t11FcSpAuIfStatInAuthRejectedMsgs OBJECT-TYPE t11FcSpAuIfStatInAuthRejectedMsgs OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages "The number of FC-SP Authentication Protocol messages
received by the particular entity on the particular Fabric received by the particular entity on the particular Fabric
on particular interface, and rejected by an AUTH_Reject on the particular interface, and rejected by an AUTH_Reject
message. message.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.1." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.1."
::= { t11FcSpAuIfStatEntry 6 } ::= { t11FcSpAuIfStatEntry 6 }
t11FcSpAuIfStatOutAcceptedMsgs OBJECT-TYPE t11FcSpAuIfStatOutAcceptedMsgs OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages sent "The number of FC-SP Authentication Protocol messages sent
by the particular entity on the particular Fabric on the by the particular entity on the particular Fabric on the
particular interface, which were accepted by the particular interface, which were accepted by the
neighbouring entity, i.e., not rejected by an AUTH_Reject neighboring entity, i.e., not rejected by an AUTH_Reject
message, nor by a lower-level (SW_RJT or LS_RJT) reject. message, nor by a lower-level (SW_RJT or LS_RJT) reject.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.1." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.1."
::= { t11FcSpAuIfStatEntry 7 } ::= { t11FcSpAuIfStatEntry 7 }
t11FcSpAuIfStatOutLsSwRejectedMsgs OBJECT-TYPE t11FcSpAuIfStatOutLsSwRejectedMsgs OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages sent "The number of FC-SP Authentication Protocol messages sent
by the particular entity on the particular Fabric on the by the particular entity on the particular Fabric on the
particular interface, which were rejected by a lower-level particular interface, which were rejected by a lower-level
(SW_RJT or LS_RJT) reject. (SW_RJT or LS_RJT) reject.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.1." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.1."
::= { t11FcSpAuIfStatEntry 8 } ::= { t11FcSpAuIfStatEntry 8 }
t11FcSpAuIfStatOutAuthRejectedMsgs OBJECT-TYPE t11FcSpAuIfStatOutAuthRejectedMsgs OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Authentication Protocol messages sent "The number of FC-SP Authentication Protocol messages sent
by the particular entity on the particular Fabric on the by the particular entity on the particular Fabric on the
particular interface, which were rejected by an particular interface, which were rejected by an
AUTH_Reject message. AUTH_Reject message.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"Fibre Channel - Security Protocols (FC-SP), "- ANSI INCITS 426-2007, T11/Project 1570-D,
T11/Project 1570-D/Rev 1.8, June 2006, section 5.1." Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.1."
::= { t11FcSpAuIfStatEntry 9 } ::= { t11FcSpAuIfStatEntry 9 }
-- --
-- Information about Authentication Protocol Transactions -- Information about Authentication Protocol Transactions
-- which were recently rejected -- which were recently rejected
-- --
t11FcSpAuRejectTable OBJECT-TYPE t11FcSpAuRejectTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpAuRejectEntry SYNTAX SEQUENCE OF T11FcSpAuRejectEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of volatile information about FC-SP Authentication "A table of volatile information about FC-SP Authentication
Protocol transactions which were recently rejected with Protocol transactions that were recently rejected with
an AUTH_Reject message, or with an SW_RJT/LS_RJT. an AUTH_Reject message, or with an SW_RJT/LS_RJT.
The maximum number of rows in this table for a specific The maximum number of rows in this table for a specific
entity on a specific Fabric is given by the value of the entity on a specific Fabric is given by the value of the
corresponding instance of t11FcSpAuRejectMaxRows. corresponding instance of t11FcSpAuRejectMaxRows.
The syntax of t11FcSpAuRejTimestamp is TimeStamp, and thus The syntax of t11FcSpAuRejTimestamp is TimeStamp, and thus
its value rolls-over to zero after approximately 497 days. its value rolls over to zero after approximately 497 days.
To avoid any confusion due to such a roll-over, rows should To avoid any confusion due to such a rollover, rows should
be deleted from this table before they are 497 days old. be deleted from this table before they are 497 days old.
This table will be empty if no AUTH_Reject messages, This table will be empty if no AUTH_Reject messages,
nor any SW_RJT/LS_RJT's rejecting an AUTH message, nor any SW_RJT/LS_RJT's rejecting an AUTH message,
have been sent or received since the last have been sent or received since the last
re-initialization of the agent." re-initialization of the agent."
::= { t11FcSpAuMIBObjects 3 } ::= { t11FcSpAuMIBObjects 3 }
t11FcSpAuRejectEntry OBJECT-TYPE t11FcSpAuRejectEntry OBJECT-TYPE
SYNTAX T11FcSpAuRejectEntry SYNTAX T11FcSpAuRejectEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Information about one AUTH message (either an "Information about one AUTH message (either an
AUTH_ELS or an AUTH_ILS) which was rejected with an AUTH_ELS or an AUTH_ILS) that was rejected with an
AUTH_Reject, SW_RJT or LS_RJT message, sent/received by AUTH_Reject, SW_RJT or LS_RJT message, sent/received by
the entity identified by values of fcmInstanceIndex and the entity identified by values of fcmInstanceIndex and
t11FcSpAuEntityName, on an interface to a particular t11FcSpAuEntityName, on an interface to a particular
Fabric." Fabric."
INDEX { fcmInstanceIndex, t11FcSpAuEntityName, INDEX { fcmInstanceIndex, t11FcSpAuEntityName,
t11FcSpAuRejInterfaceIndex, t11FcSpAuRejFabricIndex, t11FcSpAuRejInterfaceIndex, t11FcSpAuRejFabricIndex,
t11FcSpAuRejTimestamp } t11FcSpAuRejTimestamp }
::= { t11FcSpAuRejectTable 1 } ::= { t11FcSpAuRejectTable 1 }
T11FcSpAuRejectEntry ::= SEQUENCE { T11FcSpAuRejectEntry ::= SEQUENCE {
skipping to change at page 51, line 42 skipping to change at page 46, line 52
DESCRIPTION DESCRIPTION
"The interface on which the rejected AUTH message was "The interface on which the rejected AUTH message was
sent or received." sent or received."
::= { t11FcSpAuRejectEntry 1 } ::= { t11FcSpAuRejectEntry 1 }
t11FcSpAuRejFabricIndex OBJECT-TYPE t11FcSpAuRejFabricIndex OBJECT-TYPE
SYNTAX T11FabricIndex SYNTAX T11FabricIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A index value identifying the particular Fabric on "An index value identifying the particular Fabric on
which the rejected AUTH message was sent or received." which the rejected AUTH message was sent or received."
::= { t11FcSpAuRejectEntry 2 } ::= { t11FcSpAuRejectEntry 2 }
t11FcSpAuRejTimestamp OBJECT-TYPE t11FcSpAuRejTimestamp OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The time at which the AUTH message was rejected. If two "The time at which the AUTH message was rejected. If two
rows have the same value of this object for the same rows have the same value of this object for the same
skipping to change at page 52, line 43 skipping to change at page 47, line 49
DESCRIPTION DESCRIPTION
"An indication of whether the rejection was an "An indication of whether the rejection was an
AUTH_Reject, an SW_RJT or an LS_RJT." AUTH_Reject, an SW_RJT or an LS_RJT."
::= { t11FcSpAuRejectEntry 5 } ::= { t11FcSpAuRejectEntry 5 }
t11FcSpAuRejAuthMsgString OBJECT-TYPE t11FcSpAuRejAuthMsgString OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) SYNTAX OCTET STRING (SIZE(0..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The binary content of the AUTH message which was "The binary content of the AUTH message that was
rejected, formatted as an octet string (in network rejected, formatted as an octet string (in network
byte order) containing the content of the message. byte order) containing the content of the message.
If the binary content is unavailable, then the If the binary content is unavailable, then the
length is zero. Otherwise, the first octet of the length is zero. Otherwise, the first octet of the
message identifies the type of message: message identifies the type of message:
'90'h - an AUTH_ELS, see Table 6 in FC-SP, '90'h - an AUTH_ELS, see Table 6 in FC-SP,
'40'h - an AUTH_ILS, see Table 3 in FC-SP, or '40'h - an AUTH_ILS, see Table 3 in FC-SP, or
'41'h - an B_AUTH_ILS, see Table 5 in FC-SP. '41'h - an B_AUTH_ILS, see Table 5 in FC-SP.
skipping to change at page 55, line 17 skipping to change at page 50, line 5
-- --
t11FcSpAuMIBCompliances t11FcSpAuMIBCompliances
OBJECT IDENTIFIER ::= { t11FcSpAuMIBConformance 1 } OBJECT IDENTIFIER ::= { t11FcSpAuMIBConformance 1 }
t11FcSpAuMIBGroups t11FcSpAuMIBGroups
OBJECT IDENTIFIER ::= { t11FcSpAuMIBConformance 2 } OBJECT IDENTIFIER ::= { t11FcSpAuMIBConformance 2 }
t11FcSpAuMIBCompliance MODULE-COMPLIANCE t11FcSpAuMIBCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The compliance statement for entities which "The compliance statement for entities that
implement one or more of the Authentication Protocols implement one or more of the Authentication Protocols
defined in FC-SP." defined in FC-SP."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { t11FcSpAuGeneralGroup, MANDATORY-GROUPS { t11FcSpAuGeneralGroup,
t11FcSpAuRejectedGroup, t11FcSpAuRejectedGroup,
t11FcSpAuNotificationGroup } t11FcSpAuNotificationGroup }
GROUP t11FcSpAuIfStatsGroup GROUP t11FcSpAuIfStatsGroup
DESCRIPTION DESCRIPTION
skipping to change at page 57, line 25 skipping to change at page 52, line 7
t11FcSpAuRejectedGroup OBJECT-GROUP t11FcSpAuRejectedGroup OBJECT-GROUP
OBJECTS { t11FcSpAuRejDirection, OBJECTS { t11FcSpAuRejDirection,
t11FcSpAuRejType, t11FcSpAuRejType,
t11FcSpAuRejAuthMsgString, t11FcSpAuRejAuthMsgString,
t11FcSpAuRejReasonCode, t11FcSpAuRejReasonCode,
t11FcSpAuRejReasonCodeExp } t11FcSpAuRejReasonCodeExp }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects holding information concerning "A collection of objects holding information concerning
FC-SP Authentication Protocol transactions which were FC-SP Authentication Protocol transactions that were
recently rejected with an AUTH_Reject, with an SW_RJT, recently rejected with an AUTH_Reject, with an SW_RJT,
or with an LS_RJT." or with an LS_RJT."
::= { t11FcSpAuMIBGroups 3 } ::= { t11FcSpAuMIBGroups 3 }
t11FcSpAuNotificationGroup NOTIFICATION-GROUP t11FcSpAuNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { t11FcSpAuRejectSentNotify, NOTIFICATIONS { t11FcSpAuRejectSentNotify,
t11FcSpAuRejectReceivedNotify } t11FcSpAuRejectReceivedNotify }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of notifications for use in the management "A collection of notifications for use in the management
skipping to change at page 58, line 33 skipping to change at page 52, line 51
t11ZsServerEntry, t11ZsServerEntry,
t11ZsStatsEntry, t11ZsStatsEntry,
t11ZsNotifyControlEntry, t11ZsNotifyControlEntry,
t11ZsFabricIndex FROM T11-FC-ZONE-SERVER-MIB -- [RFC4936] t11ZsFabricIndex FROM T11-FC-ZONE-SERVER-MIB -- [RFC4936]
T11FcSpPolicyHashValue, T11FcSpPolicyHashValue,
T11FcSpPolicyHashFormat, T11FcSpPolicyHashFormat,
T11FcSpHashCalculationStatus T11FcSpHashCalculationStatus
FROM T11-FC-SP-TC-MIB; FROM T11-FC-SP-TC-MIB;
t11FcSpZoningMIB MODULE-IDENTITY t11FcSpZoningMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200808200000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF (in T11 began the development and the IETF (in
the IMSS Working Group) finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
Email: kzm@cisco.com" Email: kzm@cisco.com"
DESCRIPTION DESCRIPTION
"This MIB module specifies the extensions to the "This MIB module specifies the extensions to the
T11-FC-ZONE-SERVER-MIB module which are necessary for the T11-FC-ZONE-SERVER-MIB module that are necessary for the
management of Fibre Channel's FC-SP Zoning Servers, as management of Fibre Channel's FC-SP Zoning Servers, as
defined in the FC-SP specification. defined in the FC-SP specification.
The persistence of values written to these MIB objects is The persistence of values written to these MIB objects is
the same as the persistence of the objects they extend, the same as the persistence of the objects they extend,
i.e., it is given by the value of the relevant instance of i.e., it is given by the value of the relevant instance of
t11ZsServerDatabaseStorageType (defined in the t11ZsServerDatabaseStorageType (defined in the
T11-FC-ZONE-SERVER-MIB module). T11-FC-ZONE-SERVER-MIB module).
Copyright (C) The IETF Trust (2008). This version Copyright (C) The IETF Trust (2008). This version
of this MIB module is part of RFC yyyy; see the RFC of this MIB module is part of RFC 5324; see the RFC
itself for full legal notices." itself for full legal notices."
REVISION "200801030000Z" REVISION "200808200000Z"
DESCRIPTION DESCRIPTION
"Initial version of this MIB module, published as RFCyyyy." "Initial version of this MIB module, published as RFC 5324."
::= { mib-2 nnn } -- to be assigned by IANA ::= { mib-2 177 }
t11FcSpZsMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpZoningMIB 0 } t11FcSpZsMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpZoningMIB 0 }
t11FcSpZsMIBObjects OBJECT IDENTIFIER ::= { t11FcSpZoningMIB 1 } t11FcSpZsMIBObjects OBJECT IDENTIFIER ::= { t11FcSpZoningMIB 1 }
t11FcSpZsMIBConformance OBJECT IDENTIFIER ::= { t11FcSpZoningMIB 2 } t11FcSpZsMIBConformance OBJECT IDENTIFIER ::= { t11FcSpZoningMIB 2 }
t11FcSpZsConfiguration OBJECT IDENTIFIER ::= { t11FcSpZsMIBObjects 1 } t11FcSpZsConfiguration OBJECT IDENTIFIER ::= { t11FcSpZsMIBObjects 1 }
t11FcSpZsStatistics OBJECT IDENTIFIER ::= { t11FcSpZsMIBObjects 2 } t11FcSpZsStatistics OBJECT IDENTIFIER ::= { t11FcSpZsMIBObjects 2 }
-- --
-- Augmenting the table of Zone Servers -- Augmenting the table of Zone Servers
-- --
skipping to change at page 63, line 20 skipping to change at page 57, line 19
-- --
-- Additional Statistics for FC-SP Zoning -- Additional Statistics for FC-SP Zoning
-- --
t11FcSpZsStatsTable OBJECT-TYPE t11FcSpZsStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpZsStatsEntry SYNTAX SEQUENCE OF T11FcSpZsStatsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of statistics specific to FC-SP which are "A table of statistics specific to FC-SP that are
maintained by Zone Servers." maintained by Zone Servers."
::= { t11FcSpZsStatistics 1 } ::= { t11FcSpZsStatistics 1 }
t11FcSpZsStatsEntry OBJECT-TYPE t11FcSpZsStatsEntry OBJECT-TYPE
SYNTAX T11FcSpZsStatsEntry SYNTAX T11FcSpZsStatsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A set of statistics specific to FC-SP for a particular "A set of statistics specific to FC-SP for a particular
Zone Server for a particular Fabric on a particular Switch. Zone Server for a particular Fabric on a particular Switch.
skipping to change at page 64, line 11 skipping to change at page 58, line 7
t11FcSpZsSPCMITrequestsSent OBJECT-TYPE t11FcSpZsSPCMITrequestsSent OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of SP Commit Zone Changes (SPCMIT) operation "The number of SP Commit Zone Changes (SPCMIT) operation
requests sent by the Zone Server. requests sent by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 1 } ::= { t11FcSpZsStatsEntry 1 }
t11FcSpZsSPCMITrequestsAccepted OBJECT-TYPE t11FcSpZsSPCMITrequestsAccepted OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of SP Commit Zone Changes (SPCMIT) operation "The number of SP Commit Zone Changes (SPCMIT) operation
requests received and accepted by the Zone Server. requests received and accepted by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 2 } ::= { t11FcSpZsStatsEntry 2 }
t11FcSpZsSPCMITrequestsRejected OBJECT-TYPE t11FcSpZsSPCMITrequestsRejected OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of SP Commit Zone Changes (SPCMIT) operation "The number of SP Commit Zone Changes (SPCMIT) operation
requests received but rejected by the Zone Server. requests received but rejected by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 3 } ::= { t11FcSpZsStatsEntry 3 }
t11FcSpZsZcpRequestsSent OBJECT-TYPE t11FcSpZsZcpRequestsSent OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of Zoning Check Protocol (ZCP) requests sent "The number of Zoning Check Protocol (ZCP) requests sent
by the Zone Server. by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 4 } ::= { t11FcSpZsStatsEntry 4 }
t11FcSpZsZcpRequestsAccepted OBJECT-TYPE t11FcSpZsZcpRequestsAccepted OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of Zoning Check Protocol (ZCP) requests received "The number of Zoning Check Protocol (ZCP) requests received
and accepted by the Zone Server. and accepted by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 5 } ::= { t11FcSpZsStatsEntry 5 }
t11FcSpZsZcpRequestsRejected OBJECT-TYPE t11FcSpZsZcpRequestsRejected OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of Zoning Check Protocol (ZCP) requests received "The number of Zoning Check Protocol (ZCP) requests received
but rejected by the Zone Server. but rejected by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 6 } ::= { t11FcSpZsStatsEntry 6 }
t11FcSpZsZirRequestsAccepted OBJECT-TYPE t11FcSpZsZirRequestsAccepted OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of Zoning Information Request (ZIR) requests "The number of Zoning Information Request (ZIR) requests
received and accepted by the Zone Server. received and accepted by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 7 } ::= { t11FcSpZsStatsEntry 7 }
t11FcSpZsZirRequestsRejected OBJECT-TYPE t11FcSpZsZirRequestsRejected OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of Zoning Information Request (ZIR) requests "The number of Zoning Information Request (ZIR) requests
received but rejected by the Zone Server. received but rejected by the Zone Server.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
::= { t11FcSpZsStatsEntry 8 } ::= { t11FcSpZsStatsEntry 8 }
-- --
-- Enable/Disable for Notifications -- Enable/Disable for Notifications
-- --
t11FcSpZsNotifyControlTable OBJECT-TYPE t11FcSpZsNotifyControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpZsNotifyControlEntry SYNTAX SEQUENCE OF T11FcSpZsNotifyControlEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
skipping to change at page 67, line 21 skipping to change at page 61, line 9
::= { t11FcSpZsNotifyControlEntry 2 } ::= { t11FcSpZsNotifyControlEntry 2 }
-- --
-- Notifications -- Notifications
-- --
t11FcSpZsFabricJoinSuccessNotify NOTIFICATION-TYPE t11FcSpZsFabricJoinSuccessNotify NOTIFICATION-TYPE
OBJECTS { ifIndex, t11ZsFabricIndex } OBJECTS { ifIndex, t11ZsFabricIndex }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification indicates that a Switch which is part "This notification indicates that a Switch that is part
of one Fabric (indicated by the value of t11ZsFabricIndex) of one Fabric (indicated by the value of t11ZsFabricIndex)
has successfully joined (on the interface indicated by the has successfully joined (on the interface indicated by the
value of ifIndex) with a Switch which is part of another value of ifIndex) with a Switch that is part of another
Fabric. Fabric.
If multiple Virtual Fabrics are configured on an interface, If multiple Virtual Fabrics are configured on an interface,
and all are successfully joined at the same time, and if and all are successfully joined at the same time, and if
the agent so chooses, then it can generate just one the agent so chooses, then it can generate just one
notification in which t11ZsFabricIndex has the value 4096." notification in which t11ZsFabricIndex has the value 4096."
::= { t11FcSpZsMIBNotifications 1 } ::= { t11FcSpZsMIBNotifications 1 }
t11FcSpZsFabricJoinFailureNotify NOTIFICATION-TYPE t11FcSpZsFabricJoinFailureNotify NOTIFICATION-TYPE
OBJECTS { ifIndex, t11ZsFabricIndex } OBJECTS { ifIndex, t11ZsFabricIndex }
skipping to change at page 68, line 16 skipping to change at page 61, line 48
-- Conformance -- Conformance
-- --
t11FcSpZsMIBCompliances t11FcSpZsMIBCompliances
OBJECT IDENTIFIER ::= { t11FcSpZsMIBConformance 1 } OBJECT IDENTIFIER ::= { t11FcSpZsMIBConformance 1 }
t11FcSpZsMIBGroups OBJECT IDENTIFIER ::= { t11FcSpZsMIBConformance 2 } t11FcSpZsMIBGroups OBJECT IDENTIFIER ::= { t11FcSpZsMIBConformance 2 }
t11FcSpZsMIBCompliance MODULE-COMPLIANCE t11FcSpZsMIBCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The compliance statement for entities which "The compliance statement for entities that
implement the extensions specified in FC-SP for implement the extensions specified in FC-SP for
Fibre Channel's Zone Server." Fibre Channel's Zone Server."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { t11FcSpZsObjectsGroup, MANDATORY-GROUPS { t11FcSpZsObjectsGroup,
t11FcSpZsNotificationControlGroup, t11FcSpZsNotificationControlGroup,
t11FcSpZsNotificationGroup } t11FcSpZsNotificationGroup }
GROUP t11FcSpZsStatisticsGroup GROUP t11FcSpZsStatisticsGroup
DESCRIPTION DESCRIPTION
"These counters, containing Zone Server statistics, "These counters, containing Zone Server statistics,
are mandatory only for those systems which count are mandatory only for those systems that count
such events." such events."
-- Write access is not required for any objects in this MIB module: -- Write access is not required for any objects in this MIB module:
OBJECT t11FcSpZsServerEnabled OBJECT t11FcSpZsServerEnabled
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
OBJECT t11FcSpZoneSetHashStatus OBJECT t11FcSpZoneSetHashStatus
skipping to change at page 70, line 15 skipping to change at page 63, line 41
statistics which are specific to FC-SP." statistics which are specific to FC-SP."
::= { t11FcSpZsMIBGroups 3 } ::= { t11FcSpZsMIBGroups 3 }
t11FcSpZsNotificationGroup NOTIFICATION-GROUP t11FcSpZsNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { t11FcSpZsFabricJoinSuccessNotify, NOTIFICATIONS { t11FcSpZsFabricJoinSuccessNotify,
t11FcSpZsFabricJoinFailureNotify t11FcSpZsFabricJoinFailureNotify
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of notification(s) for monitoring "A collection of notification(s) for monitoring
Zone Server events which are specific to FC-SP." Zone Server events that are specific to FC-SP."
::= { t11FcSpZsMIBGroups 4 } ::= { t11FcSpZsMIBGroups 4 }
END END
6.4. The T11-FC-SP-POLICY-MIB Module 6.4. The T11-FC-SP-POLICY-MIB Module
--******************************************************************* --*******************************************************************
-- FC-SP Policy -- FC-SP Policy
-- --
skipping to change at page 71, line 41 skipping to change at page 64, line 41
T11FcSpAlphaNumName, T11FcSpAlphaNumName,
T11FcSpAlphaNumNameOrAbsent, T11FcSpAlphaNumNameOrAbsent,
T11FcSpPolicyName, T11FcSpPolicyName,
T11FcSpPolicyNameType, T11FcSpPolicyNameType,
T11FcSpPolicyObjectType, T11FcSpPolicyObjectType,
T11FcSpPolicyHashFormat, T11FcSpPolicyHashFormat,
T11FcSpPolicyHashValue, T11FcSpPolicyHashValue,
T11FcSpHashCalculationStatus FROM T11-FC-SP-TC-MIB; T11FcSpHashCalculationStatus FROM T11-FC-SP-TC-MIB;
t11FcSpPolicyMIB MODULE-IDENTITY t11FcSpPolicyMIB MODULE-IDENTITY
LAST-UPDATED "200801030000Z" LAST-UPDATED "200808200000Z"
ORGANIZATION "This MIB module was developed through the ORGANIZATION "This MIB module was developed through the
coordinated effort of two organizations: coordinated effort of two organizations:
T11 began the development and the IETF (in T11 began the development and the IETF (in
the IMSS Working Group) finished it." the IMSS Working Group) finished it."
CONTACT-INFO CONTACT-INFO
" Claudio DeSanti " Claudio DeSanti
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
EMail: cds@cisco.com EMail: cds@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 USA San Jose, CA 95134 USA
Email: kzm@cisco.com" Email: kzm@cisco.com"
DESCRIPTION DESCRIPTION
"This MIB module specifies the management information "This MIB module specifies the management information
required to manage Fabric Policies as defined by Fibre required to manage Fabric Policies as defined by Fibre
Channel's FC-SP specification. Channel's FC-SP specification.
skipping to change at page 72, line 39 skipping to change at page 65, line 34
information, each of which are held in the same format information, each of which are held in the same format
within the Policy Object. In such cases, FC-SP uses the within the Policy Object. In such cases, FC-SP uses the
term 'Entry' to describe each instance of the common format. term 'Entry' to describe each instance of the common format.
For example, FC-SP defines an Attribute Policy Object as For example, FC-SP defines an Attribute Policy Object as
containing one or more 'Attribute Entries'. Again, this MIB containing one or more 'Attribute Entries'. Again, this MIB
module attempts to avoid confusion by the use of adjectives module attempts to avoid confusion by the use of adjectives
and capitalization to distinguish an Entry within a Policy and capitalization to distinguish an Entry within a Policy
Object from an entry within a MIB table. Object from an entry within a MIB table.
A Fabric's database of Policy Objects consists of a set of A Fabric's database of Policy Objects consists of a set of
active Objects which are to be enforced by that Fabric, as active Objects that are to be enforced by that Fabric, as
well as non-active Objects which are not enforced. well as non-active Objects that are not enforced.
Operations defined (in FC-SP) for Policy Management are: Operations defined (in FC-SP) for Policy Management are:
- Add/Get/Remove operations on individual non-active - Add/Get/Remove operations on individual non-active
Policy Objects, Policy Objects,
- Activate/Deactivate operations on a Policy Summary - Activate/Deactivate operations on a Policy Summary
Object, and Object, and
- Get operations on the active Policy Summary Object - Get operations on the active Policy Summary Object
and/or on individual active Policy Objects. and/or on individual active Policy Objects.
This MIB module has five parts: This MIB module has five parts:
skipping to change at page 73, line 30 skipping to change at page 66, line 22
non-active Policy Summary Objects (which reference non-active Policy Summary Objects (which reference
non-active Policy Objects), and non-active Policy Objects), and
- read-create MIB objects representing non-active - read-create MIB objects representing non-active
Policy Objects. Policy Objects.
4) Statistics 4) Statistics
5) Control information and Notifications 5) Control information and Notifications
Copyright (C) The IETF Trust (2008). This version Copyright (C) The IETF Trust (2008). This version
of this MIB module is part of RFC yyyy; see the RFC of this MIB module is part of RFC 5324; see the RFC
itself for full legal notices." itself for full legal notices."
REVISION "200801030000Z" REVISION "200808200000Z"
DESCRIPTION DESCRIPTION
"Initial version of this MIB module, published as RFCyyyy." "Initial version of this MIB module, published as RFC 5324."
::= { mib-2 nnn } -- to be assigned by IANA ::= { mib-2 178 }
t11FcSpPoMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 0 } t11FcSpPoMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 0 }
t11FcSpPoMIBObjects OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 1 } t11FcSpPoMIBObjects OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 1 }
t11FcSpPoMIBConformance OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 2 } t11FcSpPoMIBConformance OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 2 }
t11FcSpPoActive OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 1 } t11FcSpPoActive OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 1 }
t11FcSpPoOperations OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 2 } t11FcSpPoOperations OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 2 }
t11FcSpPoNonActive OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 3 } t11FcSpPoNonActive OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 3 }
t11FcSpPoStatistics OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 4 } t11FcSpPoStatistics OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 4 }
t11FcSpPoControl OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 5 } t11FcSpPoControl OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 5 }
skipping to change at page 74, line 41 skipping to change at page 67, line 26
t11FcSpPoPolicySummaryObjName T11FcSpAlphaNumName, t11FcSpPoPolicySummaryObjName T11FcSpAlphaNumName,
t11FcSpPoAdminFabricName FcNameIdOrZero, t11FcSpPoAdminFabricName FcNameIdOrZero,
t11FcSpPoActivatedTimeStamp TimeStamp t11FcSpPoActivatedTimeStamp TimeStamp
} }
t11FcSpPoFabricIndex OBJECT-TYPE t11FcSpPoFabricIndex OBJECT-TYPE
SYNTAX T11FabricIndex SYNTAX T11FabricIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Fabric." Fabric."
::= { t11FcSpPoEntry 1 } ::= { t11FcSpPoEntry 1 }
t11FcSpPoPolicySummaryObjName OBJECT-TYPE t11FcSpPoPolicySummaryObjName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of this Fabric's (active) Policy Summary Object." "The name of this Fabric's (active) Policy Summary Object."
REFERENCE REFERENCE
skipping to change at page 75, line 25 skipping to change at page 68, line 8
DESCRIPTION DESCRIPTION
"The administratively-specified name for this Fabric, as "The administratively-specified name for this Fabric, as
specified in the active Switch Membership List Object. specified in the active Switch Membership List Object.
This value is meaningful only when Static Domain_IDs are This value is meaningful only when Static Domain_IDs are
in use in a Fabric (see FC-SW-4). Static Domain_IDs are in use in a Fabric (see FC-SW-4). Static Domain_IDs are
administratively enabled by a setting of the Switch Flags administratively enabled by a setting of the Switch Flags
in each Switch Entry in the Switch Membership List Object. in each Switch Entry in the Switch Membership List Object.
If Static Domain_IDs are not in use, this value might be If Static Domain_IDs are not in use, this value might be
'0000000000000000'h. '0000000000000000'h.
The t11FamEnable, t11FamFabricName and The t11FamEnable, t11FamFabricName, and
t11FamConfigDomainIdType objects defined in the t11FamConfigDomainIdType objects defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module are also concerned with T11-FC-FABRIC-ADDR-MGR-MIB module are also concerned with
the use of an administratively-specified name for a Fabric the use of an administratively-specified name for a Fabric
and Static Domain_IDs. When FC-SP Policy is in use in a and Static Domain_IDs. When FC-SP Policy is in use in a
Fabric, the values of t11FamEnable, t11FamFabricName and Fabric, the values of t11FamEnable, t11FamFabricName, and
t11FamConfigDomainIdType must be read-only and reflect the t11FamConfigDomainIdType must be read-only and reflect the
active Policy Objects. For example, the value of active Policy Objects. For example, the value of
t11FamFabricName must reflect the value of t11FamFabricName must reflect the value of
t11FcSpPoAdminFabricName." t11FcSpPoAdminFabricName."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 108. February 2007, section 7.1.4.1 and table 108.
- Fibre Channel - Switch Fabric-4 (FC-SW-4), - Fibre Channel - Switch Fabric-4 (FC-SW-4),
ANSI INCITS 418-2006, April 2006, section 7.1. ANSI INCITS 418-2006, April 2006, section 7.1.
skipping to change at page 76, line 41 skipping to change at page 69, line 22
the Fabric identified by t11FcSpPoFabricIndex and managed the Fabric identified by t11FcSpPoFabricIndex and managed
within the Fibre Channel management instance identified by within the Fibre Channel management instance identified by
fcmInstanceIndex. fcmInstanceIndex.
How many Policy Objects of a given type can be active at How many Policy Objects of a given type can be active at
any one time for a given Fabric depends on the type, as any one time for a given Fabric depends on the type, as
specified in FC-SP. For some types, it is one per Fabric; specified in FC-SP. For some types, it is one per Fabric;
for other types, more than one can be active per Fabric. for other types, more than one can be active per Fabric.
In both of these cases, the absence of any entries in this In both of these cases, the absence of any entries in this
table for a particular type is equivalent to there being one table for a particular type is equivalent to there being one
Policy Object of that type which is empty, e.g., a Switch Policy Object of that type that is empty, e.g., a Switch
Membership List Object which identifies zero Switches." Membership List Object that identifies zero Switches."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3 and table 104." February 2007, section 7.1.3 and table 104."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoSummaryPolicyNameType, t11FcSpPoSummaryPolicyNameType,
t11FcSpPoSummaryPolicyName } t11FcSpPoSummaryPolicyName }
::= { t11FcSpPoSummaryTable 1 } ::= { t11FcSpPoSummaryTable 1 }
T11FcSpPoSummaryEntry ::= SEQUENCE { T11FcSpPoSummaryEntry ::= SEQUENCE {
skipping to change at page 77, line 47 skipping to change at page 70, line 25
"The combination of t11FcSpPoSummaryPolicyNameType and "The combination of t11FcSpPoSummaryPolicyNameType and
t11FcSpPoSummaryPolicyName specify the name of the Policy t11FcSpPoSummaryPolicyName specify the name of the Policy
Object contained in the Policy Summary Object." Object contained in the Policy Summary Object."
::= { t11FcSpPoSummaryEntry 2 } ::= { t11FcSpPoSummaryEntry 2 }
t11FcSpPoSummaryPolicyType OBJECT-TYPE t11FcSpPoSummaryPolicyType OBJECT-TYPE
SYNTAX T11FcSpPolicyObjectType SYNTAX T11FcSpPolicyObjectType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 'Identifier' which specifies the type of this "The 'Identifier' that specifies the type of this
Policy Object." Policy Object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3.1 and table 104." February 2007, section 7.1.3.1 and table 104."
::= { t11FcSpPoSummaryEntry 3 } ::= { t11FcSpPoSummaryEntry 3 }
t11FcSpPoSummaryHashFormat OBJECT-TYPE t11FcSpPoSummaryHashFormat OBJECT-TYPE
SYNTAX T11FcSpPolicyHashFormat SYNTAX T11FcSpPolicyHashFormat
MAX-ACCESS read-only MAX-ACCESS read-only
skipping to change at page 79, line 18 skipping to change at page 71, line 18
t11FcSpPoSwMembTable OBJECT-TYPE t11FcSpPoSwMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoSwMembEntry SYNTAX SEQUENCE OF T11FcSpPoSwMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Switch Entries in active Switch Membership List "A table of Switch Entries in active Switch Membership List
Objects. Objects.
One Switch Membership List Object is represented by all One Switch Membership List Object is represented by all
of the rows of this table which have the same values of the rows of this table that have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex." of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoActive 3 } ::= { t11FcSpPoActive 3 }
t11FcSpPoSwMembEntry OBJECT-TYPE t11FcSpPoSwMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoSwMembEntry SYNTAX T11FcSpPoSwMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 81, line 47 skipping to change at page 73, line 42
'serialPortsAccess' - the Switch allows management 'serialPortsAccess' - the Switch allows management
through serial ports when and only when this bit is set. through serial ports when and only when this bit is set.
'physicalPortsAccess' - the Switch allows management 'physicalPortsAccess' - the Switch allows management
through the physical panel when and only when this bit through the physical panel when and only when this bit
is set. is set.
'managerRole' - the Switch is allowed to change 'managerRole' - the Switch is allowed to change
the Fabric Policy configuration (on receipt of any of the the Fabric Policy configuration (on receipt of any of the
EACA, ESFC, EUFC, ACA, SFC, or UFC SW_ILSs) if and only if EACA, Enhanced Stage Fabric Configuration (ESFC), Enhanced
this bit is set. Update Fabric Configuration (EUFC), ACA, SFC, or UFC
SW_ILSs) if and only if this bit is set.
Whenever a Fabric has Active Policy Objects, the value of Whenever a Fabric has Active Policy Objects, the value of
the t11FamConfigDomainIdType object defined in the the t11FamConfigDomainIdType object defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and
reflect the values of the 'staticDomainID' and reflect the values of the 'staticDomainID' and
'insistentDomainID' bits of this object." 'insistentDomainID' bits of this object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 112. February 2007, section 7.1.4.1 and table 112.
skipping to change at page 83, line 43 skipping to change at page 75, line 34
SYNTAX BITS { SYNTAX BITS {
mustAuthenticate(0), mustAuthenticate(0),
rejectIsFailure(1) rejectIsFailure(1)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authentication behaviour of the Switch: "The authentication behaviour of the Switch:
'mustAuthenticate' - if this bit is set, all connections 'mustAuthenticate' - if this bit is set, all connections
between this Switch and neighbour Switches must be between this Switch and neighbor Switches must be
authenticated. authenticated.
'rejectIsFailure' - if this bit is set, the rejection of 'rejectIsFailure' - if this bit is set, the rejection of
an AUTH_Negotiate message must be considered as an an AUTH_Negotiate message must be considered as an
authentication failure by this Switch." authentication failure by this Switch."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 114." February 2007, section 7.1.4.1 and table 114."
::= { t11FcSpPoSwMembEntry 6 } ::= { t11FcSpPoSwMembEntry 6 }
t11FcSpPoSwMembAttribute OBJECT-TYPE t11FcSpPoSwMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of an active Attribute Policy Object which is "The name of an active Attribute Policy Object that is
defined for this Switch, or the zero-length string. The defined for this Switch, or the zero-length string. The
zero-length string indicates that no Attribute Policy zero-length string indicates that no Attribute Policy
Object is defined for this Switch." Object is defined for this Switch."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 7 } ::= { t11FcSpPoSwMembEntry 7 }
-- --
skipping to change at page 84, line 38 skipping to change at page 76, line 25
t11FcSpPoNoMembTable OBJECT-TYPE t11FcSpPoNoMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNoMembEntry SYNTAX SEQUENCE OF T11FcSpPoNoMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Node Entries in active Node Membership List "A table of Node Entries in active Node Membership List
Objects. Objects.
One Node Membership List Object is represented by all One Node Membership List Object is represented by all
of the rows of this table which have the same values of the rows of this table that have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex." of fcmInstanceIndex and t11FcSpPoFabricIndex."
::= { t11FcSpPoActive 4 } ::= { t11FcSpPoActive 4 }
t11FcSpPoNoMembEntry OBJECT-TYPE t11FcSpPoNoMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoNoMembEntry SYNTAX T11FcSpPoNoMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Node Entry "Each entry contains information about one Node Entry
within the active Node Membership List Object for the within the active Node Membership List Object for the
skipping to change at page 87, line 31 skipping to change at page 79, line 8
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.4.1 and tables 118/119/120/121." section 7.1.4.1 and tables 118/119/120/121."
::= { t11FcSpPoNoMembEntry 4 } ::= { t11FcSpPoNoMembEntry 4 }
t11FcSpPoNoMembAttribute OBJECT-TYPE t11FcSpPoNoMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of an active Attribute Policy Object which is "The name of an active Attribute Policy Object that is
defined for this Node, or the zero-length string. The defined for this Node, or the zero-length string. The
zero-length string indicates that no Attribute Policy zero-length string indicates that no Attribute Policy
Object is defined for this Node." Object is defined for this Node."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 116." February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 5 } ::= { t11FcSpPoNoMembEntry 5 }
-- --
skipping to change at page 88, line 19 skipping to change at page 79, line 32
t11FcSpPoCtDescrTable OBJECT-TYPE t11FcSpPoCtDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoCtDescrEntry SYNTAX SEQUENCE OF T11FcSpPoCtDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Common Transport Access Descriptors being used "A table of Common Transport Access Descriptors being used
within active Policy Objects. within active Policy Objects.
A Common Transport Access Specifier is a list of Common A Common Transport Access Specifier is a list of Common
Transport Access Descriptors which specify whether a Node Transport Access Descriptors that specify whether a Node
is allowed to access a Generic Service or Sub-Server. is allowed to access a Generic Service or Sub-Server.
An active Common Transport Access Specifier is represented An active Common Transport Access Specifier is represented
by all rows of this table which have the same values of by all rows of this table that have the same values of
fcmInstanceIndex, t11FcSpPoFabricIndex, and fcmInstanceIndex, t11FcSpPoFabricIndex, and
t11FcSpPoCtDescrSpecifierIndex." t11FcSpPoCtDescrSpecifierIndex."
::= { t11FcSpPoActive 5 } ::= { t11FcSpPoActive 5 }
t11FcSpPoCtDescrEntry OBJECT-TYPE t11FcSpPoCtDescrEntry OBJECT-TYPE
SYNTAX T11FcSpPoCtDescrEntry SYNTAX T11FcSpPoCtDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Common "Each entry contains information about one Common
skipping to change at page 89, line 10 skipping to change at page 80, line 20
t11FcSpPoCtDescrFlags BITS, t11FcSpPoCtDescrFlags BITS,
t11FcSpPoCtDescrGsType OCTET STRING, t11FcSpPoCtDescrGsType OCTET STRING,
t11FcSpPoCtDescrGsSubType OCTET STRING t11FcSpPoCtDescrGsSubType OCTET STRING
} }
t11FcSpPoCtDescrSpecifierIndex OBJECT-TYPE t11FcSpPoCtDescrSpecifierIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Common Transport Access Specifier within a Fabric." Common Transport Access Specifier within a Fabric."
::= { t11FcSpPoCtDescrEntry 1 } ::= { t11FcSpPoCtDescrEntry 1 }
t11FcSpPoCtDescrIndex OBJECT-TYPE t11FcSpPoCtDescrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Common Transport Access Descriptor within a Common Transport Common Transport Access Descriptor within a Common Transport
Access Specifier." Access Specifier."
::= { t11FcSpPoCtDescrEntry 2 } ::= { t11FcSpPoCtDescrEntry 2 }
t11FcSpPoCtDescrFlags OBJECT-TYPE t11FcSpPoCtDescrFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
allow(0), allow(0),
gsTypeWildcard(1), gsTypeWildcard(1),
gsSubTypeWildcard(2), gsSubTypeWildcard(2),
readOnly(3) readOnly(3)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The flag bits which specify how access is to be limited by "The flag bits that specify how access is to be limited by
this Common Transport Access Descriptor: this Common Transport Access Descriptor:
- allow -- access to the specified Generic Service and - allow -- access to the specified Generic Service and
Server is allowed if this bit is set, and to be denied if Server is allowed if this bit is set, and is to be denied
this bit is not set. if this bit is not set.
- gsTypeWildcard -- if this bit is set, the Generic Service - gsTypeWildcard -- if this bit is set, the Generic Service
to be allowed/denied is specified by the value of to be allowed/denied is specified by the value of
t11FcSpPoCtDescrGsType. If this bit is set, then the t11FcSpPoCtDescrGsType. If this bit is set, then the
gsSubTypeWildcard bit must not be set. gsSubTypeWildcard bit must not be set.
- gsSubTypeWildcard -- if this bit is set, the Generic - gsSubTypeWildcard -- if this bit is set, the Generic
Service to be allowed/denied is specified by the value of Service to be allowed/denied is specified by the value of
t11FcSpPoCtDescrGsSubType. If this bit is set, then the t11FcSpPoCtDescrGsSubType. If this bit is set, then the
gsTypeWildcard bit must not be set. gsTypeWildcard bit must not be set.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set, then access is to be
granted only for reading." granted only for reading."
::= { t11FcSpPoCtDescrEntry 3 } ::= { t11FcSpPoCtDescrEntry 3 }
t11FcSpPoCtDescrGsType OBJECT-TYPE t11FcSpPoCtDescrGsType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1)) SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The GS_Type of the Generic Service (e.g., the FC-GS-5 "The GS_Type of the Generic Service (e.g., the FC-GS-5
Management Service) which is subject to access control. Management Service) that is subject to access control.
This value is ignored if the gsTypeWildcard bit is not set This value is ignored if the gsTypeWildcard bit is not set
in the corresponding value of t11FcSpPoCtDescrFlags." in the corresponding value of t11FcSpPoCtDescrFlags."
REFERENCE REFERENCE
"Fibre Channel - Generic Services-5 (FC-GS-5), "- Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, section 4.3.2.4." ANSI INCITS 427-2006, section 4.3.2.4."
::= { t11FcSpPoCtDescrEntry 4 } ::= { t11FcSpPoCtDescrEntry 4 }
t11FcSpPoCtDescrGsSubType OBJECT-TYPE t11FcSpPoCtDescrGsSubType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1)) SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The GS_Subtype of the Generic Server (e.g., the Fabric Zone "The GS_Subtype of the Generic Server (e.g., the Fabric Zone
Server) which is subject to access control. This value is Server) that is subject to access control. This value is
ignored if the gsSubTypeWildcard bit is not set in the ignored if the gsSubTypeWildcard bit is not set in the
corresponding value of t11FcSpPoCtDescrFlags." corresponding value of t11FcSpPoCtDescrFlags."
REFERENCE REFERENCE
"Fibre Channel - Generic Services-5 (FC-GS-5), "- Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, section 4.3.2.5." ANSI INCITS 427-2006, section 4.3.2.5."
::= { t11FcSpPoCtDescrEntry 5 } ::= { t11FcSpPoCtDescrEntry 5 }
-- --
-- --
-- Switches/Nodes in Active Switch Connectivity Objects -- Switches/Nodes in Active Switch Connectivity Objects
-- --
t11FcSpPoSwConnTable OBJECT-TYPE t11FcSpPoSwConnTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoSwConnEntry SYNTAX SEQUENCE OF T11FcSpPoSwConnEntry
skipping to change at page 94, line 30 skipping to change at page 85, line 15
-- --
-- IP Management Entries in Active IP Management List Objects -- IP Management Entries in Active IP Management List Objects
-- --
t11FcSpPoIpMgmtTable OBJECT-TYPE t11FcSpPoIpMgmtTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoIpMgmtEntry SYNTAX SEQUENCE OF T11FcSpPoIpMgmtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of IP Management Entries in active IP Management "A table of IP Management Entries in active IP Management
List Objects. A IP Management List Object is a List Objects. An IP Management List Object is a
Fabric-wide Policy Object that describes which IP hosts Fabric-wide Policy Object that describes which IP hosts
are allowed to manage a Fabric. are allowed to manage a Fabric.
One IP Management List Object is represented by all One IP Management List Object is represented by all
of the rows of this table which have the same values of the rows of this table that have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex." of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7" February 2007, section 7.1.7"
::= { t11FcSpPoActive 7 } ::= { t11FcSpPoActive 7 }
t11FcSpPoIpMgmtEntry OBJECT-TYPE t11FcSpPoIpMgmtEntry OBJECT-TYPE
SYNTAX T11FcSpPoIpMgmtEntry SYNTAX T11FcSpPoIpMgmtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 95, line 25 skipping to change at page 86, line 5
can only be an IPv6 Address Range or an IPv4 Address Range, can only be an IPv6 Address Range or an IPv4 Address Range,
it is represented here by three MIB objects defined as a it is represented here by three MIB objects defined as a
(InetAddressType, InetAddress, InetAddress) tuple, in which (InetAddressType, InetAddress, InetAddress) tuple, in which
the first address is the low end of the range, the second the first address is the low end of the range, the second
address is the high end of the range, and both addresses are address is the high end of the range, and both addresses are
of the type designated by InetAddressType. of the type designated by InetAddressType.
In theory, the use of t11FcSpPoIpMgmtEntryNameLow and In theory, the use of t11FcSpPoIpMgmtEntryNameLow and
t11FcSpPoIpMgmtEntryNameHigh (which both have the syntax t11FcSpPoIpMgmtEntryNameHigh (which both have the syntax
of InetAddress) in the INDEX could cause the need for of InetAddress) in the INDEX could cause the need for
excessively-long OIDs. In practice, this can't happen excessively long OIDs. In practice, this can't happen
because FC-SP doesn't allow these objects to be specified because FC-SP doesn't allow these objects to be specified
as DNS names." as DNS names."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoIpMgmtEntryNameType, t11FcSpPoIpMgmtEntryNameType,
t11FcSpPoIpMgmtEntryNameLow, t11FcSpPoIpMgmtEntryNameLow,
t11FcSpPoIpMgmtEntryNameHigh } t11FcSpPoIpMgmtEntryNameHigh }
::= { t11FcSpPoIpMgmtTable 1 } ::= { t11FcSpPoIpMgmtTable 1 }
T11FcSpPoIpMgmtEntry ::= SEQUENCE { T11FcSpPoIpMgmtEntry ::= SEQUENCE {
t11FcSpPoIpMgmtEntryNameType InetAddressType, t11FcSpPoIpMgmtEntryNameType InetAddressType,
skipping to change at page 96, line 4 skipping to change at page 86, line 29
t11FcSpPoIpMgmtAttribute T11FcSpAlphaNumNameOrAbsent t11FcSpPoIpMgmtAttribute T11FcSpAlphaNumNameOrAbsent
} }
t11FcSpPoIpMgmtEntryNameType OBJECT-TYPE t11FcSpPoIpMgmtEntryNameType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
-- INTEGER { ipv4(1), ipv6(2) } -- INTEGER { ipv4(1), ipv6(2) }
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The combination of t11FcSpPoIpMgmtNameType, "The combination of t11FcSpPoIpMgmtNameType,
t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoIpMgmtNameLow, and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the Internet address range of this IP Management
Entry in the IP Management List Object. Entry in the IP Management List Object.
The FC-SP specification does not allow the use of a The FC-SP specification does not allow the use of a
DNS domain name to specify the address at the lower end DNS domain name to specify the address at the lower end
or at the higher end of the IP Address range, nor does it or at the higher end of the Internet address range, nor does
allow the specification of a zone index. Therefore, the it allow the specification of a zone index. Therefore, the
type of address must be one of: 'ipv4', or 'ipv6'." type of address must be one of: 'ipv4', or 'ipv6'."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
sections 7.1.7.1 & 7.1.2, tables 103/126." sections 7.1.7.1 & 7.1.2, tables 103/126."
::= { t11FcSpPoIpMgmtEntry 1 } ::= { t11FcSpPoIpMgmtEntry 1 }
t11FcSpPoIpMgmtEntryNameLow OBJECT-TYPE t11FcSpPoIpMgmtEntryNameLow OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The lower end of an Internet address range. The type "The lower end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoIpMgmtEntryNameType. of t11FcSpPoIpMgmtEntryNameType.
The combination of t11FcSpPoIpMgmtNameType, The combination of t11FcSpPoIpMgmtNameType,
t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoIpMgmtNameLow, and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the Internet address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
sections 7.1.7.1 & 7.1.2, tables 103/126." sections 7.1.7.1 & 7.1.2, tables 103/126."
::= { t11FcSpPoIpMgmtEntry 2 } ::= { t11FcSpPoIpMgmtEntry 2 }
t11FcSpPoIpMgmtEntryNameHigh OBJECT-TYPE t11FcSpPoIpMgmtEntryNameHigh OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The higher end of an Internet address range. The type "The higher end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoIpMgmtEntryNameType. of t11FcSpPoIpMgmtEntryNameType.
The combination of t11FcSpPoIpMgmtNameType, The combination of t11FcSpPoIpMgmtNameType,
t11FcSpPoIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoIpMgmtNameLow, and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the Internet address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, sections 7.1.7.1 & 7.1.2, tables 103/126." February 2007, sections 7.1.7.1 & 7.1.2, tables 103/126."
::= { t11FcSpPoIpMgmtEntry 3 } ::= { t11FcSpPoIpMgmtEntry 3 }
t11FcSpPoIpMgmtWkpIndex OBJECT-TYPE t11FcSpPoIpMgmtWkpIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object identifies the restrictions for IP management "This object identifies the restrictions for IP management
access by IP hosts in this range of IP addresses, specified access by IP hosts in this range of IP addresses, specified
as the set of Well Known Protocols Access Descriptors as the set of Well-Known Protocols Access Descriptors
contained in those rows of the t11FcSpPoWkpDescrTable for contained in those rows of the t11FcSpPoWkpDescrTable for
which the value of t11FcSpPoWkpDescrSpecifierIndex is the which the value of t11FcSpPoWkpDescrSpecifierIndex is the
same as the value of this object. A value of zero indicates same as the value of this object. A value of zero indicates
that this IP Management Entry does not identify a Well Known that this IP Management Entry does not identify a Well-Known
Protocols Access Specifier." Protocols Access Specifier."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7.1 and tables 127/129." February 2007, section 7.1.7.1 and tables 127/129."
::= { t11FcSpPoIpMgmtEntry 4 } ::= { t11FcSpPoIpMgmtEntry 4 }
t11FcSpPoIpMgmtAttribute OBJECT-TYPE t11FcSpPoIpMgmtAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of an active Attribute Policy Object which is "The name of an active Attribute Policy Object that is
defined for this IP Management entry, or the zero-length defined for this IP Management entry or the zero-length
string. The zero-length string indicates that no Attribute string. The zero-length string indicates that no Attribute
Policy Object is defined for this IP Management entry." Policy Object is defined for this IP Management entry."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7.1 and table 128." February 2007, section 7.1.7.1 and table 128."
::= { t11FcSpPoIpMgmtEntry 5 } ::= { t11FcSpPoIpMgmtEntry 5 }
-- --
-- Well-Known Protocol Access Descriptors -- Well-Known Protocol Access Descriptors
skipping to change at page 98, line 19 skipping to change at page 88, line 34
t11FcSpPoWkpDescrTable OBJECT-TYPE t11FcSpPoWkpDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoWkpDescrEntry SYNTAX SEQUENCE OF T11FcSpPoWkpDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of the Well-Known Protocol Access Descriptors "A table of the Well-Known Protocol Access Descriptors
being used within active Policy Objects. being used within active Policy Objects.
A Well-Known Protocol Access Specifier is a list of A Well-Known Protocol Access Specifier is a list of
Well-Known Protocol Access Descriptors each of which Well-Known Protocol Access Descriptors each of which
specifies a protocol number, a port number and/or various specifies a protocol number, a port number, and/or various
flags specifying how IP management access is restricted. flags specifying how IP management access is restricted.
A Well-Known Protocol Transport Access Specifier is A Well-Known Protocol Transport Access Specifier is
represented by all rows of this table which have the represented by all rows of this table that have the
same values of fcmInstanceIndex, t11FcSpPoFabricIndex, same values of fcmInstanceIndex, t11FcSpPoFabricIndex,
and t11FcSpPoWkpDescrSpecifierIndex." and t11FcSpPoWkpDescrSpecifierIndex."
::= { t11FcSpPoActive 8 } ::= { t11FcSpPoActive 8 }
t11FcSpPoWkpDescrEntry OBJECT-TYPE t11FcSpPoWkpDescrEntry OBJECT-TYPE
SYNTAX T11FcSpPoWkpDescrEntry SYNTAX T11FcSpPoWkpDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Well-Known "Each entry contains information about one Well-Known
skipping to change at page 99, line 10 skipping to change at page 89, line 21
t11FcSpPoWkpDescrFlags BITS, t11FcSpPoWkpDescrFlags BITS,
t11FcSpPoWkpDescrWkpNumber Unsigned32, t11FcSpPoWkpDescrWkpNumber Unsigned32,
t11FcSpPoWkpDescrDestPort InetPortNumber t11FcSpPoWkpDescrDestPort InetPortNumber
} }
t11FcSpPoWkpDescrSpecifierIndex OBJECT-TYPE t11FcSpPoWkpDescrSpecifierIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Well-Known Protocol Access Specifier within a Fabric." Well-Known Protocol Access Specifier within a Fabric."
::= { t11FcSpPoWkpDescrEntry 1 } ::= { t11FcSpPoWkpDescrEntry 1 }
t11FcSpPoWkpDescrIndex OBJECT-TYPE t11FcSpPoWkpDescrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Well-Known Protocol Access Descriptor within a Well-Known Well-Known Protocol Access Descriptor within a Well-Known
Protocol Access Specifier." Protocol Access Specifier."
::= { t11FcSpPoWkpDescrEntry 2 } ::= { t11FcSpPoWkpDescrEntry 2 }
t11FcSpPoWkpDescrFlags OBJECT-TYPE t11FcSpPoWkpDescrFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
allow(0), allow(0),
wkpWildcard(1), wkpWildcard(1),
destPortWildcard(2), destPortWildcard(2),
readOnly(3) readOnly(3)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The flag bits which specify how access is to be limited by "The flag bits that specify how access is to be limited by
this Well-Known Protocol Access Descriptor: this Well-Known Protocol Access Descriptor:
- allow -- IP management access using this protocol/port - allow -- IP management access using this protocol/port
is allowed if this bit is set, and to be denied if this is allowed if this bit is set, and to be denied if this
bit is not set. bit is not set.
- wkpWildcard -- if this bit is set, the IP Protocol number - wkpWildcard -- if this bit is set, the IP Protocol number
of the Well-Known Protocol to be allowed/denied is of the Well-Known Protocol to be allowed/denied is
specified by the value of t11FcSpPoWkpDescrWkpNumber. specified by the value of t11FcSpPoWkpDescrWkpNumber.
- destPortWildcard -- if this bit is set, the Destination - destPortWildcard -- if this bit is set, the Destination
(TCP/UDP) Port number of the Well-Known Protocol to be (TCP/UDP) Port number of the Well-Known Protocol to be
allowed/denied is specified by the value of allowed/denied is specified by the value of
t11FcSpPoWkpDescrDestPort. t11FcSpPoWkpDescrDestPort.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set, then access is to be
granted only for reading." granted only for reading."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7.1 and table 131." February 2007, section 7.1.7.1 and table 131."
::= { t11FcSpPoWkpDescrEntry 3 } ::= { t11FcSpPoWkpDescrEntry 3 }
t11FcSpPoWkpDescrWkpNumber OBJECT-TYPE t11FcSpPoWkpDescrWkpNumber OBJECT-TYPE
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-only MAX-ACCESS read-only
skipping to change at page 101, line 20 skipping to change at page 91, line 20
SYNTAX SEQUENCE OF T11FcSpPoAttribEntry SYNTAX SEQUENCE OF T11FcSpPoAttribEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of the Attribute Policy Objects being used within "A table of the Attribute Policy Objects being used within
active Policy Objects. In the FC-SP Policy Database, each active Policy Objects. In the FC-SP Policy Database, each
Attribute Policy Object consists of an Attribute Object Name Attribute Policy Object consists of an Attribute Object Name
and a set of Attribute Entries. and a set of Attribute Entries.
An active Attribute Policy Object is represented by all the An active Attribute Policy Object is represented by all the
Attribute Entries in this table which have the same value Attribute Entries in this table that have the same value
of t11FcSpPoAttribName." of t11FcSpPoAttribName."
::= { t11FcSpPoActive 9 } ::= { t11FcSpPoActive 9 }
t11FcSpPoAttribEntry OBJECT-TYPE t11FcSpPoAttribEntry OBJECT-TYPE
SYNTAX T11FcSpPoAttribEntry SYNTAX T11FcSpPoAttribEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each row contains information specific to an Attribute "Each row contains information specific to an Attribute
Entry contained within an Attribute Policy Object which is Entry contained within an Attribute Policy Object that is
active within the Fabric identified by t11FcSpPoFabricIndex active within the Fabric identified by t11FcSpPoFabricIndex
and managed within the Fibre Channel management instance and managed within the Fibre Channel management instance
identified by fcmInstanceIndex. identified by fcmInstanceIndex.
For some types of Attribute Policy Objects, it is valuable For some types of Attribute Policy Objects, it is valuable
to break-out some semantically-significant parts of the to break out some semantically significant parts of the
Policy Object's value into their own individual MIB Policy Object's value into their own individual MIB
objects; for example, to extract the one or more individual objects; for example, to extract the one or more individual
Authentication Protocol Identifiers and associated Authentication Protocol Identifiers and associated
Authentication Protocol Parameters out of an Attribute Authentication Protocol Parameters out of an Attribute
Object containing a 'AUTH_Negotiate Message Payload'. Object containing a 'AUTH_Negotiate Message Payload'.
For such types, another MIB table is defined to hold the For such types, another MIB table is defined to hold the
extracted values in MIB objects specific to the Attribute extracted values in MIB objects specific to the Attribute
Policy Object's type. In such cases, the Policy Object's type. In such cases, the
t11FcSpPoAttribExtension object in this table points to the t11FcSpPoAttribExtension object in this table points to the
other MIB table. other MIB table.
skipping to change at page 103, line 13 skipping to change at page 93, line 7
t11FcSpPoAttribPartIndex OBJECT-TYPE t11FcSpPoAttribPartIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Entry is shorter than 257 "When the value of an Attribute Entry is shorter than 257
bytes, the whole value is contained in one instance of bytes, the whole value is contained in one instance of
t11FcSpPoAttribValue, and the value of this object is 1. t11FcSpPoAttribValue, and the value of this object is 1.
If the value of an Attribute Entry is longer than 256 bytes, If the value of an Attribute Entry is longer than 256 bytes,
then that value is divided up on 256 byte boundaries such then that value is divided up on 256-byte boundaries such
that all parts are 256 bytes long except the last part which that all parts are 256 bytes long except the last part, which
is shorter if necessary, with each such part contained in is shorter if necessary, with each such part contained in
a separate row of this table, and the value of this object a separate row of this table, and the value of this object
is set to the part number. That is, this object has the is set to the part number. That is, this object has the
value of 1 for bytes 0-255, the value of 2 for bytes value of 1 for bytes 0-255, the value of 2 for bytes
256-511, ... etc." 256-511, etc."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.8.1, tables 134/135." February 2007, section 7.1.8.1, tables 134/135."
::= { t11FcSpPoAttribEntry 3 } ::= { t11FcSpPoAttribEntry 3 }
t11FcSpPoAttribType OBJECT-TYPE t11FcSpPoAttribType OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
skipping to change at page 103, line 48 skipping to change at page 93, line 42
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoAttribEntry 4 } ::= { t11FcSpPoAttribEntry 4 }
t11FcSpPoAttribValue OBJECT-TYPE t11FcSpPoAttribValue OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Attribute Entry is divided up on 256 byte "The value of an Attribute Entry is divided up on 256-byte
boundaries such that all parts are 256 bytes long except the boundaries such that all parts are 256 bytes long except the
last part which is shorter if necessary, and each such part last part, which is shorter if necessary, and each such part
is contained in a separate instance of this object. is contained in a separate instance of this object.
The value of this object is independent of whether some The value of this object is independent of whether some
parts of its value are broken-out into separate MIB objects parts of its value are broken out into separate MIB objects
pointed to by the corresponding instance of pointed to by the corresponding instance of
t11FcSpPoAttribExtension." t11FcSpPoAttribExtension."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoAttribEntry 5 } ::= { t11FcSpPoAttribEntry 5 }
t11FcSpPoAttribExtension OBJECT-TYPE t11FcSpPoAttribExtension OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For some types of Attribute Policy Object, the value of "For some types of Attribute Policy Object, the value of
this MIB object points to type-specific MIB objects which this MIB object points to type-specific MIB objects that
contain individual/broken-out parts of the Attribute Policy contain individual/broken-out parts of the Attribute Policy
Object's value. If this object doesn't point to such Object's value. If this object doesn't point to such
type-specific MIB objects, then it contains the value: type-specific MIB objects, then it contains the value:
zeroDotZero. zeroDotZero.
In particular, when the value of t11FcSpPoAttribType In particular, when the value of t11FcSpPoAttribType
indicates 'AUTH_Negotiate Message Payload', one or more indicates 'AUTH_Negotiate Message Payload', one or more
Authentication Protocol Identifiers and their associated Authentication Protocol Identifiers and their associated
Authentication Protocol Parameters are embedded within the Authentication Protocol Parameters are embedded within the
value of the corresponding instance of t11FcSpPoAttribValue; value of the corresponding instance of t11FcSpPoAttribValue;
skipping to change at page 105, line 15 skipping to change at page 94, line 44
-- --
-- Auth. Protocol Parameters in Active Attribute Policy Objects -- Auth. Protocol Parameters in Active Attribute Policy Objects
-- --
t11FcSpPoAuthProtTable OBJECT-TYPE t11FcSpPoAuthProtTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoAuthProtEntry SYNTAX SEQUENCE OF T11FcSpPoAuthProtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Authentication Protocol Identifier and "A table of Authentication Protocol Identifier and
Authentication Protocol Parameters which are embedded in Authentication Protocol Parameters that are embedded in
Attribute Policy Objects being used within active Policy Attribute Policy Objects being used within active Policy
Objects. Objects.
This table is used for Attribute Entries of Attribute Policy This table is used for Attribute Entries of Attribute Policy
Objects for which the value of t11FcSpPoAttribType indicates Objects for which the value of t11FcSpPoAttribType indicates
'AUTH_Negotiate Message Payload' and the value of 'AUTH_Negotiate Message Payload' and the value of
t11FcSpPoAttribExtension contains the OID of this table." t11FcSpPoAttribExtension contains the OID of this table."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
sections 5.3.2 & 7.1.8.1, tables 134/135 and tables 10/11." sections 5.3.2 & 7.1.8.1, tables 134/135 and tables
10/11."
::= { t11FcSpPoActive 10 } ::= { t11FcSpPoActive 10 }
t11FcSpPoAuthProtEntry OBJECT-TYPE t11FcSpPoAuthProtEntry OBJECT-TYPE
SYNTAX T11FcSpPoAuthProtEntry SYNTAX T11FcSpPoAuthProtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about an Authentication "Each entry contains information about an Authentication
Protocol which is extracted out of the Attribute Entry Protocol that is extracted out of the Attribute Entry
(identified by t11FcSpPoAttribEntryIndex) of the Policy (identified by t11FcSpPoAttribEntryIndex) of the Policy
Attribute Object (identified by t11FcSpPoAttribName) which is Attribute Object (identified by t11FcSpPoAttribName), which
active within the Fabric identified by t11FcSpPoFabricIndex is active within the Fabric identified by
and managed within the Fibre Channel management instance t11FcSpPoFabricIndex and managed within the Fibre Channel
identified by fcmInstanceIndex. management instance identified by fcmInstanceIndex.
If the value of one Attribute Protocol Parameters string is If the value of one Attribute Protocol Parameters string is
too large (more than 256 bytes) to be contained within the too large (more than 256 bytes) to be contained within the
value of one instance of t11FcSpPoAuthProtParams, then one value of one instance of t11FcSpPoAuthProtParams, then one
row in this table contains the first 256 bytes, and one (or row in this table contains the first 256 bytes, and one (or
more) other row(s) in this table contain the rest of the more) other row(s) in this table contain the rest of the
value." value."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoAttribName, t11FcSpPoAttribEntryIndex, t11FcSpPoAttribName, t11FcSpPoAttribEntryIndex,
t11FcSpPoAuthProtIdentifier, t11FcSpPoAuthProtIdentifier,
skipping to change at page 106, line 48 skipping to change at page 96, line 28
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Protocol Parameters string "When the value of an Attribute Protocol Parameters string
is shorter than 257 bytes, the whole value is contained in is shorter than 257 bytes, the whole value is contained in
one instance of t11FcSpPoAuthProtParams, and the value of one instance of t11FcSpPoAuthProtParams, and the value of
this object is 1. (This includes the case when the Attribute this object is 1. (This includes the case when the Attribute
Protocol Parameters string is zero bytes in length.) Protocol Parameters string is zero bytes in length.)
If the value of an Authentication Protocol Parameters string If the value of an Authentication Protocol Parameters string
is longer than 256 bytes, then that value is divided up on is longer than 256 bytes, then that value is divided up on
256 byte boundaries such that all parts are 256 bytes long 256-byte boundaries such that all parts are 256 bytes long
except the last part which is shorter if necessary, with except the last part, which is shorter if necessary, with
each such part contained in a separate row of this table, each such part contained in a separate row of this table,
and the value of this object is set to the part number. and the value of this object is set to the part number.
That is, this object has the value of 1 for bytes 0-255, That is, this object has the value of 1 for bytes 0-255,
the value of 2 for bytes 256-511, ... etc." the value of 2 for bytes 256-511, etc."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoAuthProtEntry 2 } ::= { t11FcSpPoAuthProtEntry 2 }
t11FcSpPoAuthProtParams OBJECT-TYPE t11FcSpPoAuthProtParams OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Authentication Protocol Parameters string "The value of an Authentication Protocol Parameters string
is divided up on 256 byte boundaries such that all parts is divided up on 256-byte boundaries such that all parts
are 256 bytes long except the last part which is shorter are 256 bytes long except the last part, which is shorter
if necessary, and each such part is contained in a if necessary, and each such part is contained in a
separate instance of this object." separate instance of this object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoAuthProtEntry 3 } ::= { t11FcSpPoAuthProtEntry 3 }
-- --
-- Part 2 - Activate/De-Activate Operations -- Part 2 - Activate/De-Activate Operations
skipping to change at page 108, line 18 skipping to change at page 97, line 21
-- --
-- Objects to Invoke Activate/De-Activate Operations -- Objects to Invoke Activate/De-Activate Operations
-- --
t11FcSpPoOperTable OBJECT-TYPE t11FcSpPoOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoOperEntry SYNTAX SEQUENCE OF T11FcSpPoOperEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table which allows Activate and Deactivate operations "A table that allows Activate and Deactivate operations
to be invoked for FC-SP Policies on various Fabrics. to be invoked for FC-SP Policies on various Fabrics.
Activating a new policy configuration is a two-step Activating a new policy configuration is a two-step
process: process:
1) create a single Policy Summary Object as a set of rows 1) create a single Policy Summary Object as a set of rows
in the t11FcSpPoNaSummaryTable specifying a set of in the t11FcSpPoNaSummaryTable specifying a set of
Policy Objects which describe the new configuration; and Policy Objects that describe the new configuration; and
2) activate that Policy Summary Object using the 2) activate that Policy Summary Object using the
t11FcSpPoOperActivate object defined in this table. t11FcSpPoOperActivate object defined in this table.
Deactivating the current policy configuration is a one step Deactivating the current policy configuration is a one-step
process: the current Policy Summary Object is deactivated process: the current Policy Summary Object is deactivated
using the t11FcSpPoOperDeActivate object." using the t11FcSpPoOperDeActivate object."
::= { t11FcSpPoOperations 1 } ::= { t11FcSpPoOperations 1 }
t11FcSpPoOperEntry OBJECT-TYPE t11FcSpPoOperEntry OBJECT-TYPE
SYNTAX T11FcSpPoOperEntry SYNTAX T11FcSpPoOperEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry allows an Activate and/or Deactivate operation "Each entry allows an Activate and/or Deactivate operation
skipping to change at page 109, line 16 skipping to change at page 98, line 17
} }
t11FcSpPoOperActivate OBJECT-TYPE t11FcSpPoOperActivate OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Writing the name of a Policy Summary Object into this "Writing the name of a Policy Summary Object into this
object is a request to activate the policy configuration object is a request to activate the policy configuration
described by the combination of all rows in described by the combination of all rows in
t11FcSpPoNaSummaryTable which have that name as their t11FcSpPoNaSummaryTable that have that name as their
value of t11FcSpPoNaSummaryName and are for the same value of t11FcSpPoNaSummaryName and are for the same
Fabric. Fabric.
Before issuing such a request, the relevant rows in the Before issuing such a request, the relevant rows in the
t11FcSpPoNaSummaryTable must exist and represent a complete t11FcSpPoNaSummaryTable must exist and represent a complete
and consistent Policy Summary Object. If they do not, the and consistent Policy Summary Object. If they do not, the
request will fail with t11FcSpPoOperResult having the request will fail, with t11FcSpPoOperResult having the
'badSummaryObject' value. 'badSummaryObject' value.
When read, the value of this object is always the zero- When read, the value of this object is always the zero-
length string. length string.
Writing to this object does not delete (or in any way Writing to this object does not delete (or in any way
affect) any rows in the MIB tables for non-active affect) any rows in the MIB tables for non-active
Policy Objects." Policy Objects."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
skipping to change at page 110, line 27 skipping to change at page 99, line 24
activateFailure(3), activateFailure(3),
deactivateSuccess(4), deactivateSuccess(4),
deactivateFailure(5), deactivateFailure(5),
inProgress(6), inProgress(6),
none(7) none(7)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates the status/result of the last "This object indicates the status/result of the last
activation/deactivation which was invoked via the activation/deactivation that was invoked via the
corresponding instance of t11FcSpPoOperActivate or corresponding instance of t11FcSpPoOperActivate or
t11FcSpPoOperDeActivate. t11FcSpPoOperDeActivate.
When the value of this object is 'inProgress', the When the value of this object is 'inProgress', the
values of the corresponding instances of values of the corresponding instances of
t11FcSpPoOperActivate and t11FcSpPoOperDeActivate t11FcSpPoOperActivate and t11FcSpPoOperDeActivate
cannot be modified. cannot be modified.
The value 'badSummaryObject' indicates an activation The value 'badSummaryObject' indicates an activation
request which did not name a complete and consistent request that did not name a complete and consistent
Policy Summary Object. Policy Summary Object.
The value 'none' indicates activation/de-activation The value 'none' indicates activation/deactivation
has not been attempted since the last restart of has not been attempted since the last restart of
the management system." the management system."
::= { t11FcSpPoOperEntry 3 } ::= { t11FcSpPoOperEntry 3 }
t11FcSpPoOperFailCause OBJECT-TYPE t11FcSpPoOperFailCause OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..64)) SYNTAX SnmpAdminString (SIZE (0..64))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A textual message indicating the reason for the "A textual message indicating the reason for the
most recent activation/de-activation failure, or the most recent activation/deactivation failure, or the
zero-length string if no information is available zero-length string if no information is available
(e.g., because the corresponding instance of (e.g., because the corresponding instance of
t11FcSpPoOperResult has the value 'none'). t11FcSpPoOperResult has the value 'none').
When the corresponding instance of When the corresponding instance of
t11FcSpPoOperResult is either 'activateFailure' t11FcSpPoOperResult is either 'activateFailure'
or 'deactivateFailure', the value of this object or 'deactivateFailure', the value of this object
indicates the reason for that failure." indicates the reason for that failure."
::= { t11FcSpPoOperEntry 4 } ::= { t11FcSpPoOperEntry 4 }
skipping to change at page 112, line 27 skipping to change at page 100, line 33
DESCRIPTION DESCRIPTION
"A table of non-active Policy Summary Objects available "A table of non-active Policy Summary Objects available
to be activated. to be activated.
The functionality of this table deviates slightly from FC-SP The functionality of this table deviates slightly from FC-SP
in that FC-SP specifies that the only Policy Summary Object in that FC-SP specifies that the only Policy Summary Object
is the Active one, i.e., FC-SP does not store non-active is the Active one, i.e., FC-SP does not store non-active
Policy Summary Objects in the Policy Database. Instead, Policy Summary Objects in the Policy Database. Instead,
FC-SP requires a new Policy Summary Object to be created FC-SP requires a new Policy Summary Object to be created
for, and embedded within, every Activate (APS) request. for, and embedded within, every Activate (APS) request.
Thus, the newly-created Policy Summary Object outlasts the Thus, the newly created Policy Summary Object outlasts the
APS request only as the new active Policy Summary Object and APS request only as the new active Policy Summary Object and
only if the APS succeeds. In contrast, the Activate only if the APS succeeds. In contrast, the Activate
operation provided by this MIB module consists of two steps: operation provided by this MIB module consists of two steps:
1) create a non-active Policy Summary Object as a set of 1) create a non-active Policy Summary Object as a set of
entries in this table describing a new configuration; entries in this table describing a new configuration;
2) activate a Policy Summary Object (stored as a set of 2) activate a Policy Summary Object (stored as a set of
entries in this table) using t11FcSpPoOperActivate. entries in this table) using t11FcSpPoOperActivate.
These two steps are only loosely connected, i.e., the result These two steps are only loosely connected, i.e., the result
of the first operation is a non-active Policy Summary Object of the first operation is a non-active Policy Summary Object
which is retained (in this table) even if it isn't that is retained (in this table) even if it isn't
immediately activated. Even after an attempt to activate immediately activated. Even after an attempt to activate
it succeeds or fails, a non-active Policy Summary Object it succeeds or fails, a non-active Policy Summary Object
is not deleted, but is retained and still available for is not deleted, but is retained and still available for
subsequent modification/re-use." subsequent modification/re-use."
::= { t11FcSpPoNonActive 1 } ::= { t11FcSpPoNonActive 1 }
t11FcSpPoNaSummaryEntry OBJECT-TYPE t11FcSpPoNaSummaryEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaSummaryEntry SYNTAX T11FcSpPoNaSummaryEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one non-active "Each entry contains information about one non-active
Policy Object within a non-active Policy Summary Object Policy Object within a non-active Policy Summary Object
defined for potential use on the Fabric identified by defined for potential use on the Fabric identified by
t11FcSpPoFabricIndex, and managed within the Fibre Channel t11FcSpPoFabricIndex, and managed within the Fibre Channel
management instance identified by fcmInstanceIndex. management instance identified by fcmInstanceIndex.
A non-active Policy Summary Object is described by a set A non-active Policy Summary Object is described by a set
of entries in this table which have the same value of of entries in this table that have the same value of
t11FcSpPoNaSummaryName. t11FcSpPoNaSummaryName.
As and when a Policy Summary Object is activated using the As and when a Policy Summary Object is activated using the
t11FcSpPoOperActivate object, if the activation is t11FcSpPoOperActivate object, if the activation is
successful, existing rows (if any) in MIB tables for active successful, existing rows (if any) in MIB tables for active
Policy Objects are deleted and replaced by the appropriate Policy Objects are deleted and replaced by the appropriate
new set of rows. Existing rows in this table and/or in new set of rows. Existing rows in this table and/or in
other tables for non-active Policy Objects are not other tables for non-active Policy Objects are not
affected by the activate operation. affected by the activate operation.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3 and table 104." February 2007, section 7.1.3 and table 104."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaSummaryName, t11FcSpPoNaSummaryPolicyType, t11FcSpPoNaSummaryName, t11FcSpPoNaSummaryPolicyType,
t11FcSpPoNaSummaryPolicyIndex } t11FcSpPoNaSummaryPolicyIndex }
::= { t11FcSpPoNaSummaryTable 1 } ::= { t11FcSpPoNaSummaryTable 1 }
skipping to change at page 114, line 7 skipping to change at page 102, line 7
t11FcSpPoNaSummaryHashFormat T11FcSpPolicyHashFormat, t11FcSpPoNaSummaryHashFormat T11FcSpPolicyHashFormat,
t11FcSpPoNaSummaryHashValue T11FcSpPolicyHashValue, t11FcSpPoNaSummaryHashValue T11FcSpPolicyHashValue,
t11FcSpPoNaSummaryRowStatus RowStatus t11FcSpPoNaSummaryRowStatus RowStatus
} }
t11FcSpPoNaSummaryName OBJECT-TYPE t11FcSpPoNaSummaryName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName SYNTAX T11FcSpAlphaNumName
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the non-active Policy Summary Object which "The name of the non-active Policy Summary Object that
contains this Policy Object." contains this Policy Object."
::= { t11FcSpPoNaSummaryEntry 1 } ::= { t11FcSpPoNaSummaryEntry 1 }
t11FcSpPoNaSummaryPolicyType OBJECT-TYPE t11FcSpPoNaSummaryPolicyType OBJECT-TYPE
SYNTAX T11FcSpPolicyObjectType SYNTAX T11FcSpPolicyObjectType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 'Identifier' (i.e., the type) of this Policy Object." "The 'Identifier' (i.e., the type) of this Policy Object."
REFERENCE REFERENCE
skipping to change at page 114, line 29 skipping to change at page 102, line 29
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3.1 and table 104." February 2007, section 7.1.3.1 and table 104."
::= { t11FcSpPoNaSummaryEntry 2 } ::= { t11FcSpPoNaSummaryEntry 2 }
t11FcSpPoNaSummaryPolicyIndex OBJECT-TYPE t11FcSpPoNaSummaryPolicyIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique integer value to distinguish this Policy Object "A unique integer value to distinguish this Policy Object
from any others which have the same type and which are from any others that have the same type and that are
contained in the same Policy Summary Object." contained in the same Policy Summary Object."
::= { t11FcSpPoNaSummaryEntry 3 } ::= { t11FcSpPoNaSummaryEntry 3 }
t11FcSpPoNaSummaryPolicyNameType OBJECT-TYPE t11FcSpPoNaSummaryPolicyNameType OBJECT-TYPE
SYNTAX T11FcSpPolicyNameType { SYNTAX T11FcSpPolicyNameType {
nodeName(1), nodeName(1),
alphaNumericName(7) alphaNumericName(7)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
skipping to change at page 116, line 24 skipping to change at page 104, line 19
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. "The status of this row.
Before a row in this table can have 'active' status, Before a row in this table can have 'active' status,
a non-Active Policy Object must already be represented a non-Active Policy Object must already be represented
in the table corresponding to the value of in the table corresponding to the value of
t11FcSpPoNaSummaryPolicyType with the name given by the t11FcSpPoNaSummaryPolicyType with the name given by the
combination of t11FcSpPoNaSummaryPolicyNameType and combination of t11FcSpPoNaSummaryPolicyNameType and
t11FcSpPoNaSummaryPolicyName. If such Policy Object gets t11FcSpPoNaSummaryPolicyName. If such a Policy Object gets
deleted from the relevant table, the row in this table must deleted from the relevant table, the row in this table must
also get deleted. also get deleted.
When a row has 'active' status, the only write-able MIB When a row has 'active' status, the only write-able MIB
objects in this table are t11FcSpPoNaSummaryHashStatus and objects in this table are t11FcSpPoNaSummaryHashStatus and
t11FcSpPoNaSummaryRowStatus." t11FcSpPoNaSummaryRowStatus."
::= { t11FcSpPoNaSummaryEntry 9 } ::= { t11FcSpPoNaSummaryEntry 9 }
-- --
-- Non-Active Switch Membership List Objects -- Non-Active Switch Membership List Objects
skipping to change at page 117, line 33 skipping to change at page 105, line 8
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one non-active "Each entry contains information about one non-active
Switch Membership List Object for the Fabric identified Switch Membership List Object for the Fabric identified
by t11FcSpPoFabricIndex and managed within the Fibre by t11FcSpPoFabricIndex and managed within the Fibre
Channel management instance identified by Channel management instance identified by
fcmInstanceIndex. fcmInstanceIndex.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaSwListName } t11FcSpPoNaSwListName }
::= { t11FcSpPoNaSwListTable 1 } ::= { t11FcSpPoNaSwListTable 1 }
T11FcSpPoNaSwListEntry ::= SEQUENCE { T11FcSpPoNaSwListEntry ::= SEQUENCE {
t11FcSpPoNaSwListName T11FcSpAlphaNumName, t11FcSpPoNaSwListName T11FcSpAlphaNumName,
t11FcSpPoNaSwListFabricName FcNameIdOrZero, t11FcSpPoNaSwListFabricName FcNameIdOrZero,
t11FcSpPoNaSwListRowStatus RowStatus t11FcSpPoNaSwListRowStatus RowStatus
} }
skipping to change at page 118, line 16 skipping to change at page 105, line 37
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 108." February 2007, section 7.1.4.1 and table 108."
::= { t11FcSpPoNaSwListEntry 1 } ::= { t11FcSpPoNaSwListEntry 1 }
t11FcSpPoNaSwListFabricName OBJECT-TYPE t11FcSpPoNaSwListFabricName OBJECT-TYPE
SYNTAX FcNameIdOrZero SYNTAX FcNameIdOrZero
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The administratively-specified Fabric_Name. This value "The administratively specified Fabric_Name. This value
is meaningful only when static Domain_IDs are used in a is meaningful only when static Domain_IDs are used in a
Fabric. If Static Domain_IDs are not used, the Fabric_Name Fabric. If Static Domain_IDs are not used, the Fabric_Name
is dynamically determined, in which case the value of this is dynamically determined, in which case the value of this
object can be '0000000000000000'h or the zero-length object can be '0000000000000000'h or the zero-length
string." string."
REFERENCE REFERENCE
"- t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB, "- t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB,
Fibre Channel Fabric Address Manager MIB, RFC 4439; Fibre Channel Fabric Address Manager MIB, RFC 4439;
"- ANSI INCITS 426-2007, T11/Project 1570-D, - ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, table 108." February 2007, table 108."
::= { t11FcSpPoNaSwListEntry 2 } ::= { t11FcSpPoNaSwListEntry 2 }
t11FcSpPoNaSwListRowStatus OBJECT-TYPE t11FcSpPoNaSwListRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
skipping to change at page 119, line 27 skipping to change at page 106, line 38
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110." February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoNonActive 3 } ::= { t11FcSpPoNonActive 3 }
t11FcSpPoNaSwMembEntry OBJECT-TYPE t11FcSpPoNaSwMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaSwMembEntry SYNTAX T11FcSpPoNaSwMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Switch which "Each entry contains information about one Switch that
is listed in a Switch Entry of a non-active Switch Membership is listed in a Switch Entry of a non-active Switch Membership
List Object for the Fabric identified by t11FcSpPoFabricIndex List Object for the Fabric identified by t11FcSpPoFabricIndex
and managed within the Fibre Channel management instance and managed within the Fibre Channel management instance
identified by fcmInstanceIndex. identified by fcmInstanceIndex.
A row cannot exist unless there is a row in A row cannot exist unless there is a row in
t11FcSpPoNaSwListTable for the given Switch Membership List t11FcSpPoNaSwListTable for the given Switch Membership List
Object, i.e., the row in t11FcSpPoNaSwListTable for a Object, i.e., the row in t11FcSpPoNaSwListTable for a
Switch Membership List Object must be created before (or Switch Membership List Object must be created before (or
simultaneously) with a row in this table for a Switch simultaneously with) a row in this table for a Switch
Entry in that Switch Membership List Object, and when a Entry in that Switch Membership List Object, and when a
row in t11FcSpPoNaSwListTable is deleted all rows in this row in t11FcSpPoNaSwListTable is deleted, all rows in this
table for Switch Entries in that Switch Membership List table for Switch Entries in that Switch Membership List
Object also get deleted. Object also get deleted.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaSwListName, t11FcSpPoNaSwListName,
t11FcSpPoNaSwMembSwitchNameType, t11FcSpPoNaSwMembSwitchNameType,
t11FcSpPoNaSwMembSwitchName } t11FcSpPoNaSwMembSwitchName }
::= { t11FcSpPoNaSwMembTable 1 } ::= { t11FcSpPoNaSwMembTable 1 }
T11FcSpPoNaSwMembEntry ::= SEQUENCE { T11FcSpPoNaSwMembEntry ::= SEQUENCE {
t11FcSpPoNaSwMembSwitchNameType T11FcSpPolicyNameType, t11FcSpPoNaSwMembSwitchNameType T11FcSpPolicyNameType,
t11FcSpPoNaSwMembSwitchName FcNameIdOrZero, t11FcSpPoNaSwMembSwitchName FcNameIdOrZero,
skipping to change at page 123, line 36 skipping to change at page 110, line 37
SYNTAX BITS { SYNTAX BITS {
mustAuthenticate(0), mustAuthenticate(0),
rejectIsFailure(1) rejectIsFailure(1)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authentication behaviour of the Switch: "The authentication behaviour of the Switch:
'mustAuthenticate' - if this bit is set, all connections 'mustAuthenticate' - if this bit is set, all connections
between this Switch and neighbour Switches must be between this Switch and neighbor Switches must be
authenticated. authenticated.
'rejectIsFailure' - if this bit is set, the rejection of 'rejectIsFailure' - if this bit is set, the rejection of
an AUTH_Negotiate message must be considered as an an AUTH_Negotiate message must be considered as an
authentication failure by this Switch." authentication failure by this Switch."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 114." February 2007, section 7.1.4.1 and table 114."
::= { t11FcSpPoNaSwMembEntry 6 } ::= { t11FcSpPoNaSwMembEntry 6 }
t11FcSpPoNaSwMembAttribute OBJECT-TYPE t11FcSpPoNaSwMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Attribute Policy Object which "The name of a non-active Attribute Policy Object that
is defined for this Switch. The zero-length string is defined for this Switch. The zero-length string
indicates that no non-active Attribute Policy Object is indicates that no non-active Attribute Policy Object is
defined for this Switch. defined for this Switch.
The effect of having no rows in the t11FcSpPoNaAttribTable The effect of having no rows in the t11FcSpPoNaAttribTable
for which the value of t11FcSpPoNaAttribName is the for which the value of t11FcSpPoNaAttribName is the
same as the value of this object, is the same as same as the value of this object, is the same as
this object's value being the zero-length string." this object's value being the zero-length string."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
skipping to change at page 125, line 18 skipping to change at page 112, line 6
t11FcSpPoNaNoMembTable OBJECT-TYPE t11FcSpPoNaNoMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaNoMembEntry SYNTAX SEQUENCE OF T11FcSpPoNaNoMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Node Entries in non-active Node Membership List "A table of Node Entries in non-active Node Membership List
Objects. Objects.
One Node Membership List Object is represented by all One Node Membership List Object is represented by all
the rows in this table which have the same value of the rows in this table that have the same value of
t11FcSpPoNaNoMembListName." t11FcSpPoNaNoMembListName."
::= { t11FcSpPoNonActive 4 } ::= { t11FcSpPoNonActive 4 }
t11FcSpPoNaNoMembEntry OBJECT-TYPE t11FcSpPoNaNoMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaNoMembEntry SYNTAX T11FcSpPoNaNoMembEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Node Entry of "Each entry contains information about one Node Entry of
a non-active Node Membership List Object for the Fabric a non-active Node Membership List Object for the Fabric
identified by t11FcSpPoFabricIndex and managed within identified by t11FcSpPoFabricIndex and managed within
the Fibre Channel management instance identified by the Fibre Channel management instance identified by
fcmInstanceIndex. fcmInstanceIndex.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaNoMembListName, t11FcSpPoNaNoMembListName,
t11FcSpPoNaNoMembNodeNameType, t11FcSpPoNaNoMembNodeNameType,
t11FcSpPoNaNoMembNodeName } t11FcSpPoNaNoMembNodeName }
::= { t11FcSpPoNaNoMembTable 1 } ::= { t11FcSpPoNaNoMembTable 1 }
T11FcSpPoNaNoMembEntry ::= SEQUENCE { T11FcSpPoNaNoMembEntry ::= SEQUENCE {
t11FcSpPoNaNoMembListName T11FcSpAlphaNumName, t11FcSpPoNaNoMembListName T11FcSpAlphaNumName,
t11FcSpPoNaNoMembNodeNameType T11FcSpPolicyNameType, t11FcSpPoNaNoMembNodeNameType T11FcSpPolicyNameType,
skipping to change at page 128, line 19 skipping to change at page 114, line 45
DESCRIPTION DESCRIPTION
"If the value of this object is zero, then access by this "If the value of this object is zero, then access by this
Node to Generic Services is not limited by a Common Node to Generic Services is not limited by a Common
Transport Access Specifier. Transport Access Specifier.
Otherwise, the limits are specified by the set of Common Otherwise, the limits are specified by the set of Common
Transport Access Descriptors contained in those rows of Transport Access Descriptors contained in those rows of
the t11FcSpPoNaCtDescrTable for which the value of the t11FcSpPoNaCtDescrTable for which the value of
t11FcSpPoNaCtDescrSpecifierIndex is the same as the value t11FcSpPoNaCtDescrSpecifierIndex is the same as the value
of this object. No such rows in t11FcSpPoNaCtDescrTable of this object. No such rows in t11FcSpPoNaCtDescrTable
has the same effect as this object's value being zero." have the same effect as this object's value being zero."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.4.1 and tables 118/119/120/121." section 7.1.4.1 and tables 118/119/120/121."
::= { t11FcSpPoNaNoMembEntry 5 } ::= { t11FcSpPoNaNoMembEntry 5 }
t11FcSpPoNaNoMembAttribute OBJECT-TYPE t11FcSpPoNaNoMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Attribute Policy Object which "The name of a non-active Attribute Policy Object that
is defined for this Node. The zero-length string indicates is defined for this Node. The zero-length string indicates
that no non-active Attribute Policy Object is defined for that no non-active Attribute Policy Object is defined for
this Node. this Node.
The effect of having no rows in the t11FcSpPoNaAttribTable The effect of having no rows in the t11FcSpPoNaAttribTable
for which the value of t11FcSpPoNaAttribName is the for which the value of t11FcSpPoNaAttribName is the
same as the value of this object, is the same as same as the value of this object, is the same as
this object's value being the zero-length string." this object's value being the zero-length string."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
skipping to change at page 129, line 23 skipping to change at page 115, line 48
t11FcSpPoNaCtDescrTable OBJECT-TYPE t11FcSpPoNaCtDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaCtDescrEntry SYNTAX SEQUENCE OF T11FcSpPoNaCtDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Common Transport Access Descriptors referenced "A table of Common Transport Access Descriptors referenced
by non-active Policy Objects. by non-active Policy Objects.
A Common Transport Access Specifier is a list of Common A Common Transport Access Specifier is a list of Common
Transport Access Descriptors which specify whether a Node Transport Access Descriptors that specify whether a Node
is allowed to access a Generic Service or Sub-Server. is allowed to access a Generic Service or Sub-Server.
A non-active Common Transport Access Specifier is A non-active Common Transport Access Specifier is
represented by all rows of this table which have the same represented by all rows of this table that have the same
values of fcmInstanceIndex, t11FcSpPoFabricIndex, and values of fcmInstanceIndex, t11FcSpPoFabricIndex, and
t11FcSpPoNaCtDescrSpecifierIndex." t11FcSpPoNaCtDescrSpecifierIndex."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.5" February 2007, section 7.1.5"
::= { t11FcSpPoNonActive 5 } ::= { t11FcSpPoNonActive 5 }
t11FcSpPoNaCtDescrEntry OBJECT-TYPE t11FcSpPoNaCtDescrEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaCtDescrEntry SYNTAX T11FcSpPoNaCtDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Common Transport "Each entry contains information about one Common Transport
Access Descriptor of an non-active Common Transport Access Access Descriptor of an non-active Common Transport Access
Specifier used within the Fabric identified by Specifier used within the Fabric identified by
t11FcSpPoFabricIndex and managed within the Fibre Channel t11FcSpPoFabricIndex and managed within the Fibre Channel
management instance identified by fcmInstanceIndex. management instance identified by fcmInstanceIndex.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaCtDescrSpecifierIndex, t11FcSpPoNaCtDescrIndex } t11FcSpPoNaCtDescrSpecifierIndex, t11FcSpPoNaCtDescrIndex }
::= { t11FcSpPoNaCtDescrTable 1 } ::= { t11FcSpPoNaCtDescrTable 1 }
T11FcSpPoNaCtDescrEntry ::= SEQUENCE { T11FcSpPoNaCtDescrEntry ::= SEQUENCE {
t11FcSpPoNaCtDescrSpecifierIndex Unsigned32, t11FcSpPoNaCtDescrSpecifierIndex Unsigned32,
t11FcSpPoNaCtDescrIndex Unsigned32, t11FcSpPoNaCtDescrIndex Unsigned32,
t11FcSpPoNaCtDescrFlags BITS, t11FcSpPoNaCtDescrFlags BITS,
t11FcSpPoNaCtDescrGsType OCTET STRING, t11FcSpPoNaCtDescrGsType OCTET STRING,
t11FcSpPoNaCtDescrGsSubType OCTET STRING, t11FcSpPoNaCtDescrGsSubType OCTET STRING,
t11FcSpPoNaCtDescrRowStatus RowStatus t11FcSpPoNaCtDescrRowStatus RowStatus
} }
t11FcSpPoNaCtDescrSpecifierIndex OBJECT-TYPE t11FcSpPoNaCtDescrSpecifierIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Common Transport Access Specifier within a Fabric." Common Transport Access Specifier within a Fabric."
::= { t11FcSpPoNaCtDescrEntry 1 } ::= { t11FcSpPoNaCtDescrEntry 1 }
t11FcSpPoNaCtDescrIndex OBJECT-TYPE t11FcSpPoNaCtDescrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Common Transport Access Descriptor within a Common Transport Common Transport Access Descriptor within a Common Transport
Access Specifier." Access Specifier."
::= { t11FcSpPoNaCtDescrEntry 2 } ::= { t11FcSpPoNaCtDescrEntry 2 }
t11FcSpPoNaCtDescrFlags OBJECT-TYPE t11FcSpPoNaCtDescrFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
allow(0), allow(0),
gsTypeWildcard(1), gsTypeWildcard(1),
gsSubTypeWildcard(2), gsSubTypeWildcard(2),
readOnly(3) readOnly(3)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The flag bits which specify how access is to be limited by "The flag bits that specify how access is to be limited by
this Common Transport Access Descriptor: this Common Transport Access Descriptor:
- allow -- access to the specified Generic Service and - allow -- access to the specified Generic Service and
Server is allowed if this bit is set, and to be denied if Server is allowed if this bit is set, and is to be denied
this bit is not set. if this bit is not set.
- gsTypeWildcard -- if this bit is set, the Generic Service - gsTypeWildcard -- if this bit is set, the Generic Service
to be allowed/denied is specified by the value of to be allowed/denied is specified by the value of
t11FcSpPoNaCtDescrGsType, and the gsSubTypeWildcard bit t11FcSpPoNaCtDescrGsType, and the gsSubTypeWildcard bit
must not also be set. must not also be set.
- gsSubTypeWildcard -- if this bit is set, the Generic - gsSubTypeWildcard -- if this bit is set, the Generic
Service to be allowed/denied is specified by the value of Service to be allowed/denied is specified by the value of
t11FcSpPoNaCtDescrGsSubType, and the gsTypeWildcard bit t11FcSpPoNaCtDescrGsSubType, and the gsTypeWildcard bit
must not also be set. must not also be set.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set, then access is to be
granted only for reading." granted only for reading."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.5.1, and tables 117, 118, and 120." section 7.1.5.1, and tables 117, 118, and 120."
::= { t11FcSpPoNaCtDescrEntry 3 } ::= { t11FcSpPoNaCtDescrEntry 3 }
t11FcSpPoNaCtDescrGsType OBJECT-TYPE t11FcSpPoNaCtDescrGsType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1)) SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The GS_Type of the Generic Service (e.g., the FC-GS-5 "The GS_Type of the Generic Service (e.g., the FC-GS-5
Management Service) which is subject to access control. Management Service) that is subject to access control.
This value is ignored if the gsTypeWildcard bit is not set This value is ignored if the gsTypeWildcard bit is not set
in the corresponding value of t11FcSpPoNaCtDescrFlags." in the corresponding value of t11FcSpPoNaCtDescrFlags."
REFERENCE REFERENCE
"- ANSI INCITS 427-2006, "- ANSI INCITS 427-2006,
Fibre Channel - Generic Services-5 (FC-GS-5), Fibre Channel - Generic Services-5 (FC-GS-5),
section 4.3.2.4. section 4.3.2.4.
"- ANSI INCITS 426-2007, T11/Project 1570-D, - ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.5.1 and table 120." February 2007, section 7.1.5.1 and table 120."
::= { t11FcSpPoNaCtDescrEntry 4 } ::= { t11FcSpPoNaCtDescrEntry 4 }
t11FcSpPoNaCtDescrGsSubType OBJECT-TYPE t11FcSpPoNaCtDescrGsSubType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1)) SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The GS_Subtype of the Generic Server (e.g., the Fabric Zone "The GS_Subtype of the Generic Server (e.g., the Fabric Zone
Server) which is subject to access control. This value is Server) that is subject to access control. This value is
ignored if the gsSubTypeWildcard bit is not set in the ignored if the gsSubTypeWildcard bit is not set in the
corresponding value of t11FcSpPoNaCtDescrFlags." corresponding value of t11FcSpPoNaCtDescrFlags."
REFERENCE REFERENCE
"- ANSI INCITS 427-2006, "- ANSI INCITS 427-2006,
Fibre Channel - Generic Services-5 (FC-GS-5), Fibre Channel - Generic Services-5 (FC-GS-5),
section 4.3.2.5. section 4.3.2.5.
"- ANSI INCITS 426-2007, T11/Project 1570-D, - ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.5.1 and table 120." February 2007, section 7.1.5.1 and table 120."
::= { t11FcSpPoNaCtDescrEntry 5 } ::= { t11FcSpPoNaCtDescrEntry 5 }
t11FcSpPoNaCtDescrRowStatus OBJECT-TYPE t11FcSpPoNaCtDescrRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row. Values of object instances "The status of this row. Values of object instances
skipping to change at page 133, line 17 skipping to change at page 119, line 29
"Each entry contains the name of a Switch/Node with which "Each entry contains the name of a Switch/Node with which
any port of a particular Switch on a particular Fabric, or any port of a particular Switch on a particular Fabric, or
a particular port on that Switch, is allowed or not allowed a particular port on that Switch, is allowed or not allowed
to be connected. to be connected.
The particular Fabric is identified by t11FcSpPoFabricIndex The particular Fabric is identified by t11FcSpPoFabricIndex
and managed within the Fibre Channel management instance and managed within the Fibre Channel management instance
identified by fcmInstanceIndex. identified by fcmInstanceIndex.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaSwConnSwitchName, t11FcSpPoNaSwConnSwitchName,
t11FcSpPoNaSwConnAllowedType, t11FcSpPoNaSwConnAllowedType,
t11FcSpPoNaSwConnPortNameOrAll, t11FcSpPoNaSwConnPortNameOrAll,
t11FcSpPoNaSwConnAllowedIndex } t11FcSpPoNaSwConnAllowedIndex }
::= { t11FcSpPoNaSwConnTable 1 } ::= { t11FcSpPoNaSwConnTable 1 }
T11FcSpPoNaSwConnEntry ::= SEQUENCE { T11FcSpPoNaSwConnEntry ::= SEQUENCE {
t11FcSpPoNaSwConnSwitchName FcNameIdOrZero, t11FcSpPoNaSwConnSwitchName FcNameIdOrZero,
skipping to change at page 134, line 11 skipping to change at page 120, line 18
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.6.1 and table 123." February 2007, section 7.1.6.1 and table 123."
::= { t11FcSpPoNaSwConnEntry 1 } ::= { t11FcSpPoNaSwConnEntry 1 }
t11FcSpPoNaSwConnAllowedType OBJECT-TYPE t11FcSpPoNaSwConnAllowedType OBJECT-TYPE
SYNTAX INTEGER { switch(1), node(2) } SYNTAX INTEGER { switch(1), node(2) }
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies whether this row refers to an "This object specifies whether this row refers to an
'Allowed Switch' which concerns Switch-to-Switch 'Allowed Switch' that concerns Switch-to-Switch
connectivity, or an 'Allowed Node' which concerns connectivity or an 'Allowed Node' that concerns
Switch-to-Node connectivity. Consequently, this object's Switch-to-Node connectivity. Consequently, this object's
value indicates whether the corresponding instance of value indicates whether the corresponding instance of
t11FcSpPoNaSwConnAllowedName specifies the name of a Switch t11FcSpPoNaSwConnAllowedName specifies the name of a Switch
or the name of a Node." or the name of a Node."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.6.1 and table 123." February 2007, section 7.1.6.1 and table 123."
::= { t11FcSpPoNaSwConnEntry 2 } ::= { t11FcSpPoNaSwConnEntry 2 }
skipping to change at page 136, line 41 skipping to change at page 122, line 43
SYNTAX SEQUENCE OF T11FcSpPoNaIpMgmtEntry SYNTAX SEQUENCE OF T11FcSpPoNaIpMgmtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of IP Management Entries in non-active IP "A table of IP Management Entries in non-active IP
Management List Objects. The IP Management List Object is a Management List Objects. The IP Management List Object is a
Fabric-wide Policy Object that describes which IP hosts are Fabric-wide Policy Object that describes which IP hosts are
allowed to manage a Fabric. allowed to manage a Fabric.
One non-active IP Management List Object is represented by One non-active IP Management List Object is represented by
all rows of this table which have the same values of all rows of this table that have the same values of
fcmInstanceIndex and t11FcSpPoFabricIndex." fcmInstanceIndex and t11FcSpPoFabricIndex."
::= { t11FcSpPoNonActive 7 } ::= { t11FcSpPoNonActive 7 }
t11FcSpPoNaIpMgmtEntry OBJECT-TYPE t11FcSpPoNaIpMgmtEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaIpMgmtEntry SYNTAX T11FcSpPoNaIpMgmtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one IP Management "Each entry contains information about one IP Management
entry within a non-active IP Management List Object for the entry within a non-active IP Management List Object for the
Fabric identified by t11FcSpPoFabricIndex and managed Fabric identified by t11FcSpPoFabricIndex and managed
within the Fibre Channel management instance identified within the Fibre Channel management instance identified
by fcmInstanceIndex. by fcmInstanceIndex.
The Policy Object Name of an IP Management Entry Policy The Policy Object Name of an IP Management Entry Policy
Object is either an IPv6 Address Range or an IPv4 Address Object is either an IPv6 Address Range or an IPv4 Address
Range. In a Fabric's database of Policy Objects, every Range. In a Fabric's database of Policy Objects, every
Policy Object Name, including these IP address ranges, is Policy Object Name, including these Internet address ranges,
represented as a (T11FcSpPolicyNameType, T11FcSpPolicyName) is represented as a (T11FcSpPolicyNameType,
tuple. In contrast, this MIB module uses the conventional T11FcSpPolicyName) tuple. In contrast, this MIB module
MIB syntax for IP addresses, and therefore represents the uses the conventional MIB syntax for IP addresses, and
Policy Object Name of an IP Management Entry Policy Object therefore represents the Policy Object Name of an IP
as a (InetAddressType, InetAddress, InetAddress) tuple. Management Entry Policy Object as a (InetAddressType,
InetAddress, InetAddress) tuple.
In theory, the use of t11FcSpPoNaIpMgmtEntryNameLow and In theory, the use of t11FcSpPoNaIpMgmtEntryNameLow and
t11FcSpPoNaIpMgmtEntryNameHigh, which have the syntax of t11FcSpPoNaIpMgmtEntryNameHigh, which have the syntax of
InetAddress, in the INDEX could cause the need for InetAddress, in the INDEX could cause the need for
excessively-long OIDs. In practice, this can't happen excessively long OIDs. In practice, this can't happen
because FC-SP doesn't allow these objects to be specified because FC-SP doesn't allow these objects to be specified
as DNS names. as DNS names.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaIpMgmtListName, t11FcSpPoNaIpMgmtListName,
t11FcSpPoNaIpMgmtEntryNameType, t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtEntryNameLow, t11FcSpPoNaIpMgmtEntryNameLow,
t11FcSpPoNaIpMgmtEntryNameHigh } t11FcSpPoNaIpMgmtEntryNameHigh }
::= { t11FcSpPoNaIpMgmtTable 1 } ::= { t11FcSpPoNaIpMgmtTable 1 }
T11FcSpPoNaIpMgmtEntry ::= SEQUENCE { T11FcSpPoNaIpMgmtEntry ::= SEQUENCE {
t11FcSpPoNaIpMgmtListName T11FcSpAlphaNumName, t11FcSpPoNaIpMgmtListName T11FcSpAlphaNumName,
skipping to change at page 138, line 23 skipping to change at page 124, line 17
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7.1 and table 125." February 2007, section 7.1.7.1 and table 125."
::= { t11FcSpPoNaIpMgmtEntry 1 } ::= { t11FcSpPoNaIpMgmtEntry 1 }
t11FcSpPoNaIpMgmtEntryNameType OBJECT-TYPE t11FcSpPoNaIpMgmtEntryNameType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddressType { ipv4(1), ipv6(2) }
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The combination of t11FcSpPoNaIpMgmtEntryNameType, "The combination of t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtNameLow and t11FcSpPoNaIpMgmtNameHigh t11FcSpPoNaIpMgmtNameLow, and t11FcSpPoNaIpMgmtNameHigh
specify the IP Address range of this IP Management specify the Internet address range of this IP Management
Entry in the IP Management List Object. Entry in the IP Management List Object.
The FC-SP specification does not allow this address to The FC-SP specification does not allow this address to
be specified using a DNS domain name, nor does it allow be specified using a DNS domain name, nor does it allow
the specification of zone indexes. Therefore, the the specification of zone indexes. Therefore, the
type of address must be one of: 'ipv4', or 'ipv6'." type of address must be one of: 'ipv4' or 'ipv6'."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, sections 7.1.7.1 and table 126." February 2007, sections 7.1.7.1 and table 126."
::= { t11FcSpPoNaIpMgmtEntry 2 } ::= { t11FcSpPoNaIpMgmtEntry 2 }
t11FcSpPoNaIpMgmtEntryNameLow OBJECT-TYPE t11FcSpPoNaIpMgmtEntryNameLow OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The lower end of an Internet address range. The type "The lower end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoNaIpMgmtEntryNameType. of t11FcSpPoNaIpMgmtEntryNameType.
The combination of t11FcSpPoNaIpMgmtEntryNameType, The combination of t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtNameLow and t11FcSpPoIpMgmtNameHigh t11FcSpPoNaIpMgmtNameLow, and t11FcSpPoIpMgmtNameHigh
specify the IP Address range of this IP Management specify the Internet address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, sections 7.1.7.1 and table 126." February 2007, sections 7.1.7.1 and table 126."
::= { t11FcSpPoNaIpMgmtEntry 3 } ::= { t11FcSpPoNaIpMgmtEntry 3 }
t11FcSpPoNaIpMgmtEntryNameHigh OBJECT-TYPE t11FcSpPoNaIpMgmtEntryNameHigh OBJECT-TYPE
SYNTAX InetAddress (SIZE(4 | 16)) SYNTAX InetAddress (SIZE(4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The higher end of an Internet address range. The type "The higher end of an Internet address range. The type
of this address is given by the corresponding instance of this address is given by the corresponding instance
of t11FcSpPoNaIpMgmtEntryNameType. of t11FcSpPoNaIpMgmtEntryNameType.
The combination of t11FcSpPoNaIpMgmtEntryNameType, The combination of t11FcSpPoNaIpMgmtEntryNameType,
t11FcSpPoNaIpMgmtNameLow and t11FcSpPoNaIpMgmtNameHigh t11FcSpPoNaIpMgmtNameLow, and t11FcSpPoNaIpMgmtNameHigh
specify the IP Address range of this IP Management specify the Internet address range of this IP Management
Entry in the IP Management List Object." Entry in the IP Management List Object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, sections 7.1.7.1 and table 126." February 2007, sections 7.1.7.1 and table 126."
::= { t11FcSpPoNaIpMgmtEntry 4 } ::= { t11FcSpPoNaIpMgmtEntry 4 }
t11FcSpPoNaIpMgmtWkpIndex OBJECT-TYPE t11FcSpPoNaIpMgmtWkpIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object identifies the restrictions for IP management "This object identifies the restrictions for IP management
access by IP hosts in this range of IP addresses. access by IP hosts in this range of IP addresses.
The restrictions are specified as the set of Well Known The restrictions are specified as the set of Well-Known
Protocols Access Descriptors contained in those rows of the Protocols Access Descriptors contained in those rows of the
t11FcSpPoNaWkpDescrTable for which the value of t11FcSpPoNaWkpDescrTable for which the value of
t11FcSpPoNaWkpDescrSpecifierIndx is the same as the value t11FcSpPoNaWkpDescrSpecifierIndx is the same as the value
of this object. If there are no such rows or if the value of this object. If there are no such rows or if the value
of this object is zero, then this IP Management Entry does of this object is zero, then this IP Management Entry does
not identify any Well Known Protocols Access restrictions." not identify any Well-Known Protocols Access restrictions."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7.1 and tables 127/129." February 2007, section 7.1.7.1 and tables 127/129."
::= { t11FcSpPoNaIpMgmtEntry 5 } ::= { t11FcSpPoNaIpMgmtEntry 5 }
t11FcSpPoNaIpMgmtAttribute OBJECT-TYPE t11FcSpPoNaIpMgmtAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of a non-active Attribute Policy Object which "The name of a non-active Attribute Policy Object that
is defined for this IP Management entry. The zero-length is defined for this IP Management entry. The zero-length
string indicates that no non-active Attribute Policy Object string indicates that no non-active Attribute Policy Object
is defined for it. is defined for it.
The effect of having no rows in the t11FcSpPoNaAttribTable The effect of having no rows in the t11FcSpPoNaAttribTable
for which the value of t11FcSpPoNaAttribName is the same for which the value of t11FcSpPoNaAttribName is the same
as the value of this object, is the same as this object's as the value of this object, is the same as this object's
value being the zero-length string." value being the zero-length string."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
skipping to change at page 141, line 19 skipping to change at page 126, line 38
t11FcSpPoNaWkpDescrTable OBJECT-TYPE t11FcSpPoNaWkpDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaWkpDescrEntry SYNTAX SEQUENCE OF T11FcSpPoNaWkpDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of the Well-Known Protocol Access Descriptors "A table of the Well-Known Protocol Access Descriptors
referenced from non-active Policy Objects. referenced from non-active Policy Objects.
A Well-Known Protocol Access Specifier is a list of A Well-Known Protocol Access Specifier is a list of
Well-Known Protocol Access Descriptors each of which Well-Known Protocol Access Descriptors each of which
specifies a protocol number, a port number and/or various specifies a protocol number, a port number, and/or various
flags specifying how IP management access is restricted. flags specifying how IP management access is restricted.
A non-active Well-Known Protocol Transport Access Specifier A non-active Well-Known Protocol Transport Access Specifier
is represented by all rows of this table which have the same is represented by all rows of this table that have the same
values of fcmInstanceIndex, t11FcSpPoFabricIndex, and values of fcmInstanceIndex, t11FcSpPoFabricIndex, and
t11FcSpPoNaWkpDescrSpecifierIndx." t11FcSpPoNaWkpDescrSpecifierIndx."
::= { t11FcSpPoNonActive 8 } ::= { t11FcSpPoNonActive 8 }
t11FcSpPoNaWkpDescrEntry OBJECT-TYPE t11FcSpPoNaWkpDescrEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaWkpDescrEntry SYNTAX T11FcSpPoNaWkpDescrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Well-Known "Each entry contains information about one Well-Known
Protocol Access Descriptor of a non-active Well-Known Protocol Access Descriptor of a non-active Well-Known
Protocol Access Specifier used within the Fabric identified Protocol Access Specifier used within the Fabric identified
by t11FcSpPoFabricIndex and managed within the Fibre Channel by t11FcSpPoFabricIndex and managed within the Fibre Channel
management instance identified by fcmInstanceIndex. management instance identified by fcmInstanceIndex.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaWkpDescrSpecifierIndx, t11FcSpPoNaWkpDescrSpecifierIndx,
t11FcSpPoNaWkpDescrIndex } t11FcSpPoNaWkpDescrIndex }
::= { t11FcSpPoNaWkpDescrTable 1 } ::= { t11FcSpPoNaWkpDescrTable 1 }
T11FcSpPoNaWkpDescrEntry ::= SEQUENCE { T11FcSpPoNaWkpDescrEntry ::= SEQUENCE {
t11FcSpPoNaWkpDescrSpecifierIndx Unsigned32, t11FcSpPoNaWkpDescrSpecifierIndx Unsigned32,
t11FcSpPoNaWkpDescrIndex Unsigned32, t11FcSpPoNaWkpDescrIndex Unsigned32,
t11FcSpPoNaWkpDescrFlags BITS, t11FcSpPoNaWkpDescrFlags BITS,
t11FcSpPoNaWkpDescrWkpNumber Unsigned32, t11FcSpPoNaWkpDescrWkpNumber Unsigned32,
t11FcSpPoNaWkpDescrDestPort InetPortNumber, t11FcSpPoNaWkpDescrDestPort InetPortNumber,
t11FcSpPoNaWkpDescrRowStatus RowStatus t11FcSpPoNaWkpDescrRowStatus RowStatus
} }
t11FcSpPoNaWkpDescrSpecifierIndx OBJECT-TYPE t11FcSpPoNaWkpDescrSpecifierIndx OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
non-active Well-Known Protocol Access Specifier within non-active Well-Known Protocol Access Specifier within
a Fabric." a Fabric."
::= { t11FcSpPoNaWkpDescrEntry 1 } ::= { t11FcSpPoNaWkpDescrEntry 1 }
t11FcSpPoNaWkpDescrIndex OBJECT-TYPE t11FcSpPoNaWkpDescrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index value which uniquely identifies a particular "An index value that uniquely identifies a particular
Well-Known Protocol Access Descriptor within a Well-Known Protocol Access Descriptor within a
non-active Well-Known Protocol Access Specifier." non-active Well-Known Protocol Access Specifier."
::= { t11FcSpPoNaWkpDescrEntry 2 } ::= { t11FcSpPoNaWkpDescrEntry 2 }
t11FcSpPoNaWkpDescrFlags OBJECT-TYPE t11FcSpPoNaWkpDescrFlags OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
allow(0), allow(0),
wkpWildcard(1), wkpWildcard(1),
destPortWildcard(2), destPortWildcard(2),
readOnly(3) readOnly(3)
} }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The flag bits which specify how access is to be limited by "The flag bits that specify how access is to be limited by
this Well-Known Protocol Access Descriptor: this Well-Known Protocol Access Descriptor:
- allow -- IP management access using this protocol/port - allow -- IP management access using this protocol/port
is allowed if this bit is set, and to be denied if this is allowed if this bit is set, and to be denied if this
bit is not set. bit is not set.
- wkpWildcard -- if this bit is set, the IP Protocol number - wkpWildcard -- if this bit is set, the IP Protocol number
of the Well-Known Protocol to be allowed/denied is of the Well-Known Protocol to be allowed/denied is
specified by the value of t11FcSpPoNaWkpDescrWkpNumber. specified by the value of t11FcSpPoNaWkpDescrWkpNumber.
- destPortWildcard -- if this bit is set, the Destination - destPortWildcard -- if this bit is set, the Destination
(TCP/UDP) Port number of the Well-Known Protocol to be (TCP/UDP) Port number of the Well-Known Protocol to be
allowed/denied is specified by the value of allowed/denied is specified by the value of
t11FcSpPoNaWkpDescrDestPort. t11FcSpPoNaWkpDescrDestPort.
- readOnly -- if this bit is set then access is to be - readOnly -- if this bit is set, then access is to be
granted only for reading." granted only for reading."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.7.1 and table 131." February 2007, section 7.1.7.1 and table 131."
::= { t11FcSpPoNaWkpDescrEntry 3 } ::= { t11FcSpPoNaWkpDescrEntry 3 }
t11FcSpPoNaWkpDescrWkpNumber OBJECT-TYPE t11FcSpPoNaWkpDescrWkpNumber OBJECT-TYPE
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create MAX-ACCESS read-create
skipping to change at page 144, line 28 skipping to change at page 129, line 38
t11FcSpPoNaAttribTable OBJECT-TYPE t11FcSpPoNaAttribTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaAttribEntry SYNTAX SEQUENCE OF T11FcSpPoNaAttribEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of the Attribute Policy Objects being used within "A table of the Attribute Policy Objects being used within
non-active Policy Objects. non-active Policy Objects.
A non-active Attribute Policy Object is represented by all A non-active Attribute Policy Object is represented by all
the Attribute Entries in this table which have the same the Attribute Entries in this table that have the same
value of t11FcSpPoNaAttribName." value of t11FcSpPoNaAttribName."
::= { t11FcSpPoNonActive 9 } ::= { t11FcSpPoNonActive 9 }
t11FcSpPoNaAttribEntry OBJECT-TYPE t11FcSpPoNaAttribEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaAttribEntry SYNTAX T11FcSpPoNaAttribEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry contains information about one Attribute "Each entry contains information about one Attribute
Entry contained within an Attribute Policy Object Entry contained within an Attribute Policy Object
which is non-active within the Fabric identified by that is non-active within the Fabric identified by
t11FcSpPoFabricIndex and managed within the Fibre Channel t11FcSpPoFabricIndex and managed within the Fibre Channel
management instance identified by fcmInstanceIndex. management instance identified by fcmInstanceIndex.
For some types of Attribute Policy Objects, it is valuable For some types of Attribute Policy Objects, it is valuable
to break-out some semantically-significant parts of the to break out some semantically significant parts of the
Policy Object's value into their own individual MIB Policy Object's value into their own individual MIB
objects; for example, to extract the one or more individual objects; for example, to extract the one or more individual
Authentication Protocol Identifiers and associated Authentication Protocol Identifiers and associated
Authentication Protocol Parameters out of an Attribute Authentication Protocol Parameters out of an Attribute
containing a 'AUTH_Negotiate Message Payload'. For such containing a 'AUTH_Negotiate Message Payload'. For such
types, another MIB table is defined to hold the extracted types, another MIB table is defined to hold the extracted
values in MIB objects specific to the Attribute Policy values in MIB objects specific to the Attribute Policy
Object's type. In such cases, the Object's type. In such cases, the
t11FcSpPoNaAttribExtension object in this table points to t11FcSpPoNaAttribExtension object in this table points to
the other MIB table. the other MIB table.
If the value of one Attribute Entry is too large (more than If the value of one Attribute Entry is too large (more than
256 bytes) to be contained within the value of one instance 256 bytes) to be contained within the value of one instance
skipping to change at page 145, line 19 skipping to change at page 130, line 26
t11FcSpPoNaAttribExtension object in this table points to t11FcSpPoNaAttribExtension object in this table points to
the other MIB table. the other MIB table.
If the value of one Attribute Entry is too large (more than If the value of one Attribute Entry is too large (more than
256 bytes) to be contained within the value of one instance 256 bytes) to be contained within the value of one instance
of t11FcSpPoNaAttribValue, then one row in this table of t11FcSpPoNaAttribValue, then one row in this table
contains the first 256 bytes, and one (or more) other row(s) contains the first 256 bytes, and one (or more) other row(s)
in this table contain the rest of the value. in this table contain the rest of the value.
The StorageType of a row in this table is specified by the The StorageType of a row in this table is specified by the
instance of t11FcSpPoStorageType which is INDEX-ed by the instance of t11FcSpPoStorageType that is INDEX-ed by the
same values of fcmInstanceIndex and t11FcSpPoFabricIndex." same values of fcmInstanceIndex and t11FcSpPoFabricIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaAttribName, t11FcSpPoNaAttribEntryIndex, t11FcSpPoNaAttribName, t11FcSpPoNaAttribEntryIndex,
t11FcSpPoNaAttribPartIndex } t11FcSpPoNaAttribPartIndex }
::= { t11FcSpPoNaAttribTable 1 } ::= { t11FcSpPoNaAttribTable 1 }
T11FcSpPoNaAttribEntry ::= SEQUENCE { T11FcSpPoNaAttribEntry ::= SEQUENCE {
t11FcSpPoNaAttribName T11FcSpAlphaNumName, t11FcSpPoNaAttribName T11FcSpAlphaNumName,
t11FcSpPoNaAttribEntryIndex Unsigned32, t11FcSpPoNaAttribEntryIndex Unsigned32,
t11FcSpPoNaAttribPartIndex Unsigned32, t11FcSpPoNaAttribPartIndex Unsigned32,
skipping to change at page 146, line 29 skipping to change at page 131, line 31
t11FcSpPoNaAttribPartIndex OBJECT-TYPE t11FcSpPoNaAttribPartIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Entry is shorter than 257 "When the value of an Attribute Entry is shorter than 257
bytes, the whole value is contained in one instance of bytes, the whole value is contained in one instance of
t11FcSpPoNaAttribValue, and the value of this object is 1. t11FcSpPoNaAttribValue, and the value of this object is 1.
If the value of an Attribute Entry is longer than 256 bytes, If the value of an Attribute Entry is longer than 256 bytes,
then that value is divided up on 256 byte boundaries such then that value is divided up on 256-byte boundaries such
that all parts are 256 bytes long except the last part which that all parts are 256 bytes long except the last part which
is shorter if necessary, with each such part contained in is shorter if necessary, with each such part contained in
a separate row of this table, and the value of this object a separate row of this table, and the value of this object
is set to the part number. That is, this object has the is set to the part number. That is, this object has the
value of 1 for bytes 0-255, the value of 2 for bytes value of 1 for bytes 0-255, the value of 2 for bytes
256-511, ... etc." 256-511, etc."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.8.1, tables 134/135." February 2007, section 7.1.8.1, tables 134/135."
::= { t11FcSpPoNaAttribEntry 3 } ::= { t11FcSpPoNaAttribEntry 3 }
t11FcSpPoNaAttribType OBJECT-TYPE t11FcSpPoNaAttribType OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
skipping to change at page 147, line 20 skipping to change at page 132, line 18
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoNaAttribEntry 4 } ::= { t11FcSpPoNaAttribEntry 4 }
t11FcSpPoNaAttribValue OBJECT-TYPE t11FcSpPoNaAttribValue OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Attribute Entry is divided up on 256 byte "The value of an Attribute Entry is divided up on 256-byte
boundaries such that all parts are 256 bytes long except the boundaries such that all parts are 256 bytes long except the
last part which is shorter if necessary, and each such part last part, which is shorter if necessary, and each such part
is contained in a separate instance of this object. is contained in a separate instance of this object.
When the value of the corresponding instance of When the value of the corresponding instance of
t11FcSpPoNaAttribExtension is not zeroDotZero, then the same t11FcSpPoNaAttribExtension is not zeroDotZero, then the same
underlying management data has its value contained both in underlying management data has its value contained both in
this object and in the individual/broken-out parts pointed this object and in the individual/broken-out parts pointed
to by t11FcSpPoNaAttribExtension. Thus, after any to by t11FcSpPoNaAttribExtension. Thus, after any
modification of the underlying management data, e.g., after modification of the underlying management data, e.g., after
a Set operation to the value of either MIB representation, a Set operation to the value of either MIB representation,
then that modification is reflected in the values of both then that modification is reflected in the values of both
skipping to change at page 147, line 46 skipping to change at page 132, line 44
Fibre Channel - Security Protocols (FC-SP), February 2007, Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.8.1, tables 134/135 and table 10." section 7.1.8.1, tables 134/135 and table 10."
::= { t11FcSpPoNaAttribEntry 5 } ::= { t11FcSpPoNaAttribEntry 5 }
t11FcSpPoNaAttribExtension OBJECT-TYPE t11FcSpPoNaAttribExtension OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For some types of Attribute Policy Object, the value of "For some types of Attribute Policy Object, the value of
this MIB object points to type-specific MIB objects which this MIB object points to type-specific MIB objects that
contain individual/broken-out parts of the Attribute Policy contain individual/broken-out parts of the Attribute Policy
Object's value. If this object doesn't point to such Object's value. If this object doesn't point to such
type-specific MIB objects, then it contains the value: type-specific MIB objects, then it contains the value:
zeroDotZero. zeroDotZero.
In particular, when the value of t11FcSpPoNaAttribType In particular, when the value of t11FcSpPoNaAttribType
indicates 'AUTH_Negotiate Message Payload', one or more indicates 'AUTH_Negotiate Message Payload', one or more
Authentication Protocol Identifiers and their associated Authentication Protocol Identifiers and their associated
Authentication Protocol Parameters are embedded within Authentication Protocol Parameters are embedded within
the value of the corresponding instance of the value of the corresponding instance of
t11FcSpPoNaAttribValue; MIB objects to contain these t11FcSpPoNaAttribValue; MIB objects to contain these
individual values are defined in the individual values are defined in the
t11FcSpPoAuthProtTable. Thus, for an 'AUTH_Negotiate t11FcSpPoAuthProtTable. Thus, for an 'AUTH_Negotiate
skipping to change at page 149, line 15 skipping to change at page 133, line 43
-- --
-- Auth. Protocol Parameters in Non-Active Attribute Policy Objects -- Auth. Protocol Parameters in Non-Active Attribute Policy Objects
-- --
t11FcSpPoNaAuthProtTable OBJECT-TYPE t11FcSpPoNaAuthProtTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNaAuthProtEntry SYNTAX SEQUENCE OF T11FcSpPoNaAuthProtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of Authentication Protocol Identifier and "A table of Authentication Protocol Identifier and
Authentication Protocol Parameters which are embedded in Authentication Protocol Parameters that are embedded in
Attribute Policy Objects being used within non-active Attribute Policy Objects being used within non-active
Policy Objects. Policy Objects.
This table is used for Attribute Entries of Attribute Policy This table is used for Attribute Entries of Attribute Policy
Objects for which the value of t11FcSpPoNaAttribType Objects for which the value of t11FcSpPoNaAttribType
indicates 'AUTH_Negotiate Message Payload' and the value of indicates 'AUTH_Negotiate Message Payload' and the value of
t11FcSpPoNaAttribExtension contains the OID of this table." t11FcSpPoNaAttribExtension contains the OID of this table."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, sections 5.3.2 & 7.1.8.1, February 2007, sections 5.3.2 & 7.1.8.1,
tables 134/135 and tables 10/11." tables 134/135 and tables 10/11."
::= { t11FcSpPoNonActive 10 } ::= { t11FcSpPoNonActive 10 }
t11FcSpPoNaAuthProtEntry OBJECT-TYPE t11FcSpPoNaAuthProtEntry OBJECT-TYPE
SYNTAX T11FcSpPoNaAuthProtEntry SYNTAX T11FcSpPoNaAuthProtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each row contains information about an Authentication "Each row contains information about an Authentication
Protocol which is extracted out of the Attribute Entry Protocol that is extracted out of the Attribute Entry
(identified by t11FcSpPoNaAttribEntryIndex) of the (identified by t11FcSpPoNaAttribEntryIndex) of the
non-active Policy Attribute Object (identified by non-active Policy Attribute Object (identified by
t11FcSpPoNaAttribName) for the Fabric identified by t11FcSpPoNaAttribName) for the Fabric identified by
t11FcSpPoFabricIndex and managed within the Fibre Channel t11FcSpPoFabricIndex and managed within the Fibre Channel
management instance identified by fcmInstanceIndex. management instance identified by fcmInstanceIndex.
If the value of one Attribute Protocol Parameters string is If the value of one Attribute Protocol Parameters string is
too large (more than 256 bytes) to be contained within the too large (more than 256 bytes) to be contained within the
value of one instance of t11FcSpPoNaAuthProtParams, then value of one instance of t11FcSpPoNaAuthProtParams, then
one row in this table contains the first 256 bytes, and one row in this table contains the first 256 bytes, and
one (or more) other row(s) in this table contain the rest one (or more) other row(s) in this table contain the rest
of the value. of the value.
The same underlying management data which is represented in The same underlying management data that is represented in
rows of this table is also represented by the corresponding rows of this table is also represented by the corresponding
instances of t11FcSpPoNaAttribValue. Thus, after any instances of t11FcSpPoNaAttribValue. Thus, after any
modification of the underlying management data, e.g., after modification of the underlying management data, e.g., after
a Set operation to the value of either MIB representation, a Set operation to the value of either MIB representation,
then that modification is reflected in the values of both then that modification is reflected in the values of both
MIB representations." MIB representations."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex, INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNaAttribName, t11FcSpPoNaAttribEntryIndex, t11FcSpPoNaAttribName, t11FcSpPoNaAttribEntryIndex,
t11FcSpPoNaAuthProtIdentifier, t11FcSpPoNaAuthProtIdentifier,
t11FcSpPoNaAuthProtPartIndex } t11FcSpPoNaAuthProtPartIndex }
skipping to change at page 151, line 12 skipping to change at page 135, line 35
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the value of an Attribute Protocol Parameters string "When the value of an Attribute Protocol Parameters string
is shorter than 257 bytes, the whole value is contained in is shorter than 257 bytes, the whole value is contained in
one instance of t11FcSpPoNaAuthProtParams, and the value of one instance of t11FcSpPoNaAuthProtParams, and the value of
this object is 1. (This includes the case when the Attribute this object is 1. (This includes the case when the Attribute
Protocol Parameters string is zero bytes in length.) Protocol Parameters string is zero bytes in length.)
If the value of an Authentication Protocol Parameters string If the value of an Authentication Protocol Parameters string
is longer than 256 bytes, then that value is divided up on is longer than 256 bytes, then that value is divided up on
256 byte boundaries such that all parts are 256 bytes long 256-byte boundaries such that all parts are 256 bytes long
except the last part which is shorter if necessary, with except the last part, which is shorter if necessary, with
each such part contained in a separate row of this table, each such part contained in a separate row of this table,
and the value of this object is set to the part number. and the value of this object is set to the part number.
That is, this object has the value of 1 for bytes 0-255, That is, this object has the value of 1 for bytes 0-255,
the value of 2 for bytes 256-511, ... etc." the value of 2 for bytes 256-511, etc."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoNaAuthProtEntry 2 } ::= { t11FcSpPoNaAuthProtEntry 2 }
t11FcSpPoNaAuthProtParams OBJECT-TYPE t11FcSpPoNaAuthProtParams OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of an Authentication Protocol Parameters string "The value of an Authentication Protocol Parameters string
is divided up on 256 byte boundaries such that all parts is divided up on 256-byte boundaries such that all parts
are 256 bytes long except the last part which is shorter are 256 bytes long except the last part, which is shorter
if necessary, and each such part is contained in a if necessary, and each such part is contained in a
separate instance of this object." separate instance of this object."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 5.3.2, table 10." February 2007, section 5.3.2, table 10."
::= { t11FcSpPoNaAuthProtEntry 3 } ::= { t11FcSpPoNaAuthProtEntry 3 }
t11FcSpPoNaAuthProtRowStatus OBJECT-TYPE t11FcSpPoNaAuthProtRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
skipping to change at page 152, line 46 skipping to change at page 137, line 17
t11FcSpPoInRequests OBJECT-TYPE t11FcSpPoInRequests OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of FC-SP Policy Management Requests "The number of FC-SP Policy Management Requests
(e.g., GPS, APS, etc.) received by this FC-SP (e.g., GPS, APS, etc.) received by this FC-SP
Security Policy Server on this Fabric. Security Policy Server on this Fabric.
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3." February 2007, section 7.3."
::= { t11FcSpPoStatsEntry 1 } ::= { t11FcSpPoStatsEntry 1 }
t11FcSpPoInAccepts OBJECT-TYPE t11FcSpPoInAccepts OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of times that this FC-SP Security Policy Server "The number of times that this FC-SP Security Policy Server
sent an Accept CT_IU on this Fabric in response to a sent an Accept CT_IU on this Fabric in response to a
received FC-SP Policy Management Request (e.g., GPS, APS, received FC-SP Policy Management Request (e.g., GPS, APS,
etc.). etc.).
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3." February 2007, section 7.3."
::= { t11FcSpPoStatsEntry 2 } ::= { t11FcSpPoStatsEntry 2 }
t11FcSpPoInRejects OBJECT-TYPE t11FcSpPoInRejects OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of times that this FC-SP Security Policy Server "The number of times that this FC-SP Security Policy Server
sent a Reject CT_IU on this Fabric in response to a sent a Reject CT_IU on this Fabric in response to a
received FC-SP Policy Management Request (e.g., GPS, APS, received FC-SP Policy Management Request (e.g., GPS, APS,
etc.). etc.).
This counter has no discontinuities other than those This counter has no discontinuities other than those
which all Counter32's have when sysUpTime=0." that all Counter32's have when sysUpTime=0."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3." February 2007, section 7.3."
::= { t11FcSpPoStatsEntry 3 } ::= { t11FcSpPoStatsEntry 3 }
-- --
-- Part 5 - Control Information & Notifications -- Part 5 - Control Information & Notifications
-- --
-- --
-- Control Information -- Control Information
-- --
t11FcSpPoServerAddress OBJECT-TYPE t11FcSpPoServerAddress OBJECT-TYPE
SYNTAX FcNameIdOrZero SYNTAX FcNameIdOrZero
MAX-ACCESS accessible-for-notify MAX-ACCESS accessible-for-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The WWN of the FC-SP Security Policy Server which "The WWN of the FC-SP Security Policy Server that
received a request which is referenced in a received a request that is referenced in a
notification." notification."
::= { t11FcSpPoControl 1 } ::= { t11FcSpPoControl 1 }
t11FcSpPoControlTable OBJECT-TYPE t11FcSpPoControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoControlEntry SYNTAX SEQUENCE OF T11FcSpPoControlEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table of control information, including the memory "A table of control information, including the memory
realization of FC-SP Policy Databases, and concerning realization of FC-SP Policy Databases, and concerning
skipping to change at page 156, line 46 skipping to change at page 140, line 46
'activation' -- t11FcSpPoNotifyActivation 'activation' -- t11FcSpPoNotifyActivation
'activateFail' -- t11FcSpPoNotifyActivateFail 'activateFail' -- t11FcSpPoNotifyActivateFail
'deactivation' -- t11FcSpPoNotifyDeactivation 'deactivation' -- t11FcSpPoNotifyDeactivation
'deactivateFail' -- t11FcSpPoNotifyDeactivateFail 'deactivateFail' -- t11FcSpPoNotifyDeactivateFail
The value 'none' indicates that none of these types of The value 'none' indicates that none of these types of
notifications have been generated since the last restart notifications have been generated since the last restart
of the network management system, and therefore that the of the network management system, and therefore that the
corresponding instances of: t11FcSpPoRequestSource, corresponding instances of: t11FcSpPoRequestSource,
t11FcSpPoReasonCode, t11FcSpPoCtCommandString, t11FcSpPoReasonCode, t11FcSpPoCtCommandString,
t11FcSpPoReasonCodeExp and t11FcSpPoReasonCodeExp, and
t11FcSpPoReasonVendorCode are irrelevant." t11FcSpPoReasonVendorCode are irrelevant."
::= { t11FcSpPoControlEntry 3 } ::= { t11FcSpPoControlEntry 3 }
t11FcSpPoRequestSource OBJECT-TYPE t11FcSpPoRequestSource OBJECT-TYPE
SYNTAX FcNameIdOrZero SYNTAX FcNameIdOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The WWN of the source of the (Activate Policy Summary "The WWN of the source of the (Activate Policy Summary
or Deactivate Policy Summary) request for which the or Deactivate Policy Summary) request for which the
skipping to change at page 157, line 26 skipping to change at page 141, line 22
If no source is available, the value of this object is If no source is available, the value of this object is
the zero-length string." the zero-length string."
DEFVAL { "" } DEFVAL { "" }
::= { t11FcSpPoControlEntry 4 } ::= { t11FcSpPoControlEntry 4 }
t11FcSpPoReasonCode OBJECT-TYPE t11FcSpPoReasonCode OBJECT-TYPE
SYNTAX T11NsGs4RejectReasonCode SYNTAX T11NsGs4RejectReasonCode
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The reason code associated with the failure which is "The reason code associated with the failure that is
indicated when the value of the corresponding instance indicated when the value of the corresponding instance
of t11FcSpPoLastNotifyType is 'activateFail' or of t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. 'deactivateFail'.
For other values of t11FcSpPoLastNotifyType, the value For other values of t11FcSpPoLastNotifyType, the value
of this object is 'none(1)'." of this object is 'none(1)'."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3.6.2 & 7.3.6.3" February 2007, section 7.3.6.2 & 7.3.6.3"
::= { t11FcSpPoControlEntry 5 } ::= { t11FcSpPoControlEntry 5 }
t11FcSpPoCtCommandString OBJECT-TYPE t11FcSpPoCtCommandString OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255)) SYNTAX OCTET STRING (SIZE (0..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The binary content of the failed request which is "The binary content of the failed request that is
indicated when the value of the corresponding instance of indicated when the value of the corresponding instance of
t11FcSpPoLastNotifyType is 'activateFail' or t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. The content of the request is formatted 'deactivateFail'. The content of the request is formatted
as an octet string (in network byte order) containing the as an octet string (in network byte order) containing the
CT_IU, as described in Table 2 of [FC-GS-5] (including the CT_IU, as described in Table 2 of [FC-GS-5] (including the
preamble). preamble).
For other values of t11FcSpPoLastNotifyType, or if the For other values of t11FcSpPoLastNotifyType, or if the
CT_IU's content is unavailable, the value of this object CT_IU's content is unavailable, the value of this object
is the zero-length string. is the zero-length string.
skipping to change at page 158, line 21 skipping to change at page 142, line 16
contains the first 255 octets of the CT_IU (in contains the first 255 octets of the CT_IU (in
network-byte order)." network-byte order)."
::= { t11FcSpPoControlEntry 6 } ::= { t11FcSpPoControlEntry 6 }
t11FcSpPoReasonCodeExp OBJECT-TYPE t11FcSpPoReasonCodeExp OBJECT-TYPE
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The reason code explanation associated with the failure "The reason code explanation associated with the failure
which is indicated when the value of the corresponding that is indicated when the value of the corresponding
instance of t11FcSpPoLastNotifyType is 'activateFail' or instance of t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. 'deactivateFail'.
For other values of t11FcSpPoLastNotifyType, the value For other values of t11FcSpPoLastNotifyType, the value
of this object is zero." of this object is zero."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3.6.2 & 7.3.6.3" February 2007, section 7.3.6.2 & 7.3.6.3"
::= { t11FcSpPoControlEntry 7 } ::= { t11FcSpPoControlEntry 7 }
t11FcSpPoReasonVendorCode OBJECT-TYPE t11FcSpPoReasonVendorCode OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0 | 1)) SYNTAX OCTET STRING (SIZE (0 | 1))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The vendor-specific reason code associated with the failure "The vendor-specific reason code associated with the failure
which is indicated when the value of the corresponding that is indicated when the value of the corresponding
instance of t11FcSpPoLastNotifyType is 'activateFail' or instance of t11FcSpPoLastNotifyType is 'activateFail' or
'deactivateFail'. 'deactivateFail'.
For other values of t11FcSpPoLastNotifyType, or if no For other values of t11FcSpPoLastNotifyType, or if no
vendor-specific reason code is available, the value vendor-specific reason code is available, the value
of this object is the zero-length string." of this object is the zero-length string."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3.6.2 & 7.3.6.3" February 2007, section 7.3.6.2 & 7.3.6.3"
skipping to change at page 159, line 43 skipping to change at page 143, line 34
t11FcSpPoReasonVendorCode } t11FcSpPoReasonVendorCode }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is generated whenever a Security Policy "This notification is generated whenever a Security Policy
Server (indicated by the value of t11FcSpPoServerAddress) Server (indicated by the value of t11FcSpPoServerAddress)
fails to complete the execution of an Activate Policy fails to complete the execution of an Activate Policy
Summary request. Summary request.
The value of t11FcSpPoCtCommandString indicates the The value of t11FcSpPoCtCommandString indicates the
rejected request, and the values of t11FcSpPoReasonCode, rejected request, and the values of t11FcSpPoReasonCode,
t11FcSpPoReasonCodeExp and t11FcSpPoReasonVendorCode t11FcSpPoReasonCodeExp, and t11FcSpPoReasonVendorCode
indicate the reason for the rejection. The value of indicate the reason for the rejection. The value of
t11FcSpPoRequestSource indicates the source of the t11FcSpPoRequestSource indicates the source of the
request." request."
REFERENCE REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D, "- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.3.6.2." February 2007, section 7.3.6.2."
::= { t11FcSpPoMIBNotifications 2 } ::= { t11FcSpPoMIBNotifications 2 }
t11FcSpPoNotifyDeactivation NOTIFICATION-TYPE t11FcSpPoNotifyDeactivation NOTIFICATION-TYPE
skipping to change at page 160, line 42 skipping to change at page 144, line 29
t11FcSpPoReasonVendorCode } t11FcSpPoReasonVendorCode }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is generated whenever a Security Policy "This notification is generated whenever a Security Policy
Server (indicated by the value of t11FcSpPoServerAddress) Server (indicated by the value of t11FcSpPoServerAddress)
fails to complete the execution of a Deactivate Policy fails to complete the execution of a Deactivate Policy
Summary request. Summary request.
The value of t11FcSpPoCtCommandString indicates the The value of t11FcSpPoCtCommandString indicates the
rejected request, and the values of t11FcSpPoReasonCode, rejected request, and the values of t11FcSpPoReasonCode,
t11FcSpPoReasonCodeExp and t11FcSpPoReasonVendorCode t11FcSpPoReasonCodeExp, and t11FcSpPoReasonVendorCode
indicate the reason for the rejection. The value of indicate the reason for the rejection. The value of
t11FcSpPoRequestSource indicates the source of the t11FcSpPoRequestSource indicates the source of the
request." request."
::= { t11FcSpPoMIBNotifications 4 } ::= { t11FcSpPoMIBNotifications 4 }
-- --
-- Conformance -- Conformance
-- --
t11FcSpPoMIBCompliances t11FcSpPoMIBCompliances
OBJECT IDENTIFIER ::= { t11FcSpPoMIBConformance 1 } OBJECT IDENTIFIER ::= { t11FcSpPoMIBConformance 1 }
t11FcSpPoMIBGroups OBJECT IDENTIFIER ::= { t11FcSpPoMIBConformance 2 } t11FcSpPoMIBGroups OBJECT IDENTIFIER ::= { t11FcSpPoMIBConformance 2 }
t11FcSpPoMIBCompliance MODULE-COMPLIANCE t11FcSpPoMIBCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The compliance statement for entities which "The compliance statement for entities that
support the Fabric Policies defined in FC-SP," support the Fabric Policies defined in FC-SP,"
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { t11FcSpPoActiveObjectsGroup } MANDATORY-GROUPS { t11FcSpPoActiveObjectsGroup }
GROUP t11FcSpPoNonActiveObjectsGroup GROUP t11FcSpPoNonActiveObjectsGroup
DESCRIPTION DESCRIPTION
"These objects are mandatory for FC-SP Security Policy "These objects are mandatory for FC-SP Security Policy
Servers." Servers."
GROUP t11FcSpPoNotifyObjectsGroup GROUP t11FcSpPoNotifyObjectsGroup
DESCRIPTION DESCRIPTION
"These objects are mandatory for FC-SP Security Policy "These objects are mandatory for FC-SP Security Policy
Servers." Servers."
skipping to change at page 161, line 40 skipping to change at page 145, line 22
Servers." Servers."
GROUP t11FcSpPoNotificationGroup GROUP t11FcSpPoNotificationGroup
DESCRIPTION DESCRIPTION
"These notifications are mandatory for FC-SP Security "These notifications are mandatory for FC-SP Security
Policy Servers." Policy Servers."
GROUP t11FcSpPoOperationsObjectsGroup GROUP t11FcSpPoOperationsObjectsGroup
DESCRIPTION DESCRIPTION
"These objects are mandatory only for FC-SP Security "These objects are mandatory only for FC-SP Security
Policy Servers which support the activation/deactivation Policy Servers that support the activation/deactivation
of policies via SNMP." of policies via SNMP."
GROUP t11FcSpPoStatsObjectsGroup GROUP t11FcSpPoStatsObjectsGroup
DESCRIPTION DESCRIPTION
"These objects are optional." "These objects are optional."
-- Write access is not required for any objects in this MIB module: -- Write access is not required for any objects in this MIB module:
OBJECT t11FcSpPoOperActivate OBJECT t11FcSpPoOperActivate
MIN-ACCESS read-only MIN-ACCESS read-only
skipping to change at page 167, line 9 skipping to change at page 150, line 21
t11FcSpPoWkpDescrFlags, t11FcSpPoWkpDescrFlags,
t11FcSpPoWkpDescrWkpNumber, t11FcSpPoWkpDescrWkpNumber,
t11FcSpPoWkpDescrDestPort, t11FcSpPoWkpDescrDestPort,
t11FcSpPoAttribType, t11FcSpPoAttribType,
t11FcSpPoAttribValue, t11FcSpPoAttribValue,
t11FcSpPoAttribExtension, t11FcSpPoAttribExtension,
t11FcSpPoAuthProtParams t11FcSpPoAuthProtParams
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of MIB objects which contain information "A collection of MIB objects that contain information
about active Policy Objects which express Fibre Channel about active Policy Objects that express Fibre Channel
Security (FC-SP) policy." Security (FC-SP) policy."
::= { t11FcSpPoMIBGroups 1 } ::= { t11FcSpPoMIBGroups 1 }
t11FcSpPoOperationsObjectsGroup OBJECT-GROUP t11FcSpPoOperationsObjectsGroup OBJECT-GROUP
OBJECTS { t11FcSpPoOperActivate, OBJECTS { t11FcSpPoOperActivate,
t11FcSpPoOperDeActivate, t11FcSpPoOperDeActivate,
t11FcSpPoOperResult, t11FcSpPoOperResult,
t11FcSpPoOperFailCause t11FcSpPoOperFailCause
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of MIB objects which allow a new set of "A collection of MIB objects that allow a new set of
Fibre Channel Security (FC-SP) policies to be activated Fibre Channel Security (FC-SP) policies to be activated
or an existing set to be deactivated." or an existing set to be deactivated."
::= { t11FcSpPoMIBGroups 2 } ::= { t11FcSpPoMIBGroups 2 }
t11FcSpPoNonActiveObjectsGroup OBJECT-GROUP t11FcSpPoNonActiveObjectsGroup OBJECT-GROUP
OBJECTS { t11FcSpPoStorageType, OBJECTS { t11FcSpPoStorageType,
t11FcSpPoNaSummaryPolicyNameType, t11FcSpPoNaSummaryPolicyNameType,
t11FcSpPoNaSummaryPolicyName, t11FcSpPoNaSummaryPolicyName,
t11FcSpPoNaSummaryHashStatus, t11FcSpPoNaSummaryHashStatus,
t11FcSpPoNaSummaryHashFormat, t11FcSpPoNaSummaryHashFormat,
skipping to change at page 168, line 25 skipping to change at page 151, line 34
t11FcSpPoNaWkpDescrRowStatus, t11FcSpPoNaWkpDescrRowStatus,
t11FcSpPoNaAttribType, t11FcSpPoNaAttribType,
t11FcSpPoNaAttribValue, t11FcSpPoNaAttribValue,
t11FcSpPoNaAttribExtension, t11FcSpPoNaAttribExtension,
t11FcSpPoNaAttribRowStatus, t11FcSpPoNaAttribRowStatus,
t11FcSpPoNaAuthProtParams, t11FcSpPoNaAuthProtParams,
t11FcSpPoNaAuthProtRowStatus t11FcSpPoNaAuthProtRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of MIB objects which contain information "A collection of MIB objects that contain information
about non-active Policy Objects available for activation about non-active Policy Objects available for activation
in order to change Fibre Channel Security (FC-SP) policy." in order to change Fibre Channel Security (FC-SP) policy."
::= { t11FcSpPoMIBGroups 3 } ::= { t11FcSpPoMIBGroups 3 }
t11FcSpPoStatsObjectsGroup OBJECT-GROUP t11FcSpPoStatsObjectsGroup OBJECT-GROUP
OBJECTS { t11FcSpPoInRequests, OBJECTS { t11FcSpPoInRequests,
t11FcSpPoInAccepts, t11FcSpPoInAccepts,
t11FcSpPoInRejects t11FcSpPoInRejects
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of MIB objects which contain statistics "A collection of MIB objects that contain statistics
which can be maintained by FC-SP Security Policy Servers." that can be maintained by FC-SP Security Policy Servers."
::= { t11FcSpPoMIBGroups 4 } ::= { t11FcSpPoMIBGroups 4 }
t11FcSpPoNotifyObjectsGroup OBJECT-GROUP t11FcSpPoNotifyObjectsGroup OBJECT-GROUP
OBJECTS { t11FcSpPoNotificationEnable, OBJECTS { t11FcSpPoNotificationEnable,
t11FcSpPoServerAddress, t11FcSpPoServerAddress,