T11-FC-SP-SA-MIB  DEFINITIONS ::= BEGIN
 
IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Unsigned32, Counter32, Counter64, TimeTicks, Gauge32,
    mib-2                 FROM SNMPv2-SMI              -- [RFC2578]
    RowStatus, StorageType, AutonomousType, TimeStamp,
    TruthValue            FROM SNMPv2-TC               -- [RFC2579]
    MODULE-COMPLIANCE, OBJECT-GROUP,
    NOTIFICATION-GROUP
                          FROM SNMPv2-CONF             -- [RFC2580]
    InterfaceIndex,
 
    InterfaceIndexOrZero  FROM IF-MIB                  -- [RFC2863]
    fcmInstanceIndex,
    FcAddressIdOrZero     FROM FC-MGMT-MIB             -- [RFC4044]
    T11FabricIndex        FROM T11-TC-MIB              -- [RFC4439]
    T11FcSpType,
    T11FcSpiIndex,
    T11FcSpLifetimeLeft,
    T11FcSpLifetimeLeftUnits,
    T11FcSpSecurityProtocolId,
    T11FcRoutingControl,
    T11FcSaDirection,
    T11FcSpPrecedence,
    T11FcSpTransforms      FROM T11-FC-SP-TC-MIB;
 
t11FcSpSaMIB  MODULE-IDENTITY
    LAST-UPDATED  "200808200000Z"
    ORGANIZATION  "This MIB module was developed through the
                  coordinated effort of two organizations:
                  T11 began the development and the IETF (in
                  the IMSS Working Group) finished it."
    CONTACT-INFO
            "     Claudio DeSanti
                  Cisco Systems, Inc.
                  170 West Tasman Drive
                  San Jose, CA 95134 USA
                  EMail: cds@cisco.com
 
                  Keith McCloghrie
                  Cisco Systems, Inc.
                  170 West Tasman Drive
                  San Jose, CA 95134 USA
                  Email: kzm@cisco.com"
    DESCRIPTION
           "This MIB module specifies the management information
           required to manage Security Associations established via
           Fibre Channel's FC-SP specification.
 
           The MIB module consists of six parts:
 
           - a per-Fabric table, t11FcSpSaIfTable, of capabilities,
             parameters, status information, and counters; the counters
             include non-transient aggregates of per-SA transient
             counters;
 
           - three tables, t11FcSpSaPropTable, t11FcSpSaTSelPropTable,
             and t11FcSpSaTransTable, specifying the proposals for an
             FC-SP entity acting as an SA_Initiator to present to the
             SA_Responder during the negotiation of Security
 
             Associations.  The same information is also used by an
             FC-SP entity acting as an SA_Responder to decide what to
             accept during the negotiation of Security Associations.
             One of these tables, t11FcSpSaTransTable, is used not only
             for information about security transforms to propose and
             to accept, but also as agreed upon during the negotiation
             of Security Associations;
 
           - a table, t11FcSpSaTSelDrByTable, of Traffic Selectors
             having the security action of 'drop' or 'bypass' to be
             applied either to ingress traffic that is unprotected by
             FC-SP, or to all egress traffic;
 
           - four tables, t11FcSpSaPairTable, t11FcSpSaTSelNegInTable,
             t11FcSpSaTSelNegOutTable, and t11FcSpSaTSelSpiTable,
             containing information about active bidirectional pairs of
             Security Associations; in particular, t11FcSpSaPairTable
             has one row per active bidirectional SA pair,
             t11FcSpSaTSelNegInTable and t11FcSpSaTSelNegOutTable
             contain information on the Traffic Selectors negotiated on
             the SAs, and the t11FcSpSaTSelSpiTable is an alternate
             lookup table such that the Traffic Selector(s) in use on a
             particular Security Association can be quickly determined
             based on the (ingress) SPI value;
 
           - a table, t11FcSpSaControlTable, of control and other
             information concerning the generation of notifications for
             events related to FC-SP Security Associations;
 
           - one notification, t11FcSpSaNotifyAuthFailure, generated on
             the occurrence of an Authentication failure for a received
             FC-2 or CT_IU frame.
 
           Copyright (C) The IETF Trust (2008).  This version
           of this MIB module is part of RFC 5324;  see the RFC
           itself for full legal notices."
    REVISION  "200808200000Z"
    DESCRIPTION
           "Initial version of this MIB module, published as RFC 5324."
    ::= { mib-2 179 }
 
t11FcSpSaMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpSaMIB 0 }
t11FcSpSaMIBObjects     OBJECT IDENTIFIER ::= { t11FcSpSaMIB 1 }
t11FcSpSaMIBConformance OBJECT IDENTIFIER ::= { t11FcSpSaMIB 2 }
t11FcSpSaBase           OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 1 }
t11FcSpSaConfig         OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 2 }
t11FcSpSaActive         OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 3 }
t11FcSpSaControl        OBJECT IDENTIFIER ::= { t11FcSpSaMIBObjects 4 }
 
--
--  Base-level Per-Fabric Information
--
 
t11FcSpSaIfTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaIfEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing per-Fabric information related to
           FC-SP Security Associations."
    ::= { t11FcSpSaBase 1 }
 
t11FcSpSaIfEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaIfEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information related to Security
           Associations on a particular Fabric, and managed as part
           of the Fibre Channel management instance identified by
           fcmInstanceIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaIfFabricIndex }
    ::= { t11FcSpSaIfTable 1 }
 
T11FcSpSaIfEntry ::= SEQUENCE {
    t11FcSpSaIfIndex               InterfaceIndexOrZero,
    t11FcSpSaIfFabricIndex         T11FabricIndex,
             -- capabilities
    t11FcSpSaIfEspHeaderCapab      T11FcSpTransforms,
    t11FcSpSaIfCTAuthCapab         T11FcSpTransforms,
    t11FcSpSaIfIKEv2Capab          T11FcSpTransforms,
    t11FcSpSaIfIkev2AuthCapab      TruthValue,
             -- parameters and status
    t11FcSpSaIfStorageType         StorageType,
    t11FcSpSaIfReplayPrevention    TruthValue,
    t11FcSpSaIfReplayWindowSize    Unsigned32,
    t11FcSpSaIfDeadPeerDetections  Counter32,
    t11FcSpSaIfTerminateAllSas     INTEGER,
             -- summary frame counters
    t11FcSpSaIfOutDrops            Counter64,
    t11FcSpSaIfOutBypasses         Counter64,
    t11FcSpSaIfOutProcesses        Counter64,
    t11FcSpSaIfOutUnMatcheds       Counter64,
    t11FcSpSaIfInUnprotUnmtchDrops Counter64,
             -- aggregates of per-SA transient counters
    t11FcSpSaIfInDetReplays        Counter64,
 
    t11FcSpSaIfInUnprotMtchDrops   Counter64,
    t11FcSpSaIfInBadXforms         Counter64,
    t11FcSpSaIfInGoodXforms        Counter64,
    t11FcSpSaIfInProtUnmtchs       Counter64
}
 
t11FcSpSaIfIndex OBJECT-TYPE
    SYNTAX       InterfaceIndexOrZero
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "This object has a non-zero value to identify a particular
           interface, or the value zero to indicate that the
           information in this row applies to all (of the management
           instance's) interfaces to the particular Fabric.
 
           If any row has a non-zero value of t11FcSpSaIfIndex, then
           all rows for the same Fibre Channel management instance must
           also have a non-zero value of t11FcSpSaIfIndex and thereby
           be specific to a particular interface.
 
           As and when zero values of t11FcSpSaIfIndex are used in
           this table, then they must also be used in each other
           table that has t11FcSpSaIfIndex in its INDEX clause."
    ::= { t11FcSpSaIfEntry 1 }
 
t11FcSpSaIfFabricIndex OBJECT-TYPE
    SYNTAX       T11FabricIndex
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that uniquely identifies a particular
           Fabric."
    ::= { t11FcSpSaIfEntry 2 }
 
t11FcSpSaIfEspHeaderCapab OBJECT-TYPE
    SYNTAX       T11FcSpTransforms
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "A list of the standardized transforms supported by this
           entity on this interface for ESP_Header protection."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Appendix A.3.1, tables A.23, A.25."
    ::= { t11FcSpSaIfEntry 3 }
 
 
t11FcSpSaIfCTAuthCapab OBJECT-TYPE
    SYNTAX       T11FcSpTransforms
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "A list of the standardized transforms supported by this
           entity on this interface for CT_Authentication protection."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Appendix A.3.1, tables A.23, A.25."
    ::= { t11FcSpSaIfEntry 4 }
 
t11FcSpSaIfIKEv2Capab OBJECT-TYPE
    SYNTAX       T11FcSpTransforms
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "A list of the standardized transforms supported by this
           entity on this interface with IKEv2 protection."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Appendix A.3.1, tables A.23, A.24,
              A.25, A.26."
    ::= { t11FcSpSaIfEntry 5 }
 
t11FcSpSaIfIkev2AuthCapab OBJECT-TYPE
    SYNTAX     TruthValue
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
           "An indication of whether the entity is capable of
           supporting the IKEv2-AUTH protocol on this interface, i.e.,
           concatenation of Authentication and SA Management
           Transactions, such that an SA Management Transaction is
           used to perform both the authentication function and
           SA management."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.7.2, and table A.27."
    ::= { t11FcSpSaIfEntry 6 }
 
t11FcSpSaIfStorageType OBJECT-TYPE
    SYNTAX       StorageType
    MAX-ACCESS   read-write
    STATUS       current
 
    DESCRIPTION
           "This object specifies the memory realization of
           information related to FC-SP Security Associations
           for interface(s) to a particular Fabric; specifically,
           for rows created and/or modified in these tables:
 
                   t11FcSpSaPropTable
                   t11FcSpSaTSelDrByTable
                   t11FcSpSaControlTable
 
           and, for modified information contained in the same
           row as an instance of this object.
 
           Even if an instance of this object has the value
           'permanent(4)', none of the information defined in
           this MIB module for interface(s) to the given Fabric
           need to be writable."
    ::= { t11FcSpSaIfEntry 7 }
 
t11FcSpSaIfReplayPrevention  OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object indicates whether anti-replay protection is
           enabled for frame reception on this interface.
 
           Note that the replay-protection mechanism in FC-SP is
           conceptually similar to the corresponding mechanism in
           IPsec ESP."
    REFERENCE
           "- IP Encapsulating Security Payload (ESP),
              RFC 4303, December 2005, section 3.3.3."
    ::= { t11FcSpSaIfEntry 8 }
 
t11FcSpSaIfReplayWindowSize OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The size of the replay window to be used when
           anti-replay protection is enabled for frame reception
           on this interface.
 
           Note that the replay-protection mechanism in FC-SP is
           conceptually similar to the corresponding mechanism in
           IPsec ESP."
    REFERENCE
 
           "- IP Encapsulating Security Payload (ESP),
              RFC 4303, December 2005, section 3.4.3."
    ::= { t11FcSpSaIfEntry 9 }
 
t11FcSpSaIfDeadPeerDetections OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a dead peer condition has been
           detected on this interface.
 
           This counter has no discontinuities other than those
           that all Counter32's have when sysUpTime=0."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 8.5.3.3."
    ::= { t11FcSpSaIfEntry 10 }
 
t11FcSpSaIfTerminateAllSas OBJECT-TYPE
    SYNTAX       INTEGER { noop(1), terminate(2) }
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "Setting this object to 'terminate' is a request to
           terminate all outstanding Security Associations on this
           interface.
 
           When read, the value of this object is always 'noop'.
           Setting this object to 'noop' has no effect."
    ::= { t11FcSpSaIfEntry 11 }
 
t11FcSpSaIfOutDrops OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of output frames that were dropped, instead
           of being transmitted on this interface, because they matched
           an active (at that time) Traffic Selector with an action of
           'Drop'.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 12 }
 
t11FcSpSaIfOutBypasses        OBJECT-TYPE
 
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of output frames that were transmitted
           unchanged by FC-SP on this interface because they matched
           an active (at that time) Traffic Selector with an action
           of 'Bypass'.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 13 }
 
t11FcSpSaIfOutProcesses       OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of output frames that were protected by FC-SP
           before being transmitted on this interface because they
           matched an active (at that time) Traffic Selector with an
           action of 'Process'.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 14 }
 
t11FcSpSaIfOutUnMatcheds OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of frames that were transmitted unchanged by
           FC-SP on this interface because they did not match any
           Traffic Selector active at that time.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 15 }
 
t11FcSpSaIfInUnprotUnmtchDrops OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of frames received on this interface that
           were dropped because they were unprotected and did not
           match any Traffic Selector active at that time.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 16 }
 
t11FcSpSaIfInDetReplays OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a replay has been detected on
           a Security Association that is currently active or was
           previously active on this interface.  Note that a frame
           that is discarded because it is 'behind' the window,
           i.e., too old, is counted as a replay.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 17 }
 
t11FcSpSaIfInUnprotMtchDrops OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a frame received on this
           interface was dropped because it matched with a Traffic
           Selector for a Security Association that was active at
           the time of receipt but the frame was not protected as
           negotiated for that Security Association.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 18 }
 
t11FcSpSaIfInBadXforms OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a frame received on this
           interface was dropped because of a failure of one of the
           transforms negotiated for the Security Association on
           which it was received.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 19 }
 
 
t11FcSpSaIfInGoodXforms OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of frames received on this interface on a
           Security Association for which the transforms negotiated
           for that Security Association were successfully applied,
           and that matched a Traffic Selector for that Security
           Association.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 20 }
 
t11FcSpSaIfInProtUnmtchs OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of frames received on this interface that
           were dropped because they did not match any of the Traffic
           Selectors negotiated for the Security Association on which
           they were received, even though the Security Association's
           transforms were successfully applied.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaIfEntry 21 }
 
--
--  Proposals to present in Security Association negotiation
--
 
t11FcSpSaPropTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaPropEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table of proposals for an FC-SP entity acting as an
           SA_Initiator to present to the SA_Responder during the
           negotiation of Security Associations.  This information
           is also used by an FC-SP entity acting as an SA_Responder
           to decide what to accept during the negotiation of
           Security Associations."
    ::= { t11FcSpSaConfig 1 }
 
t11FcSpSaPropEntry OBJECT-TYPE
 
    SYNTAX       T11FcSpSaPropEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information about one proposal for
           the FC-SP entity to present, or what to accept, during
           the negotiation of Security Associations on one or more
           interfaces (identified by t11FcSpSaIfIndex) to a
           particular Fabric (identified by t11FcSpSaIfFabricIndex),
           and managed as part of the Fibre Channel management
           instance identified by fcmInstanceIndex.
 
           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaIfStorageType that is INDEX-ed
           by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
           and t11FcSpSaIfFabricIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaIfFabricIndex,
             t11FcSpSaPropIndex }
    ::= { t11FcSpSaPropTable 1 }
 
T11FcSpSaPropEntry ::= SEQUENCE {
    t11FcSpSaPropIndex             Unsigned32,
    t11FcSpSaPropSecurityProt      T11FcSpSecurityProtocolId,
    t11FcSpSaPropTSelListIndex     Unsigned32,
    t11FcSpSaPropTransListIndex    Unsigned32,
    t11FcSpSaPropAcceptAlgorithm   INTEGER,
    t11FcSpSaPropOutMatchSucceeds  Counter64,
    t11FcSpSaPropRowStatus         RowStatus
}
 
t11FcSpSaPropIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that uniquely identifies a particular
           proposal for use on one or more interfaces to a Fabric."
    ::= { t11FcSpSaPropEntry 1 }
 
t11FcSpSaPropSecurityProt OBJECT-TYPE
    SYNTAX       T11FcSpSecurityProtocolId
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The Security Protocol identifier for this proposal, i.e.,
           whether the proposal is for traffic to be protected using
           ESP_Header or CT_Authentication."
 
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.3.2.2 and table 67."
    ::= { t11FcSpSaPropEntry 2 }
 
t11FcSpSaPropTSelListIndex OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "When the value of this object is non-zero, it points
           to the proposal's list of Traffic Selectors.  The value
           must be non-zero in an active row of this table.
 
           The identified list is represented by all rows in the
           t11FcSpSaTSelPropTable for which t11FcSpSaTSelPropListIndex
           has the same value as this object (and with corresponding
           values of t11FcSpSaIfIndex and fcmInstanceIndex)."
    ::= { t11FcSpSaPropEntry 3 }
 
t11FcSpSaPropTransListIndex OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "When the value of this object is non-zero, it points to
           the proposal's list of Transforms.  The value must be
           non-zero in an active row of this table.
 
           The identified list is represented by all rows in the
           t11FcSpSaTransTable for which t11FcSpSaTransListIndex
           has the same value as this object (and with corresponding
           values of t11FcSpSaIfIndex and fcmInstanceIndex)."
    ::= { t11FcSpSaPropEntry 4 }
 
t11FcSpSaPropAcceptAlgorithm OBJECT-TYPE
    SYNTAX       INTEGER {
                     intersection(1),
                     union(2),
                     other(3)
                 }
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The algorithm by which an SA_Responder in an SA negotiation
           decides on which Traffic Selectors to specify in a response
           to an IKE_Create_Child_SA request.  This algorithm is used
 
           when the Traffic Selectors specified by an SA_Initiator in
           an IKE_Create_Child_SA request overlap with this proposal's
           list of Traffic Selectors:
 
           intersection(1) - the SA_Responder specifies the largest
                         subset of what the SA_Initiator proposed,
                         which is also a subset of this proposal's
                         Traffic Selectors.
 
           union(2)    - the SA_Responder specifies the smallest
                         superset of what the SA_Initiator proposed,
                         which is also a superset of this proposal's
                         Traffic Selectors.
 
           other(3)    - the SA_Responder uses some other algorithm.
           "
    ::= { t11FcSpSaPropEntry 5 }
 
t11FcSpSaPropOutMatchSucceeds OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of egress frames that have matched a Traffic
           Selector that was negotiated to select traffic for an
           SA based on this proposal being accepted.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaPropEntry 6 }
 
t11FcSpSaPropRowStatus OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The status of a row.  Values of object instances
           within an active row can be modified at any time.
 
           The status cannot be set to 'active' unless and
           until the instances of t11FcSpSaPropTSelListIndex
           and t11FcSpSaPropTransListIndex in the row have
           been set to point to active rows in the
           t11FcSpSaTSelPropTable and t11FcSpSaTransTable
           tables, respectively.  A row in this table is
           deleted if the active rows it points to are deleted."
    ::= { t11FcSpSaPropEntry 7 }
 
 
--
--  Traffic Selector Proposals
--
 
t11FcSpSaTSelPropTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelPropEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing information about Traffic Selectors
           to propose and/or to accept during the negotiation of
           Security Associations."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5.
            - Use of IKEv2 in FC-SP, RFC 4595,
              July 2006, section 4.4."
    ::= { t11FcSpSaConfig 2 }
 
t11FcSpSaTSelPropEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelPropEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information about one Traffic
           Selector within a list of Traffic Selectors to propose,
           or for use in determining what to accept during Security
           Association negotiation.
 
           One such list is configured for use on a Fabric by
           configuring the list's value of t11FcSpSaTSelPropListIndex
           as the value of an instance of t11FcSpSaPropTSelListIndex,
           for corresponding values of t11FcSpSaIfIndex and
           fcmInstanceIndex.  Further, the proposing and accepting
           of Traffic Selectors is only done as a part of a proposal
           specified by a row of the t11FcSpSaPropTable, i.e.,
           in combination with the proposing and accepting of security
           transforms as specified by the combination of
           t11FcSpSaPropTSelListIndex and t11FcSpSaPropTransListIndex
           in one row of the t11FcSpSaPropTable.
 
           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaTSelPropStorageType in that row."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaTSelPropListIndex, t11FcSpSaTSelPropPrecedence }
    ::= { t11FcSpSaTSelPropTable 1 }
 
 
T11FcSpSaTSelPropEntry ::= SEQUENCE {
    t11FcSpSaTSelPropListIndex    Unsigned32,
    t11FcSpSaTSelPropPrecedence   T11FcSpPrecedence,
    t11FcSpSaTSelPropDirection    T11FcSaDirection,
    t11FcSpSaTSelPropStartSrcAddr FcAddressIdOrZero,
    t11FcSpSaTSelPropEndSrcAddr   FcAddressIdOrZero,
    t11FcSpSaTSelPropStartDstAddr FcAddressIdOrZero,
    t11FcSpSaTSelPropEndDstAddr   FcAddressIdOrZero,
    t11FcSpSaTSelPropStartRCtl    T11FcRoutingControl,
    t11FcSpSaTSelPropEndRCtl      T11FcRoutingControl,
    t11FcSpSaTSelPropStartType    T11FcSpType,
    t11FcSpSaTSelPropEndType      T11FcSpType,
    t11FcSpSaTSelPropStorageType  StorageType,
    t11FcSpSaTSelPropRowStatus    RowStatus
}
 
t11FcSpSaTSelPropListIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that identifies a particular list of
           Traffic Selectors."
    ::= { t11FcSpSaTSelPropEntry 1 }
 
t11FcSpSaTSelPropPrecedence OBJECT-TYPE
    SYNTAX       T11FcSpPrecedence
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "The precedence of this Traffic Selector.  Each
           Traffic Selector within a particular list of
           Traffic Selectors must have a different precedence.
 
           If an egress frame matches multiple Traffic Selectors,
           it should be transmitted on the SA associated with the
           Traffic Selector having the numerically smallest
           precedence value."
    ::= { t11FcSpSaTSelPropEntry 2 }
 
t11FcSpSaTSelPropDirection OBJECT-TYPE
    SYNTAX       T11FcSaDirection
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "An indication of whether this Traffic Selector is
           to be proposed for ingress or egress traffic."
    DEFVAL   { egress }
 
    ::= { t11FcSpSaTSelPropEntry 3 }
 
t11FcSpSaTSelPropStartSrcAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { '000000'h }
    ::= { t11FcSpSaTSelPropEntry 4 }
 
t11FcSpSaTSelPropEndSrcAddr  OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { 'FFFFFF'h }
    ::= { t11FcSpSaTSelPropEntry 5 }
 
t11FcSpSaTSelPropStartDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { '000000'h }
    ::= { t11FcSpSaTSelPropEntry 6 }
 
t11FcSpSaTSelPropEndDstAddr OBJECT-TYPE
 
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { 'FFFFFF'h }
    ::= { t11FcSpSaTSelPropEntry 7 }
 
t11FcSpSaTSelPropStartRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { '00'h }
    ::= { t11FcSpSaTSelPropEntry 8 }
 
t11FcSpSaTSelPropEndRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { 'FF'h }
    ::= { t11FcSpSaTSelPropEntry 9 }
 
t11FcSpSaTSelPropStartType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-create
    STATUS       current
 
    DESCRIPTION
           "The numerically smallest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { '0000'h }
    ::= { t11FcSpSaTSelPropEntry 10 }
 
t11FcSpSaTSelPropEndType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.4.5."
    DEFVAL   { 'FFFF'h }
    ::= { t11FcSpSaTSelPropEntry 11 }
 
t11FcSpSaTSelPropStorageType OBJECT-TYPE
    SYNTAX       StorageType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "This object specifies the memory realization of
           the information in this row.
 
           Even if an instance of this object has the value
           'permanent(4)', none of the information in its row
           needs to be writable."
    ::= { t11FcSpSaTSelPropEntry 12 }
 
t11FcSpSaTSelPropRowStatus OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The status of this row.  Values of object instances
           within the row can be modified at any time."
    ::= { t11FcSpSaTSelPropEntry 13 }
 
 
--
--  Transform Proposals
--
 
t11FcSpSaTransTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTransEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing information about security transforms
           to propose, to accept and/or agreed upon during the
           negotiation of Security Associations."
    ::= { t11FcSpSaConfig 3 }
 
t11FcSpSaTransEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTransEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information about one proposal within a
           list of security transforms to be proposed, to be accepted,
           or already agreed upon, for use on a pair of Security
           Associations on one or more interfaces (identified by
           t11FcSpSaIfIndex), managed as part of the Fibre Channel
           management instance identified by fcmInstanceIndex.
 
           One such list is configured to be proposed or accepted for
           use on a Fabric, by having the list's value of
           t11FcSpSaTransListIndex be the value of an instance of
           t11FcSpSaPropTransListIndex for that Fabric.  Further,
           the proposing and accepting of security transforms is only
           done as a part of a proposal specified by a row of the
           t11FcSpSaPropTable, i.e., in combination with the proposing
           and accepting of Traffic Selectors as specified by the
           combination of t11FcSpSaPropTSelListIndex and
           t11FcSpSaPropTransListIndex in one row of the
           t11FcSpSaPropTable.
 
           The security (encryption and integrity) transform in use on
           an SA pair is indicated by having the pair's values of
           t11FcSpSaPairTransListIndex and t11FcSpSaPairTransIndex
           contain the values of t11FcSpSaTransListIndex and
           t11FcSpSaTransIndex for the transform's row in this table.
 
           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaTransStorageType in that row."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaTransListIndex, t11FcSpSaTransIndex }
 
    ::= { t11FcSpSaTransTable 1 }
 
T11FcSpSaTransEntry ::= SEQUENCE {
    t11FcSpSaTransListIndex      Unsigned32,
    t11FcSpSaTransIndex          Unsigned32,
    t11FcSpSaTransSecurityProt   T11FcSpSecurityProtocolId,
    t11FcSpSaTransEncryptAlg     AutonomousType,
    t11FcSpSaTransEncryptKeyLen  Unsigned32,
    t11FcSpSaTransIntegrityAlg   AutonomousType,
    t11FcSpSaTransStorageType    StorageType,
    t11FcSpSaTransRowStatus      RowStatus
}
 
t11FcSpSaTransListIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that uniquely identifies a particular
           list of security transforms to be proposed, to be accepted,
           or already agreed upon."
    ::= { t11FcSpSaTransEntry 1 }
 
t11FcSpSaTransIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that uniquely identifies one security
           transform within a list identified by
           t11FcSpSaTransListIndex."
    ::= { t11FcSpSaTransEntry 2 }
 
t11FcSpSaTransSecurityProt OBJECT-TYPE
    SYNTAX       T11FcSpSecurityProtocolId
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The Security Protocol identifier that indicates
           whether this transform is for traffic to be protected
           using ESP_Header or using CT_Authentication."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.3.2.2 and table 67."
    ::= { t11FcSpSaTransEntry 3 }
 
t11FcSpSaTransEncryptAlg OBJECT-TYPE
 
    SYNTAX       AutonomousType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The Encryption Algorithm for this transform."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.3.2.3 and tables 69 & 70."
    ::= { t11FcSpSaTransEntry 4 }
 
t11FcSpSaTransEncryptKeyLen OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The key length in bits to be used with an encryption
           algorithm that has a variable length key.  This object
           is ignored when the corresponding instance of
           t11FcSpSaTransEncryptAlg specifies an algorithm with a
           fixed length key."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.3.2.5 and table 77."
    ::= { t11FcSpSaTransEntry 5 }
 
t11FcSpSaTransIntegrityAlg OBJECT-TYPE
    SYNTAX       AutonomousType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The Integrity Algorithm for this transform."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.3.2.3 and tables 69 & 72."
    ::= { t11FcSpSaTransEntry 6 }
 
t11FcSpSaTransStorageType OBJECT-TYPE
    SYNTAX       StorageType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "This object specifies the memory realization of
           the information in this row.
 
           Even if an instance of this object has the value
 
           'permanent(4)', none of the information in its row
           needs to be writable."
    ::= { t11FcSpSaTransEntry 7 }
 
t11FcSpSaTransRowStatus OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The status of this row.
 
           When an instance of t11FcSpSaPairTransListIndex points to
           a row in this table, values of object instances in the row
           cannot be modified nor can the row be deleted.  Otherwise,
           a row can be modified or deleted at any time."
    ::= { t11FcSpSaTransEntry 8 }
 
--
--  Traffic Selectors for Drop & Bypass
--
 
t11FcSpSaTSelDrByTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelDrByEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing Traffic Selectors to select which
           traffic is to be dropped or is to bypass further
           security processing."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, sections 4.6, 4.7, and 6.4.5.
            - Use of IKEv2 in FC-SP, RFC 4595,
              July 2006, section 4.4."
    ::= { t11FcSpSaConfig 4 }
 
t11FcSpSaTSelDrByEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelDrByEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry represents one Traffic Selector having the
           security action of 'drop' or 'bypass', which is applied
           based on a precedence value, either to ingress traffic
           that is unprotected by FC-SP, or to all egress
           traffic on one or more interfaces (identified by
           t11FcSpSaIfIndex) to a particular Fabric (identified
 
           by t11FcSpSaIfFabricIndex), and managed as part of the Fibre
           Channel management instance identified by fcmInstanceIndex.
 
           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaIfStorageType that is INDEX-ed
           by the same values of fcmInstanceIndex, t11FcSpSaIfIndex
           and t11FcSpSaIfFabricIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex, t11FcSpSaIfFabricIndex,
             t11FcSpSaTSelDrByDirection, t11FcSpSaTSelDrByPrecedence }
    ::= { t11FcSpSaTSelDrByTable 1 }
 
T11FcSpSaTSelDrByEntry ::= SEQUENCE {
    t11FcSpSaTSelDrByDirection     T11FcSaDirection,
    t11FcSpSaTSelDrByPrecedence    T11FcSpPrecedence,
    t11FcSpSaTSelDrByAction        INTEGER,
    t11FcSpSaTSelDrByStartSrcAddr  FcAddressIdOrZero,
    t11FcSpSaTSelDrByEndSrcAddr    FcAddressIdOrZero,
    t11FcSpSaTSelDrByStartDstAddr  FcAddressIdOrZero,
    t11FcSpSaTSelDrByEndDstAddr    FcAddressIdOrZero,
    t11FcSpSaTSelDrByStartRCtl     T11FcRoutingControl,
    t11FcSpSaTSelDrByEndRCtl       T11FcRoutingControl,
    t11FcSpSaTSelDrByStartType     T11FcSpType,
    t11FcSpSaTSelDrByEndType       T11FcSpType,
    t11FcSpSaTSelDrByMatches       Counter64,
    t11FcSpSaTSelDrByRowStatus     RowStatus
}
 
t11FcSpSaTSelDrByDirection OBJECT-TYPE
    SYNTAX       T11FcSaDirection
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An indication of whether this Traffic Selector is
           for ingress or egress traffic."
    ::= { t11FcSpSaTSelDrByEntry 1 }
 
t11FcSpSaTSelDrByPrecedence OBJECT-TYPE
    SYNTAX       T11FcSpPrecedence
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "The precedence of this Traffic Selector.  If and when a
           frame is compared against multiple Traffic Selectors, and
           multiple of them have a match with the frame, the security
           action to be taken for the frame is that specified for the
           matching Traffic Selector having the numerically smallest
           precedence value."
    ::= { t11FcSpSaTSelDrByEntry 2 }
 
t11FcSpSaTSelDrByAction OBJECT-TYPE
    SYNTAX       INTEGER { drop(1), bypass(2) }
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The security action to be taken for a frame that
           matches this Traffic Selector."
    DEFVAL   { drop }
    ::= { t11FcSpSaTSelDrByEntry 3 }
 
t11FcSpSaTSelDrByStartSrcAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    DEFVAL   { '000000'h }
    ::= { t11FcSpSaTSelDrByEntry 4 }
 
t11FcSpSaTSelDrByEndSrcAddr  OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    DEFVAL   { 'FFFFFF'h }
    ::= { t11FcSpSaTSelDrByEntry 5 }
 
t11FcSpSaTSelDrByStartDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    DEFVAL   { '000000'h }
    ::= { t11FcSpSaTSelDrByEntry 6 }
 
t11FcSpSaTSelDrByEndDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
 
           "The numerically largest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    DEFVAL   { 'FFFFFF'h }
    ::= { t11FcSpSaTSelDrByEntry 7 }
 
t11FcSpSaTSelDrByStartRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    DEFVAL   { '00'h }
    ::= { t11FcSpSaTSelDrByEntry 8 }
 
t11FcSpSaTSelDrByEndRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    DEFVAL   { 'FF'h }
    ::= { t11FcSpSaTSelDrByEntry 9 }
 
t11FcSpSaTSelDrByStartType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically smallest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    DEFVAL   { '0000'h }
    ::= { t11FcSpSaTSelDrByEntry 10 }
 
t11FcSpSaTSelDrByEndType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The numerically largest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    DEFVAL   { 'FFFF'h }
 
    ::= { t11FcSpSaTSelDrByEntry 11 }
 
t11FcSpSaTSelDrByMatches OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of frames for which the action specified by
           the corresponding instance of t11FcSpSaTSelDrByAction was
           taken because of a match with this Traffic Selector.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaTSelDrByEntry 12 }
 
t11FcSpSaTSelDrByRowStatus OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION
           "The status of this row.  Values of object instances
           within the row can be modified at any time."
    ::= { t11FcSpSaTSelDrByEntry 13 }
 
--
--  Active Security Associations
--
 
t11FcSpSaPairTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaPairEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing information about active
           bidirectional pairs of Security Associations."
    ::= { t11FcSpSaActive 1 }
 
t11FcSpSaPairEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaPairEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information about one active
           bidirectional pair of Security Associations on an
           interface to a particular Fabric (identified by
           t11FcSpSaIfFabricIndex), managed as part of the Fibre
           Channel management instance identified by
           fcmInstanceIndex."
 
    INDEX  { fcmInstanceIndex, t11FcSpSaPairIfIndex,
             t11FcSpSaIfFabricIndex, t11FcSpSaPairInboundSpi }
    ::= { t11FcSpSaPairTable 1 }
 
T11FcSpSaPairEntry ::= SEQUENCE {
    t11FcSpSaPairIfIndex           InterfaceIndex,
    t11FcSpSaPairInboundSpi        T11FcSpiIndex,
    t11FcSpSaPairSecurityProt      T11FcSpSecurityProtocolId,
    t11FcSpSaPairTransListIndex    Unsigned32,
    t11FcSpSaPairTransIndex        Unsigned32,
    t11FcSpSaPairLifetimeLeft      T11FcSpLifetimeLeft,
    t11FcSpSaPairLifetimeLeftUnits T11FcSpLifetimeLeftUnits,
    t11FcSpSaPairTerminate         INTEGER,
    t11FcSpSaPairInProtUnMatchs    Counter64,
    t11FcSpSaPairInDetReplays      Counter64,
    t11FcSpSaPairInBadXforms       Counter64,
    t11FcSpSaPairInGoodXforms      Counter64
}
 
t11FcSpSaPairIfIndex OBJECT-TYPE
    SYNTAX       InterfaceIndex
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "This object identifies the interface to the particular
           Fabric on which this SA pair is active."
    ::= { t11FcSpSaPairEntry 1 }
 
t11FcSpSaPairInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "The SPI value that is used to indicate that an incoming
           frame was received on the ingress SA of this SA pair."
    ::= { t11FcSpSaPairEntry 2 }
 
t11FcSpSaPairSecurityProt OBJECT-TYPE
    SYNTAX       T11FcSpSecurityProtocolId
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The object indicates whether this SA uses ESP_Header to
           protect FC-2 frames, or CT_Authentication to protect Common
           Transport Information Units (CT_IUs)."
    ::= { t11FcSpSaPairEntry 3 }
 
t11FcSpSaPairTransListIndex OBJECT-TYPE
 
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The combination of this value and the value of the
           corresponding instance of t11FcSpSaPairTransIndex
           identify the row in the t11FcSpSaTransTable that
           contains the transforms that are in use on this SA pair."
    ::= { t11FcSpSaPairEntry 4 }
 
t11FcSpSaPairTransIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The combination of this value and the value of the
           corresponding instance of t11FcSpSaPairTransListIndex
           identify the row in the t11FcSpSaTransTable that
           contains the transforms that are in use on this SA pair."
    ::= { t11FcSpSaPairEntry 5 }
 
t11FcSpSaPairLifetimeLeft OBJECT-TYPE
    SYNTAX       T11FcSpLifetimeLeft
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The remaining lifetime of this SA pair, given in the
           units specified by the value of the corresponding
           instance of t11FcSpSaPairLifetimeLeft."
    ::= { t11FcSpSaPairEntry 6 }
 
t11FcSpSaPairLifetimeLeftUnits OBJECT-TYPE
    SYNTAX       T11FcSpLifetimeLeftUnits
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The units in which the value of the corresponding
           instance of t11FcSpSaPairLifetimeLeft specifies the
           remaining lifetime of this SA pair."
    ::= { t11FcSpSaPairEntry 7 }
 
t11FcSpSaPairTerminate OBJECT-TYPE
    SYNTAX       INTEGER { noop(1), terminate(2) }
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "Setting this object to 'terminate' is a request
           to terminate this pair of Security Associations.
 
           When read, the value of this object is always 'noop'.
           Setting this object to 'noop' has no effect."
    ::= { t11FcSpSaPairEntry 8 }
 
t11FcSpSaPairInProtUnMatchs OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of frames received on this SA for which the
           SA's transforms were successfully applied to the frame,
           but the frame was still dropped because it did not match
           any of the SA's ingress Traffic Selectors.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaPairEntry 9 }
 
t11FcSpSaPairInDetReplays OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a replay has been detected on
           this Security Association.  Note that a frame that is
           discarded because it is 'behind' the window, i.e., too old,
           is counted as a replay.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaPairEntry 10 }
 
t11FcSpSaPairInBadXforms OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a received frame was dropped
           because one of the transforms negotiated for this Security
           Association failed.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaPairEntry 11 }
 
t11FcSpSaPairInGoodXforms OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
 
    STATUS       current
    DESCRIPTION
           "The number of received frames for which the transforms
           negotiated for this Security Association, were
           successfully applied.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaPairEntry 12 }
 
--
--  Negotiated Ingress Traffic Selectors
--
 
t11FcSpSaTSelNegInTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelNegInEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing information about ingress Traffic
           Selectors that are in use on active Security
           Associations."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, sections 4.6, 4.7, and 6.4.5.
            - Use of IKEv2 in FC-SP, RFC 4595,
              July 2006, section 4.4."
    ::= { t11FcSpSaActive 2 }
 
t11FcSpSaTSelNegInEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelNegInEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information about one ingress Traffic
           Selector that is in use on an active Security Association
           on an interface (identified by t11FcSpSaPairIfIndex) to
           a particular Fabric (identified by t11FcSpSaIfFabricIndex),
           managed as part of the Fibre Channel management instance
           identified by fcmInstanceIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaPairIfIndex,
             t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegInIndex }
    ::= { t11FcSpSaTSelNegInTable 1 }
 
T11FcSpSaTSelNegInEntry ::= SEQUENCE {
    t11FcSpSaTSelNegInIndex         Unsigned32,
    t11FcSpSaTSelNegInInboundSpi    T11FcSpiIndex,
 
    t11FcSpSaTSelNegInStartSrcAddr  FcAddressIdOrZero,
    t11FcSpSaTSelNegInEndSrcAddr    FcAddressIdOrZero,
    t11FcSpSaTSelNegInStartDstAddr  FcAddressIdOrZero,
    t11FcSpSaTSelNegInEndDstAddr    FcAddressIdOrZero,
    t11FcSpSaTSelNegInStartRCtl     T11FcRoutingControl,
    t11FcSpSaTSelNegInEndRCtl       T11FcRoutingControl,
    t11FcSpSaTSelNegInStartType     T11FcSpType,
    t11FcSpSaTSelNegInEndType       T11FcSpType,
    t11FcSpSaTSelNegInUnpMtchDrops  Counter64
}
 
t11FcSpSaTSelNegInIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value to distinguish an ingress Traffic Selector
           from all others currently in use by Security Associations
           on the same interface to a particular Fabric."
    ::= { t11FcSpSaTSelNegInEntry 1 }
 
t11FcSpSaTSelNegInInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI of the ingress SA on which this Traffic Selector
           is in use.
 
           This value can be used to find the SA pair's row in the
           t11FcSpSaPairTable."
    ::= { t11FcSpSaTSelNegInEntry 2 }
 
t11FcSpSaTSelNegInStartSrcAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegInEntry 3 }
 
t11FcSpSaTSelNegInEndSrcAddr  OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
 
           "The numerically largest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegInEntry 4 }
 
t11FcSpSaTSelNegInStartDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    ::= { t11FcSpSaTSelNegInEntry 5 }
 
t11FcSpSaTSelNegInEndDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    ::= { t11FcSpSaTSelNegInEntry 6 }
 
t11FcSpSaTSelNegInStartRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegInEntry 7 }
 
t11FcSpSaTSelNegInEndRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegInEntry 8 }
 
t11FcSpSaTSelNegInStartType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
 
    STATUS       current
    DESCRIPTION
           "The numerically smallest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegInEntry 9 }
 
t11FcSpSaTSelNegInEndType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegInEntry 10 }
 
t11FcSpSaTSelNegInUnpMtchDrops OBJECT-TYPE
    SYNTAX       Counter64
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of times that a received frame was dropped
           because it matched with this Traffic Selector but the
           frame was not protected as negotiated for the Security
           Association identified by t11FcSpSaTSelNegInInboundSpi.
 
           This counter has no discontinuities other than those
           that all Counter64's have when sysUpTime=0."
    ::= { t11FcSpSaTSelNegInEntry 11 }
 
--
--  Negotiated Egress Traffic Selectors
--
 
t11FcSpSaTSelNegOutTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelNegOutEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table containing information about egress Traffic
           Selectors that are in use on active Security
           Associations."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, sections 4.6, 4.7, and 6.4.5.
            - Use of IKEv2 in FC-SP, RFC 4595,
 
              July 2006, section 4.4."
    ::= { t11FcSpSaActive 3 }
 
t11FcSpSaTSelNegOutEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelNegOutEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry contains information about one egress Traffic
           Selector that is in use on an active Security Association
           on an interface (identified by t11FcSpSaPairIfIndex) to
           a particular Fabric (identified by t11FcSpSaIfFabricIndex),
           managed as part of the Fibre Channel management instance
           identified by fcmInstanceIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaPairIfIndex,
             t11FcSpSaIfFabricIndex, t11FcSpSaTSelNegOutPrecedence }
    ::= { t11FcSpSaTSelNegOutTable 1 }
 
T11FcSpSaTSelNegOutEntry ::= SEQUENCE {
    t11FcSpSaTSelNegOutPrecedence     T11FcSpPrecedence,
    t11FcSpSaTSelNegOutInboundSpi     T11FcSpiIndex,
    t11FcSpSaTSelNegOutStartSrcAddr   FcAddressIdOrZero,
    t11FcSpSaTSelNegOutEndSrcAddr     FcAddressIdOrZero,
    t11FcSpSaTSelNegOutStartDstAddr   FcAddressIdOrZero,
    t11FcSpSaTSelNegOutEndDstAddr     FcAddressIdOrZero,
    t11FcSpSaTSelNegOutStartRCtl      T11FcRoutingControl,
    t11FcSpSaTSelNegOutEndRCtl        T11FcRoutingControl,
    t11FcSpSaTSelNegOutStartType      T11FcSpType,
    t11FcSpSaTSelNegOutEndType        T11FcSpType
}
 
t11FcSpSaTSelNegOutPrecedence OBJECT-TYPE
    SYNTAX       T11FcSpPrecedence
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "The precedence of this Traffic Selector.  If and when a
           frame is compared against multiple Traffic Selectors, and
           multiple of them have a match with the frame, the security
           action to be taken for the frame is that specified for the
           matching Traffic Selector having the numerically smallest
           precedence value."
    ::= { t11FcSpSaTSelNegOutEntry 1 }
 
t11FcSpSaTSelNegOutInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
 
    DESCRIPTION
           "The SPI of the ingress SA of the SA pair for which this
           Traffic Selector is in use on the egress SA.
 
           This value can be used to find the SA pair's row in the
           t11FcSpSaPairTable."
    ::= { t11FcSpSaTSelNegOutEntry 2 }
 
t11FcSpSaTSelNegOutStartSrcAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 3 }
 
t11FcSpSaTSelNegOutEndSrcAddr  OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 24-bit value of a source address
           (S_ID) of a frame that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 4 }
 
t11FcSpSaTSelNegOutStartDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 5 }
 
t11FcSpSaTSelNegOutEndDstAddr OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero (SIZE (3))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 24-bit value of a destination
           address (D_ID) of a frame that will match with this
           Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 6 }
 
 
t11FcSpSaTSelNegOutStartRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 7 }
 
t11FcSpSaTSelNegOutEndRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 8 }
 
t11FcSpSaTSelNegOutStartType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 9 }
 
t11FcSpSaTSelNegOutEndType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 10 }
 
--
--  Traffic Selectors index-ed by SPI
--
 
t11FcSpSaTSelSpiTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelSpiEntry
    MAX-ACCESS   not-accessible
    STATUS       current
 
    DESCRIPTION
           "A table identifying the Traffic Selectors in use on
           particular Security Associations, INDEX-ed by their
           (ingress) SPI values."
    ::= { t11FcSpSaActive 4 }
 
t11FcSpSaTSelSpiEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelSpiEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry identifies one Traffic Selector in use on an SA
           pair on the interface (identified by t11FcSpSaPairIfIndex)
           to a particular Fabric (identified by
           t11FcSpSaIfFabricIndex), and managed as part of the Fibre
           Channel management instance identified by fcmInstanceIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaPairIfIndex,
             t11FcSpSaIfFabricIndex,
             t11FcSpSaTSelSpiInboundSpi, t11FcSpSaTSelSpiTrafSelIndex }
    ::= { t11FcSpSaTSelSpiTable 1 }
 
T11FcSpSaTSelSpiEntry ::= SEQUENCE {
    t11FcSpSaTSelSpiInboundSpi     T11FcSpiIndex,
    t11FcSpSaTSelSpiTrafSelIndex   Unsigned32,
    t11FcSpSaTSelSpiDirection      T11FcSaDirection,
    t11FcSpSaTSelSpiTrafSelPtr     Unsigned32
}
 
t11FcSpSaTSelSpiInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An SPI value that identifies the ingress Security
           Association of a particular SA pair."
    ::= { t11FcSpSaTSelSpiEntry 1 }
 
t11FcSpSaTSelSpiTrafSelIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that distinguishes between the
           (potentially multiple) Traffic Selectors in use on
           this Security Association pair."
    ::= { t11FcSpSaTSelSpiEntry 2 }
 
t11FcSpSaTSelSpiDirection OBJECT-TYPE
 
    SYNTAX       T11FcSaDirection
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "This object indicates whether this Traffic Selector
           is being used for ingress or for egress traffic."
    ::= { t11FcSpSaTSelSpiEntry 3 }
 
t11FcSpSaTSelSpiTrafSelPtr OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "This object contains a pointer into another table that
           can be used to obtain more information about this Traffic
           Selector.
 
           If the corresponding instance of t11FcSpSaTSelSpiDirection
           has the value 'egress', then this object contains the
           value of t11FcSpSaTSelNegOutPrecedence in the row of
           t11FcSpSaTSelNegOutTable, which contains more information.
 
           If the corresponding instance of t11FcSpSaTSelSpiDirection
           has the value 'ingress', then this object contains the
           value of t11FcSpSaTSelNegInIndex that identifies the row
           in t11FcSpSaTSelNegInTable containing more information."
    ::= { t11FcSpSaTSelSpiEntry 4 }
 
--
-- Notification information & control
--
 
t11FcSpSaControlTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaControlEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table of control and other information concerning
           the generation of notifications for events related
           to FC-SP Security Associations."
    ::= { t11FcSpSaControl 1 }
 
t11FcSpSaControlEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaControlEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry identifies information for the one or more
 
           interfaces (identified by t11FcSpSaIfIndex) to a
           particular Fabric (identified by t11FcSpSaIfFabricIndex),
           and managed as part of the Fibre Channel management
           instance identified by fcmInstanceIndex.
 
           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaIfStorageType that is INDEX-ed
           by the same values of fcmInstanceIndex, t11FcSpSaIfIndex,
           and t11FcSpSaIfFabricIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaIfFabricIndex }
    ::= { t11FcSpSaControlTable 1 }
 
T11FcSpSaControlEntry ::= SEQUENCE {
    t11FcSpSaControlAuthFailEnable  TruthValue,
    t11FcSpSaControlInboundSpi      T11FcSpiIndex,
    t11FcSpSaControlSource          FcAddressIdOrZero,
    t11FcSpSaControlDestination     FcAddressIdOrZero,
    t11FcSpSaControlFrame           OCTET STRING,
    t11FcSpSaControlElapsed         TimeTicks,
    t11FcSpSaControlSuppressed      Gauge32,
    t11FcSpSaControlWindow          Unsigned32,
    t11FcSpSaControlMaxNotifs       Unsigned32,
    t11FcSpSaControlLifeExcdEnable  TruthValue,
    t11FcSpSaControlLifeExcdSpi     T11FcSpiIndex,
    t11FcSpSaControlLifeExcdDir     T11FcSaDirection,
    t11FcSpSaControlLifeExcdTime    TimeStamp
}
 
t11FcSpSaControlAuthFailEnable OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object specifies whether a t11FcSpSaNotifyAuthFailure
           notification should be generated for the first occurrence
           of an Authentication failure within a time window for this
           Fabric."
    ::= { t11FcSpSaControlEntry 1 }
 
t11FcSpSaControlInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI value of the ingress Security Association on
           which was received the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.
 
           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is zero."
    ::= { t11FcSpSaControlEntry 2 }
 
t11FcSpSaControlSource OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The S_ID contained in the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.
 
           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 3 }
 
t11FcSpSaControlDestination OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The D_ID contained in the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.
 
           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 4 }
 
t11FcSpSaControlFrame OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE (0..256))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The binary content of the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.  If more than
           256 bytes of the frame are available, then this object
           contains the first 256 bytes.  If less than 256 bytes of
           the frame are available, then this object contains the
           first N bytes, where N is greater or equal to zero.
 
           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 5 }
 
t11FcSpSaControlElapsed OBJECT-TYPE
 
    SYNTAX       TimeTicks
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The elapsed time since the last generation of a
           t11FcSpSaNotifyAuthFailure notification on the same
           Fabric, or the value of sysUpTime if no
           t11FcSpSaNotifyAuthFailure notifications have been
           generated since the last restart."
    ::= { t11FcSpSaControlEntry 6 }
 
t11FcSpSaControlSuppressed OBJECT-TYPE
    SYNTAX       Gauge32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of occurrences of an Authentication failure
           on a Fabric that were suppressed because they occurred
           on the same Fabric within the same time window as a
           previous Authentication failure for which a
           t11FcSpSaNotifyAuthFailure notification was generated.
 
           The value of this object is reset to zero on a restart
           of the network management subsystem, and whenever a
           t11FcSpSaNotifyAuthFailure notification is generated.
           In the event that the value of this object reaches its
           maximum value, it remains at that value until it is
           reset on the generation of the next
           t11FcSpSaNotifyAuthFailure notification."
    ::= { t11FcSpSaControlEntry 7 }
 
t11FcSpSaControlWindow OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    UNITS        "seconds"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The length of a time window that begins when a
           t11FcSpSaNotifyAuthFailure notification is generated for
           any Security Association on a particular Fabric.  For the
           duration of the time window, further Authentication failures
           occurring for the same Security Association are counted but
           no t11FcSpSaNotifyAuthFailure notification is generated.
 
           When this object is modified before the end of a time
           window, that time window is immediately terminated, i.e.,
           the next Authentication failure on the relevant Fabric
           after the modification will cause a new time window to
 
           begin with the new length."
    DEFVAL   { 300 }
    ::= { t11FcSpSaControlEntry 8 }
 
t11FcSpSaControlMaxNotifs OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The maximum number of t11FcSpSaNotifyAuthFailure
           notifications to be generated per Fabric within a
           t11FcSpSaControlWindow time window.  Subsequent
           Authentication failures occurring on the same Fabric
           in the same time window are counted, but no
           t11FcSpSaNotifyAuthFailure notification is generated.
 
           When this object is modified before the end of a time
           window, that time window is immediately terminated, i.e.,
           the next Authentication failure on the relevant Fabric
           after the modification will cause a new time window to
           begin with the new length."
    DEFVAL   { 16 }
    ::= { t11FcSpSaControlEntry 9 }
 
t11FcSpSaControlLifeExcdEnable OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object specifies whether t11FcSpSaNotifyLifeExceeded
           notifications should be generated for this Fabric."
    DEFVAL   { true }
    ::= { t11FcSpSaControlEntry 10 }
 
t11FcSpSaControlLifeExcdSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI of the SA that was most recently terminated
           because its lifetime (in seconds or in passed bytes)
           was exceeded.  Such terminations include those due to
           a failed attempt to renew an SA after its lifetime was
           exceeded."
    ::= { t11FcSpSaControlEntry 11 }
 
t11FcSpSaControlLifeExcdDir OBJECT-TYPE
    SYNTAX       T11FcSaDirection
 
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The direction of frame transmission on the SA that was
           most recently terminated because its lifetime (in seconds
           or in passed bytes) was exceeded."
    ::= { t11FcSpSaControlEntry 12 }
 
t11FcSpSaControlLifeExcdTime OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The time of the most recent termination of an SA
           due to its lifetime (in seconds or in passed bytes)
           being exceeded.  Such terminations include those
           due to a failed attempt to renew an SA after its
           lifetime was exceeded."
    ::= { t11FcSpSaControlEntry 13 }
 
--
-- Notification definitions
--
 
t11FcSpSaNotifyAuthFailure NOTIFICATION-TYPE
    OBJECTS      { t11FcSpSaControlInboundSpi,
                   t11FcSpSaControlSource,
                   t11FcSpSaControlDestination,
                   t11FcSpSaControlFrame,
                   t11FcSpSaControlElapsed,
                   t11FcSpSaControlSuppressed }
    STATUS       current
    DESCRIPTION
           "When this notification is generated, it indicates the
           occurrence of an Authentication failure for a received
           FC-2 or CT_IU frame.  The t11FcSpSaControlInboundSpi,
           t11FcSpSaControlSource, and t11FcSpSaControlDestination
           objects in the varbindlist are the frame's SPI, source and
           destination addresses, respectively.  t11FcSpSaControlFrame
           provides the (beginning of the) frame's content if such is
           available.
 
           This notification is generated only for the first
           occurrence of an Authentication failure on a Fabric within
           a time window.  Subsequent occurrences of an Authentication
           Failure on the same Fabric within the same time window
           are counted but suppressed.
 
 
           The value of t11FcSpSaControlElapsed contains (a lower bound
           on) the elapsed time since the last generation of this
           notification for the same Fabric.  The value of
           t11FcSpSaControlSuppressed contains the number of
           generations which were suppressed in the time window after
           that last generation, or zero if unknown."
    ::= { t11FcSpSaMIBNotifications 1 }
 
t11FcSpSaNotifyLifeExceeded NOTIFICATION-TYPE
    OBJECTS      { t11FcSpSaControlLifeExcdSpi,
                   t11FcSpSaControlLifeExcdDir }
    STATUS       current
    DESCRIPTION
           "This notification is generated when the lifetime (in
           seconds or in passed bytes) of an SA is exceeded, and the
           SA is either immediately terminated or is terminated
           because an attempt to renew the SA fails.  The values of
           t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir
           contain the SPI and direction of the terminated SA."
    ::= { t11FcSpSaMIBNotifications 2 }
 
--
-- Conformance
--
 
t11FcSpSaMIBCompliances
                    OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 1 }
t11FcSpSaMIBGroups  OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 2 }
 
t11FcSpSaMIBCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION
           "The compliance statement for entities that implement
           FC-SP Security Associations."
 
    MODULE  -- this module
        MANDATORY-GROUPS
            { t11FcSpSaCapabilityGroup,
              t11FcSpSaParamStatusGroup,
              t11FcSpSaSummaryCountGroup,
              t11FcSpSaProposalGroup,
              t11FcSpSaDropBypassGroup,
              t11FcSpSaActiveGroup,
              t11FcSpSaNotifInfoGroup,
              t11FcSpSaNotificationGroup
            }
 
       -- The following is an auxiliary (listed in an INDEX clause)
 
       -- object for which the SMIv2 does not allow an OBJECT clause
       -- to be specified, but for which this MIB has the following
       -- compliance requirement:
       --      OBJECT        t11FcSpSaIfIndex
       --      DESCRIPTION
       --          Compliance requires support for either one of:
       --          - individual interfaces using ifIndex values, or
       --          - the use of the zero value.
 
-- Write access is not required for any objects in this MIB module:
 
        OBJECT       t11FcSpSaIfStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTransStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaIfReplayPrevention
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaIfReplayWindowSize
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaIfTerminateAllSas
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaPropSecurityProt
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaPropTSelListIndex
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaPropTransListIndex
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaPropAcceptAlgorithm
 
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaPropRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropDirection
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropStartSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropEndSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropStartDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropEndDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropStartRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropEndRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropStartType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropEndType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelPropRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTransSecurityProt
 
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTransEncryptAlg
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTransEncryptKeyLen
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTransIntegrityAlg
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTransRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByAction
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByStartSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByEndSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByStartDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByEndDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByStartRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByEndRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByStartType
 
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByEndType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaTSelDrByRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaPairTerminate
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaControlAuthFailEnable
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaControlWindow
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaControlMaxNotifs
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
        OBJECT       t11FcSpSaControlLifeExcdEnable
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."
 
    ::= { t11FcSpSaMIBCompliances 1 }
 
-- Units of Conformance
 
t11FcSpSaCapabilityGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaIfEspHeaderCapab,
               t11FcSpSaIfCTAuthCapab,
               t11FcSpSaIfIKEv2Capab,
               t11FcSpSaIfIkev2AuthCapab
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to capabilities of FC-SP entities."
    ::= { t11FcSpSaMIBGroups 1 }
 
t11FcSpSaParamStatusGroup OBJECT-GROUP
 
    OBJECTS  { t11FcSpSaIfStorageType,
               t11FcSpSaIfReplayPrevention,
               t11FcSpSaIfReplayWindowSize,
               t11FcSpSaIfDeadPeerDetections,
               t11FcSpSaIfTerminateAllSas
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing parameters
           and status information related to FC-SP entities."
    ::= { t11FcSpSaMIBGroups 2 }
 
t11FcSpSaSummaryCountGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaIfOutDrops,
               t11FcSpSaIfOutBypasses,
               t11FcSpSaIfOutProcesses,
               t11FcSpSaIfOutUnMatcheds,
               t11FcSpSaIfInUnprotUnmtchDrops,
               t11FcSpSaIfInDetReplays,
               t11FcSpSaIfInUnprotMtchDrops,
               t11FcSpSaIfInBadXforms,
               t11FcSpSaIfInGoodXforms,
               t11FcSpSaIfInProtUnmtchs
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing summary
           counters for FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 3 }
 
t11FcSpSaProposalGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaPropSecurityProt,
               t11FcSpSaPropTSelListIndex,
               t11FcSpSaPropTransListIndex,
               t11FcSpSaPropAcceptAlgorithm,
               t11FcSpSaPropOutMatchSucceeds,
               t11FcSpSaPropRowStatus,
               t11FcSpSaTSelPropDirection,
               t11FcSpSaTSelPropStartSrcAddr,
               t11FcSpSaTSelPropEndSrcAddr,
               t11FcSpSaTSelPropStartDstAddr,
               t11FcSpSaTSelPropEndDstAddr,
               t11FcSpSaTSelPropStartRCtl,
               t11FcSpSaTSelPropEndRCtl,
               t11FcSpSaTSelPropStartType,
               t11FcSpSaTSelPropEndType,
               t11FcSpSaTSelPropStorageType,
               t11FcSpSaTSelPropRowStatus
 
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to making and accepting proposals for
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 4 }
 
t11FcSpSaDropBypassGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaTSelDrByAction,
               t11FcSpSaTSelDrByStartSrcAddr,
               t11FcSpSaTSelDrByEndSrcAddr,
               t11FcSpSaTSelDrByStartDstAddr,
               t11FcSpSaTSelDrByEndDstAddr,
               t11FcSpSaTSelDrByStartRCtl,
               t11FcSpSaTSelDrByEndRCtl,
               t11FcSpSaTSelDrByStartType,
               t11FcSpSaTSelDrByEndType,
               t11FcSpSaTSelDrByMatches,
               t11FcSpSaTSelDrByRowStatus
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           about Traffic Selectors of traffic to drop or bypass
           for FC-SP Security."
    ::= { t11FcSpSaMIBGroups 5 }
 
t11FcSpSaActiveGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaPairSecurityProt,
               t11FcSpSaPairTransListIndex,
               t11FcSpSaPairTransIndex,
               t11FcSpSaPairLifetimeLeft,
               t11FcSpSaPairLifetimeLeftUnits,
               t11FcSpSaPairTerminate,
               t11FcSpSaPairInProtUnMatchs,
               t11FcSpSaPairInDetReplays,
               t11FcSpSaPairInBadXforms,
               t11FcSpSaPairInGoodXforms,
               t11FcSpSaTransSecurityProt,
               t11FcSpSaTransEncryptAlg,
               t11FcSpSaTransEncryptKeyLen,
               t11FcSpSaTransIntegrityAlg,
               t11FcSpSaTransStorageType,
               t11FcSpSaTransRowStatus,
               t11FcSpSaTSelNegInInboundSpi,
               t11FcSpSaTSelNegInStartSrcAddr,
               t11FcSpSaTSelNegInEndSrcAddr,
 
               t11FcSpSaTSelNegInStartDstAddr,
               t11FcSpSaTSelNegInEndDstAddr,
               t11FcSpSaTSelNegInStartRCtl,
               t11FcSpSaTSelNegInEndRCtl,
               t11FcSpSaTSelNegInStartType,
               t11FcSpSaTSelNegInEndType,
               t11FcSpSaTSelNegInUnpMtchDrops,
               t11FcSpSaTSelNegOutInboundSpi,
               t11FcSpSaTSelNegOutStartSrcAddr,
               t11FcSpSaTSelNegOutEndSrcAddr,
               t11FcSpSaTSelNegOutStartDstAddr,
               t11FcSpSaTSelNegOutEndDstAddr,
               t11FcSpSaTSelNegOutStartRCtl,
               t11FcSpSaTSelNegOutEndRCtl,
               t11FcSpSaTSelNegOutStartType,
               t11FcSpSaTSelNegOutEndType,
               t11FcSpSaTSelSpiDirection,
               t11FcSpSaTSelSpiTrafSelPtr
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information related
           to currently active FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 6 }
 
t11FcSpSaNotifInfoGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaControlAuthFailEnable,
               t11FcSpSaControlInboundSpi,
               t11FcSpSaControlSource,
               t11FcSpSaControlDestination,
               t11FcSpSaControlFrame,
               t11FcSpSaControlElapsed,
               t11FcSpSaControlSuppressed,
               t11FcSpSaControlWindow,
               t11FcSpSaControlMaxNotifs,
               t11FcSpSaControlLifeExcdEnable,
               t11FcSpSaControlLifeExcdSpi,
               t11FcSpSaControlLifeExcdDir,
               t11FcSpSaControlLifeExcdTime
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to notifications of events concerning
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 7 }
 
 
 
t11FcSpSaNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS  { t11FcSpSaNotifyAuthFailure,
                     t11FcSpSaNotifyLifeExceeded
                   }
    STATUS         current
    DESCRIPTION
           "A collection of notifications of events concerning
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 8 }
 
END