RFC 5324
MIB for Fibre-Channel Security Protocols (FC-SP)
Pages: 216
Proposed Standard
Proposed Standard
Part 3 of 7 – Pages 64 to 83
6.4. The T11-FC-SP-POLICY-MIB Module
--******************************************************************* -- FC-SP Policy -- T11-FC-SP-POLICY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, mib-2, Counter32, Unsigned32 FROM SNMPv2-SMI -- [RFC2578] RowStatus, StorageType, TimeStamp, TruthValue FROM SNMPv2-TC -- [RFC2579] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- [RFC3411] InetAddress, InetPortNumber, InetAddressType FROM INET-ADDRESS-MIB -- [RFC4001] fcmInstanceIndex, FcNameIdOrZero, FcDomainIdOrZero FROM FC-MGMT-MIB -- [RFC4044] T11NsGs4RejectReasonCode FROM T11-FC-NAME-SERVER-MIB -- [RFC4438] T11FabricIndex FROM T11-TC-MIB -- [RFC4439] T11FcSpAlphaNumName, T11FcSpAlphaNumNameOrAbsent, T11FcSpPolicyName, T11FcSpPolicyNameType, T11FcSpPolicyObjectType, T11FcSpPolicyHashFormat, T11FcSpPolicyHashValue, T11FcSpHashCalculationStatus FROM T11-FC-SP-TC-MIB; t11FcSpPolicyMIB MODULE-IDENTITY LAST-UPDATED "200808200000Z" ORGANIZATION "This MIB module was developed through the coordinated effort of two organizations: T11 began the development and the IETF (in the IMSS Working Group) finished it." CONTACT-INFO " Claudio DeSanti Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA EMail: cds@cisco.com
Keith McCloghrie
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134 USA
Email: kzm@cisco.com"
DESCRIPTION
"This MIB module specifies the management information
required to manage Fabric Policies as defined by Fibre
Channel's FC-SP specification.
FC-SP uses the term 'Policy Objects', sometimes abbreviated
to just 'Objects', to refer to containers used to hold the
data by which Fabric Policies are specified/stored. This
obviously has the potential to cause confusion between
'Policy Objects' and 'MIB objects'. The DESCRIPTIONs in
this MIB module attempt to avoid such confusion by the use
of different adjectives and capitalization, even though such
mechanisms are less effective when used in descriptors.
Some types of Policy Objects contain multiple items of
information, each of which are held in the same format
within the Policy Object. In such cases, FC-SP uses the
term 'Entry' to describe each instance of the common format.
For example, FC-SP defines an Attribute Policy Object as
containing one or more 'Attribute Entries'. Again, this MIB
module attempts to avoid confusion by the use of adjectives
and capitalization to distinguish an Entry within a Policy
Object from an entry within a MIB table.
A Fabric's database of Policy Objects consists of a set of
active Objects that are to be enforced by that Fabric, as
well as non-active Objects that are not enforced.
Operations defined (in FC-SP) for Policy Management are:
- Add/Get/Remove operations on individual non-active
Policy Objects,
- Activate/Deactivate operations on a Policy Summary
Object, and
- Get operations on the active Policy Summary Object
and/or on individual active Policy Objects.
This MIB module has five parts:
1) Active Policy Objects - read-only MIB objects
representing the set of active Policy Objects for
each Fabric,
2) Activate/Deactivate Operations
- a read-write MIB object to invoke an Activate
operation of the policies specified via a non-active
Policy Summary Object, and
- a read-write MIB object to invoke a Deactivate
operation.
3) Non-active Policy Objects
- read-create MIB objects to allow the creation of
non-active Policy Summary Objects (which reference
non-active Policy Objects), and
- read-create MIB objects representing non-active
Policy Objects.
4) Statistics
5) Control information and Notifications
Copyright (C) The IETF Trust (2008). This version
of this MIB module is part of RFC 5324; see the RFC
itself for full legal notices."
REVISION "200808200000Z"
DESCRIPTION
"Initial version of this MIB module, published as RFC 5324."
::= { mib-2 178 }
t11FcSpPoMIBNotifications OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 0 }
t11FcSpPoMIBObjects OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 1 }
t11FcSpPoMIBConformance OBJECT IDENTIFIER ::= { t11FcSpPolicyMIB 2 }
t11FcSpPoActive OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 1 }
t11FcSpPoOperations OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 2 }
t11FcSpPoNonActive OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 3 }
t11FcSpPoStatistics OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 4 }
t11FcSpPoControl OBJECT IDENTIFIER ::= { t11FcSpPoMIBObjects 5 }
--
-- Part 1 - Active Policy Objects
--
t11FcSpPoTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing top-level information about active
FC-SP policies on various Fabrics."
::= { t11FcSpPoActive 1 }
t11FcSpPoEntry OBJECT-TYPE
SYNTAX T11FcSpPoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains information about active FC-SP policies
for a particular Fabric, managed as part of the Fibre
Channel management instance identified by fcmInstanceIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex }
::= { t11FcSpPoTable 1 }
T11FcSpPoEntry ::= SEQUENCE {
t11FcSpPoFabricIndex T11FabricIndex,
t11FcSpPoPolicySummaryObjName T11FcSpAlphaNumName,
t11FcSpPoAdminFabricName FcNameIdOrZero,
t11FcSpPoActivatedTimeStamp TimeStamp
}
t11FcSpPoFabricIndex OBJECT-TYPE
SYNTAX T11FabricIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index value that uniquely identifies a particular
Fabric."
::= { t11FcSpPoEntry 1 }
t11FcSpPoPolicySummaryObjName OBJECT-TYPE
SYNTAX T11FcSpAlphaNumName
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of this Fabric's (active) Policy Summary Object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3 and table 104."
::= { t11FcSpPoEntry 2 }
t11FcSpPoAdminFabricName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The administratively-specified name for this Fabric, as
specified in the active Switch Membership List Object.
This value is meaningful only when Static Domain_IDs are
in use in a Fabric (see FC-SW-4). Static Domain_IDs are
administratively enabled by a setting of the Switch Flags
in each Switch Entry in the Switch Membership List Object.
If Static Domain_IDs are not in use, this value might be
'0000000000000000'h.
The t11FamEnable, t11FamFabricName, and
t11FamConfigDomainIdType objects defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module are also concerned with
the use of an administratively-specified name for a Fabric
and Static Domain_IDs. When FC-SP Policy is in use in a
Fabric, the values of t11FamEnable, t11FamFabricName, and
t11FamConfigDomainIdType must be read-only and reflect the
active Policy Objects. For example, the value of
t11FamFabricName must reflect the value of
t11FcSpPoAdminFabricName."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 108.
- Fibre Channel - Switch Fabric-4 (FC-SW-4),
ANSI INCITS 418-2006, April 2006, section 7.1.
- Fibre Channel Fabric Address Manager MIB', RFC 4439,
March 2006."
::= { t11FcSpPoEntry 3 }
t11FcSpPoActivatedTimeStamp OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime at which this Fabric's Policy
Summary Object was last activated, or zero if the same
Policy Summary Object has been active since the last
restart of the management system."
::= { t11FcSpPoEntry 4 }
--
-- The table of Policy Summary Objects
--
t11FcSpPoSummaryTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoSummaryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of information about active Policy Objects listed
within FC-SP Policy Summary Objects."
::= { t11FcSpPoActive 2 }
t11FcSpPoSummaryEntry OBJECT-TYPE
SYNTAX T11FcSpPoSummaryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains information about one of the active
Policy Objects listed within the Policy Summary Object for
the Fabric identified by t11FcSpPoFabricIndex and managed
within the Fibre Channel management instance identified by
fcmInstanceIndex.
How many Policy Objects of a given type can be active at
any one time for a given Fabric depends on the type, as
specified in FC-SP. For some types, it is one per Fabric;
for other types, more than one can be active per Fabric.
In both of these cases, the absence of any entries in this
table for a particular type is equivalent to there being one
Policy Object of that type that is empty, e.g., a Switch
Membership List Object that identifies zero Switches."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3 and table 104."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoSummaryPolicyNameType,
t11FcSpPoSummaryPolicyName }
::= { t11FcSpPoSummaryTable 1 }
T11FcSpPoSummaryEntry ::= SEQUENCE {
t11FcSpPoSummaryPolicyNameType T11FcSpPolicyNameType,
t11FcSpPoSummaryPolicyName T11FcSpPolicyName,
t11FcSpPoSummaryPolicyType T11FcSpPolicyObjectType,
t11FcSpPoSummaryHashFormat T11FcSpPolicyHashFormat,
t11FcSpPoSummaryHashValue T11FcSpPolicyHashValue
}
t11FcSpPoSummaryPolicyNameType OBJECT-TYPE
SYNTAX T11FcSpPolicyNameType {
nodeName(1),
alphaNumericName(7)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The combination of t11FcSpPoSummaryPolicyNameType and
t11FcSpPoSummaryPolicyName specify the name of the Policy
Object contained in the Policy Summary Object.
The type of name is 'nodeName' if the value of the
corresponding instance of t11FcSpPoSummaryPolicyType is
'switchConnectivity', or 'alphaNumericName' otherwise."
::= { t11FcSpPoSummaryEntry 1 }
t11FcSpPoSummaryPolicyName OBJECT-TYPE
SYNTAX T11FcSpPolicyName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The combination of t11FcSpPoSummaryPolicyNameType and
t11FcSpPoSummaryPolicyName specify the name of the Policy
Object contained in the Policy Summary Object."
::= { t11FcSpPoSummaryEntry 2 }
t11FcSpPoSummaryPolicyType OBJECT-TYPE
SYNTAX T11FcSpPolicyObjectType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The 'Identifier' that specifies the type of this
Policy Object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.3.1 and table 104."
::= { t11FcSpPoSummaryEntry 3 }
t11FcSpPoSummaryHashFormat OBJECT-TYPE
SYNTAX T11FcSpPolicyHashFormat
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The format of this Policy Object's hash value as
contained in the corresponding instance of the
t11FcSpPoSummaryHashValue object."
::= { t11FcSpPoSummaryEntry 4 }
t11FcSpPoSummaryHashValue OBJECT-TYPE
SYNTAX T11FcSpPolicyHashValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The hash value of this Policy Object, in the format
identified by the corresponding instance of the
t11FcSpPoSummaryHashFormat object."
::= { t11FcSpPoSummaryEntry 5 }
--
-- Switch Entries in Active Switch Membership List Objects
--
t11FcSpPoSwMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoSwMembEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of Switch Entries in active Switch Membership List
Objects.
One Switch Membership List Object is represented by all
of the rows of this table that have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoActive 3 }
t11FcSpPoSwMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoSwMembEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains information about one Switch Entry
within the active Switch Membership List Object for the
Fabric identified by t11FcSpPoFabricIndex and managed
within the Fibre Channel management instance identified
by fcmInstanceIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoSwMembSwitchNameType, t11FcSpPoSwMembSwitchName }
::= { t11FcSpPoSwMembTable 1 }
T11FcSpPoSwMembEntry ::= SEQUENCE {
t11FcSpPoSwMembSwitchNameType T11FcSpPolicyNameType,
t11FcSpPoSwMembSwitchName FcNameIdOrZero,
t11FcSpPoSwMembSwitchFlags BITS,
t11FcSpPoSwMembDomainID FcDomainIdOrZero,
t11FcSpPoSwMembPolicyDataRole INTEGER,
t11FcSpPoSwMembAuthBehaviour BITS,
t11FcSpPoSwMembAttribute T11FcSpAlphaNumNameOrAbsent
}
t11FcSpPoSwMembSwitchNameType OBJECT-TYPE
SYNTAX T11FcSpPolicyNameType {
nodeName(1),
restrictedNodeName(2),
wildcard(5),
restrictedWildcard(6)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"If the value of this object is 'nodeName' or
'restrictedNodeName', then the combination of
this object and t11FcSpPoSwMembSwitchName specify the
Switch Name of this Switch Entry.
The membership is restricted or unrestricted based on the
name type. Restricted membership means that the Switch is
not allowed to be part of the Fabric unless allowed by a
specific Switch Connectivity Object. Unrestricted
membership means that the Switch is allowed to be part of
the Fabric unless disallowed by a specific Switch
Connectivity Object.
The values of 'wildcard' and 'restrictedWildcard' provide
the means to specify whether to allow/deny membership for
Switches not explicitly named in the Switch Membership
List Object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 1 }
t11FcSpPoSwMembSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"When the value of t11FcSpPoSwMembSwitchNameType is
'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h.
Otherwise, the combination of t11FcSpPoSwMembSwitchNameType
and this object specify the Switch Name of this Switch
Entry."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 2 }
t11FcSpPoSwMembSwitchFlags OBJECT-TYPE
SYNTAX BITS {
staticDomainID(0),
insistentDomainID(1),
serialPortsAccess(2),
physicalPortsAccess(3),
managerRole(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Configurable options in respect to the administration
of Policy Objects at this Switch:
'staticDomainID' - if this bit is set, the Switch
uses the 'Static Domain_IDs behavior' (as defined in
FC-SW-4). This bit needs to have the same setting for all
Switches in a Fabric's Switch Membership List Object, or
else the Fabric will partition. If this bit is set, the
Domain_ID for the Switch is given by the corresponding
instance of t11FcSpPoSwMembDomainID.
'insistentDomainID' - if this bit is set, the
Switch uses the 'Insistent Domain_ID behavior' (see
t11FamConfigDomainId of T11-FC-FABRIC-ADDR-MGR-MIB), the
Domain_ID for the Switch is given by the corresponding
instance of t11FcSpPoSwMembDomainID.
'serialPortsAccess' - the Switch allows management
through serial ports when and only when this bit is set.
'physicalPortsAccess' - the Switch allows management
through the physical panel when and only when this bit
is set.
'managerRole' - the Switch is allowed to change
the Fabric Policy configuration (on receipt of any of the
EACA, Enhanced Stage Fabric Configuration (ESFC), Enhanced
Update Fabric Configuration (EUFC), ACA, SFC, or UFC
SW_ILSs) if and only if this bit is set.
Whenever a Fabric has Active Policy Objects, the value of
the t11FamConfigDomainIdType object defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and
reflect the values of the 'staticDomainID' and
'insistentDomainID' bits of this object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 112.
- Fibre Channel - Switch Fabric-4 (FC-SW-4),
ANSI INCITS 418-2006, April 2006, section 7.1.
- t11FamConfigDomainIdType, T11-FC-FABRIC-ADDR-MGR-MIB,
Fibre Channel Fabric Address Manager MIB, RFC 4439."
::= { t11FcSpPoSwMembEntry 3 }
t11FcSpPoSwMembDomainID OBJECT-TYPE
SYNTAX FcDomainIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The specified Domain_ID value when either of the
'staticDomainID' or 'insistentDomainID' bits are set in
the corresponding instance of t11FcSpPoSwMembSwitchFlags.
Whenever a Fabric has Active Policy Objects, the value
of the t11FamConfigDomainId object defined in the
T11-FC-FABRIC-ADDR-MGR-MIB module must be read-only and
reflect the value of this object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and tables 111 and 112.
- t11FamConfigDomainId, T11-FC-FABRIC-ADDR-MGR-MIB,
Fibre Channel Fabric Address Manager MIB, RFC 4439."
::= { t11FcSpPoSwMembEntry 4 }
t11FcSpPoSwMembPolicyDataRole OBJECT-TYPE
SYNTAX INTEGER {
client(1),
autonomous(2),
server(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The role of the Switch in terms of which Policy data
it retains/maintains:
'client' - the Switch operates as a Client Switch.
A Client Switch maintains its own Switch Connectivity
Object and all Fabric-wide List Objects. If FC-SP
Zoning is used, a Client Switch maintains only the
subset of the Active Zone Set that it requires to
enforce the current Fabric Zoning configuration.
'autonomous' - the Switch operates as an Autonomous
Switch. An Autonomous Switch maintains its own Switch
Connectivity Object and all Fabric-wide List Objects.
This is the same as 'client' except that if FC-SP Zoning
is used, an Autonomous Switch maintains a complete copy
of the Fabric Zoning Database.
'server' - the Switch operates as a Server Switch.
A Server Switch maintains all Fabric-wide List Objects
and the Switch Connectivity Objects of each Switch in
the Fabric. If FC-SP Zoning is used, a Server Switch
maintains a complete copy of the Fabric Zoning Database."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 113."
::= { t11FcSpPoSwMembEntry 5 }
t11FcSpPoSwMembAuthBehaviour OBJECT-TYPE
SYNTAX BITS {
mustAuthenticate(0),
rejectIsFailure(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication behaviour of the Switch:
'mustAuthenticate' - if this bit is set, all connections
between this Switch and neighbor Switches must be
authenticated.
'rejectIsFailure' - if this bit is set, the rejection of
an AUTH_Negotiate message must be considered as an
authentication failure by this Switch."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 114."
::= { t11FcSpPoSwMembEntry 6 }
t11FcSpPoSwMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of an active Attribute Policy Object that is
defined for this Switch, or the zero-length string. The
zero-length string indicates that no Attribute Policy
Object is defined for this Switch."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 110."
::= { t11FcSpPoSwMembEntry 7 }
--
-- Node Entries in Active Node Membership List Objects
--
t11FcSpPoNoMembTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoNoMembEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of Node Entries in active Node Membership List
Objects.
One Node Membership List Object is represented by all
of the rows of this table that have the same values
of fcmInstanceIndex and t11FcSpPoFabricIndex."
::= { t11FcSpPoActive 4 }
t11FcSpPoNoMembEntry OBJECT-TYPE
SYNTAX T11FcSpPoNoMembEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains information about one Node Entry
within the active Node Membership List Object for the
Fabric identified by t11FcSpPoFabricIndex and managed
within the Fibre Channel management instance identified
by fcmInstanceIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoNoMembNodeNameType, t11FcSpPoNoMembNodeName }
::= { t11FcSpPoNoMembTable 1 }
T11FcSpPoNoMembEntry ::= SEQUENCE {
t11FcSpPoNoMembNodeNameType T11FcSpPolicyNameType,
t11FcSpPoNoMembNodeName FcNameIdOrZero,
t11FcSpPoNoMembFlags BITS,
t11FcSpPoNoMembCtAccessIndex Unsigned32,
t11FcSpPoNoMembAttribute T11FcSpAlphaNumNameOrAbsent
}
t11FcSpPoNoMembNodeNameType OBJECT-TYPE
SYNTAX T11FcSpPolicyNameType {
nodeName(1),
restrictedNodeName(2),
portName(3),
restrictedPortName(4),
wildcard(5),
restrictedWildcard(6)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"If the value of this object is 'wildcard' or
'restrictedWildcard', this Node Entry applies to Nodes not
explicitly named in the Node Membership List Object.
Otherwise, the combination of this object and
t11FcSpPoNoMembNodeName specify the name of this Node Entry
in the active Node Membership List Object. A Node is
identified by its Node Name or by one or more of its Port
Names.
Restricted membership means that a Node is not allowed to be
connected to the Fabric unless allowed by a specific Switch
Connectivity Object. Unrestricted membership means that a
Node is allowed to be connected to the Fabric unless
disallowed by a specific Switch Connectivity Object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 1 }
t11FcSpPoNoMembNodeName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"If the value of t11FcSpPoNoMembNodeNameType is
'wildcard' or 'restrictedWildcard', this object has the
value '0000000000000000'h.
Otherwise, the combination of t11FcSpPoNoMembNodeNameType
and this object specify the name of this Node Entry is the
active Node Membership List Object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 2 }
t11FcSpPoNoMembFlags OBJECT-TYPE
SYNTAX BITS {
scsiEnclosureAccess(0),
authenticationRequired(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Configurable options in respect to the administration
of Policy Objects at this Node:
'scsiEnclosureAccess' - the Node is allowed to
control any Switch through SCSI Enclosure Services if this
bit is set. If a Switch does not support SCSI Enclosure
Services, this bit is ignored.
'authenticationRequired' - the Node is required to
authenticate itself to any Switch to which it is connected
if and only if this bit is set."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 118."
::= { t11FcSpPoNoMembEntry 3 }
t11FcSpPoNoMembCtAccessIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the value of this object is zero, then access by this
Node to Generic Services is not limited by a Common
Transport Access Specifier.
Otherwise, the limits are specified by the set of Common
Transport Access Descriptors contained in those rows of
the t11FcSpPoCtDescrTable for the same Fabric and for which
the value of t11FcSpPoCtDescrSpecifierIndex is the same as
the value of this object."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP), February 2007,
section 7.1.4.1 and tables 118/119/120/121."
::= { t11FcSpPoNoMembEntry 4 }
t11FcSpPoNoMembAttribute OBJECT-TYPE
SYNTAX T11FcSpAlphaNumNameOrAbsent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of an active Attribute Policy Object that is
defined for this Node, or the zero-length string. The
zero-length string indicates that no Attribute Policy
Object is defined for this Node."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.4.1 and table 116."
::= { t11FcSpPoNoMembEntry 5 }
--
--
-- Common Transport Access Descriptors
--
t11FcSpPoCtDescrTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoCtDescrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of Common Transport Access Descriptors being used
within active Policy Objects.
A Common Transport Access Specifier is a list of Common
Transport Access Descriptors that specify whether a Node
is allowed to access a Generic Service or Sub-Server.
An active Common Transport Access Specifier is represented
by all rows of this table that have the same values of
fcmInstanceIndex, t11FcSpPoFabricIndex, and
t11FcSpPoCtDescrSpecifierIndex."
::= { t11FcSpPoActive 5 }
t11FcSpPoCtDescrEntry OBJECT-TYPE
SYNTAX T11FcSpPoCtDescrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains information about one Common
Transport Access Descriptor of an active Common Transport
Access Specifier used within the Fabric identified by
t11FcSpPoFabricIndex and managed within the Fibre Channel
management instance identified by fcmInstanceIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoCtDescrSpecifierIndex, t11FcSpPoCtDescrIndex }
::= { t11FcSpPoCtDescrTable 1 }
T11FcSpPoCtDescrEntry ::= SEQUENCE {
t11FcSpPoCtDescrSpecifierIndex Unsigned32,
t11FcSpPoCtDescrIndex Unsigned32,
t11FcSpPoCtDescrFlags BITS,
t11FcSpPoCtDescrGsType OCTET STRING,
t11FcSpPoCtDescrGsSubType OCTET STRING
}
t11FcSpPoCtDescrSpecifierIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index value that uniquely identifies a particular
Common Transport Access Specifier within a Fabric."
::= { t11FcSpPoCtDescrEntry 1 }
t11FcSpPoCtDescrIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index value that uniquely identifies a particular
Common Transport Access Descriptor within a Common Transport
Access Specifier."
::= { t11FcSpPoCtDescrEntry 2 }
t11FcSpPoCtDescrFlags OBJECT-TYPE
SYNTAX BITS {
allow(0),
gsTypeWildcard(1),
gsSubTypeWildcard(2),
readOnly(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The flag bits that specify how access is to be limited by
this Common Transport Access Descriptor:
- allow -- access to the specified Generic Service and
Server is allowed if this bit is set, and is to be denied
if this bit is not set.
- gsTypeWildcard -- if this bit is set, the Generic Service
to be allowed/denied is specified by the value of
t11FcSpPoCtDescrGsType. If this bit is set, then the
gsSubTypeWildcard bit must not be set.
- gsSubTypeWildcard -- if this bit is set, the Generic
Service to be allowed/denied is specified by the value of
t11FcSpPoCtDescrGsSubType. If this bit is set, then the
gsTypeWildcard bit must not be set.
- readOnly -- if this bit is set, then access is to be
granted only for reading."
::= { t11FcSpPoCtDescrEntry 3 }
t11FcSpPoCtDescrGsType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The GS_Type of the Generic Service (e.g., the FC-GS-5
Management Service) that is subject to access control.
This value is ignored if the gsTypeWildcard bit is not set
in the corresponding value of t11FcSpPoCtDescrFlags."
REFERENCE
"- Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, section 4.3.2.4."
::= { t11FcSpPoCtDescrEntry 4 }
t11FcSpPoCtDescrGsSubType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The GS_Subtype of the Generic Server (e.g., the Fabric Zone
Server) that is subject to access control. This value is
ignored if the gsSubTypeWildcard bit is not set in the
corresponding value of t11FcSpPoCtDescrFlags."
REFERENCE
"- Fibre Channel - Generic Services-5 (FC-GS-5),
ANSI INCITS 427-2006, section 4.3.2.5."
::= { t11FcSpPoCtDescrEntry 5 }
--
--
-- Switches/Nodes in Active Switch Connectivity Objects
--
t11FcSpPoSwConnTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11FcSpPoSwConnEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of active Switch Connectivity Objects.
A Switch Connectivity Object defines to which other
Switches or Nodes a particular Switch may/may not be
connected at the Node level and/or at the Port level."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.6.1, tables 123/124."
::= { t11FcSpPoActive 6 }
t11FcSpPoSwConnEntry OBJECT-TYPE
SYNTAX T11FcSpPoSwConnEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains the name of either a Switch or a Node
with which any port of a particular Switch, or a particular
port of that Switch, is allowed or not allowed to be
connected.
The particular Switch is on the Fabric identified by
t11FcSpPoFabricIndex and managed within the Fibre Channel
management instance identified by fcmInstanceIndex."
INDEX { fcmInstanceIndex, t11FcSpPoFabricIndex,
t11FcSpPoSwConnSwitchName, t11FcSpPoSwConnAllowedType,
t11FcSpPoSwConnPortNameOrAll,
t11FcSpPoSwConnAllowedIndex }
::= { t11FcSpPoSwConnTable 1 }
T11FcSpPoSwConnEntry ::= SEQUENCE {
t11FcSpPoSwConnSwitchName FcNameIdOrZero,
t11FcSpPoSwConnAllowedType INTEGER,
t11FcSpPoSwConnPortNameOrAll FcNameIdOrZero,
t11FcSpPoSwConnAllowedIndex Unsigned32,
t11FcSpPoSwConnAllowedNameType T11FcSpPolicyNameType,
t11FcSpPoSwConnAllowedName T11FcSpPolicyName
}
t11FcSpPoSwConnSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE (8))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the particular Switch for which this Switch
Connectivity Object specifies topology restrictions."
::= { t11FcSpPoSwConnEntry 1 }
t11FcSpPoSwConnAllowedType OBJECT-TYPE
SYNTAX INTEGER { switch(1), node(2) }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies whether this row refers to
Switch-to-Switch or Switch-to-Node connectivity, i.e.,
whether the corresponding instance of
t11FcSpPoSwConnAllowedName specifies the name of a Switch
or the name of a Node."
::= { t11FcSpPoSwConnEntry 2 }
t11FcSpPoSwConnPortNameOrAll OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE(0 | 8))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies either the particular port to which
this topology restriction applies, or if the value is the
zero-length string, that the topology restriction applies
to all ports on the particular Switch.
In the FC-SP Policy Database, restrictions for a particular
port are formatted within a Port Connectivity Entry of a
Switch Connectivity Object, whereas restrictions for all
ports on the Switch are specified in the main part of a
Switch Connectivity Object, i.e., not in a Port Connectivity
Entry."
REFERENCE
"- ANSI INCITS 426-2007, T11/Project 1570-D,
Fibre Channel - Security Protocols (FC-SP),
February 2007, section 7.1.6.1, tables 123/124."
::= { t11FcSpPoSwConnEntry 3 }
t11FcSpPoSwConnAllowedIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"When multiple rows in this table apply to the same
port(s) in the same Switch's Switch Connectivity Object,
this object provides a unique index value to distinguish
between such rows."
::= { t11FcSpPoSwConnEntry 4 }
(next page on part 4)