A3COM-IPSO-R1-MIB: View SNMP OID List / Download MIB

This object determines whether this system checks for IP security options. If this object has the value security1108 (1), then the system checks for IP security options (per rfc1108) in each received IP packet and handles them accordingly. If this object has the value security1038 (2), then the system checks and acts on IP security options per rfc1038. If this object has the value noSecurity (3), the system does not check for IP security options. Enumeration: 'security1108': 1, 'security1038': 2, 'noSecurity': 3.

This determines whether security options are processed when talking to the host identified by the UI parameter FileServerAddr. If set to yes (1), the File Server is treated like any other host on the network. If set to no (2), the File Server is treated specially. Any security options received from this IP address are ignored. Also, all basic security options are stripped before sending a packet to the File Server. Enumeration: 'yes': 1, 'no': 2.

This table contains a set of parameters relating to the configuration of IP security options.

Each entry in this table contains a set of IP security parameters specific to a particular port.

This identifies the IP port to which the security parameters in this entry apply.

This object controls a number of parameters associated with IP security. Each parameter is represented by a specific bit. If the bit is set, the parameter is turned on. If the bit is not set, the parameter is turned off. The state of all the parameters is represented by a sum of all the bits, the value of each bit being multiplied by 2 raised to the power of the position of the bit in the integer. With bit 0 being the least significant bit, the table below defines the mapping of security parameters to bits. bit # Parameter 0 Extended 1 BasicFirst 2 LabelAdd 3 LabelStrip If bit 0 is set, the Extended parameter is turned on. This allows datagrams with extended security options to be received and/or transmitted from this port. If bit 1 is set, the BasicFirst parameter is turned on. This indicates that the basic security option is always transmitted as the first option in the datagram, even if the packet has to be rearranged. If this bit is not set, the datagram options are sent as is. If bit 2 is set, the LabelAdd parameter is turned on. This ensures that all datagrams leaving this port have a label attached to them. If an outgoing datagram does not have a label, the default label, computed for the datagram on receipt, is attached to it before transmission. If this parameter is turned off, then datagrams without labels are allowed to be transmitted, and the default label is not attached to the datagram. If bit 3 is set, the LabelStrip parameter is turned on. In this case, any basic security option present in the datagram is stripped before transmission through this port. The stripping is done after all the security processing has been done. If this parameter is turned off, the label is transmitted as is.

This parameter applies to packets received over this port that have no classification level or authority flags. When such packets are received, the value of this parameter determines the IP security level that is attached to the packet before any processing is done. If this is set to none (1), any packet that is received without a security level defined in the IP header options is discarded. If this is set to any other value, any packet received without a security level defined in the IP header options will have one added according to the value of this object. A Protection Authority field will also be added to these packets. The contents of the field is determined by the value of a3IPsecureLabelDefaultAuth. Note, this does not imply that the label will be automatically attached to the packet on transmission. This is controlled by the value of a3IPsecureParamCtl -- specifically, the value of the LabelAdd bit Enumeration: 'topSecret': 2, 'unclassified': 5, 'none': 1, 'secret': 3, 'confidential': 4.

Like a3IPsecureLabelDefaultLevel, this parameter applies only to packets received over this port that have no classification level or authority flags. When such packets are received, the value of this parameter determines the Protection Authority flag field that is attached to the packet before any processing is done. The individual Protection Authority flags that are included are determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object will be placed in the Protection Authority field of received packets with no IP security options present. (note: this is conditioned on a3IPsecureLabelDefaultLevel for this port having a value other than none (1).) If this object has the value 0, then no Protection Authority field will be added to any received packets, regardless of the value of a3IPsecureLabelDefaultLevel.

This parameter applies to packets originated by this system and sent over this port. When such packets are sent, the value of this parameter determines the IP security level that is attached to the packet before any processing is done. If this is set to none (1), no IP security information is added to these packets. If this is set to any other value, any packet originated by this system and sent over this port will have an IP security level added according to the value of this object. A Protection Authority field will also be added to these packets. The contents of the field is determined by the value of a3IPsecureLabelSysAuth. The security level and Protection Authority flag field must form a label which is legal for transmission on this port. The range of legal values for the security level is defined by a3IPsecureMaxLevel and a3IPsecureMinLevel. The set of legal Protection Authority flags is determined by the entries in a3IPsecureAuthOutTable. Enumeration: 'topSecret': 2, 'unclassified': 5, 'none': 1, 'secret': 3, 'confidential': 4.

Like a3IPsecureLabelSysLevel, this parameter applies only to packets originated by this system and sent over this port. When such packets are sent, the value of this parameter determines the Protection Authority flag field that is attached to the packet before any processing is done. Note, this is assuming a3IPsecureLabelSysLevel has a value other than none (1). The individual Protection Authority flags that are included are determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object will be placed in the Protection Authority field of received packets with no IP security options present. (note: this is conditioned on a3IPsecureLabelDefaultLevel for this port having a value other than none (1).) If this object has the value 0, then no Protection Authority field will be added to any received packets, regardless of the value of a3IPsecureLabelDefaultLevel.

This defines the minimum classification level which is acceptable by this port. This applies to any packet which is entering or leaving this port. If the classification level is outside the range defined by the value of this object and the value of a3IPsecureMaxLevel, the packet is discarded. If a3IPsecureMaxLevel is set to level less than the level indicated by this object, the value of this object will be shifted so it is equal to a3IPsecureMaxLevel. This will ensure that the range of security levels identified by these two objects makes sense. Enumeration: 'topSecret': 1, 'unclassified': 4, 'secret': 2, 'confidential': 3.

This define the maximum classification level which is acceptable by this port. This applies to any packet which is entering or leaving this port. If the classification level is outside the range defined by the value of this object and the value of a3IPsecureMinLevel, the packet is discarded. If a3IPsecureMinLevel is set to a level greater than the level identified by this object, the value of this object will be shifted so it is equal to a3IPsecureMinLevel. Enumeration: 'topSecret': 1, 'unclassified': 4, 'secret': 2, 'confidential': 3.

This table enumerates all the combinations of Protection Authority flags that may be present in packets received over any of this system's ports.

Each entry in this table contains a specific combination of Protection Authority flags that are acceptable in packets received over a specific port.

This identifies the port to which this entry applies.

This identifies one combination of Protection Authority flags that is allowed to be present in any packet received by this port. The combination of Protection Authority flags that is allowed is determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object must be present in any received IP packet. If the value of this object is zero, packets with no Protection Authority flags are accepted by this port.

The value of this object determines whether the Protection Authority flags in a received packet must match the flags identified by the corresponding instance of a3IPsecureAuthInFlags exactly, or if they only have to match a subset of those flags. If the value of this object is exact (1), the match must be exact. If this object has the value any (2), only a subset of the flags has to match. Enumeration: 'exact': 1, 'any': 2.

This object is used to add and delete entries in this table. See the notes describing RowStatus at the beginning of this MIB.

This table enumerates all the combinations of Protection Authority flags that are allowed to be present in packets transmitted over any of this system's ports. This does not apply to packets generated by this system.

Each entry in this table contains a specific combination of Protection Authority flags that are acceptable in packets transmitted over a specific port.

This identifies the port to which this entry applies.

This identifies one combination of Protection Authority flags that is allowed to be present in any packet transmitted by this port. The combination of Protection Authority flags that is allowed is determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object is allowed to be present in any transmitted IP packet. If the value of this object is zero, packets with no Protection Authority flags are allowed to be transmitted by this port.

The value of this object determines whether the Protection Authority flags in a received packet must match the flags identified by the corresponding instance of a3IPsecureAuthOutFlags exactly, or if they only have to match a subset of those flags. If the value of this object is exact (1), the match must be exact. If this object has the value any (2), only a subset of the flags have to match. Enumeration: 'exact': 1, 'any': 2.

This object is used to add and delete entries in this table. See the notes describing RowStatus at the beginning of this MIB.