tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

RFC 5324

 
 
 

MIB for Fibre-Channel Security Protocols (FC-SP)

Part 7 of 7, p. 188 to 216
Prev RFC Part

 


prevText      Top      Up      ToC       Page 188 
t11FcSpSaTSelNegOutStartRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 7 }

t11FcSpSaTSelNegOutEndRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 8 }

t11FcSpSaTSelNegOutStartType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 9 }

t11FcSpSaTSelNegOutEndType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 10 }

--
--  Traffic Selectors index-ed by SPI
--

t11FcSpSaTSelSpiTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelSpiEntry
    MAX-ACCESS   not-accessible
    STATUS       current

Top      Up      ToC       Page 189 
    DESCRIPTION
           "A table identifying the Traffic Selectors in use on
           particular Security Associations, INDEX-ed by their
           (ingress) SPI values."
    ::= { t11FcSpSaActive 4 }

t11FcSpSaTSelSpiEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelSpiEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry identifies one Traffic Selector in use on an SA
           pair on the interface (identified by t11FcSpSaPairIfIndex)
           to a particular Fabric (identified by
           t11FcSpSaIfFabricIndex), and managed as part of the Fibre
           Channel management instance identified by fcmInstanceIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaPairIfIndex,
             t11FcSpSaIfFabricIndex,
             t11FcSpSaTSelSpiInboundSpi, t11FcSpSaTSelSpiTrafSelIndex }
    ::= { t11FcSpSaTSelSpiTable 1 }

T11FcSpSaTSelSpiEntry ::= SEQUENCE {
    t11FcSpSaTSelSpiInboundSpi     T11FcSpiIndex,
    t11FcSpSaTSelSpiTrafSelIndex   Unsigned32,
    t11FcSpSaTSelSpiDirection      T11FcSaDirection,
    t11FcSpSaTSelSpiTrafSelPtr     Unsigned32
}

t11FcSpSaTSelSpiInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An SPI value that identifies the ingress Security
           Association of a particular SA pair."
    ::= { t11FcSpSaTSelSpiEntry 1 }

t11FcSpSaTSelSpiTrafSelIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that distinguishes between the
           (potentially multiple) Traffic Selectors in use on
           this Security Association pair."
    ::= { t11FcSpSaTSelSpiEntry 2 }

t11FcSpSaTSelSpiDirection OBJECT-TYPE

Top      Up      ToC       Page 190 
    SYNTAX       T11FcSaDirection
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "This object indicates whether this Traffic Selector
           is being used for ingress or for egress traffic."
    ::= { t11FcSpSaTSelSpiEntry 3 }

t11FcSpSaTSelSpiTrafSelPtr OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "This object contains a pointer into another table that
           can be used to obtain more information about this Traffic
           Selector.

           If the corresponding instance of t11FcSpSaTSelSpiDirection
           has the value 'egress', then this object contains the
           value of t11FcSpSaTSelNegOutPrecedence in the row of
           t11FcSpSaTSelNegOutTable, which contains more information.

           If the corresponding instance of t11FcSpSaTSelSpiDirection
           has the value 'ingress', then this object contains the
           value of t11FcSpSaTSelNegInIndex that identifies the row
           in t11FcSpSaTSelNegInTable containing more information."
    ::= { t11FcSpSaTSelSpiEntry 4 }

--
-- Notification information & control
--

t11FcSpSaControlTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaControlEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table of control and other information concerning
           the generation of notifications for events related
           to FC-SP Security Associations."
    ::= { t11FcSpSaControl 1 }

t11FcSpSaControlEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaControlEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry identifies information for the one or more

Top      Up      ToC       Page 191 
           interfaces (identified by t11FcSpSaIfIndex) to a
           particular Fabric (identified by t11FcSpSaIfFabricIndex),
           and managed as part of the Fibre Channel management
           instance identified by fcmInstanceIndex.

           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaIfStorageType that is INDEX-ed
           by the same values of fcmInstanceIndex, t11FcSpSaIfIndex,
           and t11FcSpSaIfFabricIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaIfFabricIndex }
    ::= { t11FcSpSaControlTable 1 }

T11FcSpSaControlEntry ::= SEQUENCE {
    t11FcSpSaControlAuthFailEnable  TruthValue,
    t11FcSpSaControlInboundSpi      T11FcSpiIndex,
    t11FcSpSaControlSource          FcAddressIdOrZero,
    t11FcSpSaControlDestination     FcAddressIdOrZero,
    t11FcSpSaControlFrame           OCTET STRING,
    t11FcSpSaControlElapsed         TimeTicks,
    t11FcSpSaControlSuppressed      Gauge32,
    t11FcSpSaControlWindow          Unsigned32,
    t11FcSpSaControlMaxNotifs       Unsigned32,
    t11FcSpSaControlLifeExcdEnable  TruthValue,
    t11FcSpSaControlLifeExcdSpi     T11FcSpiIndex,
    t11FcSpSaControlLifeExcdDir     T11FcSaDirection,
    t11FcSpSaControlLifeExcdTime    TimeStamp
}

t11FcSpSaControlAuthFailEnable OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object specifies whether a t11FcSpSaNotifyAuthFailure
           notification should be generated for the first occurrence
           of an Authentication failure within a time window for this
           Fabric."
    ::= { t11FcSpSaControlEntry 1 }

t11FcSpSaControlInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI value of the ingress Security Association on
           which was received the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.

Top      Up      ToC       Page 192 
           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is zero."
    ::= { t11FcSpSaControlEntry 2 }

t11FcSpSaControlSource OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The S_ID contained in the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.

           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 3 }

t11FcSpSaControlDestination OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The D_ID contained in the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.

           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 4 }

t11FcSpSaControlFrame OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE (0..256))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The binary content of the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.  If more than
           256 bytes of the frame are available, then this object
           contains the first 256 bytes.  If less than 256 bytes of
           the frame are available, then this object contains the
           first N bytes, where N is greater or equal to zero.

           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 5 }

t11FcSpSaControlElapsed OBJECT-TYPE

Top      Up      ToC       Page 193 
    SYNTAX       TimeTicks
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The elapsed time since the last generation of a
           t11FcSpSaNotifyAuthFailure notification on the same
           Fabric, or the value of sysUpTime if no
           t11FcSpSaNotifyAuthFailure notifications have been
           generated since the last restart."
    ::= { t11FcSpSaControlEntry 6 }

t11FcSpSaControlSuppressed OBJECT-TYPE
    SYNTAX       Gauge32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of occurrences of an Authentication failure
           on a Fabric that were suppressed because they occurred
           on the same Fabric within the same time window as a
           previous Authentication failure for which a
           t11FcSpSaNotifyAuthFailure notification was generated.

           The value of this object is reset to zero on a restart
           of the network management subsystem, and whenever a
           t11FcSpSaNotifyAuthFailure notification is generated.
           In the event that the value of this object reaches its
           maximum value, it remains at that value until it is
           reset on the generation of the next
           t11FcSpSaNotifyAuthFailure notification."
    ::= { t11FcSpSaControlEntry 7 }

t11FcSpSaControlWindow OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    UNITS        "seconds"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The length of a time window that begins when a
           t11FcSpSaNotifyAuthFailure notification is generated for
           any Security Association on a particular Fabric.  For the
           duration of the time window, further Authentication failures
           occurring for the same Security Association are counted but
           no t11FcSpSaNotifyAuthFailure notification is generated.

           When this object is modified before the end of a time
           window, that time window is immediately terminated, i.e.,
           the next Authentication failure on the relevant Fabric
           after the modification will cause a new time window to

Top      Up      ToC       Page 194 
           begin with the new length."
    DEFVAL   { 300 }
    ::= { t11FcSpSaControlEntry 8 }

t11FcSpSaControlMaxNotifs OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The maximum number of t11FcSpSaNotifyAuthFailure
           notifications to be generated per Fabric within a
           t11FcSpSaControlWindow time window.  Subsequent
           Authentication failures occurring on the same Fabric
           in the same time window are counted, but no
           t11FcSpSaNotifyAuthFailure notification is generated.

           When this object is modified before the end of a time
           window, that time window is immediately terminated, i.e.,
           the next Authentication failure on the relevant Fabric
           after the modification will cause a new time window to
           begin with the new length."
    DEFVAL   { 16 }
    ::= { t11FcSpSaControlEntry 9 }

t11FcSpSaControlLifeExcdEnable OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object specifies whether t11FcSpSaNotifyLifeExceeded
           notifications should be generated for this Fabric."
    DEFVAL   { true }
    ::= { t11FcSpSaControlEntry 10 }

t11FcSpSaControlLifeExcdSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI of the SA that was most recently terminated
           because its lifetime (in seconds or in passed bytes)
           was exceeded.  Such terminations include those due to
           a failed attempt to renew an SA after its lifetime was
           exceeded."
    ::= { t11FcSpSaControlEntry 11 }

t11FcSpSaControlLifeExcdDir OBJECT-TYPE
    SYNTAX       T11FcSaDirection

Top      Up      ToC       Page 195 
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The direction of frame transmission on the SA that was
           most recently terminated because its lifetime (in seconds
           or in passed bytes) was exceeded."
    ::= { t11FcSpSaControlEntry 12 }

t11FcSpSaControlLifeExcdTime OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The time of the most recent termination of an SA
           due to its lifetime (in seconds or in passed bytes)
           being exceeded.  Such terminations include those
           due to a failed attempt to renew an SA after its
           lifetime was exceeded."
    ::= { t11FcSpSaControlEntry 13 }

--
-- Notification definitions
--

t11FcSpSaNotifyAuthFailure NOTIFICATION-TYPE
    OBJECTS      { t11FcSpSaControlInboundSpi,
                   t11FcSpSaControlSource,
                   t11FcSpSaControlDestination,
                   t11FcSpSaControlFrame,
                   t11FcSpSaControlElapsed,
                   t11FcSpSaControlSuppressed }
    STATUS       current
    DESCRIPTION
           "When this notification is generated, it indicates the
           occurrence of an Authentication failure for a received
           FC-2 or CT_IU frame.  The t11FcSpSaControlInboundSpi,
           t11FcSpSaControlSource, and t11FcSpSaControlDestination
           objects in the varbindlist are the frame's SPI, source and
           destination addresses, respectively.  t11FcSpSaControlFrame
           provides the (beginning of the) frame's content if such is
           available.

           This notification is generated only for the first
           occurrence of an Authentication failure on a Fabric within
           a time window.  Subsequent occurrences of an Authentication
           Failure on the same Fabric within the same time window
           are counted but suppressed.

Top      Up      ToC       Page 196 
           The value of t11FcSpSaControlElapsed contains (a lower bound
           on) the elapsed time since the last generation of this
           notification for the same Fabric.  The value of
           t11FcSpSaControlSuppressed contains the number of
           generations which were suppressed in the time window after
           that last generation, or zero if unknown."
    ::= { t11FcSpSaMIBNotifications 1 }

t11FcSpSaNotifyLifeExceeded NOTIFICATION-TYPE
    OBJECTS      { t11FcSpSaControlLifeExcdSpi,
                   t11FcSpSaControlLifeExcdDir }
    STATUS       current
    DESCRIPTION
           "This notification is generated when the lifetime (in
           seconds or in passed bytes) of an SA is exceeded, and the
           SA is either immediately terminated or is terminated
           because an attempt to renew the SA fails.  The values of
           t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir
           contain the SPI and direction of the terminated SA."
    ::= { t11FcSpSaMIBNotifications 2 }

--
-- Conformance
--

t11FcSpSaMIBCompliances
                    OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 1 }
t11FcSpSaMIBGroups  OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 2 }

t11FcSpSaMIBCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION
           "The compliance statement for entities that implement
           FC-SP Security Associations."

    MODULE  -- this module
        MANDATORY-GROUPS
            { t11FcSpSaCapabilityGroup,
              t11FcSpSaParamStatusGroup,
              t11FcSpSaSummaryCountGroup,
              t11FcSpSaProposalGroup,
              t11FcSpSaDropBypassGroup,
              t11FcSpSaActiveGroup,
              t11FcSpSaNotifInfoGroup,
              t11FcSpSaNotificationGroup
            }

       -- The following is an auxiliary (listed in an INDEX clause)

Top      Up      ToC       Page 197 
       -- object for which the SMIv2 does not allow an OBJECT clause
       -- to be specified, but for which this MIB has the following
       -- compliance requirement:
       --      OBJECT        t11FcSpSaIfIndex
       --      DESCRIPTION
       --          Compliance requires support for either one of:
       --          - individual interfaces using ifIndex values, or
       --          - the use of the zero value.

-- Write access is not required for any objects in this MIB module:

        OBJECT       t11FcSpSaIfStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaIfReplayPrevention
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaIfReplayWindowSize
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaIfTerminateAllSas
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropSecurityProt
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropTSelListIndex
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropTransListIndex
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropAcceptAlgorithm

Top      Up      ToC       Page 198 
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropDirection
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransSecurityProt

Top      Up      ToC       Page 199 
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransEncryptAlg
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransEncryptKeyLen
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransIntegrityAlg
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByAction
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartType

Top      Up      ToC       Page 200 
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPairTerminate
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlAuthFailEnable
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlWindow
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlMaxNotifs
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlLifeExcdEnable
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

    ::= { t11FcSpSaMIBCompliances 1 }

-- Units of Conformance

t11FcSpSaCapabilityGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaIfEspHeaderCapab,
               t11FcSpSaIfCTAuthCapab,
               t11FcSpSaIfIKEv2Capab,
               t11FcSpSaIfIkev2AuthCapab
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to capabilities of FC-SP entities."
    ::= { t11FcSpSaMIBGroups 1 }

t11FcSpSaParamStatusGroup OBJECT-GROUP

Top      Up      ToC       Page 201 
    OBJECTS  { t11FcSpSaIfStorageType,
               t11FcSpSaIfReplayPrevention,
               t11FcSpSaIfReplayWindowSize,
               t11FcSpSaIfDeadPeerDetections,
               t11FcSpSaIfTerminateAllSas
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing parameters
           and status information related to FC-SP entities."
    ::= { t11FcSpSaMIBGroups 2 }

t11FcSpSaSummaryCountGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaIfOutDrops,
               t11FcSpSaIfOutBypasses,
               t11FcSpSaIfOutProcesses,
               t11FcSpSaIfOutUnMatcheds,
               t11FcSpSaIfInUnprotUnmtchDrops,
               t11FcSpSaIfInDetReplays,
               t11FcSpSaIfInUnprotMtchDrops,
               t11FcSpSaIfInBadXforms,
               t11FcSpSaIfInGoodXforms,
               t11FcSpSaIfInProtUnmtchs
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing summary
           counters for FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 3 }

t11FcSpSaProposalGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaPropSecurityProt,
               t11FcSpSaPropTSelListIndex,
               t11FcSpSaPropTransListIndex,
               t11FcSpSaPropAcceptAlgorithm,
               t11FcSpSaPropOutMatchSucceeds,
               t11FcSpSaPropRowStatus,
               t11FcSpSaTSelPropDirection,
               t11FcSpSaTSelPropStartSrcAddr,
               t11FcSpSaTSelPropEndSrcAddr,
               t11FcSpSaTSelPropStartDstAddr,
               t11FcSpSaTSelPropEndDstAddr,
               t11FcSpSaTSelPropStartRCtl,
               t11FcSpSaTSelPropEndRCtl,
               t11FcSpSaTSelPropStartType,
               t11FcSpSaTSelPropEndType,
               t11FcSpSaTSelPropStorageType,
               t11FcSpSaTSelPropRowStatus

Top      Up      ToC       Page 202 
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to making and accepting proposals for
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 4 }

t11FcSpSaDropBypassGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaTSelDrByAction,
               t11FcSpSaTSelDrByStartSrcAddr,
               t11FcSpSaTSelDrByEndSrcAddr,
               t11FcSpSaTSelDrByStartDstAddr,
               t11FcSpSaTSelDrByEndDstAddr,
               t11FcSpSaTSelDrByStartRCtl,
               t11FcSpSaTSelDrByEndRCtl,
               t11FcSpSaTSelDrByStartType,
               t11FcSpSaTSelDrByEndType,
               t11FcSpSaTSelDrByMatches,
               t11FcSpSaTSelDrByRowStatus
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           about Traffic Selectors of traffic to drop or bypass
           for FC-SP Security."
    ::= { t11FcSpSaMIBGroups 5 }

t11FcSpSaActiveGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaPairSecurityProt,
               t11FcSpSaPairTransListIndex,
               t11FcSpSaPairTransIndex,
               t11FcSpSaPairLifetimeLeft,
               t11FcSpSaPairLifetimeLeftUnits,
               t11FcSpSaPairTerminate,
               t11FcSpSaPairInProtUnMatchs,
               t11FcSpSaPairInDetReplays,
               t11FcSpSaPairInBadXforms,
               t11FcSpSaPairInGoodXforms,
               t11FcSpSaTransSecurityProt,
               t11FcSpSaTransEncryptAlg,
               t11FcSpSaTransEncryptKeyLen,
               t11FcSpSaTransIntegrityAlg,
               t11FcSpSaTransStorageType,
               t11FcSpSaTransRowStatus,
               t11FcSpSaTSelNegInInboundSpi,
               t11FcSpSaTSelNegInStartSrcAddr,
               t11FcSpSaTSelNegInEndSrcAddr,

Top      Up      ToC       Page 203 
               t11FcSpSaTSelNegInStartDstAddr,
               t11FcSpSaTSelNegInEndDstAddr,
               t11FcSpSaTSelNegInStartRCtl,
               t11FcSpSaTSelNegInEndRCtl,
               t11FcSpSaTSelNegInStartType,
               t11FcSpSaTSelNegInEndType,
               t11FcSpSaTSelNegInUnpMtchDrops,
               t11FcSpSaTSelNegOutInboundSpi,
               t11FcSpSaTSelNegOutStartSrcAddr,
               t11FcSpSaTSelNegOutEndSrcAddr,
               t11FcSpSaTSelNegOutStartDstAddr,
               t11FcSpSaTSelNegOutEndDstAddr,
               t11FcSpSaTSelNegOutStartRCtl,
               t11FcSpSaTSelNegOutEndRCtl,
               t11FcSpSaTSelNegOutStartType,
               t11FcSpSaTSelNegOutEndType,
               t11FcSpSaTSelSpiDirection,
               t11FcSpSaTSelSpiTrafSelPtr
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information related
           to currently active FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 6 }

t11FcSpSaNotifInfoGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaControlAuthFailEnable,
               t11FcSpSaControlInboundSpi,
               t11FcSpSaControlSource,
               t11FcSpSaControlDestination,
               t11FcSpSaControlFrame,
               t11FcSpSaControlElapsed,
               t11FcSpSaControlSuppressed,
               t11FcSpSaControlWindow,
               t11FcSpSaControlMaxNotifs,
               t11FcSpSaControlLifeExcdEnable,
               t11FcSpSaControlLifeExcdSpi,
               t11FcSpSaControlLifeExcdDir,
               t11FcSpSaControlLifeExcdTime
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to notifications of events concerning
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 7 }

Top      Up      ToC       Page 204 
t11FcSpSaNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS  { t11FcSpSaNotifyAuthFailure,
                     t11FcSpSaNotifyLifeExceeded
                   }
    STATUS         current
    DESCRIPTION
           "A collection of notifications of events concerning
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 8 }

END

7.  IANA Considerations

   IANA has made one MIB OID assignment, under the appropriate subtree,
   for each of the five MIB modules defined in this document.

8.  Security Considerations

   In this section, the first sub-section explains why this document
   does not define MIB objects for particular items of (management)
   information.  This is followed by one sub-section for each of the MIB
   modules defined in section 6, listing their individual Security
   Considerations.  The section concludes with Security Considerations
   common to all of these MIB modules.

   The key word "RECOMMENDED" contained in this section is to be
   interpreted as described in BCP 14 [RFC2119].

8.1.  Information Not Defined in This Document

   This document doesn't define any MIB objects for the secrets that
   need to be known/determined by FC-SP entities in order to use DH-CHAP
   to authenticate each other.  Such secrets are "highly sensitive" and
   need to be "strong secrets" (e.g., randomly generated and/or from an
   external source, see section 5.4.8 of [FC-SP]) rather than just
   passwords.  Thus, such secrets need to be managed by mechanisms other
   than the MIB modules defined here.

8.2.  The T11-FC-SP-TC-MIB Module

   This MIB module defines some data types and assigns some Object
   Identifiers, for use as the syntax and as values of MIB objects,
   respectively, but it itself defines no MIB objects.  Thus, there is
   no direct read or write access via a management protocol, such as
   SNMP, to these definitions.  Nevertheless, it does include the
   assignment of enumerations and OIDs to represent cryptographic
   algorithms/transforms, and it is appropriate for such assignments to

Top      Up      ToC       Page 205 
   be augmented with new assignments as and when new
   algorithms/transforms are available.

8.3.  The T11-FC-SP-AUTHENTICATION-MIB Module

   There are several management objects defined in this MIB module with
   a MAX-ACCESS clause of read-write.  Such objects may be considered
   sensitive or vulnerable in some network environments.  The support
   for SET operations in a non-secure environment without proper
   protection can have a negative effect on network operations.  These
   objects and their sensitivity/vulnerability are:

      t11FcSpAuStorageType
         - could cause changes in the configuration to be retained or
           not retained over restarts, against the wishes of management.

      t11FcSpAuSendRejNotifyEnable
      t11FcSpAuRcvRejNotifyEnable
         - could cause the suppression of SNMP notifications (e.g., of
           authentication failures or protocol failures), or the
           disruption of network operations due to the generation of
           unwanted notifications.

      t11FcSpAuDefaultLifetime
      t11FcSpAuDefaultLifetimeUnits
         - could cause the lifetimes of Security Associations to be
           extended longer than might be secure, or shortened to cause
           an increase in the overhead of using security.

      t11FcSpAuRejectMaxRows
         - could cause a smaller audit trail of Authentication rejects,
           thereby hiding the tracks of an attacker, or a larger audit
           trail of Authentication rejects causing resources to be
           wasted.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

      t11FcSpAuEntityTable
         - the capabilities of FC-SP Authentication entities in terms of
           what cryptographic algorithms they support, and various
           configuration parameters of FC-SP Authentication entities.

Top      Up      ToC       Page 206 
      t11FcSpAuIfStatTable
         - the mapping of which FC-SP Authentication entities operate on
           which interfaces.

      t11FcSpAuRejectTable
         - an audit trail of authentication failures and other
           Authentication Protocol failures.

8.4.  The T11-FC-SP-ZONING-MIB Module

   There are several management objects defined in this MIB module with
   a MAX-ACCESS clause of read-write and/or read-create.  Such objects
   may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  These objects and their
   sensitivity/vulnerability are:

      t11FcSpZsServerEnabled
         - could cause FC-SP Zoning mode to be enabled or not enabled,
           against the wishes of management.

      t11FcSpZoneSetHashStatus
         - could cause an FC-SP implementation to recalculate the values
           of the Active Zone Set Hash and the Zone Set Database Hash
           more frequently than is required by management.

      t11FcSpZsNotifyJoinSuccessEnable
      t11FcSpZsNotifyJoinFailureEnable
         - could cause the suppression of SNMP notifications that a
           Switch in one Fabric has successfully joined/failed to join
           with a Switch in another Fabric, or the disruption of network
           operations due to the generation of unwanted notifications.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the objects and their
   sensitivity/vulnerability:

      t11FcSpZsServerCapabilityObject
      t11FcSpZsServerEnabled
         - the FC-SP Zoning capabilities and status of the FC-SP
           implementation.

Top      Up      ToC       Page 207 
      t11FcSpZoneSetHashStatus
      t11FcSpActiveZoneSetHashType
      t11FcSpActiveZoneSetHash
      t11FcSpZoneSetDatabaseHashType
      t11FcSpZoneSetDatabaseHash
         - the current values of the Active Zone Set Hash and the Zone
           Set Database Hash.

8.5.  The T11-FC-SP-POLICY-MIB Module

   There are many management objects defined in this MIB module with a
   MAX-ACCESS clause of read-write and/or read-create.  Such objects may
   be considered sensitive or vulnerable in some network environments.
   The support for SET operations in a non-secure environment without
   proper protection can have a negative effect on network operations.
   The objects and tables and their sensitivity/vulnerability are:

      t11FcSpPoNaSummaryTable
      t11FcSpPoNaSwListTable
      t11FcSpPoNaSwMembTable
      t11FcSpPoNaNoMembTable
      t11FcSpPoNaCtDescrTable
      t11FcSpPoNaSwConnTable
      t11FcSpPoNaIpMgmtTable
         - could change the currently inactive FC-SP Fabric Policies, so
           as to allow unauthorized connectivity of Switches and/or
           Nodes to the network, or between Switches in the network, or,
           to prohibit such connectivity even when authorized.

      t11FcSpPoNaIpMgmtTable
      t11FcSpPoNaWkpDescrTable
         - could change the currently inactive FC-SP Fabric Policies, so
           as to allow unauthorized management access to Switches, or
           prohibit authorized management access to Switches.

      t11FcSpPoNaSummaryTable
      t11FcSpPoNaSwMembTable
      t11FcSpPoNaNoMembTable
      t11FcSpPoNaAttribTable
      t11FcSpPoNaAuthProtTable
         - could change the currently inactive FC-SP Fabric Policies, so
           as to allow Security Associations with reduced security or
           require Security Associations that are unnecessarily secure.

Top      Up      ToC       Page 208 
      t11FcSpPoOperActivate
      t11FcSpPoOperDeActivate
         - could cause the currently active FC-SP Fabric Policies to be
           de-activated and currently inactive FC-SP Fabric Policies
           (e.g., those modified as above) to be activated instead.

      t11FcSpPoStorageType
         - could cause changes in the configuration and/or in FC-SP
           Fabric Policies to be retained or not retained over restarts,
           against the wishes of management.

      t11FcSpPoNotificationEnable
         - could cause the suppression of SNMP notifications on the
           successful/unsuccessful activation/deactivation of Fabric
           Policies, and thereby hide successful/failed attempts to make
           unauthorized changes, or cause the disruption of network
           operations due to the generation of unwanted notifications.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and their
   sensitivity/vulnerability:

      t11FcSpPoTable
      t11FcSpPoSummaryTable
      t11FcSpPoSwMembTable
      t11FcSpPoNoMembTable
      t11FcSpPoCtDescrTable
      t11FcSpPoSwConnTable
      t11FcSpPoIpMgmtTable
      t11FcSpPoWkpDescrTable
      t11FcSpPoAttribTable
      t11FcSpPoAuthProtTable
         - the currently active FC-SP Fabric Policies that can be
           examined by an attacker looking for possible security
           vulnerabilities in the active policies.

Top      Up      ToC       Page 209 
8.6.  The T11-FC-SP-SA-MIB Module

   There are several management objects defined in this MIB module with
   a MAX-ACCESS clause of read-write and/or read-create.  Such objects
   may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  These objects and their
   sensitivity/vulnerability are:

      t11FcSpSaIfStorageType
      t11FcSpSaTSelPropStorageType
      t11FcSpSaTransStorageType
         - could cause changes in configuration information related to
           FC-SP Security Associations to be retained or not retained
           over restarts, against the wishes of management.

      t11FcSpSaIfReplayPrevention
      t11FcSpSaIfReplayWindowSize
         - could cause changes in the operation of anti-replay
           protection, thereby permitting an attacker to conduct replay
           attacks, or requiring FC-SP implementations to engage in
           unnecessary protection against replay.

      t11FcSpSaIfTerminateAllSas
      t11FcSpSaPairTerminate
         - could cause FC-SP Security Associations to be aborted
           unnecessarily.

      t11FcSpSaControlAuthFailEnable
         - could cause the suppression of SNMP notifications on the
           occurrence of Authentication failures for received FC-2 or
           CT_IU frames, thereby hiding attempts to subvert security
           measures, or cause the disruption of network operations due
           to the generation of unwanted notifications.

      t11FcSpSaControlLifeExcdEnable
         - could cause the suppression of SNMP notifications on the
           occurrence of an FC-SP Security Association exceeding its
           lifetime, thereby possibly causing disruption to network
           usage due to a delay in determining the problem and/or re-
           establishing the Security Association.

Top      Up      ToC       Page 210 
      t11FcSpSaControlWindow
         - could cause the suppression of second and subsequent SNMP
           notifications on the occurrence of Authentication failures
           for received FC-2 or CT_IU frames, thereby masking repeated
           attempts to subvert security measures, or cause the
           disruption of network operations due to the generation of
           unwanted notifications.

      t11FcSpSaControlMaxNotifs
         - could cause the suppression of all SNMP notifications on the
           occurrence of Authentication failures for received FC-2 or
           CT_IU frames, thereby masking attempts to subvert security
           measures, or cause the disruption of network operations due
           to the generation of unwanted notifications.

      t11FcSpSaPropTable
      t11FcSpSaTSelPropTable
      t11FcSpSaTransTable
         - could cause an FC-SP entity to propose the setup of Security
           Associations that apply to a different selection of traffic
           and/or using different security transforms, such that some
           traffic has a reduced level of security that might improve an
           attacker's chance of subverting security, or an increased
           level of security that would involve unnecessary security
           processing, or cause the negotiation of Security Associations
           to fail to find commonly acceptable parameters such that no
           Security Associations can be established.

      t11FcSpSaTSelDrByTable
         - could cause an FC-SP entity to select different sets of
           traffic which are: a) to be sent/received without being
           protected by FC-SP security, thereby providing an attacker
           with access to read authentic traffic or the ability to
           introduce unauthentic traffic; or b) to be dropped instead of
           being sent/after being received, thereby causing disruption
           to network usage.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

Top      Up      ToC       Page 211 
      t11FcSpSaIfTable
         - information concerning the capabilities, parameters and
           status of an FC-SP entity's support for Security
           Associations.

      t11FcSpSaPropTable
      t11FcSpSaTSelPropTable
      t11FcSpSaTransTable
         - information on the proposals that will be used by an FC-SP
           entity to negotiate Security Associations.

      t11FcSpSaTSelDrByTable
         - information on which subsets of traffic an FC-SP entity will
           send or receive without being protected by FC-SP security, or
           will drop before sending/after receiving.

      t11FcSpSaPairTable
      t11FcSpSaTSelNegInTable
      t11FcSpSaTSelNegOutTable
      t11FcSpSaTSelSpiTable
         - information on which Security Associations are currently
           active, what subsets of traffic they are carrying, and what
           security protection is being given to them.

8.7.  Recommendations Common to All MIB Modules

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPsec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementors consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

   Because the two algorithms currently specified for
   T11FcSpPolicyHashFormat are SHA-1 and SHA-256, the definition of
   T11FcSpHashCalculationStatus expresses a concern in regard to not

Top      Up      ToC       Page 212 
   incrementally recomputing the hashes after each change when a series
   of multiple related changes are being made.  This method of reducing
   computation is intended as a responsiveness measure (i.e.,
   cooperating SNMP managers and agents can get things done faster), not
   as a Denial-of-Service (DoS) countermeasure.  Nevertheless,
   implementations should also consider the DoS possibilities in these
   scenarios; potential countermeasures include: requiring
   authentication for SETs and the rate-limiting of SET operations if
   they can cause significant computation.

9.  Normative References

   [RFC2578]  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
              Rose, M. and S. Waldbusser, "Structure of Management
              Information Version 2 (SMIv2)", STD 58, RFC 2578, April
              1999.

   [RFC2579]  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
              Rose, M. and S. Waldbusser, "Textual Conventions for
              SMIv2", STD 58, RFC 2579, April 1999.

   [RFC2580]  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
              Rose, M. and S. Waldbusser, "Conformance Statements for
              SMIv2", STD 58, RFC 2580, April 1999.

   [RFC2863]  McCloghrie, K. and F. Kastenholz, "The Interfaces Group
              MIB", RFC 2863, June 2000.

   [RFC3411]  Harrington, D., Presuhn, R., and B. Wijnen, "An
              Architecture for Describing Simple Network Management
              Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
              December 2002.

   [RFC4001]  Daniele, M., Haberman, B., Routhier, S., and J.
              Schoenwaelder, "Textual Conventions for Internet Network
              Addresses", RFC 4001, February 2005.

   [RFC4044]  McCloghrie, K., "Fibre Channel Management MIB", RFC 4044,
              May 2005.

   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
              4303, December 2005.

   [RFC4306]  Kaufman, C., Ed., "Internet Key Exchange (IKEv2)
              Protocol", RFC 4306, December 2005.

Top      Up      ToC       Page 213 
   [RFC4438]  DeSanti, C., Gaonkar, V., Vivek, H., McCloghrie, K., and
              S. Gai, "Fibre-Channel Name Server MIB", RFC 4438, April
              2006.

   [RFC4439]  DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai,
              "Fibre Channel Fabric Address Manager MIB", RFC 4439,
              March 2006.

   [RFC4936]  DeSanti, C., Vivek, H., McCloghrie, K., and S. Gai, "Fibre
              Channel Zone Server MIB", RFC 4936, August 2007.

   [FC-FS-2]  "Fibre Channel - Framing and Signaling-2 (FC-FS-2)",
              ANSI INCITS 424-2007, February 2007.

   [FC-GS-5]  "Fibre Channel - Generic Services-5 (FC-GS-5)",
              ANSI INCITS 427-2006, December 2006.

   [FC-SP]    "Fibre Channel - Security Protocols (FC-SP)",
              ANSI INCITS 426-2007, T11/Project 1570-D, February 2007.

   [FC-SW-4]  "Fibre Channel - Switch Fabric-4 (FC-SW-4)",
              ANSI INCITS 418-2006, April 2006.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

10.  Informative References

   [RFC1492]  Finseth, C., "An Access Control Protocol, Sometimes Called
              TACACS", RFC 1492, July 1993.

   [RFC2741]  Daniele, M., Wijnen, B., Ellison, M., and D. Francisco,
              "Agent Extensibility (AgentX) Protocol Version 1", RFC
              2741, January 2000.

   [RFC2837]  Teow, K., "Definitions of Managed Objects for the Fabric
              Element in Fibre Channel Standard", RFC 2837, May 2000.

   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)", RFC
              2865, June 2000.

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
              "Introduction and Applicability Statements for Internet-
              Standard Management Framework", RFC 3410, December 2002.

   [RFC3588]  Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
              Arkko, "Diameter Base Protocol", RFC 3588, September 2003.

Top      Up      ToC       Page 214 
   [RFC4595]  Maino, F. and D. Black, "Use of IKEv2 in the Fibre Channel
              Security Association Management Protocol", RFC 4595, July
              2006.

   [RFC4625]  DeSanti, C., McCloghrie, K., Kode, S., and S. Gai, "Fibre
              Channel Routing Information MIB", RFC 4625, September
              2006.

   [RFC4626]  DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai, "MIB
              for Fibre Channel's Fabric Shortest Path First (FSPF)
              Protocol", RFC 4626, September 2006.

   [RFC4668]  Nelson, D., "RADIUS Authentication Client MIB for IPv6",
              RFC 4668, August 2006.

   [RFC4747]  Kipp, S., Ramkumar, G., and K. McCloghrie, "The Virtual
              Fabrics MIB", RFC 4747, November 2006.

   [RFC4935]  DeSanti, C., Vivek, H., McCloghrie, K., and S. Gai, "Fibre
              Channel Fabric Configuration Server MIB", RFC 4935, August
              2007.

   [RFC4983]  DeSanti, C., Vivek, H., McCloghrie, K., and S. Gai, "Fibre
              Channel Registered State Change Notification (RSCN) MIB",
              RFC 4983, August 2007.

Top      Up      ToC       Page 215 
11.  Acknowledgements

   This document was initially developed and approved by the INCITS Task
   Group T11.5 (http://www.t11.org) as the SM-FSM project.  We wish to
   acknowledge the contributions and comments from the INCITS Technical
   Committee T11, including the following:

      T11 Chair: Robert Snively, Brocade
      T11 Vice Chair: Claudio DeSanti, Cisco Systems
      T11.5 Chair: Roger Cummings, Symantec
      T11.5 members:
         David Black, EMC
         Don Fraser, HP
         Larry Hofer, Brocade
         Scott Kipp, Brocade
         Ralph Weber, ENDL

   The document was subsequently a work item of the IMSS Working Group
   (of the IETF), chaired by David Black (EMC Corporation).  Bert Wijnen
   (Alcatel-Lucent) deserves many thanks for his thorough review of all
   five MIB modules in this (large!) document.  We also wish to
   acknowledge Dan Romascanu (Avaya), the IETF Area Director, for his
   comments and assistance.

Authors' Addresses

   Claudio DeSanti
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA 95134 USA
   Phone: +1 408 853-9172
   EMail: cds@cisco.com

   Fabio Maino
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA 95134 USA
   Phone: +1 408 853-7530
   EMail: fmaino@cisco.com

   Keith McCloghrie
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA USA 95134
   Phone: +1 408-526-5260
   EMail: kzm@cisco.com

Top      Up      ToC       Page 216 
Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.