-- *****************************************************************
-- IEEE8021-SECY-MIB
--
-- Definitions of managed objects supporting IEEE 802.1AE MACsec.
-- *****************************************************************

IEEE8021-SECY-MIB DEFINITIONS ::= BEGIN

-- -----------------------------------------------------------------
-- IEEEE802.1AE MIB
-- -----------------------------------------------------------------

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32,
    Counter64
        FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, RowPointer, TimeStamp, TruthValue, RowStatus
        FROM SNMPv2-TC
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    MODULE-COMPLIANCE, OBJECT-GROUP
        FROM SNMPv2-CONF
    InterfaceIndex, ifCounterDiscontinuityGroup
        FROM IF-MIB
    ;

ieee8021SecyMIB MODULE-IDENTITY
    LAST-UPDATED    "201605102049Z"
    ORGANIZATION    "IEEE 802.1 Working Group"
    CONTACT-INFO    "http:/grouper.ieee.org/groups/8021/index.html"
    DESCRIPTION
    "The MAC security entity (SecY) MIB module. A SecY is a protocol
     shim providing MAC Security (MACsec) in an interface stack.

     Each SecY transmits MACsec protected frames on one or more
     Secure Channels (SCs) to each of the other SecYs attached to the 
     same LAN and participating in the same Secure Connectivity
     Association (CA). The CA is a security relationship, that is
     established and maintained by key agreement protocols and supported 
     by MACsec to provide full connectivity between its participants.
     Each SC provides unidirectional point to multipoint connectivity 
     from one participant to all the others and is supported by a 
     succession of similarly point to multipoint Secure Associations 
     (SAs). The Secure Association  Key (SAK) used to protect frames is 
     changed as an SA is replaced by its (overlapping) successor so
     fresh keys can be used without disrupting a long lived SC and CA.

     Two different upper interfaces, a Controlled Port (for frames
     protected by MACsec, providing an instance of the secure MAC
     service) and an Uncontrolled Port (for frames not requiring 
     protection, like the key agreement frames used to establish the 
     CA and distribute keys) are associated with a SecY  shim. For each
     instance of a SecY two ifTable rows (one for each interface) run on 
     top of an ifTable row representing the 'Common Port' interface,
     such as a row with ifType ='ethernetCsmacd(6)'.

     ___________________________________________________________________
     |                               |                                |
     |  Controlled Port Interface    |   Uncontrolled Port Interface  |
     |  (ifEntry = j,ifType =        |   (ifEntry = k, ifType =       |
     |   macSecControlledIF(231))    |    macSecUncontrolledIF(232))  |
     |________________________________________________________________|
     |                                                                |
     |                    Physical Interface                          |
     |                      (ifEntry = i)                             |
     |                (ifType = ethernetCsmacd(6))                    |
     |________________________________________________________________|
        Example MACsec Interface Stack. i, j, k are ifIndexes each
        indicating a row in the ifTable.
    "
    REVISION    "201605102049Z"
    DESCRIPTION
    "Updated by the IEEE Std 802.1AEcg amendment. Object DESCRIPTIONs
     and references aligned with text of the standard (including prior
     amendments). IEEE 802.1AEcg Annex G details changes.
     The initial version of this ieee8021SecyMIB used the object
     name prefix 'secy' rather than 'ieee8021secy' (recommended by 
     RFC 4181). The 'secy' prefix has been retained in this revision for
     for backwards compatbility and internal consistency."

    REVISION    "200601100000Z"
    DESCRIPTION "Initial version of this MIB in IEEE 802.1AE-2006"
    ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1)
          ieee802dot1mibs(1) 3 }

secyMIBNotifications OBJECT IDENTIFIER ::= { ieee8021SecyMIB 0 }

secyMIBObjects OBJECT IDENTIFIER ::= { ieee8021SecyMIB 1 }

secyMIBConformance OBJECT IDENTIFIER ::= { ieee8021SecyMIB 2 }

--
-- Textual Conventions
--

SecySCI ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
    "Textual convention for a Secure Channel Identifier (SCI).
         
     Each SC is identified by an SCI comprising a 48-bit MAC Address,
     allocated to the transmitting system and a 16-bit Port Identifier."
    REFERENCE   "IEEE 802.1AE Clause 7.1.2 and figure 7.7"
    SYNTAX OCTET STRING (SIZE (8))

SecyAN ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "d"
    STATUS current
    DESCRIPTION
    "Textual convention for an Association Number (AN).

     Each SC is comprised of a succession of SAs, each with a different 
     SAK, identified by a Secure Association Identifier (SAI) comprising 
     an SCI concatenated with a two-bit AN.  The SAI is unique for SAs 
     used by SecYs participating in a given CA at any instant."
    REFERENCE   "IEEE 802.1AE Clause 7.1.3, Figure 7.7"
    SYNTAX Unsigned32 (0..3)

secyMgmtMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 1 }

secyStatsMIBObjects OBJECT IDENTIFIER ::= { secyMIBObjects 2 }

--
-- SecY Interface Management Table
-- 

secyIfTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
    "A table with an entry for each service interface in this system
     with MAC Security capability, i.e. for each SecY.

     The configured value of writable objects in each table entry
     shall be stored in persistent memory and remain unchanged across
     a re-initialization of the system's management entity."
    REFERENCE "IEEE 802.1AE Clause 10.7, Table 13-1"
    ::= { secyMgmtMIBObjects 1 }
    
secyIfEntry    OBJECT-TYPE
    SYNTAX      SecyIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
    "A table entry with service information for a particular SecY."
    INDEX   { secyIfInterfaceIndex }
    ::= { secyIfTable 1 }

SecyIfEntry ::= SEQUENCE {
    secyIfInterfaceIndex            InterfaceIndex,
    secyIfMaxPeerSCs                Unsigned32,
    secyIfRxMaxKeys                 Unsigned32,
    secyIfTxMaxKeys                 Unsigned32,
    secyIfProtectFramesEnable       TruthValue,
    secyIfValidateFrames            INTEGER,
    secyIfReplayProtectEnable       TruthValue,
    secyIfReplayProtectWindow       Unsigned32,
    secyIfCurrentCipherSuite        Unsigned32,
    secyIfAdminPt2PtMAC             INTEGER,
    secyIfOperPt2PtMAC              TruthValue,
    secyIfIncludeSCIEnable          TruthValue,
    secyIfUseESEnable               TruthValue,
    secyIfUseSCBEnable              TruthValue,
    secyIfSCI                       SecySCI,     -- 802.1AEcg
    secyIfIncludingSCI              TruthValue,  -- 802.1AEcg
    secyIfMaxTSCs                   Unsigned32   -- 802.1AEcg
}
 
secyIfInterfaceIndex    OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An interface index, aligned with ifIndex in the
                 ifTable, pointing to the SecY's Controlled Port."
    REFERENCE   "IEEE 802.1AE Clause 10.1"
    ::= { secyIfEntry 1 }

secyIfMaxPeerSCs    OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "security connections"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The maximum number of peer SCs for this SecY."
    REFERENCE   "IEEE 802.1AE Clause 10.7.7"
    ::= { secyIfEntry 2 }

secyIfRxMaxKeys    OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "keys"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The maximum number of keys in simultaneous use for
                 reception for this SecY."
    REFERENCE   "IEEE 802.1AE Clause 10.7.7"
    ::= { secyIfEntry 3 }

secyIfTxMaxKeys    OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "keys"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The maximum number of keys in simultaneous use for
                 transmission for this SecY."
    REFERENCE   "IEEE 802.1AE Clause 10.7.16"
    ::= { secyIfEntry 4 }

secyIfProtectFramesEnable    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Enables or disables protection of transmitted frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.17, Figure 10-3"
    DEFVAL { true }
    ::= { secyIfEntry 5 }

secyIfValidateFrames    OBJECT-TYPE
    SYNTAX      INTEGER {
                    disabled(1),
                    check(2),
                    strict(3),
                    null(4)    -- 802.1AEcg
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "Controls validation of received frames.

     disabled(1) : disable validation, remove SecTAGs and ICVs (if 
                   present) from received frames.
     check(2)    : enable validation, do not discard invalid frames.
     strict(3)   : enable validation and  discard invalid frames.
     null(4)     : no processing, do not remove SecTAGs or ICVs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.8, Figure 10-4"
    DEFVAL { strict }
    ::= { secyIfEntry 6 }

secyIfReplayProtectEnable    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "Enables or disables replay protection."
    REFERENCE   "IEEE 802.1AE Clause 10.7.8, Figure 10-4"
    DEFVAL { true }
    ::= { secyIfEntry 7 }

secyIfReplayProtectWindow    OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "Packets"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "The replay protection window size."
    REFERENCE   "IEEE 802.1AE Clause 10.7.8, Figure 10-4"
    DEFVAL { 0 }
    ::= { secyIfEntry 8 }

secyIfCurrentCipherSuite    OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "The Cipher Suite currently used by this SecY,
                 identified by the secyCipherSuiteTable entry index.
                 Should be read-only if secyIfCipherTable implemented."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25"
    ::= { secyIfEntry 9 }

secyIfAdminPt2PtMAC    OBJECT-TYPE
    SYNTAX      INTEGER {
                    forceTrue(1),
                    forceFalse(2),
                    auto(3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "Controls the value of operPointToPointMAC (secyOperPt2PtMAC)
     reported to the user(s) of this SecY's Controlled Port. 

     forceTrue(1)  : operPointToPointMAC is True, regardless of the
                     configuration and status of the SecY.
     forceFalse(2) : operPointToPointMAC is False, regardless of the
                     configuration and status of the SecY.
     auto(3)       : OperPointMAC is True if secyIfvalidateFrames is 
                     strict and reception is from at most one peer SecY,
                     or if secyIfvalidateFrames is not strict and 
                     operPointToPointMAC is True for the Common Port,
                     and is False otherwise."
    REFERENCE   "IEEE 802.1AE Clause 6.5, 10.7.4"
    DEFVAL { auto }
    ::= { secyIfEntry 10 }

secyIfOperPt2PtMAC    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
    "Reflects the current service connectivity to be assumed by the 
     user(s) of the SecY's Controlled Port.

     true(1)  : connectivity is to at most one other system.
     false(2) : connectivity is to one or more other systems."
    REFERENCE   "IEEE 802.1AE Clause 6.5, 10.7.4"
    ::= { secyIfEntry 11 }

secyIfIncludeSCIEnable    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "Mandates inclusion of an explicit SCI in the SecTAG
                 when transmitting protected frames."
    REFERENCE   "IEEE 802.1AE Clause 10.5.3 alwaysIncludeSCI, 10.7.17"
    DEFVAL { false }
    ::= { secyIfEntry 12 }

secyIfUseESEnable    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "Enables use of the ES bit in the SecTAG when
                 transmitting protected frames."
    REFERENCE   "IEEE 802.1AE Clause 10.5.3 useES, 10.7.17"
    DEFVAL { false }
    ::= { secyIfEntry 13 }

secyIfUseSCBEnable    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "Enables use of the SCB bit in the SecTAG when
                 transmitting protected frames."
    REFERENCE   "IEEE 802.1AE Clause 10.5.3 useSCB, 10.7.17"
    DEFVAL { false }
    ::= { secyIfEntry 14 }
    
secyIfSCI       OBJECT-TYPE
    SYNTAX      SecySCI
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The SCI for the SecY's default traffic class."
    REFERENCE   "IEEE 802.1AE Clause 7.1.2, 10.7.1"
    ::= { secyIfEntry 15 }
    
secyIfIncludingSCI    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "True if an explicit SCI is included in the SecTAG when
                 transmitting protected frames."
    REFERENCE   "IEEE 802.1AE Clause 10.5.3 includingSCI, 10.7.17"
    DEFVAL { false }
    ::= { secyIfEntry 16 }
    
secyIfMaxTSCs    OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "security connections"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The maximum number of transmit SCs for this SecY."
    REFERENCE   "IEEE 802.1AE Clause 10.7.16"
    ::= { secyIfEntry 17 }    

--
-- Tx SC Management Table : systems not supporting traffic class SCs
--                           

secyTxSCTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTxSCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table with an entry for each SecY's transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.17, 10.7.20, Table 13-2"
    ::= { secyMgmtMIBObjects 2 }

secyTxSCEntry    OBJECT-TYPE
    SYNTAX      SecyTxSCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry with transmit SC information for a SecY."
    INDEX { secyIfInterfaceIndex }
    ::= { secyTxSCTable 1 }

SecyTxSCEntry ::= SEQUENCE {
    secyTxSCI              SecySCI,
    secyTxSCState          INTEGER,
    secyTxSCEncodingSA     RowPointer,
    secyTxSCEncipheringSA  RowPointer, -- deprecated
    secyTxSCCreatedTime    TimeStamp,
    secyTxSCStartedTime    TimeStamp,
    secyTxSCStoppedTime    TimeStamp
}

secyTxSCI       OBJECT-TYPE
    SYNTAX      SecySCI
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The SCI for the SecY's transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 7.1.2, 10.7.1"
    ::= { secyTxSCEntry 1 }

secyTxSCState   OBJECT-TYPE
    SYNTAX      INTEGER {
                    inUse(1),
                    notInUse(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The transmitting state of the SecY's transmit SC.
                 inUse(1) : one or more SAs are in use.
                 notInUse(2) : no SAs are in use."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21 transmitting, 10.7.23"
    ::= { secyTxSCEntry 2 }

secyTxSCEncodingSA    OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
    "The SA currently used to encode the SecTAG for frames awaiting 
     transmission. The row pointer will point to an entry in the 
     secyTxSATable. If no such information is available, the value shall 
     be the OBJECT IDENTIFIER { 0 0 }."
    REFERENCE   "IEEE 802.1AE Clause 10.5.1, 10.7.21"
    ::= { secyTxSCEntry 3 }

secyTxSCEncipheringSA    OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
    "The SA currently used to encipher frames for transmission.
     The row pointer will point to an entry in the secyTxSATable. 
     If no such information is available, the value shall be the
     OBJECT IDENTIFIER { 0 0 }."
    REFERENCE   "IEEE 802.1AE Clause 10.5.4"
    ::= { secyTxSCEntry 4 }

secyTxSCCreatedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmitting SC was created."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21"
    ::= { secyTxSCEntry 5 }

secyTxSCStartedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmitting SC last started
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21"
    ::= { secyTxSCEntry 6 }

secyTxSCStoppedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmitting SC last stopped
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21"
    ::= { secyTxSCEntry 7 }

--
-- Traffic Class capable transmit SC Management Table : 802.1AEcg
--                           

secyTSCTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTSCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table of entries for each SecY's traffic class SCs."
    REFERENCE   "IEEE 802.1AE Clause 7.1.2, 10.7.17, 10.7.20"
    ::= { secyMgmtMIBObjects 10 }

secyTSCEntry   OBJECT-TYPE
    SYNTAX      SecyTSCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry with transmit SC information for one of the
                 system's SecYs and one of its traffic classes."
    INDEX { secyIfInterfaceIndex, secyTSCI }
    ::= { secyTSCTable 1 }

SecyTSCEntry ::= SEQUENCE {
    secyTSCI              SecySCI,
    secyTSCState          INTEGER,
    secyTSCEncodingSA     RowPointer,
    secyTSCCreatedTime    TimeStamp,
    secyTSCStartedTime    TimeStamp,
    secyTSCStoppedTime    TimeStamp
}

secyTSCI       OBJECT-TYPE
    SYNTAX      SecySCI
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The SCI for the transmit SC for this SecY and 
                 traffic class."
    REFERENCE   "IEEE 802.1AE Clause 7.1.2, 10.7.17, 10.7.20"
    ::= { secyTSCEntry 1 }

secyTSCState   OBJECT-TYPE
    SYNTAX      INTEGER {
                    inUse(1),
                    notInUse(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
    "The state of the transmit SC for this SecY and traffic class.

     inUse(1)    : one or more SAs for the traffic class SC are in use.
     notInUse(2) : no SAs for the traffic class SC are in use."
    REFERENCE   "IEEE 802.1AE Clause 10.7.20"
    ::= { secyTSCEntry 2 }

secyTSCEncodingSA    OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
    "The SA currently used to encode the SecTAG for frames awaiting 
     transmission. The row pointer will point to an entry in the 
     secyTxSATable. If no such information is available, the value shall 
     be the OBJECT IDENTIFIER { 0 0 }."
    REFERENCE   "IEEE 802.1AE Clause 10.5.1, 10.7.21"
    ::= { secyTSCEntry 3 }

secyTSCCreatedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmitting SC was created."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21"
    ::= { secyTSCEntry 4 }

secyTSCStartedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmitting SC last started
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21"
    ::= { secyTSCEntry 5 }

secyTSCStoppedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmitting SC last stopped
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.21"
    ::= { secyTSCEntry 6 }

--
-- Tx SA Management Table : systems not supporting traffic class SCs
--

secyTxSATable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTxSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table with an entry for each transmit SA for each of 
                 the system's SecYs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.22, Table 13-2"
    ::= { secyMgmtMIBObjects 3 }

secyTxSAEntry    OBJECT-TYPE
    SYNTAX      SecyTxSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry for a transmit SA."
    INDEX   { secyIfInterfaceIndex, secyTxSA } 
    ::= { secyTxSATable 1 }

SecyTxSAEntry ::= SEQUENCE {
    secyTxSA                   SecyAN,
    secyTxSAState              INTEGER,
    secyTxSANextPN             Unsigned32,
    secyTxSAConfidentiality    TruthValue,
    secyTxSASAKUnchanged       TruthValue, -- deprecated
    secyTxSACreatedTime        TimeStamp,
    secyTxSAStartedTime        TimeStamp,
    secyTxSAStoppedTime        TimeStamp
}

secyTxSA    OBJECT-TYPE
    SYNTAX      SecyAN
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The association number (AN) for this transmit SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.22"
    ::= { secyTxSAEntry 1 }

secyTxSAState    OBJECT-TYPE
    SYNTAX      INTEGER {
                    inUse(1),
                    notInUse(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The current status of the transmitting SA.

                 inUse(1)    : this SA is in use.
                 notInUse(2) : this SA is not in use."
    REFERENCE   "IEEE 802.1AE Clause 10.7.22"
    ::= { secyTxSAEntry 2 }

secyTxSANextPN    OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The next packet number (PN) for this SA."
    REFERENCE   "IEEE 802.1AE Clause 10.5, 10.7.23"
    ::= { secyTxSAEntry 3 }

secyTxSAConfidentiality    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "True if the SA provides confidentiality as well as
                 integrity for transmitted frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTxSAEntry 4 }

secyTxSASAKUnchanged    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "A reference to an SAK that is unchanged for the life
                 of the transmitting SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.22"
    ::= { secyTxSAEntry 5 }

secyTxSACreatedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmit SA was created."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTxSAEntry 6 }

secyTxSAStartedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmit SA last started
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTxSAEntry 7 }

secyTxSAStoppedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmit SA last stopped
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTxSAEntry 8 }

--
-- Trafffic Class capable transmit SA Management Table : 802.1AEcg
--

secyTSATable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table with an entry for each transmit SA for each of 
                 the system's SecYs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.22, Table 13-2"
    ::= { secyMgmtMIBObjects 11 }

secyTSAEntry    OBJECT-TYPE
    SYNTAX      SecyTSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry for a transmit SA."
    INDEX   { secyIfInterfaceIndex, secyTSCI, secyTSA } 
    ::= { secyTSATable 1 }

SecyTSAEntry ::= SEQUENCE {
    secyTSA                   SecyAN,
    secyTSAState              INTEGER,
    secyTSANextXPN            Counter64,
    secyTSAConfidentiality    TruthValue,
    secyTSAKeyIdentifier      SnmpAdminString,
    secyTSASSCI				  Integer32,
    secyTSACreatedTime        TimeStamp,
    secyTSAStartedTime        TimeStamp,
    secyTSAStoppedTime        TimeStamp
}

secyTSA     OBJECT-TYPE
    SYNTAX      SecyAN
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The association number (AN) for this transmit SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.22"
    ::= { secyTSAEntry 1 }

secyTSAState   OBJECT-TYPE
    SYNTAX      INTEGER {
                    inUse(1),
                    notInUse(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The current status of the transmit SA.

                 inUse(1) : this SA is in use.
                 notInUse(2) : this SA is not in use."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 2 }

secyTSANextXPN  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The next packet number (PN) for this SA."
    REFERENCE   "IEEE 802.1AE Clause 10.5, 10.7.23"
    ::= { secyTSAEntry 3 }

secyTSAConfidentiality    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "True if the SA provides confidentiality as well as
                 integrity for transmitted frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 4 }

secyTSAKeyIdentifier    OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (1..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The Key Identifier (KI) for the SAK for this SA."
    REFERENCE   "IEEE 802.1X, IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 5 }

secyTSASSCI     OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The SSCI for this SA, 0 if an XPN Cipher Suite is not
    			 being used."
    REFERENCE   "IEEE 802.1X, IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 6 }

secyTSACreatedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmit SA was created."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 7 }

secyTSAStartedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmit SA last started
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 8 }

secyTSAStoppedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this transmit SA last stopped
                 transmitting MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.23"
    ::= { secyTSAEntry 9 }

--
-- Rx SC Management Table
--

secyRxSCTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyRxSCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table for the system's SecY's receive SCs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.11, Table 13-2"
    ::= { secyMgmtMIBObjects 4 }

secyRxSCEntry   OBJECT-TYPE
    SYNTAX      SecyRxSCEntry  
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry for one of the SCs used by one of the system's
                 SecY's to receive protected frames."
    INDEX    { secyIfInterfaceIndex, secyRxSCI } 
    ::= { secyRxSCTable 1 }

SecyRxSCEntry ::= SEQUENCE {
    secyRxSCI              SecySCI,
    secyRxSCState          INTEGER,
    secyRxSCCurrentSA      RowPointer,
    secyRxSCCreatedTime    TimeStamp, 
    secyRxSCStartedTime    TimeStamp, 
    secyRxSCStoppedTime    TimeStamp
}

secyRxSCI       OBJECT-TYPE
    SYNTAX      SecySCI
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The SCI for the receive SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.11"
    ::= { secyRxSCEntry 1 }

secyRxSCState   OBJECT-TYPE
    SYNTAX      INTEGER {
                    inUse(1),
                    notInUse(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The state of the receive SC.

                 inUse(1) : one or more SAs for this SC are in use.
                 notInUse(2) : no SAs for this SC is in use."
    REFERENCE   "IEEE 802.1AE Clause 10.7.12 receiving, 
                                     10.7.14 inUse, 10.7.15"
    ::= { secyRxSCEntry 2 }

secyRxSCCurrentSA    OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
    "The current receiving association number of the SC in use.
     The row pointer will point to an entry in the secyRxSATable.  If no 
     such information can be identified, the value of this object shall 
     be the OBJECT IDENTIFIER { 0 0 }."
    REFERENCE   "IEEE 802.1AE Clause 10.6.1, 10.7.13"
    ::= { secyRxSCEntry 3 }

secyRxSCCreatedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this receiving SC was created."
    REFERENCE   "IEEE 802.1AE Clause 10.7.12"
    ::= { secyRxSCEntry 4 }

secyRxSCStartedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this receiving SC last started
                 receiving MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.12"
    ::= { secyRxSCEntry 5 }

secyRxSCStoppedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this receiving SC last stopped
                 receiving MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.12"
    ::= { secyRxSCEntry 6 }

--
-- Rx SA Management Table
--

secyRxSATable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyRxSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table with entries for the system's receive SAs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.13"
    ::= { secyMgmtMIBObjects 5 }

secyRxSAEntry   OBJECT-TYPE
    SYNTAX      SecyRxSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry for one of the SAs used by one of the system's
                 SecY's to receive protected frames."
    INDEX    { secyIfInterfaceIndex, secyRxSCI, secyRxSA }
    ::= { secyRxSATable 1 }

SecyRxSAEntry ::= SEQUENCE {
    secyRxSA               SecyAN,
    secyRxSAState          INTEGER,
    secyRxSANextPN         Unsigned32,
    secyRxSASAKUnchanged   TruthValue,
    secyRxSACreatedTime    TimeStamp,
    secyRxSAStartedTime    TimeStamp,
    secyRxSAStoppedTime    TimeStamp,
    secyRxSANextXPN        Counter64,       -- 802.1AEcg
    secyRxSALowestXPN      Counter64,       -- 802.1AEcg
    secyRxSAKeyIdentifier  SnmpAdminString, -- 802.1AEcg
	secyRxSASSCI		   Integer32 		-- 802.1AEcg
}

secyRxSA        OBJECT-TYPE
    SYNTAX      SecyAN
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The association number (AN) for this receive SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.13"
    ::= { secyRxSAEntry 1 }

secyRxSAState    OBJECT-TYPE
    SYNTAX      INTEGER {
                    inUse(1),
                    notInUse(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The current state for this receive SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.14"
    ::= { secyRxSAEntry 2 }

secyRxSANextPN    OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
    "One more than the highest PN conveyed in the SecTAG of a frame 
     received on this SA that has been successfully validated (if 
     validateFrames has not been disabled). Deprecated: use 
     secyRxSANextXPN for both 32-bit PN and 64-bit XPN PN values. If 
     this object is implemented and an XPN Cipher Suite is used, it 
     contains the lowest 32-bits of the XPN."
    REFERENCE   "IEEE 802.1AE Clause 10.6.5, 10.7.14, Figure 10-4"
    ::= { secyRxSAEntry 3 }

secyRxSASAKUnchanged    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "A reference to an SAK that is unchanged for the life
                 of the receiving SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.13"
    ::= { secyRxSAEntry 4 }

secyRxSACreatedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this receiving SA was created."
    REFERENCE   "IEEE 802.1AE Clause 10.7.14"
    ::= { secyRxSAEntry 5 }

secyRxSAStartedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this receiving SA last started
                 receiving MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.14"
    ::= { secyRxSAEntry 6 }

secyRxSAStoppedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The system time when this receiving SA last stopped
                 receiving MACsec frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.14"
    ::= { secyRxSAEntry 7 }
    
secyRxSANextXPN    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "One more than the highest PN conveyed in the SecTAG of
                 successfully validates frames received on this SA."
    REFERENCE   "IEEE 802.1AE Clause 10.6.5, 10.7.14, Figure 10-4"
    ::= { secyRxSAEntry 8 }
    
secyRxSALowestXPN    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The lowest acceptable packet number. A received frame 
                 with a lower PN is  discarded if 
                 secyIfReplayProtectEnable is enabled."
    REFERENCE   "IEEE 802.1AE Clause 10.6.2, 10.6.4, 10.6.5, 10.7.14,
        Figure 10-4"
    ::= { secyRxSAEntry 9 }
    
secyRxSAKeyIdentifier    OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (1..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The Key Identifier (KI) for the SAK for this SA."
    REFERENCE   "IEEE 802.1X, IEEE 802.1AE Clause 10.7.14"
    ::= { secyRxSAEntry 10 }
    
secyRxSASSCI    OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The SSCI for this SA, 0 if an XPN Cipher Suite is not
    			 being used."
    REFERENCE   "IEEE 802.1X, IEEE 802.1AE Clause 10.7.14"
    ::= { secyRxSAEntry 11 } 

--
--  SecY Selectable Cipher Suites
--

secyCipherSuiteTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyCipherSuiteEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
    "A table of the system's Cipher Suite capabilities, which can differ
     by Cipher Suite implementation, so there can be more than one entry 
     with the same secyCipherSuiteId. The secyIfCipherTable lists 
     available entries by SecY, avoiding the need for remote network 
     management to  write objects or create rows in this table. Any 
     configured values shall be stored in persistent memory and remain 
     unchanged across a re-initialization of the management system."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25"
    ::= { secyMgmtMIBObjects 6 }

secyCipherSuiteEntry    OBJECT-TYPE
    SYNTAX      SecyCipherSuiteEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "An entry for a Cipher Suite implementation."
    INDEX { secyCipherSuiteIndex }
    ::= { secyCipherSuiteTable 1 }

SecyCipherSuiteEntry ::= SEQUENCE {
    secyCipherSuiteIndex               Unsigned32,
    secyCipherSuiteId                  OCTET STRING,
    secyCipherSuiteName                SnmpAdminString,
    secyCipherSuiteCapability          BITS,
    secyCipherSuiteProtection          BITS,
    secyCipherSuiteProtectionOffset    INTEGER,
    secyCipherSuiteDataLengthChange    TruthValue,
    secyCipherSuiteICVLength           Unsigned32,
    secyCipherSuiteRowStatus           RowStatus
}

secyCipherSuiteIndex    OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The CipherSuiteTable entry index."
    ::= { secyCipherSuiteEntry 1 }

secyCipherSuiteId    OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (8))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "A unique 64-bit (EUI-64) identifier for the Cipher 
                 Suite."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25, Table 14-1"
    ::= { secyCipherSuiteEntry 2 }

secyCipherSuiteName    OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (1..128))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The Cipher Suite Name, 128 octets or fewer."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25, Table 14-1"
    ::= { secyCipherSuiteEntry 3 }

secyCipherSuiteCapability    OBJECT-TYPE
    SYNTAX      BITS {
                    integrity(0),
                    confidentiality(1),
                    offsetConfidentiality(2)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Cipher Suite implementation capability information.

                 integrity(0)             : integrity protection.
                 confidentiality(1)       : confidentiality protection.
                 offsetConfidentiality(2) : offset confidentiality 
                                            protection."
    REFERENCE   "IEEE 802.1AE Clause 10.7.24, 10.7.25"
    ::= { secyCipherSuiteEntry 4 }

secyCipherSuiteProtection    OBJECT-TYPE
    SYNTAX      BITS {
                    integrity(0),
                    confidentiality(1),
                    offsetConfidentiality(2)
                }
    MAX-ACCESS  read-create
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
    "The secyIfCipherSuite table should be used instead of this object 
     to allow per SecY Cipher Suite configuration.
     
     The options provided by this control are a subset of those
     defined by the object secyCipherSuiteCapability.     
     If secyCipherSuiteCapability has the integrity bit on,the integrity 
     bit can be turned on for this object.
     If secyCipherSuiteCapability has the integrity and confidentiality 
     bits on, the confidentiality bit of this object can be turned on 
     and the integrity bit must be on.
     If secyCipherSuiteCapability has the integrity and
     offsetConfidentiality bits on, the offsetConfidentiality bit can be 
     turned on and the integrity bit must be on.

     integrity(0) : on or off the function of supporting integrity
                    protection for this cipher suite.

     confidentiality(1) : on or off the function of supporting
                    confidentiality for this cipher suite.

     offsetConfidentiality(2) : on or off the function of supporting           
                    offset confidentiality for this cipher suite."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25"
    DEFVAL { { integrity } }
    ::= { secyCipherSuiteEntry 5 }

secyCipherSuiteProtectionOffset    OBJECT-TYPE
    SYNTAX      Integer32 (0 | 30 | 50)
    UNITS       "bytes"
    MAX-ACCESS  read-create
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
    "The confidentiality protection offset options of this cipher suite.  
     Options should depend on the choice of secyCipherSuiteProtection.
     If the value of secyCipherSuiteProtection only turns on integrity 
     bit, users can only choose 0 byte for this object.
     If the value of secyCipherSuiteProtection only turns on integrity 
     and confidentiality bits, users can only choose 0 byte for this 
     object.
     If the value of secyCipherSuiteProtection only turns on integrity 
     and offsetConfidentiality bits, users can choose 30 or 50 bytes for 
     this object.
     If the value of secyCipherSuiteProtection turns on integrity and 
     confidentiality and offsetConfidentiality bits, users can choose 0 
     or 30 or 50 bytes for this object."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25, 10.7.26"
    DEFVAL { 0 }
    ::= { secyCipherSuiteEntry 6 }

secyCipherSuiteDataLengthChange    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "True if cipher suite changes the length of the data."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25, Figure 9-1"
    ::= { secyCipherSuiteEntry 7 }

secyCipherSuiteICVLength    OBJECT-TYPE
    SYNTAX      Unsigned32 (8..16)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The length of the integrity check value (ICV) field."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25, Figure 9-1"
    ::= { secyCipherSuiteEntry 8 }

secyCipherSuiteRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
    "The secyIfCipherTable (if implemented) avoids the need for
     network manager creation of entries in the secyCipherSuiteTable, 
     and RowStatus should always be valid(1), with any per SecY
     unavailability indicated by an absence of a corresponding
     secyIfCipherTable entry or one with secyCipherSuiteAvailable
     false (the latter can indicate temporay unavailability)."
    REFERENCE   "IEEE 802.1AE Clause 10.7.25"
    ::= { secyCipherSuiteEntry 9 }

--
-- SecY Interface Ciphers Table : 802.1AEcg
-- 

secyIfCipherTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyIfCipherEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "A table with an entry for the Cipher Suite capabilities
        implemented for each SecY in this system, providing per SecY
        control of Cipher Suite use.

        The configured value of writable objects in each table entry
        shall be stored in persistent memory and remain unchanged across
        a re-initialization of the system's management entity."
    REFERENCE   "IEEE 802.1AE Clause 10.7.26, Table 13-1"
    ::= { secyMgmtMIBObjects 7 }
    
secyIfCipherEntry    OBJECT-TYPE
    SYNTAX      SecyIfCipherEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table entry with Cipher Suite control for a SecY."
    INDEX   { secyIfInterfaceIndex, secyCipherSuiteIndex }
    ::= { secyIfCipherTable 1 }

SecyIfCipherEntry ::= SEQUENCE {
    secyIfCipherImplemented         TruthValue,
    secyIfCipherEnableUse           TruthValue,
    secyIfCipherRqConfidentiality   TruthValue
}
 
secyIfCipherImplemented    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "True if the Cipher Suite implementation can be used by
                 this SecY (if secIfCipherEnablUse is true)."
    REFERENCE   "IEEE 802.1AE Clause 10.7.26"
    DEFVAL { true }
    ::= { secyIfCipherEntry 1 }

secyIfCipherEnableUse    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "Enables use of the Cipher Suite by this SecY."
    REFERENCE   "IEEE 802.1AE Clause 10.7.26"
    DEFVAL { true }
    ::= { secyIfCipherEntry 2 }
    
secyIfCipherRqConfidentiality    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "True if confidentiality protection (without an offset)
                 is required if this Cipher Suite is used."
    REFERENCE   "IEEE 802.1AE Clause 10.7.26"
    DEFVAL { true }
    ::= { secyIfCipherEntry 3 }

--
-- SecY Interface Traffic Class Table : 802.1AEcg
-- 

secyIfTCTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyIfTCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "The Traffic Class Table for each SecY in this system.

        The configured value of writable objects in each table entry
        shall be stored in persistent memory and remain unchanged across
        a re-initialization of the system's management entity."
    REFERENCE   "IEEE 802.1AE Clause 10.5.1, 10.7.17, Table 13-1"
    ::= { secyMgmtMIBObjects 8 }
    
secyIfTCEntry   OBJECT-TYPE
    SYNTAX      SecyIfTCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table entry providing Traffic Class selection for a
                 given SecY and User Priority."
    INDEX   { secyIfInterfaceIndex, secyIfTCUserPriority }
    ::= { secyIfTCTable 1 }

SecyIfTCEntry ::= SEQUENCE {
    secyIfTCUserPriority           Integer32,
    secyIfTCTrafficClass           Integer32
}

secyIfTCUserPriority    OBJECT-TYPE
    SYNTAX      Integer32 (0..7)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "One of the possible User Priority values for a frame."
    REFERENCE   "IEEE 802.1AE Clause 10.7.17"
    ::= { secyIfTCEntry 1 }
 
secyIfTCTrafficClass    OBJECT-TYPE
    SYNTAX      Integer32 (0..7)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
       "The Traffic Class for this SecY and User Priority, as 
        transmitted in the four most significant bits of the Port
        Identifier component of the SCI of protected frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.17"
    DEFVAL { 0 }
    ::= { secyIfTCEntry 2 }

--
-- SecY Interface Access Priority Table : 802.1AEcg
-- 

secyIfAPTable   OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyIfAPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION 
       "The Access Priority Table for each SecY in this system.

        The configured value of writable objects in each table entry
        shall be stored in persistent memory and remain unchanged across
        a re-initialization of the system's management entity."
    REFERENCE   "IEEE 802.1AE Clause 10.5.1, 10.7.17, Table 13-1"
    ::= { secyMgmtMIBObjects 9 }
    
secyIfAPEntry   OBJECT-TYPE
    SYNTAX      SecyIfAPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table entry selecting the  Access Priority Code Point
                 for a given SecY and User Priority Code Point."
    INDEX   { secyIfInterfaceIndex, secyIfAPUserPCP }
    ::= { secyIfAPTable 1 }

SecyIfAPEntry ::= SEQUENCE {
    secyIfAPUserPCP             Integer32,
    secyIfAPAccessPCP           Integer32
}

secyIfAPUserPCP OBJECT-TYPE
    SYNTAX      Integer32 (0..15)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A User Priority Code Point."
    REFERENCE   "IEEE 802.1AE Clause 10.5, 10.7.17"
    ::= { secyIfAPEntry 1 }
 
secyIfAPAccessPCP    OBJECT-TYPE
    SYNTAX      Integer32 (0..15)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "The Access Priority Code Point for this SecY and User
                 PCP. Defaults to the User PCP value. "
    REFERENCE   "IEEE 802.1AE Clause 10.5, 10.7.17"
    ::= { secyIfAPEntry 2 }

--
-- TX SA Statistics : systems not supporting traffic class SCs
--

secyTxSAStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTxSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "A table of statistics for each transmit SA for each of 
                 the system's SecYs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, figure 10-4"
    ::= { secyStatsMIBObjects 1 }

secyTxSAStatsEntry    OBJECT-TYPE
    SYNTAX      SecyTxSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
       "An entry with statistics for a transmit SA.  The AN that 
        identifies an SA (for a given SC) and this corresponding entry
        can be reused. When creating the SA and before (re)using the
        entry, the SA counters are (re)set to 0. When the SA is stopped
        (secyTxSA notInuse) the counters will be stop incrementing.

        The secyTxSATable timestamps SA creation, start, and stop."
    AUGMENTS { secyTxSAEntry }
    ::= { secyTxSAStatsTable 1 }

SecyTxSAStatsEntry ::= SEQUENCE {
    secyTxSAStatsProtectedPkts    Counter32,
    secyTxSAStatsEncryptedPkts    Counter32
}

secyTxSAStatsProtectedPkts    OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of integrity protected but not encrypted 
                 packets for this transmit SA. Zero if
                 secyTxSAConfidentiality is True, and one less than 
                 secyTxSANextPN otherwise."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, figure 10-4"
    ::= { secyTxSAStatsEntry 1 }

secyTxSAStatsEncryptedPkts    OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of integrity protected and encrypted packets 
                 for this transmit SA. Zero if secyTxSAConfidentiality 
                 is False, and one less than secyTxSANextPN otherwise."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-4"
    ::= { secyTxSAStatsEntry 2 }
    
    
--
-- TX SC Statistics : systems not supporting traffic class SCs
--

secyTxSCStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTxSCStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table of statistics for each SecY's transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, 10.7.19, Figure 10-3"
    ::= { secyStatsMIBObjects 2 }

secyTxSCStatsEntry    OBJECT-TYPE
    SYNTAX      SecyTxSCStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "An entry containing counts for a transmit SC. SA counters are 
        reset when the SA's AN  is reused, so these SC counts are
        a summation for all current and prior SAs belonging to the SC."
    AUGMENTS { secyTxSCEntry }
    ::= { secyTxSCStatsTable 1 }

SecyTxSCStatsEntry ::= SEQUENCE {
    secyTxSCStatsProtectedPkts      Counter64,
    secyTxSCStatsEncryptedPkts      Counter64,
    secyTxSCStatsOctetsProtected    Counter64, -- deprecated
    secyTxSCStatsOctetsEncrypted    Counter64  -- deprecated
}

secyTxSCStatsProtectedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of integrity protected but not encrypted
                 packets for this transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-3"
    ::= { secyTxSCStatsEntry 1 }

secyTxSCStatsEncryptedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of integrity protected and encrypted packets 
                 for this transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-3"
    ::= { secyTxSCStatsEntry 4 }

secyTxSCStatsOctetsProtected    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of plain text octets that are integrity 
                 protected but not encrypted for this transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.19, Figure 10-3"
    ::= { secyTxSCStatsEntry 10 }

secyTxSCStatsOctetsEncrypted    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
        "The number of plain text octets that are integrity protected
         and encrypted on the transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.19, Figure 10-3"
    ::= { secyTxSCStatsEntry 11 }
--
-- Traffic Class capable transmit SC Statistics : 802.1AEcg
--

secyTSCStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyTSCStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of statistics for each SecY's transmit SCs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, 10.7.19, Figure 10-3"
    ::= { secyStatsMIBObjects 12 }

secyTSCStatsEntry    OBJECT-TYPE
    SYNTAX      SecyTSCStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A entry containing counts for a transmit SC, since SA counters 
         are reset when the SA's AN  is reused these are a summation for
         all current and prior SAs belonging to the SC."
    AUGMENTS { secyTSCEntry }
    ::= { secyTSCStatsTable 1 }

SecyTSCStatsEntry ::= SEQUENCE {
    secyTSCStatsProtectedPkts      Counter64,
    secyTSCStatsEncryptedPkts      Counter64
}

secyTSCStatsProtectedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of integrity protected but not encrypted packets
         for this transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-3"
    ::= { secyTSCStatsEntry 1 }

secyTSCStatsEncryptedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of integrity protected and encrypted packets for
         this transmit SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-3"
    ::= { secyTSCStatsEntry 2 }


--
-- RX SA Statistics Information
--

secyRxSAStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyRxSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "A table that contains the statistics objects for each
         receiving SA in the MAC security entity."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsMIBObjects 3 }

secyRxSAStatsEntry    OBJECT-TYPE
    SYNTAX      SecyRxSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION
       "An entry with statistics for a receive SA.  The AN that 
        identifies an SA (for a given SC) and this corresponding entry
        can be reused. When creating the SA and before (re)using the
        entry, the SA counters are (re)set to 0. When the SA is stopped
        (secyRxSA notInuse) the counters will be stop incrementing.

        The secyRxSATable timestamps SA creation, start, and stop."
    AUGMENTS { secyRxSAEntry }
    ::= { secyRxSAStatsTable 1 }    

SecyRxSAStatsEntry ::= SEQUENCE {
    secyRxSAStatsUnusedSAPkts    Counter32, -- deprecated
    secyRxSAStatsNoUsingSAPkts   Counter32, -- deprecated
    secyRxSAStatsNotValidPkts    Counter32, -- deprecated
    secyRxSAStatsInvalidPkts     Counter32, -- deprecated
    secyRxSAStatsOKPkts          Counter32  -- deprecated
}

secyRxSAStatsUnusedSAPkts    OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "For this SA which is not currently in use, the number of
         received, unencrypted, packets with secyValidateFrames
         not in the strict mode."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSAStatsEntry 1 }

secyRxSAStatsNoUsingSAPkts   OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "For this SA which is not currently in use, the number of
         received packets that have been discarded, and have
         either the packets encrypted or secyValidateFrames set to
         strict mode."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSAStatsEntry 4 }

secyRxSAStatsNotValidPkts     OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "For this SA, the number discarded packets with the
         condition that the packets are not valid and one of the
         following conditions are true: either secyValidateFrames in
         strict mode or the packets encrypted."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSAStatsEntry 13 }

secyRxSAStatsInvalidPkts     OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "For this SA, the number of packets with the condition
         that the packets are not valid and secyValidateFrames is in
         check mode."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSAStatsEntry 16 }

secyRxSAStatsOKPkts          OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "For this SA, the number of validated packets."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSAStatsEntry 25 }

--
-- RX SC Statistics Information
--

secyRxSCStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyRxSCStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table of statistics for each receive SC for each of
                 the system's SecYs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, 10.7.10, Figure 10-4"
    ::= { secyStatsMIBObjects 4 }

secyRxSCStatsEntry    OBJECT-TYPE
    SYNTAX      SecyRxSCStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "An entry containing counts for a receive SC. SA counters are 
        reset when the SA's AN  is reused, so these SC counts are a 
        summation for all current and prior SAs belonging to the SC."
    AUGMENTS { secyRxSCEntry }
    ::= { secyRxSCStatsTable 1 }

SecyRxSCStatsEntry ::= SEQUENCE {
    secyRxSCStatsUnusedSAPkts         Counter64, -- deprecated
    secyRxSCStatsNoUsingSAPkts        Counter64, -- deprecated
    secyRxSCStatsLatePkts             Counter64,
    secyRxSCStatsNotValidPkts         Counter64,
    secyRxSCStatsInvalidPkts          Counter64,
    secyRxSCStatsDelayedPkts          Counter64,
    secyRxSCStatsUncheckedPkts        Counter64,
    secyRxSCStatsOKPkts               Counter64,
    secyRxSCStatsOctetsValidated      Counter64, -- deprecated
    secyRxSCStatsOctetsDecrypted      Counter64  -- deprecated
}

secyRxSCStatsUnusedSAPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The sum of secyRxSAStatsUnusedSAPkts counts for all
                 current and prior SAs belonging to this SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 1 }

secyRxSCStatsNoUsingSAPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The sum of secyRxSAStatsNoUsingSAPkts counts for all
                 current and prior SAs belonging to this SC."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 2 }

secyRxSCStatsLatePkts        OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of packets discarded, for this SC, because the 
         the received PN was lower than the lowest acceptable PN
         (secyRxSALowestXPN) and secyIfReplayProtectEnable was true."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 3 }

secyRxSCStatsNotValidPkts     OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The number of packets discarded, for this SC, because validation
        failed and secyIfvalidateFrames was 'strict' or the data was
        encrypted (so the original frame could not be recovered)."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 4 }

secyRxSCStatsInvalidPkts     OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The number of packets, for this SC, that failed validation but 
       could be received because secyIfvalidateFrames  was 'check' and
       the  data was not encrypted (so the original frame could be 
       recovered)."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 5 }

secyRxSCStatsDelayedPkts     OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The number of received packets, for this SC, with PN lower
        than the lowest acceptable PN (secyRxSALowestXPN) and 
        secyIfReplayProtectEnable false."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 6 }

secyRxSCStatsUncheckedPkts   OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of packets received for this SC,  while 
                 secyValidateFrames was 'disabled'."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 7 }

secyRxSCStatsOKPkts          OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of packets received for this SC
                 successfully validated and within the replay window."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyRxSCStatsEntry 8 }

secyRxSCStatsOctetsValidated     OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of plaintext octets recovered from packets 
                 that were integrity protected but not encrypted."
    REFERENCE "Deprecated, the secyIsStatsTable has per SecY counts     
               for cryptographic performance management."
    ::= { secyRxSCStatsEntry 9 }

secyRxSCStatsOctetsDecrypted    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of plaintext octets recovered from packets 
                 that were integrity protected and encrypted."
    REFERENCE  "Deprecated, the secyIsStatsTable has per SecY counts    
                for cryptographic performance management."
    ::= { secyRxSCStatsEntry 10 }

--
-- SecY statistics table
--

secyStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF SecyStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "A table of statistics for each of the system's SecYs."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, 10.7.18, Figure 10-3, 10.5"
    ::= { secyStatsMIBObjects 5 }

secyStatsEntry    OBJECT-TYPE
    SYNTAX      SecyStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing counts for a SecY."
    AUGMENTS { secyIfEntry }
    ::= { secyStatsTable 1 }

SecyStatsEntry ::= SEQUENCE {
    secyStatsTxUntaggedPkts     Counter64,
    secyStatsTxTooLongPkts      Counter64,
    secyStatsRxUntaggedPkts     Counter64,
    secyStatsRxNoTagPkts        Counter64,
    secyStatsRxBadTagPkts       Counter64,
    secyStatsRxUnknownSCIPkts   Counter64, -- deprecated
    secyStatsRxNoSCIPkts        Counter64, -- deprecated
    secyStatsRxOverrunPkts      Counter64,
    secyStatsRxNoSAPkts         Counter64, -- 802.1AEcg
    secyStatsRxNoSAErrorPkts    Counter64, -- 802.1AEcg
    secyStatsTxOctetsProtected  Counter64, -- 802.1AEcg
    secyStatsTxOctetsEncrypted  Counter64, -- 802.1AEcg
    secyStatsRxOctetsValidated  Counter64, -- 802.1AEcg
    secyStatsRxOctetsDecrypted  Counter64  -- 802.1AEcg
}

secyStatsTxUntaggedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of packets transmitted without a SecTAG
                 because secyProtectFramesEnable is configured false."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-3"
    ::= { secyStatsEntry 1 }

secyStatsTxTooLongPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of transmit packets discarded because their
                 length is greater than the ifMtu of the Common Port."
    REFERENCE   "IEEE 802.1AE Clause 10.7.18, Figure 10-3"
    ::= { secyStatsEntry 2 }

secyStatsRxUntaggedPkts    OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of packets without the MACsec tag (SecTAG) 
                 received while secyValidateFrames was not 'strict'."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 3 }

secyStatsRxNoTagPkts       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of received packets  without a SecTAG
                 discarded because secyValidateFrames was 'strict'."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 4 }

secyStatsRxBadTagPkts      OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of received packets discarded with an 
                 invalid SecTAG, zero value PN, or invalid ICV."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 5 }

secyStatsRxUnknownSCIPkts  OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of received packets with an unknown SCI."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 6 }

secyStatsRxNoSCIPkts       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      deprecated -- 802.1AEcg
    DESCRIPTION "The number of discarded packets with an unknown SCI."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 7 }

secyStatsRxOverrunPkts       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of packets discarded because they exceeded 
                 cryptographic performance capabilities."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 8 }
    
secyStatsRxNoSAPkts       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of received packets with an unknown SCI 
                 or for an unused SA."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 9 }

secyStatsRxNoSAErrorPkts       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of packets discarded because the received
                 SCI is unknown or the SA is not in use."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 10 }

secyStatsTxOctetsProtected       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of plain text octets integrity protected 
                 but not encrypted in transmitted frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 11 }

secyStatsTxOctetsEncrypted       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of plain text octets integrity protected 
                 and encrypted in transmitted frames."
    REFERENCE   "IEEE 802.1AE Clause 10.7.9, Figure 10-4"
    ::= { secyStatsEntry 12 }
    
secyStatsRxOctetsValidated       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of plaintext octets recovered from packets 
                 that were integrity protected but not encrypted."
    REFERENCE   "IEEE 802.1AE Clause 10.6.3, Figure 10-3"
    ::= { secyStatsEntry 13 }

secyStatsRxOctetsDecrypted       OBJECT-TYPE
    SYNTAX      Counter64
    UNITS       "Octets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of plaintext octets recovered from packets 
                 that were integrity protected and encrypted."
    REFERENCE   "IEEE 802.1AE Clause 10.6.3, Figure 10-3"
    ::= { secyStatsEntry 14 }
--
-- Conformance
--

secyMIBCompliances  OBJECT IDENTIFIER ::= { secyMIBConformance 1 }

secyMIBGroups  OBJECT IDENTIFIER ::= { secyMIBConformance 2 }

-- Compliance

secyMIBTcCompliance MODULE-COMPLIANCE
    STATUS current -- 802.1AEcg
    DESCRIPTION
    "The compliance statement for an IEEE8021-SECY-MIB supporting
     traffic class transmit SCs, added by IEEE 802.1AEcg."
    MODULE IF-MIB
        MANDATORY-GROUPS {
            ifCounterDiscontinuityGroup
            }
    MODULE  -- this module
        MANDATORY-GROUPS {
            secyIfGroup,
            secyIfCipherGroup,
            secyIfTCGroup,
            secyIfAPGroup,
            secyTSCGroup,
            secyTSAGroup,
            secyRSCGroup,
            secyRSAGroup,
            secyCipherInfoGroup,
            secyCipherStatsGroup,
            secyTSCStatsGroup,
            secyRSCStatsGroup, 
            secyIfStatsGroup
        }
        OBJECT secyIfCurrentCipherSuite
            MIN-ACCESS    read-only
            DESCRIPTION "should be read-only, use the secyIfCipherTable
                         to control ciper suite use."
        OBJECT    secyCipherSuiteId
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteName
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, should be read-only."
        OBJECT    secyCipherSuiteCapability
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, should be read-only."
        OBJECT    secyCipherSuiteDataLengthChange
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, should be read-only."
        OBJECT    secyCipherSuiteICVLength
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, should be read-only."
    ::= { secyMIBCompliances 2 }

secyMIBCompliance MODULE-COMPLIANCE
    STATUS deprecated -- 802.1AEcg
    DESCRIPTION
    "The compliance statement for the IEEE8021-SECY-MIB as specified in
     IEEE Std 802.1AE-2006."
    MODULE  -- this module
        MANDATORY-GROUPS {
            secyIfCtrlGroup,
            secyTxSCGroup,
            secyTxSAGroup,
            secyRxSCGroup,
            secyRxSAGroup,
            secyCipherSuiteGroup,
            secyTxSAStatsGroup,
            secyTxSCStatsGroup,
            secyRxSAStatsGroup,
            secyRxSCStatsGroup, 
            secyStatsGroup
        }
        OBJECT secyIfCurrentCipherSuite
            MIN-ACCESS    read-only
            DESCRIPTION "write access not required, may be read-only."
        OBJECT    secyCipherSuiteId
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteName
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteCapability
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteProtection
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteProtectionOffset
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteDataLengthChange
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteICVLength
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
        OBJECT    secyCipherSuiteRowStatus
            MIN-ACCESS    read-only
            DESCRIPTION "read-create not required, may be read-only."
    ::= { secyMIBCompliances 1 }
--
-- Units of Conformance
-- Controlled Port service management MIB Groups

secyIfGroup    OBJECT-GROUP
    OBJECTS {
        secyIfMaxPeerSCs,
        secyIfRxMaxKeys,
        secyIfTxMaxKeys,
        secyIfProtectFramesEnable,
        secyIfValidateFrames,
        secyIfReplayProtectEnable,
        secyIfReplayProtectWindow,
        secyIfCurrentCipherSuite,
        secyIfAdminPt2PtMAC,
        secyIfOperPt2PtMAC,
        secyIfIncludeSCIEnable,
        secyIfUseESEnable,
        secyIfUseSCBEnable,
        secyIfSCI,                  -- 802.1AEcg
        secyIfIncludingSCI,         -- 802.1AEcg
        secyIfMaxTSCs               -- 802.1AEcg
    }
    STATUS      current --- 802.1AEcg, updates secyIfCtrlGroup
    DESCRIPTION "SecY service management (secyIfTable objects) for 
                 systems supporting traffic class SCs."
    ::= { secyMIBGroups 12 }

secyIfCtrlGroup    OBJECT-GROUP
    OBJECTS {
        secyIfMaxPeerSCs,
        secyIfRxMaxKeys,
        secyIfTxMaxKeys,
        secyIfProtectFramesEnable,
        secyIfValidateFrames,
        secyIfReplayProtectEnable,
        secyIfReplayProtectWindow,
        secyIfCurrentCipherSuite,
        secyIfAdminPt2PtMAC,
        secyIfOperPt2PtMAC,
        secyIfIncludeSCIEnable,
        secyIfUseESEnable,
        secyIfUseSCBEnable
    }
    STATUS      deprecated
    DESCRIPTION "SecY service management (secyIfTable) objects."
    ::= { secyMIBGroups 1 }

secyIfTCGroup    OBJECT-GROUP
    OBJECTS {
        secyIfTCTrafficClass
    }
    STATUS      current --- 802.1AEcg
    DESCRIPTION "Traffic class control (secyIfTCTable)."
    ::= { secyMIBGroups 14 }

secyIfAPGroup    OBJECT-GROUP
    OBJECTS {
        secyIfAPAccessPCP
    }
    STATUS      current --- 802.1AEcg
    DESCRIPTION "Access Priority Code Point control (secyIfAPTable)."
    ::= { secyMIBGroups 15 }
    
-- Transmit SC and SA MIB Groups    

secyTSCGroup    OBJECT-GROUP
    OBJECTS {
        secyTSCState,
        secyTSCEncodingSA,
        secyTSCCreatedTime,
        secyTSCStartedTime,
        secyTSCStoppedTime
    }
    STATUS      current --- 802.1AEcg, updates secyTxSCGroup
    DESCRIPTION "Transmit SC management (secyTSCTable objects) for
                 systems supporting traffic class SCs."
    ::= { secyMIBGroups 16 }
    
secyTxSCGroup    OBJECT-GROUP
    OBJECTS {
        secyTxSCI,
        secyTxSCState,
        secyTxSCEncodingSA,
        secyTxSCEncipheringSA,
        secyTxSCCreatedTime,
        secyTxSCStartedTime,
        secyTxSCStoppedTime
    }
    STATUS      deprecated
    DESCRIPTION "Transmit SC management objects (for systems without
                 traffic class SC capabilities)."
    ::= { secyMIBGroups 2 }

secyTSAGroup    OBJECT-GROUP
    OBJECTS {
        secyTSAState,
        secyTSANextXPN,
        secyTSAConfidentiality,
        secyTSAKeyIdentifier,
        secyTSASSCI,
        secyTSACreatedTime,
        secyTSAStartedTime,
        secyTSAStoppedTime
    }
    STATUS      current --- 802.1AEcg, updates secyTxSAGroup
    DESCRIPTION "Transmit SA management (secyTSATable objects) for
                 systems supporting traffic class SCs."
    ::= { secyMIBGroups 17 }

secyTxSAGroup    OBJECT-GROUP
    OBJECTS {
        secyTxSAState,
        secyTxSANextPN,
        secyTxSAConfidentiality,
        secyTxSASAKUnchanged,
        secyTxSACreatedTime,
        secyTxSAStartedTime,
        secyTxSAStoppedTime
    }
    STATUS      deprecated
    DESCRIPTION "Transmit SA management objects (for systems without
                 traffic class SC capabilities)."
    ::= { secyMIBGroups 3 }
    
-- Receive SC and SA MIB Groups    

secyRSCGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSCState,
        secyRxSCCreatedTime,
        secyRxSCStartedTime,
        secyRxSCStoppedTime
    }
    STATUS      current --- 802.1AEcg, updates secyRxSCGroup
    DESCRIPTION "Receive SC management (secyRxSCTable objects)."
    ::= { secyMIBGroups 18 }

secyRxSCGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSCState,
        secyRxSCCurrentSA,
        secyRxSCCreatedTime,
        secyRxSCStartedTime,
        secyRxSCStoppedTime
    }
    STATUS      deprecated
    DESCRIPTION "Receive SC management objects."
    ::= { secyMIBGroups 4 }

secyRSAGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSAState,
        secyRxSANextXPN,
        secyRxSALowestXPN,
        secyRxSAKeyIdentifier,
        secyRxSASSCI,
        secyRxSACreatedTime,
        secyRxSAStartedTime,
        secyRxSAStoppedTime
    }
    STATUS      current --- 802.1AEcg, updates secyRxSAGroup
    DESCRIPTION "Receive SA (secyRxSATable objects)."
    ::= { secyMIBGroups 19 }

secyRxSAGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSAState,
        secyRxSANextPN,
        secyRxSASAKUnchanged,
        secyRxSACreatedTime,
        secyRxSAStartedTime,
        secyRxSAStoppedTime
    }
    STATUS      deprecated
    DESCRIPTION "Receive SA management objects."
    ::= { secyMIBGroups 5 }
    
-- Cipher information, use, and statistics MIB Groups

secyCipherInfoGroup    OBJECT-GROUP
    OBJECTS {
        secyCipherSuiteId,
        secyCipherSuiteName,
        secyCipherSuiteCapability,
        secyCipherSuiteDataLengthChange,
        secyCipherSuiteICVLength
    }
    STATUS      current --- 802.1AEcg, updates secyCipherSuiteGroup
    DESCRIPTION "Cipher Suite implementation information 
                 (secyCipherSuiteTable objects)."
    ::= { secyMIBGroups 21 }

secyCipherSuiteGroup    OBJECT-GROUP
    OBJECTS {
        secyCipherSuiteId,
        secyCipherSuiteName,
        secyCipherSuiteCapability,
        secyCipherSuiteProtection,
        secyCipherSuiteProtectionOffset,
        secyCipherSuiteDataLengthChange,
        secyCipherSuiteICVLength,
        secyCipherSuiteRowStatus
    }
    STATUS      deprecated
    DESCRIPTION "Cipher Suite information objects."
    ::= { secyMIBGroups 6 }
    
secyIfCipherGroup    OBJECT-GROUP
    OBJECTS {
        secyIfCipherImplemented,
        secyIfCipherEnableUse,
        secyIfCipherRqConfidentiality
    }
    STATUS      current --- 802.1AEcg
    DESCRIPTION "Cipher Suite use control (secyIfCipherTable  objects)."
    ::= { secyMIBGroups 13 }
    
secyCipherStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyStatsTxOctetsProtected,
        secyStatsTxOctetsEncrypted,
        secyStatsRxOctetsValidated,
        secyStatsRxOctetsDecrypted
    }
    STATUS      current --- 802.1AEcg
    DESCRIPTION
        "Cipher Suite performance statistics (from secyStatsTable)."
    ::= { secyMIBGroups 24 }
    
-- Transmit and Receive SA and SC statistics MIB Groups

secyTxSAStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyTxSAStatsProtectedPkts,
        secyTxSAStatsEncryptedPkts
    }
    STATUS      deprecated
    DESCRIPTION "Transmit SA statistics objects."
    ::= { secyMIBGroups 7 }

secyRxSAStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSAStatsUnusedSAPkts,
        secyRxSAStatsNoUsingSAPkts,
        secyRxSAStatsNotValidPkts,
        secyRxSAStatsInvalidPkts,
        secyRxSAStatsOKPkts
    }
    STATUS      deprecated
    DESCRIPTION "Receive SA statistics objects."
    ::= { secyMIBGroups 8 }

secyTSCStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyTSCStatsProtectedPkts,
        secyTSCStatsEncryptedPkts
    }
    STATUS      current --- 802.1AEcg, updates secyTxSCStatsGroup
    DESCRIPTION "Transmit SC statistics (secyTSCStatsTable objects)."
    ::= { secyMIBGroups 22 }
    
secyTxSCStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyTxSCStatsProtectedPkts,
        secyTxSCStatsEncryptedPkts,
        secyTxSCStatsOctetsProtected,
        secyTxSCStatsOctetsEncrypted
    }
    STATUS      deprecated
    DESCRIPTION "Transmit SC statistics objects."
    ::= { secyMIBGroups 9 }

secyRSCStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSCStatsLatePkts,
        secyRxSCStatsNotValidPkts,
        secyRxSCStatsInvalidPkts,
        secyRxSCStatsDelayedPkts,
        secyRxSCStatsUncheckedPkts,
        secyRxSCStatsOKPkts
    }
    STATUS      current --- 802.1AEcg, updates secyRxSCStatsGroup
    DESCRIPTION "Receive SC statistics (secyRxSCStatsTable objects)."
    ::= { secyMIBGroups 23 }
    
secyRxSCStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyRxSCStatsUnusedSAPkts,
        secyRxSCStatsNoUsingSAPkts,
        secyRxSCStatsLatePkts,
        secyRxSCStatsNotValidPkts,
        secyRxSCStatsInvalidPkts,
        secyRxSCStatsDelayedPkts,
        secyRxSCStatsUncheckedPkts,
        secyRxSCStatsOKPkts,
        secyRxSCStatsOctetsValidated,
        secyRxSCStatsOctetsDecrypted
    }
    STATUS      deprecated
    DESCRIPTION
        "Receive SC statistics objects."
    ::= { secyMIBGroups 10 }
    
-- Controlled Port service statistics MIB Groups

secyIfStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyStatsTxUntaggedPkts,
        secyStatsTxTooLongPkts,
        secyStatsRxUntaggedPkts,
        secyStatsRxNoTagPkts,
        secyStatsRxBadTagPkts,
        secyStatsRxNoSAPkts,
        secyStatsRxNoSAErrorPkts,
        secyStatsRxOverrunPkts
    }
    STATUS      current --- 802.1AEcg, updates secyRxSCStatsGroup
    DESCRIPTION
        "SecY statistics (secyStatsTable objects)."
    ::= { secyMIBGroups 20 }

secyStatsGroup    OBJECT-GROUP
    OBJECTS {
        secyStatsTxUntaggedPkts,
        secyStatsTxTooLongPkts,
        secyStatsRxUntaggedPkts,
        secyStatsRxNoTagPkts,
        secyStatsRxBadTagPkts,
        secyStatsRxUnknownSCIPkts,
        secyStatsRxNoSCIPkts,
        secyStatsRxOverrunPkts
    }
    STATUS      deprecated
    DESCRIPTION
        "SecY statistics objects."
    ::= { secyMIBGroups 11 }
    
END


