Presentation is loading. Please wait.

Presentation is loading. Please wait.

Frank Chao San Antonio 11/22/2004.1AE Management Info.

Published byKimberly Powell Modified over 8 years ago

Similar presentations

Presentation on theme: "Frank Chao San Antonio 11/22/2004.1AE Management Info."— Presentation transcript:

1 Frank Chao fchao@cisco.com San Antonio 11/22/2004.1AE Management Info

2 Event APIs Configuration APIs SNMPCLIEAP.1af LMI (data structure) Common port Controlled port Uncontrolled port User controlled port.1AE.1AE Management Info

3 LMI (Layer Management Interface) –Data Structure –Accessed by.1AE,.1af, SNMP/MIB, EAP –Containing.1AE and.1af configuration, protocol states, and counter/diagnosis information. –.1AE uses LMI to control the MACsec packet processing directly or through APIs. –Change the data in LMI may cause actions in SecY or KaY

4 .1AE Management Info MACsec Mgmt Information –Multiple Control Flags to control MACsec status. (global objects) (To have the transition of deployment smoothly.) –Status of MACsec (macSecStatus) –rxSecYSCCapability : number peer receiving SCs per SecY can have. SecY Mgmt Information –Table indexed by InterfaceIndex (IF-MIB). –ValidateRxFrames : flag for validation process in receiving. (10.5.3) –ProtectTxFrames : flag for protection process in transmitting. –Current Cipher Suite. (10.5.4) (Row Pointer) –adminPointToPointMAC, operPointToPointMAC (6.5)

5 .1AE Management Info –RxReplayChk : flag for rx replay check. (10.6.2) –Tx SC : transmit SC informaiton. –Rx SCs : receive SCs informaiton. (will be in another table.) –lastUnknownSC : an SCI information to record last rx unknown SC (10.6.1) with time stamp.

6 .1AE Management Info Tx SC Mgmt Information –scState : state of this transmit SC ? (rolled from saState informaiton.) –SCI : the SCI for the SC used by SecY for transmit. (10.5) –txEncodingSA : current SA number. (Integer) (10.5.1) –txEncipheringSA : previous SA number. (Integer) (10.5.4) Tx SA : (table with 4 entries) –Table indexed by InterfaceIndex and AN. –saState : state of this transmit SA. –saCmd : command executing in the SA. –txSAK : key for transmitting. (7.1, 10.5.1) (not in the MIB.) –txNextPN : next packet number (PN). (10.5.2)

7 .1AE Management Info Rx SCs Mgmt Information –Table indexed by InterfaceIndex and SCI. –scState : state of this receive SC ? (rolled from saState). –SCI : the SCI for the SC used by SecY for receive. (10.5) –rxCurrentSA : current using SA number in the SC. (Integer) (10.6.1) –lastUnknownSA : last un-resolved AN with timestamp. (10.6.1)

8 .1AE Management Info Rx SA Mgmt Information –Table indexed by InterfaceIndex and SCI and AN. –saState : state of this receive SA. –saCmd : command excecuting in the SA. –rxSAK : key for receiving. (7.1, 10.6.1) (not in the MIB.) –rxLastPN : last received packet number (PN). (10.6.2) –rxLastValidatedPN : last received validated PN. (10.6.2)

9 .1AE Management Info Cipher Suites : –Name : name of this cipher suite, could be MIB table index. –Description : information about the Cipher Suite. –Confidentiality : flag indicate the cipher suite with confidentiality ability. –SecureDataLengthChange : a flag to indicate the length of ciphered text is different from the length of plain text. –ICV length : the length of generated ICV.

10 .1AE Management Info SA Rx Counters : –Table indexed by InterfaceIndex and SCI and AN –InCntReinitTime : A timestamp for the counters’ discontinuity in this SA. –OutCntStopTime : A timestamp for the counters’ discontinuity in this SA, stop time. –InXcastPktsNotReceived (the name will be modified to represent the real meaning.) –InXcastPktsInvalid –InXcastPktsReplayed –InXcastPktsMisordered

11 –InXcastPktsOrdered –InXcastPktsEncrypted –InXcastPktsDecrypted –InXcastOctetsEncrypted (MSDU) –InXcastOctetsDecrypted (MSDU).1AE Management Info

12 SC Rx counters : –Indexed by InterfaceIndex and SCI –InXcastPktsNotReceived –InXcastPktsInvalid –InXcastPktsReplayed –InXcastPktsMisordered –InXcastPktsOrdered –InXcastPktsEncrypted –InXcastPktsDecrypted –InXcastOctetsEncrypted (MSDU) –InXcastOctetsDecrypted (MSDU).1AE Management Info

13 SecY Rx Counters : –Table Indexed by InterfaceIndex –InXcastPktsNoTag –InXcastPktsBadTag –InXcastPktsUnknownSCI –InXcastPktsUntagged –InXcastPktsUnchecked –InXcastPktsNotReceived –InXcastPktsInvalid –InXcastPktsReplayed –InXcastPktsMisordered –InXcastPktsOrdered –InXcastPktsEncrypted –InXcastPktsDecrypted –InXcastOctetsEncrypted (MSDU) –InXcastOctetsDecrypted (MSDU).1AE Management Info

14 SA Tx counters : –Table indexed by InterfaceIndex and AN –OutCntReinitTime : A timestamp for the counters’ discontinuity in this SA, re-initialization time. –OutCntStopTime : A timestamp for the counters’ discontinuity in this SA, stop time. –OutPktsPnExhausted –OutPktsToolong –OutXcastPktsProtected –OutXcastPktsUntagged –OutXcastPktsEncrypted –OutXcastOctetsEncrypted (MSDU).1AE Management Info

15 SecY Tx Counters : –Table indexed by InterfaceIndex –OutPktsPnExhausted –OutPktsToolong –OutXcastPktsProtected –OutXcastPktsUntagged –OutXcastPktsEncrypted –OutXcastOctetsEncrypted (MSDU).1AE Management Info

16 RFC2863 : Interface MIB counters ifInOctets Counter32, ifInUcastPkts Counter32, ifInDiscards Counter32, ifInErrors Counter32, ifInUnknownProtos Counter32, ifOutOctets Counter32, ifOutUcastPkts Counter32, ifOutDiscards Counter32, ifOutErrors Counter32, ifInMulticastPkts Counter32, ifInBroadcastPkts Counter32, ifOutMulticastPkts Counter32, ifOutBroadcastPkts Counter32, ifHCInOctets Counter64, ifHCInUcastPkts Counter64, ifHCInMulticastPkts Counter64, ifHCInBroadcastPkts Counter64, ifHCOutOctets Counter64, ifHCOutUcastPkts Counter64, ifHCOutMulticastPkts Counter64, ifHCOutBroadcastPkts Counter64.1AE Management Info

17 MIB Design –Will follow the MIB-REVIEW-GUIDELINES, http://www.ietf.org/internet-drafts/draft-ietf- ops-mib-review-guidelines-03.txt, valid to Dec. 2004. http://www.ietf.org/internet-drafts/draft-ietf- ops-mib-review-guidelines-03.txt –SNMPv3 access only ?.1AE Management Info

Download ppt "Frank Chao San Antonio 11/22/2004.1AE Management Info."

Similar presentations

Discussion of KaY Key Exchange and Management Interface to SecY

Discussion of KaY Key Exchange and Management Interface to SecY
An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.

An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
SNMP v3.

SNMP v3.
1 Jim Binkley SNMPv2 Overview Network Mgmt/Sec.. 2 Jim Binkley Outline u intro u SMI u protocol (changes) u MIB (changes) u conclusion.

1 Jim Binkley SNMPv2 Overview Network Mgmt/Sec.. 2 Jim Binkley Outline u intro u SMI u protocol (changes) u MIB (changes) u conclusion.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

A. Steffen, , 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Implementing a Highly Available Network

Implementing a Highly Available Network
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
5/31/05CS118/Spring051 twisted pair hub 10BaseT, 100BaseT, hub r T= Twisted pair (copper wire) r Nodes connected to a hub, 100m max distance r Hub: physical.

5/31/05CS118/Spring051 twisted pair hub 10BaseT, 100BaseT, hub r T= Twisted pair (copper wire) r Nodes connected to a hub, 100m max distance r Hub: physical.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
1 Interconnection ECS 152A. 2 Interconnecting with hubs r Backbone hub interconnects LAN segments r Extends max distance between nodes r But individual.

1 Interconnection ECS 152A. 2 Interconnecting with hubs r Backbone hub interconnects LAN segments r Extends max distance between nodes r But individual.
Internet Security CSCE 813 IPsec. CSCE 813 - Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,

Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
Remote Network Monitoring (RMON)

Remote Network Monitoring (RMON)
Chapter 17 TACACS+.

Chapter 17 TACACS+.

Similar presentations

Ads by Google