LUM-CRYPTO-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64
        FROM SNMPv2-SMI
    OBJECT-GROUP, MODULE-COMPLIANCE
        FROM SNMPv2-CONF
    TEXTUAL-CONVENTION, DateAndTime, DisplayString
        FROM SNMPv2-TC
    lumModules, lumCryptoMIB
        FROM LUM-REG
    SignalStatusWithNA, FaultStatusWithNA, MgmtNameString, CommandString,
    Unsigned32WithNA, OperStatusWithNA, OnOff, ResetWithNA, OperStatusWithNA,
    AdminStatusWithNA
        FROM LUM-TC;

lumCryptoMIBModule MODULE-IDENTITY
    LAST-UPDATED
        "201810310000Z" -- Oct 31st 2018
    ORGANIZATION
        "Infinera Corporation"
    CONTACT-INFO
        "techsupport@infinera.com"
    DESCRIPTION
        "This module describes the traffic encryption.

        The tables contained in this MIB are:

        (1) The General group contains some general attributes as time stamps
            and tables sizes.

        (2) Crypto Auth.

        (3) Crypto Peer.

        (4) Crypto Pmadmin

        (5) Performance.

"
    REVISION
        "201810310000Z" -- Oct 31st 2018
    DESCRIPTION
        "The initial revision of this module."
    ::= { lumModules 71 }



CryptoPeriodWithNA ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The period time for performance data.

        period15minutes - 15 minutes
        period24hours - 24 hours"

    SYNTAX INTEGER {
        period15minutes (1),
        period24hours (2),
        notApplicable (2147483647) }

CryptoMeasurementTypeWithNA ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The direction type.

        rx - receiver, only ingoing signal
        tx - transmitter, only outgoing signal
        both - rx and tx both"

    SYNTAX INTEGER {
        rx (1),
        tx (2),
        both (3),
        notApplicable (2147483647) }

BooleanWithNA ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Defines a value that can be true, false or not available

        true -        The condition is true

        false -       The condition is false

        notAvailable (2147483646) is used when attribute is
        not available under current circumstances. This value
        is only used when used for a state.

        notApplicable (2147483647) is used when attribute is
        not used in current configuration."

    SYNTAX INTEGER {
           true (1),
           false (2),
           notAvailable (2147483646),
           notApplicable (2147483647) }


-- ----------------------------------------------------
-- Compliance area, containing groups and compliance
-- specifications.
-- ----------------------------------------------------

lumCryptoConfs OBJECT IDENTIFIER ::= { lumCryptoMIB 1 }
lumCryptoGroups OBJECT IDENTIFIER ::= { lumCryptoConfs 1 }
lumCryptoCompl OBJECT IDENTIFIER ::= { lumCryptoConfs 2 }


-- ----------------------------------------------------
-- Root for objects in the CRYPTO MIB
-- ----------------------------------------------------

lumCryptoMIBObjects OBJECT IDENTIFIER ::= { lumCryptoMIB 2 }


-- ----------------------------------------------------
-- This MIB contains the following groups:
-- ----------------------------------------------------
cryptoGeneral OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 1 }
cryptoAuthList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 2 }
cryptoIKEPeerList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 3 }
cryptoDataplaneEncryptionList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 4 }
cryptoPmadminList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 5 }
cryptoPerformanceList OBJECT IDENTIFIER ::= { lumCryptoMIBObjects 6 }


-- ----------------------------------------------------
-- General group
-- ----------------------------------------------------

cryptoGeneralConfigLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the configuration of the MIB was
        last changed.

"
    ::= { cryptoGeneral 1 }

cryptoGeneralStateLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the state and/or configuration of
        the MIB was last changed.

"
    ::= { cryptoGeneral 2 }

cryptoGeneralCryptoAuthTableSize OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Size of table.

"
    ::= { cryptoGeneral 3 }

cryptoGeneralCryptoAuthConfigLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the configuration of the table was
        last changed.

"
    ::= { cryptoGeneral 4 }

cryptoGeneralCryptoAuthStateLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the state and/or configuration of
        the table was last changed.

"
    ::= { cryptoGeneral 5 }

cryptoGeneralCryptoIKEPeerTableSize OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Size of table.

"
    ::= { cryptoGeneral 6 }

cryptoGeneralCryptoIKEPeerConfigLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the configuration of the table was
        last changed.

"
    ::= { cryptoGeneral 7 }

cryptoGeneralCryptoIKEPeerStateLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the state and/or configuration of
        the table was last changed.

"
    ::= { cryptoGeneral 8 }

cryptoGeneralCryptoDataplaneEncryptionTableSize OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Size of table.

"
    ::= { cryptoGeneral 9 }

cryptoGeneralCryptoDataplaneEncryptionConfigLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the configuration of the table was
        last changed.

"
    ::= { cryptoGeneral 10 }

cryptoGeneralCryptoDataplaneEncryptionStateLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the state and/or configuration of
        the table was last changed.

"
    ::= { cryptoGeneral 11 }

cryptoGeneralCryptoPmadminTableSize OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Size of cryptoPmadmin table.

"
    ::= { cryptoGeneral 12 }

cryptoGeneralCryptoPmadminConfigLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the configuration of the table was
        last changed.

"
    ::= { cryptoGeneral 13 }

cryptoGeneralCryptoPmadminStateLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the state and/or configuration of
        the table was last changed.

"
    ::= { cryptoGeneral 14 }

cryptoGeneralCryptoPerformanceTableSize OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Size of cryptoPerformance performance table.

"
    ::= { cryptoGeneral 15 }

cryptoGeneralCryptoPerformanceConfigLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the configuration of the table was
        last changed.

"
    ::= { cryptoGeneral 16 }

cryptoGeneralCryptoPerformanceStateLastChangeTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The time when the state and/or configuration of
        the table was last changed.

"
    ::= { cryptoGeneral 17 }


-- ----------------------------------------------------
-- Crypto Auth group
-- ----------------------------------------------------

cryptoAuthTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF CryptoAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The crypto auth group contains information and
         configuration for the crypto authentication."

    ::= { cryptoAuthList 1 }

cryptoAuthEntry OBJECT-TYPE
    SYNTAX      CryptoAuthEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the crypto auth list.

"
    INDEX { cryptoAuthIndex }
    ::= { cryptoAuthTable 1 }

CryptoAuthEntry ::=
    SEQUENCE {
        cryptoAuthIndex                   Unsigned32,
        cryptoAuthUId                     Unsigned32,
        cryptoAuthName                    MgmtNameString,
        cryptoAuthIdentity                MgmtNameString,
        cryptoAuthReAuthInterval          Unsigned32,
        cryptoAuthReAuth                  CommandString,
        cryptoAuthCreateIKEPeer           CommandString,
        cryptoAuthenticationGenerateUniqueID			  CommandString,
        cryptoGeneratedUniqueIdentity	  MgmtNameString}

cryptoAuthIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An index assigned to each entry.

"
    ::= { cryptoAuthEntry 1 }

cryptoAuthUId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A unique identifier assigned to each entry.

"
    ::= { cryptoAuthEntry 2 }

cryptoAuthName OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The management name of the object,
        in the format 'authentication:subrack:slot:Id'

"
    ::= { cryptoAuthEntry 3 }

cryptoAuthIdentity OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A globally unique authentication identifier for this board.
        This is unique identity for communication, if found blank
        please generate it using Generate Authentication Identity Option.

"
    ::= { cryptoAuthEntry 4 }

cryptoAuthReAuthInterval OBJECT-TYPE
    SYNTAX      Unsigned32 (1..1000)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Denotes the interval after which reauthentication
         will be triggered to ensure message integrity.

"
    DEFVAL { 24 }
    ::= { cryptoAuthEntry 5 }

cryptoAuthReAuth OBJECT-TYPE
    SYNTAX      CommandString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Action to initiate reauthentication for all IKE peers.

"
    ::= { cryptoAuthEntry 6 }

cryptoAuthCreateIKEPeer OBJECT-TYPE
    SYNTAX      CommandString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Command for creating an IKE peer entry.

"
    ::= { cryptoAuthEntry 7 }

cryptoAuthenticationGenerateUniqueID OBJECT-TYPE
    SYNTAX      CommandString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Use this option to generate unique ID for IKE authentication.

"
    ::= { cryptoAuthEntry 8 }

cryptoGeneratedUniqueIdentity OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "A generated unique identifier which will be used,
        in case backplane serial number is not present for node.

"
	DEFVAL { "" }
    ::= { cryptoAuthEntry 9 }


-- ----------------------------------------------------
-- Crypto IKE Peer group
-- ----------------------------------------------------

cryptoIKEPeerTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF CryptoIKEPeerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The crypto peer group contains information and
         configuration for the crypto peer."

    ::= { cryptoIKEPeerList 1 }

cryptoIKEPeerEntry OBJECT-TYPE
    SYNTAX      CryptoIKEPeerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the crypto peer list.

"
    INDEX { cryptoIKEPeerIndex }
    ::= { cryptoIKEPeerTable 1 }

CryptoIKEPeerEntry ::=
    SEQUENCE {
        cryptoIKEPeerIndex                      Unsigned32,
        cryptoIKEPeerUId                        Unsigned32,
        cryptoIKEPeerName                       MgmtNameString,
        cryptoIKEPeerIdentity                   MgmtNameString,
        cryptoIKEPeerExpectedIKEPeerIdentity    MgmtNameString,
        cryptoIKEPeerAuthScheme                 INTEGER,
        cryptoIKEPeerPSK                        DisplayString,
        cryptoIKEPeerAdminStatus                INTEGER,
        cryptoIKEPeerOperStatus                 OperStatusWithNA,
        cryptoIKEPeerLastReAuthTime             DateAndTime,
        cryptoIKEPeerReKeyInterval              Unsigned32,
        cryptoIKEPeerLastReKeyTime  	        DateAndTime,
        cryptoIKEPeerReKey                      CommandString,
        cryptoIKEPeerConfigMismatch             FaultStatusWithNA,
        cryptoIKEPeerUnreachable		        FaultStatusWithNA,
        cryptoIKEPeerAuthenticationFailure	    FaultStatusWithNA,
        cryptoIKEPeerReKeyFailure		        FaultStatusWithNA }

cryptoIKEPeerIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An index assigned to each entry.

"
    ::= { cryptoIKEPeerEntry 1 }

cryptoIKEPeerUId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unique identifier assigned to each entry.

"
    ::= { cryptoIKEPeerEntry 2 }

cryptoIKEPeerName OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The management name of the object,
        in the format 'ikePeer:subrack:slot:Id.'

"
    ::= { cryptoIKEPeerEntry 3 }

cryptoIKEPeerIdentity OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A globally unique authentication identifier for this IKE peer.

"
    DEFVAL { "" }
    ::= { cryptoIKEPeerEntry 4 }

cryptoIKEPeerExpectedIKEPeerIdentity OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Denotes the user configured expected identifier of the IKE peer.

"
    DEFVAL { "" }
    ::= { cryptoIKEPeerEntry 5 }

cryptoIKEPeerAuthScheme OBJECT-TYPE
    SYNTAX      INTEGER {
        psk        (1)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The authentication scheme to use for this IKE peer.

"
    DEFVAL { 1 }
    ::= { cryptoIKEPeerEntry 6 }

cryptoIKEPeerPSK OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
	"The pre-shared key(PSK) used to authenticate the IKE peer.
	
	PSK should be in the below format:
	- text string
	- valid length: 64-128 characters
	
"
    DEFVAL { "" }
    ::= { cryptoIKEPeerEntry 7 }

cryptoIKEPeerAdminStatus OBJECT-TYPE
    SYNTAX      INTEGER {
        up      (1),
        service (2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The administrative state for the IKE peer.

        service - the object is activated but alarms
        are suppressed. Intended for use during service
        or reconfiguration. When service is concluded
        adminStatus should be set to 'up' again.

        up - the object is active and alarms are not suppressed.

"
    DEFVAL { 1 }
    ::= { cryptoIKEPeerEntry 8 }


cryptoIKEPeerOperStatus OBJECT-TYPE
    SYNTAX      OperStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The operational state of this object.
         This attribute is required to automatically suppress (or not)
         the alarms from admin status attribute.
"
    ::= { cryptoIKEPeerEntry 9 }

cryptoIKEPeerLastReAuthTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The last time this IKE peer was reauthenticated.

"
    ::= { cryptoIKEPeerEntry 10 }

cryptoIKEPeerReKeyInterval OBJECT-TYPE
    SYNTAX      Unsigned32 (600..86400)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value denotes the remaining time interval beyond which the system
         will initiate re-key for this IKE peer.

"
    DEFVAL { 3600 }
    ::= { cryptoIKEPeerEntry 11 }

cryptoIKEPeerLastReKeyTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The last time the peer was rekeyed.

"
    ::= { cryptoIKEPeerEntry 12 }

cryptoIKEPeerReKey OBJECT-TYPE
    SYNTAX      CommandString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Action to initiate rekey for this IKE peer.

"
    ::= { cryptoIKEPeerEntry 13 }

cryptoIKEPeerConfigMismatch OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IKE SA cannot be negotiated due to mismatch in SA proposal.

        alarm: configured peer identity wrong or un-configured.

        ok: the encryption configuration matches.

"
    ::= { cryptoIKEPeerEntry 14 }

cryptoIKEPeerUnreachable OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Unable to reach the IKE Peer.

        alarm: communication failure.

        ok: IKE peer communication successfull.

"
    ::= { cryptoIKEPeerEntry 15 }

cryptoIKEPeerAuthenticationFailure OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Re-authentication with the peer instance failed.

        alarm: re-authentication with the peer instance failed.

        ok: the IKE authentication is successfull.

"
    ::= { cryptoIKEPeerEntry 16 }

cryptoIKEPeerReKeyFailure OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The rekey of the IKE SA fails.

        alarm: IKE SA rekey is unsuccessfull.

        ok: IKE SA rekey is successfull.

"
    ::= { cryptoIKEPeerEntry 17 }


-- ----------------------------------------------------
-- Crypto Dataplane Encryption group
-- ----------------------------------------------------

cryptoDataplaneEncryptionTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF CryptoDataplaneEncryptionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The crypto dataplane encryption contains information and
         configuration for the crypto dataplane encryption."

    ::= { cryptoDataplaneEncryptionList 1 }

cryptoDataplaneEncryptionEntry OBJECT-TYPE
    SYNTAX      CryptoDataplaneEncryptionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the crypto dataplane encryption list.

"
    INDEX { cryptoDataplaneEncryptionIndex }
    ::= { cryptoDataplaneEncryptionTable 1 }

CryptoDataplaneEncryptionEntry ::=
    SEQUENCE {
        cryptoDataplaneEncryptionIndex                      		Unsigned32,
        cryptoDataplaneEncryptionUId                        		Unsigned32,
        cryptoDataplaneEncryptionName                       		MgmtNameString,
        cryptoDataplaneEncryptionLocalDataplaneId           		MgmtNameString,
        cryptoDataplaneEncryptionExpectedPeerDataplaneId  		    MgmtNameString,
        cryptoDataplaneEncryptionDiscoveredPeerDataplaneId  		MgmtNameString,
        cryptoDataplaneEncryptionOTNOHAllocation            		INTEGER,
        cryptoDataplaneEncryptionIKEPeerIdentity            		INTEGER,
        cryptoDataplaneEncryptionReKeyInterval              		Unsigned32,
        cryptoDataplaneEncryptionFailurePolicy              		INTEGER,
        cryptoDataplaneEncryptionTrafficKillTimeOffset         		Unsigned32,
        cryptoDataplaneEncryptionEncryptionMode             		INTEGER,
        cryptoDataplaneEncryptionLastReKeyTimeTx      		      	DateAndTime,
        cryptoDataplaneEncryptionLastReKeyTimeRx	    		    DateAndTime,	
        cryptoDataplaneEncryptionPeerDpIdMismatch			        FaultStatusWithNA,
        cryptoDataplaneEncryptionConfigMismatch   			        FaultStatusWithNA,
        cryptoDataplaneEncryptionReKeyFailure 				        FaultStatusWithNA,
        cryptoDataplaneEncryptionRXKeyRotationFailure	   		    FaultStatusWithNA,
        cryptoDataplaneEncryptionIVExhausted 			    	    FaultStatusWithNA,
        cryptoDataplaneEncryptionFunctionBlocked		    	    FaultStatusWithNA,
        cryptoDataplaneEncryptionUnexpectedRxKeyId                  FaultStatusWithNA,
	    cryptoDataplaneEncryptionReKey                              CommandString }

cryptoDataplaneEncryptionIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An index assigned to each entry.

"
    ::= { cryptoDataplaneEncryptionEntry 1 }

cryptoDataplaneEncryptionUId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unique identifier assigned to each entry.

"
    ::= { cryptoDataplaneEncryptionEntry 2 }

cryptoDataplaneEncryptionName OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The management name of the Dataplane Link,
        in the format 'dpEncr:subrack:slot:portNumber'.

"
    ::= { cryptoDataplaneEncryptionEntry 3 }

cryptoDataplaneEncryptionLocalDataplaneId OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Denotes the unique local unique identifier for the dataplane link

"
    ::= { cryptoDataplaneEncryptionEntry 4 }

cryptoDataplaneEncryptionExpectedPeerDataplaneId OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Denotes the user configured expected Dataplane link peer unique identifier.

"
    DEFVAL { "" }
    ::= { cryptoDataplaneEncryptionEntry 5 }

cryptoDataplaneEncryptionDiscoveredPeerDataplaneId OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Denotes the actual peer Dataplane link identifier discovered by the system.

"
    ::= { cryptoDataplaneEncryptionEntry 6 }

cryptoDataplaneEncryptionOTNOHAllocation OBJECT-TYPE
    SYNTAX      INTEGER {
        apspcctcm3     (1),
        apspcctcm1     (2),
        tcm1           (3),
        tcm3           (4)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Denotes the OTN overhead chosen by the user for Dataplane link.

"
    DEFVAL { 1 }
    ::= { cryptoDataplaneEncryptionEntry 7 }

cryptoDataplaneEncryptionIKEPeerIdentity OBJECT-TYPE
    SYNTAX      INTEGER {
        none       (0),
        ikePeer1   (1),
        ikePeer2   (2),
        ikePeer3   (3),
        ikePeer4   (4),
        ikePeer5   (5),
        ikePeer6   (6),
        ikePeer7   (7),
        ikePeer8   (8),
        ikePeer9   (9),
        ikePeer10  (10),
        ikePeer11  (11),
        ikePeer12  (12),
        ikePeer13  (13),
        ikePeer14  (14),
        ikePeer15  (15),
        ikePeer16  (16),
        notApplicable (2147483647)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Denotes the corresponding IKE Peer associated to the data plane link.

"
        DEFVAL { 0 }
    ::= { cryptoDataplaneEncryptionEntry 8 }

cryptoDataplaneEncryptionReKeyInterval OBJECT-TYPE
    SYNTAX      Unsigned32 (60..86400)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value denotes the remaining time interval beyond which the system will initiate re-key.

"
    DEFVAL { 300 }
    ::= { cryptoDataplaneEncryptionEntry 9 }

cryptoDataplaneEncryptionFailurePolicy OBJECT-TYPE
    SYNTAX      INTEGER {
        continueop    (1),
        killtraffic   (2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value denotes which policy is applied on rekey or re-auth failure scenarios.
        continueop - indicates continue operation
        killtraffic - indicates stop the traffic after Kill Time offset.

"
    DEFVAL { 1 }
    ::= { cryptoDataplaneEncryptionEntry 10 }

cryptoDataplaneEncryptionTrafficKillTimeOffset OBJECT-TYPE
    SYNTAX      Unsigned32 (0..86400)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Represents, how long to hold-off before traffic should be killed.
		Applies if failure policy is set to kill traffic.
		
"
    DEFVAL { 900 }
    ::= { cryptoDataplaneEncryptionEntry 11 }

cryptoDataplaneEncryptionEncryptionMode OBJECT-TYPE
    SYNTAX      INTEGER {
        bypass     (1),
        gcm        (2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Denotes the encryption mode selected by user for Dataplane link

"
    DEFVAL { 1 }
    ::= { cryptoDataplaneEncryptionEntry 12 }

cryptoDataplaneEncryptionLastReKeyTimeTx OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Denotes the last time the dataplane was rekeyed in tx direction.

"
    ::= { cryptoDataplaneEncryptionEntry 13 }

cryptoDataplaneEncryptionLastReKeyTimeRx OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Denotes the last time the dataplane was rekeyed in rx direction.

"
    ::= { cryptoDataplaneEncryptionEntry 14 }

cryptoDataplaneEncryptionPeerDpIdMismatch OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The expected peer dataplane identity does not match with what is discovered.

        alarm: expected peer dataplane identity does not match with what is discovered.

        ok: peer dataplane matches with what is discovered.

"
    ::= { cryptoDataplaneEncryptionEntry 15 }


cryptoDataplaneEncryptionConfigMismatch OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The CHILD SA cannot be negotiated due to config mismatch.

        alarm: CHILD SA cannot be negotiated due to config mismatch.

        ok: encryption config matches successfully.

"
    ::= { cryptoDataplaneEncryptionEntry 16 }

cryptoDataplaneEncryptionReKeyFailure OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The rekey of the CHILD SA fails.

        alarm: rekey of the CHILD SA fails.

        ok: rekey of child SA successfull.

"
    ::= { cryptoDataplaneEncryptionEntry 17 }

cryptoDataplaneEncryptionRXKeyRotationFailure OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Rx key rotation failure.

        alarm: rx key rotation failure.

        ok: new key handshake successfull.

"
    ::= { cryptoDataplaneEncryptionEntry 18 }


cryptoDataplaneEncryptionIVExhausted OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IV has been used too many times  and is about to wrap back to zero.

        alarm: data plane has detected that the IV has been used too many times.

        ok: IV exhaustion condition cleared.

"
    ::= { cryptoDataplaneEncryptionEntry 19 }


cryptoDataplaneEncryptionFunctionBlocked OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This alarm is applicable when encryption mode = gcm
        but encryption is not in affect due to other alarms or admin status.

        alarm: encryption function blocked traffic.

        ok: encryption function enabled successfully.

"
    ::= { cryptoDataplaneEncryptionEntry 20 }


cryptoDataplaneEncryptionUnexpectedRxKeyId OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Unexpected rx key identifier.

        alarm: rx key identifier in the dataplane does not match with what has been programmed.

        ok: rx key Identifier matches successfully.

"
    ::= { cryptoDataplaneEncryptionEntry 21 }

cryptoDataplaneEncryptionReKey OBJECT-TYPE
    SYNTAX      CommandString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Action to initiate rekey for this Dataplane entity.

"
    ::= { cryptoDataplaneEncryptionEntry 22 }

-- ----------------------------------------------------
-- CryptoPmadmin group
-- This is a dummy table created to group objects of
-- cryptoPerformance table.
-- ----------------------------------------------------

cryptoPmadminTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF CryptoPmadminEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The  cryptoPmadmin group contains information and
         configuration for all cryptoPmadmin objects."

    ::= { cryptoPmadminList 1 }

cryptoPmadminEntry OBJECT-TYPE
    SYNTAX      CryptoPmadminEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the cryptoPmadmin list.

"
    INDEX { cryptoPmadminIndex }
    ::= { cryptoPmadminTable 1 }

CryptoPmadminEntry ::=
    SEQUENCE {
        cryptoPmadminIndex                        Unsigned32,
        cryptoPmadminName                         MgmtNameString,
        cryptoPmadminUId						  Unsigned32,
        cryptoPmadminConnAdminIfIndex       	  Unsigned32WithNA,
        cryptoPmadminUpId                         Unsigned32}

cryptoPmadminIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An index assigned to each entry.

"
    ::= { cryptoPmadminEntry 1 }

cryptoPmadminName OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The management name of the pmadmin object,
        for example 'cryptoPmadmin:1:2:1-2', where the first number indicates
        subrack, the second slot number and the third/fourth
        are the physical port numbers.

"
    ::= { cryptoPmadminEntry 2 }

cryptoPmadminUId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unique identifier assigned to each entry.

"
    ::= { cryptoPmadminEntry 3 }


cryptoPmadminConnAdminIfIndex OBJECT-TYPE
    SYNTAX      Unsigned32WithNA
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "An index that describes to which index in cryptoPmadmin table
        this object is related.

"
    ::= { cryptoPmadminEntry 4 }

cryptoPmadminUpId OBJECT-TYPE
    SYNTAX      Unsigned32   (0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Identity in the UP for the cryptoPmadmin entry

"
    DEFVAL { 0  }
    ::= { cryptoPmadminEntry 5 }



-- ----------------------------------------------------
-- CryptoPerformance group
-- ----------------------------------------------------

cryptoPerformanceTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF CryptoPerformanceEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The  cryptoPerformance performance group contains information and
         configuration for all cryptoPerformance performance objects."

    ::= { cryptoPerformanceList 1 }

cryptoPerformanceEntry OBJECT-TYPE
    SYNTAX      CryptoPerformanceEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the cryptoPerformance list.

"
    INDEX { cryptoPerformanceIndex }
    ::= { cryptoPerformanceTable 1 }

CryptoPerformanceEntry ::=
    SEQUENCE {
        cryptoPerformanceIndex                        Unsigned32,
        cryptoPerformanceName                         MgmtNameString,
        cryptoPerformanceUId						  Unsigned32,
        cryptoPerformanceConnAdminIfIndex       	  Unsigned32WithNA,
        cryptoPerformancePeriod                 	  CryptoPeriodWithNA,
        cryptoPerformanceType                   	  CryptoMeasurementTypeWithNA,
        cryptoPerformanceCounterNulledFrames          Counter64,
        cryptoPerformanceCounterAuthFail              Counter64,
        cryptoPerformanceCounterIvTrouble             Counter64,
        cryptoPerformanceCounterReplayErr             Counter64,
        cryptoPerformanceCounterTotalFrames           Counter64,
        cryptoPerformanceCounterAuthFrames            Counter64,
        cryptoPerformanceCounterEncryptedFrames       Counter64,
        cryptoPerformanceThresholdNulledFrames        Counter64,
        cryptoPerformanceThresholdAuthFail            Counter64,
        cryptoPerformanceThresholdIvTrouble           Counter64,
        cryptoPerformanceThresholdReplayErr           Counter64,
        cryptoPerformanceFaultStatusNulledFrames      FaultStatusWithNA,
        cryptoPerformanceFaultStatusAuthFail          FaultStatusWithNA,
        cryptoPerformanceFaultStatusIvTrouble         FaultStatusWithNA,
        cryptoPerformanceFaultStatusReplayErr         FaultStatusWithNA,
        cryptoPerformanceUpId                         Unsigned32}

cryptoPerformanceIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An index assigned to each entry.

"
    ::= { cryptoPerformanceEntry 1 }

cryptoPerformanceName OBJECT-TYPE
    SYNTAX      MgmtNameString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The management name of the performance object,
        for example 'cryptoPerformance:1:2:1-2', where the first number indicates
        subrack, the second slot number and the third/fourth
        are the physical port numbers.

"
    ::= { cryptoPerformanceEntry 2 }

cryptoPerformanceUId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An unique identifier assigned to each entry.

"
    ::= { cryptoPerformanceEntry 3 }


cryptoPerformanceConnAdminIfIndex OBJECT-TYPE
    SYNTAX      Unsigned32WithNA
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "An index that describes to which index in cryptoPerformance table
        this object is related.

"
    ::= { cryptoPerformanceEntry 4 }

cryptoPerformancePeriod OBJECT-TYPE
    SYNTAX      CryptoPeriodWithNA
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Period, 15 minute or 24 hour.
        - 15 minute interval measurements per
        measurement point

        - 24 hour interval measurements per
        measurement point

"
    ::= { cryptoPerformanceEntry 5 }

cryptoPerformanceType OBJECT-TYPE
    SYNTAX      CryptoMeasurementTypeWithNA
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The direction type of signal the interface expects.

        rx - Only ingoing signal.

        tx - Only outgoing signal.

        both - Ingoing and outgoing signal on the same
        port.

"
    ::= { cryptoPerformanceEntry 6 }

cryptoPerformanceCounterNulledFrames OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of nulled frames in traffic.

"
    ::= { cryptoPerformanceEntry 7 }

cryptoPerformanceCounterAuthFail OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Authentication fail count.

"
    ::= { cryptoPerformanceEntry 8 }

cryptoPerformanceCounterIvTrouble OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IV trouble count.

"
    ::= { cryptoPerformanceEntry 9 }

cryptoPerformanceCounterReplayErr OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Replay Error count.

"
    ::= { cryptoPerformanceEntry 10 }

cryptoPerformanceCounterTotalFrames OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total frames count.

"
    ::= { cryptoPerformanceEntry 11 }


cryptoPerformanceCounterAuthFrames OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Autheticated frames count.

"
    ::= { cryptoPerformanceEntry 12 }

cryptoPerformanceCounterEncryptedFrames OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Encrypted frames count.

"
    ::= { cryptoPerformanceEntry 13 }

cryptoPerformanceThresholdNulledFrames OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Nulled frames threshold.

"
    DEFVAL { 20 }
    ::= { cryptoPerformanceEntry 14 }

cryptoPerformanceThresholdAuthFail OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Auth failed threshold.

"
    DEFVAL { 20 }
    ::= { cryptoPerformanceEntry 15 }


cryptoPerformanceThresholdIvTrouble OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "IV trouble threshold.

"
    DEFVAL { 20 }
    ::= { cryptoPerformanceEntry 16 }

cryptoPerformanceThresholdReplayErr OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Replay Error threshold.

"
    DEFVAL { 20 }
    ::= { cryptoPerformanceEntry 17 }

cryptoPerformanceFaultStatusNulledFrames OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Nulled frames threshold exceeded.

        alarm: The number of errors during a period
        exceeds the associated threshold.

        ok: The number of errors during a
        period is below the threshold.

"
    ::= { cryptoPerformanceEntry 18 }

cryptoPerformanceFaultStatusAuthFail OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Auth fail threshold exceeded.

        alarm: The number of errors during a period
        exceeds the associated threshold.

        ok: The number of errors during a
        period is below the threshold.

"
    ::= { cryptoPerformanceEntry 19}

cryptoPerformanceFaultStatusIvTrouble OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IV trouble threshold exceeded.

        alarm: The number of errors during a period
        exceeds the associated threshold.

        ok: The number of errors during a
        period is below the threshold.

"
    ::= { cryptoPerformanceEntry 20 }


cryptoPerformanceFaultStatusReplayErr OBJECT-TYPE
    SYNTAX      FaultStatusWithNA
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Replay error threshold exceeded.

        alarm: The number of errors during a period
        exceeds the associated threshold.

        ok: The number of errors during a
        period is below the threshold.

"
    ::= { cryptoPerformanceEntry 21 }

cryptoPerformanceUpId OBJECT-TYPE
    SYNTAX      Unsigned32   (0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Identity in the UP for the cryptoPerf entry

"
    DEFVAL { 0  }
    ::= { cryptoPerformanceEntry 22 }

-- ----------------------------------------------------
-- Notifications
-- ----------------------------------------------------


-- ----------------------------------------------------
-- Object and event groups
-- ----------------------------------------------------


cryptoGeneralGroupV1 OBJECT-GROUP
    OBJECTS {
        cryptoGeneralConfigLastChangeTime,
        cryptoGeneralStateLastChangeTime,
        cryptoGeneralCryptoAuthTableSize,
        cryptoGeneralCryptoAuthConfigLastChangeTime,
        cryptoGeneralCryptoAuthStateLastChangeTime,
        cryptoGeneralCryptoIKEPeerTableSize,
        cryptoGeneralCryptoIKEPeerConfigLastChangeTime,
        cryptoGeneralCryptoIKEPeerStateLastChangeTime,
        cryptoGeneralCryptoDataplaneEncryptionTableSize,
        cryptoGeneralCryptoDataplaneEncryptionConfigLastChangeTime,
        cryptoGeneralCryptoDataplaneEncryptionStateLastChangeTime,
        cryptoGeneralCryptoPmadminTableSize,
        cryptoGeneralCryptoPmadminConfigLastChangeTime,
        cryptoGeneralCryptoPmadminStateLastChangeTime,
        cryptoGeneralCryptoPerformanceTableSize,
        cryptoGeneralCryptoPerformanceConfigLastChangeTime,
        cryptoGeneralCryptoPerformanceStateLastChangeTime }
    STATUS      current
    DESCRIPTION
        "The general objects."
    ::= { lumCryptoGroups 1 }


cryptoAuthGroupV1 OBJECT-GROUP
    OBJECTS {
        cryptoAuthIndex,
        cryptoAuthUId,
        cryptoAuthName,
        cryptoAuthIdentity,
        cryptoAuthReAuthInterval,
        cryptoAuthReAuth,
        cryptoAuthCreateIKEPeer,
        cryptoAuthenticationGenerateUniqueID,
        cryptoGeneratedUniqueIdentity}

    STATUS      current
    DESCRIPTION
        "The crypto auth objects."
    ::= { lumCryptoGroups 2 }

cryptoIKEPeerGroupV1 OBJECT-GROUP
    OBJECTS {
        cryptoIKEPeerIndex,
        cryptoIKEPeerUId,
        cryptoIKEPeerName,
        cryptoIKEPeerIdentity,
        cryptoIKEPeerExpectedIKEPeerIdentity,
        cryptoIKEPeerAuthScheme,
        cryptoIKEPeerPSK,
        cryptoIKEPeerAdminStatus,
        cryptoIKEPeerOperStatus,
        cryptoIKEPeerLastReAuthTime,
        cryptoIKEPeerReKeyInterval,
        cryptoIKEPeerLastReKeyTime,
        cryptoIKEPeerReKey,
        cryptoIKEPeerConfigMismatch,
	    cryptoIKEPeerUnreachable,
    	cryptoIKEPeerAuthenticationFailure,
	    cryptoIKEPeerReKeyFailure }

    STATUS      current
    DESCRIPTION
        "The crypto peer objects."
    ::= { lumCryptoGroups 3 }

cryptoDataplaneEncryptionGroupV1 OBJECT-GROUP
    OBJECTS {
        cryptoDataplaneEncryptionIndex,
        cryptoDataplaneEncryptionUId,
        cryptoDataplaneEncryptionName,
        cryptoDataplaneEncryptionLocalDataplaneId,
        cryptoDataplaneEncryptionExpectedPeerDataplaneId,
        cryptoDataplaneEncryptionDiscoveredPeerDataplaneId,
        cryptoDataplaneEncryptionOTNOHAllocation,
        cryptoDataplaneEncryptionIKEPeerIdentity,
        cryptoDataplaneEncryptionReKeyInterval,
        cryptoDataplaneEncryptionFailurePolicy,
        cryptoDataplaneEncryptionTrafficKillTimeOffset,
        cryptoDataplaneEncryptionEncryptionMode,
        cryptoDataplaneEncryptionLastReKeyTimeTx,
        cryptoDataplaneEncryptionLastReKeyTimeRx,
    	cryptoDataplaneEncryptionPeerDpIdMismatch,
	    cryptoDataplaneEncryptionConfigMismatch,
	    cryptoDataplaneEncryptionReKeyFailure,
	    cryptoDataplaneEncryptionRXKeyRotationFailure,
	    cryptoDataplaneEncryptionIVExhausted,
    	cryptoDataplaneEncryptionFunctionBlocked,
	    cryptoDataplaneEncryptionUnexpectedRxKeyId,
	    cryptoDataplaneEncryptionReKey }

    STATUS      current
    DESCRIPTION
        "The dataplane encryption objects."
    ::= { lumCryptoGroups 4 }

cryptoPmadminGroupV1 OBJECT-GROUP
    OBJECTS {
        cryptoPmadminIndex,
        cryptoPmadminName,
        cryptoPmadminUId,
        cryptoPmadminConnAdminIfIndex,
        cryptoPmadminUpId}
    STATUS      current
    DESCRIPTION
        "The cryptoPerformance objects"
    ::= { lumCryptoGroups 5 }

cryptoPerformanceGroupV1 OBJECT-GROUP
    OBJECTS {
        cryptoPerformanceIndex,
        cryptoPerformanceName,
        cryptoPerformanceUId,
        cryptoPerformanceConnAdminIfIndex,
        cryptoPerformancePeriod,
        cryptoPerformanceType,
        cryptoPerformanceCounterNulledFrames,
        cryptoPerformanceCounterAuthFail,
        cryptoPerformanceCounterIvTrouble,
        cryptoPerformanceCounterReplayErr,
        cryptoPerformanceCounterTotalFrames,
        cryptoPerformanceCounterAuthFrames,
        cryptoPerformanceCounterEncryptedFrames,
        cryptoPerformanceThresholdNulledFrames,
        cryptoPerformanceThresholdAuthFail,
        cryptoPerformanceThresholdIvTrouble,
        cryptoPerformanceThresholdReplayErr,
        cryptoPerformanceFaultStatusNulledFrames,
        cryptoPerformanceFaultStatusAuthFail,
        cryptoPerformanceFaultStatusIvTrouble ,
        cryptoPerformanceFaultStatusReplayErr,
        cryptoPerformanceUpId}
    STATUS      current
    DESCRIPTION
        "The cryptoPerformance objects"
    ::= { lumCryptoGroups 6 }

-- ----------------------------------------------------
-- Compliance
-- ----------------------------------------------------

lumCryptoComplV1 MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "Basic implementation requirements for the crypto MIB. (R31.0)"
    MODULE
        MANDATORY-GROUPS {
            cryptoGeneralGroupV1,
            cryptoAuthGroupV1,
            cryptoIKEPeerGroupV1,
            cryptoDataplaneEncryptionGroupV1,
            cryptoPmadminGroupV1,
            cryptoPerformanceGroupV1 }
    ::= { lumCryptoCompl 1 }


END

