a3IPsecureLabelDefaultAuth
1.3.6.1.4.1.43.2.12.3.1.4
Like a3IPsecureLabelDefaultLevel, this parameter applies
only to packets received over this port that have no
classification level or authority flags. When such
packets are received, the value of this parameter determines
the Protection Authority flag field that is attached to
the packet before any processing is done.
The individual Protection Authority flags that are included
are determined by the individual bits that are set
in the value of this object, with the two least significant
bytes being of interest. Starting from bit 7 of the
INTEGER (with the least significant bit being numbered 0),
the mapping of bits to Protection Authority flags is as
follows (note: rfc1108 labels the most significant bit '0',
the next most significant bit '1', etc),
bit# Prot. Auth. Flag
7 GENSER
6 SIOP
5 SCI
4 NSA
3 DOE
While only bits 7 through 3 have specific Protection Authority
flags assigned to them, any 2 byte combination of bits may be
set as long as that combination is allowed by rfc1108. The
same 1 or 2 byte pattern of bits identified by the value of this
object will be placed in the Protection Authority field of
received packets with no IP security options present. (note:
this is conditioned on a3IPsecureLabelDefaultLevel for this
port having a value other than none (1).)
If this object has the value 0, then no Protection Authority
field will be added to any received packets, regardless of the
value of a3IPsecureLabelDefaultLevel.