a3IPsecureLabelSysAuth 1.3.6.1.4.1.43.2.12.3.1.6

Like a3IPsecureLabelSysLevel, this parameter applies only to packets originated by this system and sent over this port. When such packets are sent, the value of this parameter determines the Protection Authority flag field that is attached to the packet before any processing is done. Note, this is assuming a3IPsecureLabelSysLevel has a value other than none (1). The individual Protection Authority flags that are included are determined by the individual bits that are set in the value of this object, with the two least significant bytes being of interest. Starting from bit 7 of the INTEGER (with the least significant bit being numbered 0), the mapping of bits to Protection Authority flags is as follows (note: rfc1108 labels the most significant bit '0', the next most significant bit '1', etc), bit# Prot. Auth. Flag 7 GENSER 6 SIOP 5 SCI 4 NSA 3 DOE While only bits 7 through 3 have specific Protection Authority flags assigned to them, any 2 byte combination of bits may be set as long as that combination is allowed by rfc1108. The same 1 or 2 byte pattern of bits identified by the value of this object will be placed in the Protection Authority field of received packets with no IP security options present. (note: this is conditioned on a3IPsecureLabelDefaultLevel for this port having a value other than none (1).) If this object has the value 0, then no Protection Authority field will be added to any received packets, regardless of the value of a3IPsecureLabelDefaultLevel.