Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
Administrative MIB for Version 2 of the
Simple Network Management Protocol (SNMPv2)
Fri Sep 08 1995
draft-various-snmpv2-adminmib-syn-01.txt
Tell U. Later
various members of the SNMPv2 Working Group
snmpv2@tis.com
Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe),
ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
Expires February 1996 [Page 1]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
running list of open issues
reference list
reference citations
acknowledgements
authors
author addresses
spell check
decide what to do with respect to multi-manager race conditions
on creating new views ... there are multiple options for the
working group to select from:
use of multiple, small grained spinlocks (as in present text)
use of a single, large grained spinlock
use of multiple table per bok
switch from ascii-based strings (favored by jjohnson) to
small-valued integer names
the working group needs to reach a consensus on this decision and
the text needs to be updated to reflect the resulting consensus
Expires February 1996 [Page 2]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
1. Introduction
A management system contains: several (potentially many) manageable
nodes, each with a processing entity, termed an agent, which has access
to management instrumentation; at least one management station; and, a
management protocol. The management protocol is used to convey
management information between the agents and management stations; and,
for manager-to-manager communications, between management stations.
Operations of the protocol are carried out under an administrative
framework which defines authentication, authorization, access control,
and privacy policies.
Management stations execute management applications which monitor and
control managed elements. Managed elements are devices such as hosts,
routers, terminal servers, etc., which are monitored and controlled via
access to their management information.
It is the purpose of this document to define managed objects such that
an SNMPv2 entity can be configured via SNMP operations to control what
access rights are granted to a particular entity, given the identity of
that entity as determined by a security protocol.
The MIB described in this document provides objects which can be used to
configure access rights for multiple types of management operations,
including configuration of proxy operations.
2. Potential Scope
An SNMPv2 manager and an SNMPv2 agent are defined as the operational
roles which can be assumed by an SNMPv2 entity. An SNMPv2 entity which
sometimes acts in an agent role and sometimes in a manager role is
termed an SNMPv2 dual-role entity [@ref v2admin].
In order for SNMPv2 operations to be able to configure operational
parameters such as access rights, an SNMPv2 entity must act, at least
some of the time, in an agent role. Thus, the scope of managed objects
to support such remote configuration potentially extends to include both
SNMPv2 agents and SNMPv2 dual-role entities.
2.1. Requirements for SNMPv2 Agents
An SNMPv2 agent needs to know the access rights authorized for each
identity which a security protocol might provide, in order to receive
retrieval and/or modification requests. These access rights specify the
Expires February 1996 [Page 3]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
types of operations permitted as well as the MIB views to which access
is authorized for a particular local context at a particular security
level. It also needs to know which notifications are authorized to be
sent on behalf of which identities, and the transport addresses to which
such notifications should be sent. In addition, it is valuable for a
manager to determine the set of local contexts which are (potentially)
accessible via this SNMPv2 agent, including indications of the temporal
domains [@ref v2admin] of such contexts.
It is worth noting that in each of these situations, a simple SNMPv2
agent (one which is not a part of a dual-role entity and which does not
perform proxy forwarding operations) never sends or receives a message
having an authSnmpID value or contextSnmpID value other than its own.
Thus, it has no need for any information other than is used to access
its own set of MIB objects. In particular, there is no need for one
agent to maintain information about the authentication/privacy protocols
and their secret key values used to access other agents.
However, this is not the case for dual-role entities such as mid-level
managers and proxy SNMPv2 agents.
2.2. Requirements for SNMPv2 Dual-Role Entities
There are two categories of SNMPv2 dual-role entities: so-called mid-
level managers and proxy SNMPv2 agents. In each case, a dual-role
entity both sends and receives requests or notifications; it also sends
and receives messages for multiple values of snmpID.
A proxy SNMPv2 agent needs to know the context values identifying proxy
contexts for which it acts as a proxy agent, and for each such proxy
context, the security protocol, snmpID, and identity with which it
forwards received requests and trap notifications for that context.
It is also likely that a SNMPv2 dual-role entity will need to maintain a
set of mappings between snmpID values and transport values, either to
record agents which have been discovered by this dual-role entity or to
allow it to be configured with such information.
On the other hand, a SNMPv2 dual-role entity does not need to maintain
the authorization information about the access rights of identities, nor
information about the composition of MIB views in order to conduct its
functions as a mid-level manager or to conduct proxy forwarding
operations.
Expires February 1996 [Page 4]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
3. Structure of MIB
This MIB consists of seven tables and several scalars. However, not all
agents will require implementation of all tables and scalars defined in
this MIB. In fact, some low-cost agent implementations may only
implement read-only versions of the first three tables listed below and
the appropriate scalars, and leave the rest of the MIB unimplemented.
The tables are:
- v2ContextTable
The table of all contexts for which the agent conducts local agent
operations.
This table must be implemented by all systems, although it may be
read-only.
- viewTreeTable
The table containing information on subtrees of MIB views known to
this agent.
This table must be implemented by all systems, although it may be
read-only.
- acTable
The table of access rights configured in the agent's local
configuration datastore.
This table must be implemented by all systems, although it may be
read-only.
- transportTable
The table of transport endpoints [optionally] used for
authenticating the source of management operations, and for
destinations for proxy forwarding operations and notification
operations (traps and inform requests).
This table need only be implemented by systems which allow remote
configuration of trap destinations, inform destinations, or proxy
parameters.
Expires February 1996 [Page 5]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
- notifyTable
The table of trap and inform configurations authorized to be sent
on behalf of specific identities.
This table need only be implemented by systems which allow remote
configuration of trap parameters or inform parameters.
- notifyInformParametersTable
The table, which augments the notifyTable, contains additional
parameters for sending inform requests.
This table need only be implemented by systems which allow remote
configuration of inform parameters.
- proxyForwardingTable
The table of configurations for which an agent is authorized to act
as a proxy.
This table need only be implemented by systems which allow remote
configuration of proxy parameters.
The scalars are:
- snmpID
The unique 12-octet identifier of an SNMPv2 entity. Each SNMPv2
entity which originates Get, GetNext, GetBulk, or Set request
operations or trap notifications, or which acts as a sink for
Inform notification operations, or which performs proxy forwarding
operations must be assigned a value of snmpID.
- snmpMaxMessageSize
The maximum message size that can be sent or received by an SNMPv2
entity, determined as the minimum of the maximum message size
values supported among all of the transports available to and
supported by the entity.
This object must be implemented by all systems.
Expires February 1996 [Page 6]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
- viewTreeSpinLock
The advisory lock used to coordinate modification of the
viewTreeTable.
This object need only be implemented by systems that implement a
read-write version of the viewTreeTable.
- transportSpinLock
The advisory lock used to coordinate modification of the
transportTable.
This object need only be implemented by systems that implement a
read-write version of the transportTable.
- maxIdentityNameLength
The implementation-enforced maximum length of objects which specify
an identityName.
This object need only be implemented by systems that implement a
read-write version of any table containing an object that specifies
an identityName.
- maxGroupNameLength
The implementation-enforced maximum length of objects which specify
a groupName.
This object need only be implemented by systems that implement a
read-write version of any table containing an object that specifies
a groupName.
- maxV2ContextNameLength
The implementation-enforced maximum length of objects which specify
a contextName.
This object need only be implemented by systems that implement a
read-write version of any table containing an object that specifies
a contextName.
- maxViewTreeNameLength
Expires February 1996 [Page 7]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
The implementation-enforced maximum length of objects which specify
a viewTreeName.
This object need only be implemented by systems that implement a
read-write version of any table containing an object that specifies
a viewTreeName.
- maxTransportLabelLength
The implementation-enforced maximum length of objects which specify
a transportLabel.
This object need only be implemented by systems that implement a
read-write version of any table containing an object that specifies
a transportLabel.
- acSpinLock
The advisory lock used to coordinate modification of the acTable.
This object need only be implemented by systems that implement a
read-write version of the acTable.
- notifySpinLock
The advisory lock used to coordinate modification of the
notifyTable.
This object need only be implemented by systems that implement the
notifyTable.
4. Authorizing Notifications
The destination(s) to which a notification is authorized to be sent is
determined by consulting the notifyTable to find all entries satisfying
the following conditions:
- The value of notifyContextName refers to a context containing the
local management information contained in the notification.
- The notification's administratively assigned name is accessible
within the corresponding MIB view. (That is, the set of entries in
the viewTreeTable, for which the instance of viewTreeName has the
same value as notifyViewName, defines a MIB view which contains the
notification's administratively assigned name.)
Expires February 1996 [Page 8]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
- If the OBJECTS clause is present in the invocation of the
corresponding NOTIFICATION-TYPE macro, then the correspondent
variables are all present in the MIB view corresponding to
notifyViewName.
- For any additional variables which the generating SNMPv2 entity
chooses to include within the notification, then these variables
are all present in the MIB view corresponding to notifyViewName.
For each such entry, a notification is authorized to be sent on behalf
of the identity associated with that entry, using the security protocol
associated with that entry, with context notifyContextName, and to each
transport address associated with the specified notifyTransportLabel.
In the absence of other (filtering) information to the contrary, each of
these authorized notifications should be sent.
Expires February 1996 [Page 9]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
5. Transport Endpoints
The transportTable contains information about transport endpoints. This
table is capable of representing sets of transport endpoints. This is
accomplished in two ways. The use of an address mask allows
specification of things like IP subnets. The use of a sub-indexing
allows grouping of conceptual rows within the table.
The following examples demonstrate the use of the transportTable.
Although these examples are IP-centric, the transportTable may be used
to represent transport end-points in other domains. In this case, the
semantics of address masks depend on the particular transport domain
being represented.
The address mask capability allows, for example, an agent to accept as
authentic only packets received from a particular subnet. For example,
the following configuration can be used to specify that only packets
from subnet 1.2.3.0, received on UDP port 161, be accepted as authentic:
transportLabel = subnet1
transportSubindex = 1
transportAddress = 1.2.3.0.161
transportReceiveMask = 255.255.255.0.255
The sub-indexing capability allows, for example, an agent to be
configured to send traps to a set of IP addresses. The following
configuration allows an agent to send traps to IP addresses 1.2.3.4 and
1.2.3.5 on UDP port 162:
transportLabel = subnet1
transportSubindex = 1
transportAddress = 1.2.3.4.162
transportReceiveMask = 255.255.255.255.0
transportLabel = subnet1
transportSubindex = 2
transportAddress = 1.2.3.5.162
transportReceiveMask = 255.255.255.255.0
This configuration also allows the agent to receive authenticated
packets from any ports at addresses 1.2.3.4 and 1.2.3.5.
The use of the transportTable is, in part, determined by the definition
of the tables which reference it. However, in general, when sending a
trap notification, the transportReceiveMask would be ignored, and the
trap would be sent to the specific addresses specified by
transportAddress. When authenticating a message, the transportAddress
and transportReceiveMask would generally be used in combination to check
the transport endpoint which originated the message. This means that
Expires February 1996 [Page 10]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
the transportReceiveMask values in the example above could actually be
255.255.255.0.0, in which case traps would still be sent to two IP
addresses, but messages would be accepted as authentic from the entire
1.2.3.0 subnet.
Expires February 1996 [Page 11]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
6. Definitions
V2ADMIN-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, UInteger32
FROM SNMPv2-SMI
RowStatus, TestAndIncr
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF;
v2AdminMIB MODULE-IDENTITY
LAST-UPDATED "9508231700"
ORGANIZATION "IETF SNMPv2 Working Group"
CONTACT-INFO
"The IETF SNMPv2 Working Group
snmpv2@tis.com
Full contact info to be provided . . ."
DESCRIPTION
"The MIB module for configuring SNMPv2 entities."
::= { snmpModules xx }
-- definition of textual conventions
KeyChange ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Objects with this syntax are used to change a value, K, such
as a secret key, using a one-way function. Objects which
specify this syntax must designate the mechanism for selecting
the key value to be changed.
The value of an instance of this object is the concatenation
of two components: a 'random' component and a 'delta'
component. The length of the random component is always 16,
and the length of the delta component is variable and
non-negative.
When an instance of this object is modified to have a new
value by the management protocol, the agent generates a new
value of K as follows:
Expires February 1996 [Page 12]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
- a temporary variable is initialized to the existing value
of K;
- if the length of the delta component is greater than 16
bytes, then:
- the random component is appended to the value of the
temporary variable, and the result is input to the MD5
hash algorithm to produce a digest value, and the
temporary variable is set to this digest value;
- the value of the temporary variable is XOR-ed with the
first (next) 16-bytes of the delta component to produce
the first (next) 16-bytes of the new value of K.
- the above two steps are repeated until the unused
portion of the delta component is 16 bytes or less,
- the random component is appended to the value of the
temporary variable, and the result is input to the MD5 hash
algorithm to produce a digest value;
- this digest value, truncated if necessary to be the same
length as the unused portion of the delta component, is
XOR-ed with the unused portion of the delta component to
produce the (final portion of the) new value of K.
That is,
iterations = (lenOfDelta - 1) / 16; /* integer division */
temp = keyold;
for (i = 0; i < iterations; i++) {
temp = MD5 (temp || random);
keynew[i*16 .. (i*16)+15] =
temp XOR delta[i*16 .. (i*16)+15];
}
temp = MD5 (temp || random);
keynew[i*16 .. lenOfDelta-1] =
temp XOR delta[i*16 .. lenOfDelta-1];
The value of an object with this syntax, whenever it is
retrieved by the management protocol, is always the zero-
length string."
SYNTAX OCTET STRING
MemoryType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Describes the memory realization of a conceptual row. A row
which is 'volatile' is lost upon reboot. A row which is
Expires February 1996 [Page 13]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
either 'nonVolatile', 'permanent' or 'readOnly', is backed up
by stable storage. A row which is 'permanent' can be changed
but not deleted. A row which is 'readOnly' cannot be changed
nor deleted.
It is not necessary for an implementation to allow the creation
of permanent(4) or readOnly(5) entries.
Every usage of this textual convention is required to specify
the columnar objects which a 'permanent' row must at a minimum
allow to be writable."
SYNTAX INTEGER {
other(1), -- eh?
volatile(2), -- e.g., in RAM
nonVolatile(3), -- e.g., in NVRAM
permanent(4), -- e.g., partially in ROM
readOnly(5) -- e.g., completely in ROM
}
TransportLabel ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A textual description for a transport endpoint. This
description will typically be an alias for the
endpoint as defined by the operating system. For example,
for a transport endpoint in the snmpUDPDomain, the textual
description might be the hostname of the corresponding
IP address."
SYNTAX OCTET STRING (SIZE (0..255))
AuthName ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An octet string consisting entirely of upper- or lower-case
letters, digits, underscore, hyphen, and period characters.
This corresponds to ASCII characters 65-90, 97-122, 48-57,
95, 45, and 46.
The use of this set of characters makes the configuration
datastore for an SNMPv2 entity more human-readable, when
stored as ASCII datafiles."
SYNTAX OCTET STRING
Expires February 1996 [Page 14]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
SnmpID ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An SNMPv2 entity's administratively-unique identifier."
SYNTAX OCTET STRING (SIZE (12))
SPI ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An integer specifying a security protocol."
SYNTAX INTEGER {
snmpv1(1),
snmpv2C(2), |
maint(3), -- maintenance operations
usecNoAuth(4),
usecAuth(5),
usecPriv(6)
}
--
-- The v2AdminSnmpScalars Group
--
v2AdminSnmpScalars OBJECT IDENTIFIER ::= { v2AdminMIB 1 }
snmpID OBJECT-TYPE
SYNTAX SnmpID
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An SNMPv2 entity's administratively-unique identifier.
The initial value for this object may be configured via an
operator console entry or via an algorithmic function
defined by the vendor or administrator. In the later case,
the following guidelines are recommended:
1) The first four octets should be set to the binary
equivalent of the device vendor's SNMP network management
private enterprise number as assigned by the Internet
Assigned Numbers Authority (IANA). For example, if
Acme Networks has been assigned { enterprises 696 },
the first four octets would be assigned '000002b8'H.
2) The remaining eight octets are the cookie whose
Expires February 1996 [Page 15]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
contents are determined via one or more enterprise-
specific methods. Such methods must be designed so as
to maximize the possibility that the value of this
object will be unique in the device's administrative
domain. For example, the cookie may be the IP address
of the device, or the MAC address of one of the
interfaces, with each address suitably padded with
random octets, or possibly a unique cookie determined
by the device's model# and serial#. If multiple methods
are defined, then it is recommended that the cookie be
further divided into one octet that indicates the method
being used and seven octets which are a function of
the method."
::= { v2AdminSnmpScalars 1 }
snmpMaxMessageSize OBJECT-TYPE
SYNTAX Integer32 (484..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum length in octets of an SNMPv2 message which
this SNMPv2 entity can send or receive and process, determined
as the minimum of the maximum message size values supported
among all of the transports available to and supported by the
entity."
::= { v2AdminSnmpScalars 3 }
maxIdentityNameLength OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum length in octets which a particular implementation
will allow for any object which specifies an identityName.
This object may be queried by a manager in order to determine
system-specific limits for use during creation of new entries
in the tables defined in this MIB module."
::= { v2AdminSnmpScalars 4 }
maxGroupNameLength OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum length in octets which a particular implementation
Expires February 1996 [Page 16]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
will allow for any object which specifies a groupName.
This object may be queried by a manager in order to determine
system-specific limits for use during creation of new entries
in the tables defined in this MIB module."
::= { v2AdminSnmpScalars 5 }
maxV2ContextNameLength OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum length in octets which a particular implementation
will allow for the v2ContextName object, the acContextName
object, the notifyContextName object, the proxyContextNameIn
object, and any other objects which specify a contextName.
This object may be queried by a manager in order to determine
system-specific limits for use during creation of new entries
in the tables defined in this MIB module."
::= { v2AdminSnmpScalars 6 }
maxViewTreeNameLength OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum length in octets which a particular implementation
will allow for the viewTreeName object, and any other
object which specifies the name of a view. This object may
be queried by a manager in order to determine system-specific
limits for use during creation of new entries in the tables
defined in this MIB module."
::= { v2AdminSnmpScalars 7 }
maxTransportLabelLength OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum length in octets which a particular implementation
will allow for objects whose syntax is TransportLabel.
This object may be queried by a manager in order to
determine system-specific limits for use during creation of
new entries in the tables defined in this MIB module."
::= { v2AdminSnmpScalars 8 }
Expires February 1996 [Page 17]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- The v2AdminStats Group +
-- +
v2AdminStats OBJECT IDENTIFIER ::= { v2AdminMIB 2 } +
v2AdminStatsUnknownSPIs OBJECT-TYPE +
SYNTAX Counter32 +
MAX-ACCESS read-only +
STATUS current +
DESCRIPTION +
"A count of the number of packets that contained sPI values +
which are unknown to or unimplemented by the agent." +
::= { v2AdminStats 1 } +
v2AdminStatsUnknownContexts OBJECT-TYPE +
SYNTAX Counter32 +
MAX-ACCESS read-only +
STATUS current +
DESCRIPTION +
"A count of the number of packets that contained a local +
contextName value which is unknown to the agent." +
::= { v2AdminStats 2 } +
v2AdminStatsUnavailableContexts OBJECT-TYPE +
SYNTAX Counter32 +
MAX-ACCESS read-only +
STATUS current +
DESCRIPTION +
"A count of the number of packets that contained a local +
contextName value which specified a context that is currently +
not available." +
::= { v2AdminStats 3 } +
v2AdminStatsCacheMisses OBJECT-TYPE +
SYNTAX Counter32 +
MAX-ACCESS read-only +
STATUS current +
DESCRIPTION +
"A count of the number of Response or Report messages received +
for which no corresponding entry in the cache of outstanding +
proxy operations could be found. +
Note that a cache miss is not necessarily a serious problem. +
This can occur, for example, if packets get duplicated." +
Expires February 1996 [Page 18]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
::= { v2AdminStats 4 } +
-- +
-- The v2ContextTable
--
v2ContextTable OBJECT-TYPE
SYNTAX SEQUENCE OF V2ContextEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The context database portion of the Local Configuration
Datastore."
::= { v2AdminMIB 3 }
v2ContextEntry OBJECT-TYPE
SYNTAX V2ContextEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a particular context."
INDEX { v2ContextSnmpID, IMPLIED v2ContextName }
::= { v2ContextTable 1 }
V2ContextEntry ::= SEQUENCE {
v2ContextSnmpID SnmpID,
v2ContextName AuthName,
v2ContextLocalEntity OCTET STRING,
v2ContextLocalTime INTEGER,
v2ContextMemoryType MemoryType,
v2ContextStatus RowStatus
}
v2ContextSnmpID OBJECT-TYPE
SYNTAX SnmpID
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The SNMPv2 entity's administratively-unique
identifier. It is worth noting that in a simple agent
implementation, the value of this object will always be
equal to the entity's local snmpID object."
::= { v2ContextEntry 1 }
Expires February 1996 [Page 19]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
v2ContextName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A textual name uniquely identifying a particular context
on a particular agent."
::= { v2ContextEntry 2 }
v2ContextLocalEntity OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) |
MAX-ACCESS read-create -- usually read-only on an agent
STATUS current
DESCRIPTION
"If the value of the corresponding instance of the
v2ContextSnmpID is equal to the local value of snmpID, then
the value of an instance of this object uniquely identifies a
local entity (e.g., a logical device managed by the same agent)
whose management information is available within this context.
The empty string indicates that the context contains the
SNMPv2 entity's own local management information; otherwise,
a non-empty string indicates that the context contains
management information of some other local entity,
e.g., 'Repeater1'.
If the value of the corresponding instance of v2ContextSnmpID
is not equal to the local value of snmpID, then the value of
an instance of this object identifies an entity which is local
to the SNMPv2 entity which realizes this context."
DEFVAL { ''H }
::= { v2ContextEntry 3 }
v2ContextLocalTime OBJECT-TYPE
SYNTAX INTEGER {
currentTime(1),
restartTime(2)
}
MAX-ACCESS read-create -- usually read-only on an agent
STATUS current
DESCRIPTION
"This object identifies the temporal domain of the
management information within this context."
DEFVAL { currentTime }
::= { v2ContextEntry 4 }
Expires February 1996 [Page 20]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
v2ContextMemoryType OBJECT-TYPE
SYNTAX MemoryType
MAX-ACCESS read-create -- usually read-only on an agent
STATUS current
DESCRIPTION
"The storage type for this conceptual row in the
v2ContextTable. Conceptual rows having the value 'permanent'
need not allow write-access to any columnar objects in the
row."
::= { v2ContextEntry 5 }
v2ContextStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create -- usually read-only on an agent
STATUS current
DESCRIPTION
"The status of this conceptual row in the v2ContextTable.
A context is not qualified for activation until instances of
all corresponding columns have consistent values.
For those columnar objects which permit write-access, their
value in an existing conceptual row can be changed
irrespective of the value of v2ContextStatus for that row."
::= { v2ContextEntry 6 }
Expires February 1996 [Page 21]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- The v2AdminViewTree group
--
-- This group contains the viewTreeTable, and a spin lock variable to
-- coordinate use of the viewTreeTable
--
v2AdminViewTree OBJECT IDENTIFIER ::= { v2AdminMIB 4 }
viewTreeSpinLock OBJECT-TYPE
SYNTAX TestAndIncr
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An advisory lock used to allow several cooperating SNMPv2
entities, all acting in a manager role, to coordinate their
use of the Set operation in creating view trees.
The values of viewTreeSpinLock, acSpinLock, and notifySpinLock
[if the notifyTable is implemented] should be accessed in
harmony to provide interlocks on the creation of new views.
When creating a new view or altering an existing view, it is
important to understand the potential interactions with other
users of the view. The spinlocks for each table which allows
the creation of named views should be retrieved. The name of
the view to be created should be determined to be unique on
the managed system by consulting each table containing named
views. Finally, the named view may be created, including the
advisory spinlocks.
Since this is an advisory lock, entities acting in an agent
role do not enforce the use of viewTreeSpinLock."
::= { v2AdminViewTree 1 }
viewTreeTable OBJECT-TYPE
SYNTAX SEQUENCE OF ViewTreeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The view tree database. This contains information about the
subtrees of MIB views known to this SNMPv2 entity. Note that
a MIB view which has no subtrees defined for it has no
entries in this table.
Expires February 1996 [Page 22]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
Each MIB view is defined by two collections of view subtrees:
the included view subtrees, and the excluded view subtrees.
Every such subtree, both included and excluded, is defined in
this table.
To determine if a particular object instance is in a
particular MIB view, compare the object instance's OBJECT
IDENTIFIER with each of the MIB view's active entries
in this table. If none match, then the object instance is
not in the MIB view. If one or more match, then the object
instance is included in, or excluded from, the MIB view
according to the value of viewTreeType in the entry whose
value of viewTreeSubTree has the most sub-identifiers. If
multiple entries match and have the same number of
sub-identifiers, then the lexicographically greatest instance
of viewTreeType among those which match determines the inclusion
or exclusion.
An object instance's OBJECT IDENTIFIER X matches an active
entry in this table when the number of sub-identifiers in X
is at least as many as in the value of viewTreeSubTree for
the entry, and each sub-identifier in the value of
viewTreeSubTree matches its corresponding sub-identifier in X.
Two sub-identifiers match either if the corresponding bit of
viewMask is zero (the 'wild card' value), or if they are equal.
Due to this 'wild card' capability, we introduce the term, a
'family' of view subtrees, to refer to the set of subtrees
defined by a particular combination of values of
viewTreeSubTree and viewTreeMask. In the case where no
'wild card' is defined in viewTreeMask, the family of view
subtrees reduces to a single view subtree."
::= { v2AdminViewTree 2 }
viewTreeEntry OBJECT-TYPE
SYNTAX ViewTreeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information on a particular family of view subtrees
included in or excluded from a particular MIB view.
Implementations must not restrict the number of families of
view subtrees for a given MIB view, except as dictated by
resource constraints on the overall number of entries in the
Expires February 1996 [Page 23]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
viewTable."
INDEX { viewTreeName, IMPLIED viewTreeSubTree } |
::= { viewTreeTable 1 }
ViewTreeEntry ::= SEQUENCE {
viewTreeName AuthName,
viewTreeSubTree OBJECT IDENTIFIER,
viewTreeMask OCTET STRING,
viewTreeType INTEGER,
viewTreeMemoryType MemoryType,
viewTreeStatus RowStatus
}
viewTreeName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The textual name for a family of view subtrees."
::= { viewTreeEntry 1 }
viewTreeSubTree OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A MIB subtree."
::= { viewTreeEntry 2 }
viewTreeMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) |
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The bit mask which, in combination with the corresponding
instance of viewTreeSubTree, defines a family of view
subtrees.
Each bit of this bit mask corresponds to a sub-identifier of
viewTreeSubTree, with the most significant bit of the i-th
octet of this octet string value (extended if necessary, see
below) corresponding to the (8*i - 7)-th sub-identifier, and
the least significant bit of the i-th octet of this octet
string corresponding to the (8*i)-th sub-identifier, where i
is in the range 1 through 16.
Expires February 1996 [Page 24]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
Each bit of this bit mask specifies whether or not the
corresponding sub-identifiers must match when determining if
an OBJECT IDENTIFIER is in this family of view subtrees; a
'1' indicates that an exact match must occur; a '0'
indicates 'wild card', i.e., any sub-identifier value
matches.
Thus, the OBJECT IDENTIFIER X of an object instance is
contained in a family of view subtrees if the following
criteria are met:
for each sub-identifier of the value of viewTreeSubTree,
either:
the i-th bit of viewMask is 0, or
the i-th sub-identifier of X is equal to the i-th
sub-identifier of the value of viewTreeSubTree.
If the value of this bit mask is M bits long and there are
more than M sub-identifiers in the corresponding instance of
viewTreeSubTree, then the bit mask is extended with 1's to be
the required length.
Note that when the value of this object is the zero-length
string, this extension rule results in a mask of all-1's
being used (i.e., no 'wild card'), and the family of view
subtrees is the one view subtree uniquely identified by the
corresponding instance of viewTreeSubTree."
DEFVAL { ''H }
::= { viewTreeEntry 3 }
viewTreeType OBJECT-TYPE
SYNTAX INTEGER {
included(1),
excluded(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of a particular family of view subtrees within
the particular context's MIB view. The value 'included(1)'
indicates that the corresponding instances of viewTreeSubTree
and viewTreeMask define a family of view subtrees included in
the MIB view. The value 'excluded(2)' indicates that the
Expires February 1996 [Page 25]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
corresponding instances of viewTreeSubTree and viewTreeMask
define a family of view subtrees excluded from the MIB view."
::= { viewTreeEntry 4 }
viewTreeMemoryType OBJECT-TYPE
SYNTAX MemoryType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row in the viewTreeTable.
Conceptual rows having the value 'permanent' need not allow
write-access to any columnar objects in the row."
::= { viewTreeEntry 5 }
viewTreeStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row in the viewTreeTable.
For those columnar objects which permit write-access, their
value in an existing conceptual row can be changed
irrespective of the value of viewTreeStatus for that row."
::= { viewTreeEntry 6 }
Expires February 1996 [Page 26]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- Access Control Portion of the Local Configuration Datastore (LCD)
--
v2AdminAccessControl OBJECT IDENTIFIER ::= { v2AdminMIB 5 }
--
-- a spinlock for the acTable
--
acSpinLock OBJECT-TYPE
SYNTAX TestAndIncr
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An advisory lock used to allow several cooperating SNMPv2
entities, all acting in a manager role, to coordinate their
use of the Set operation in creating view trees.
The values of viewTreeSpinLock, acSpinLock, and notifySpinLock
[if the notifyTable is implemented] should be accessed in
harmony to provide interlocks on the creation of new views.
When creating a new view or altering an existing view, it is
important to understand the potential interactions with other
users of the view. The spinlocks for each table which allows
the creation of named views should be retrieved. The name of
the view to be created should be determined to be unique on
the managed system by consulting each table containing named
views. Finally, the named view may be created, including the
advisory spinlocks.
Since this is an advisory lock, entities acting in an agent
role do not enforce the use of acSpinLock."
::= { v2AdminAccessControl 1 }
--
-- The acTable
--
acTable OBJECT-TYPE
SYNTAX SEQUENCE OF AcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Expires February 1996 [Page 27]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
"The access control database."
::= { v2AdminAccessControl 2 }
acEntry OBJECT-TYPE
SYNTAX AcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each conceptual row in this table represents the access policy
for a group of identities within a particular sPI. An access
policy specifies the access privileges authorized and MIB views
accessible by a group of identities for communication concerning
information contained in a particular context."
INDEX { acSPI, acGroupName, IMPLIED acContextName } |
::= { acTable 1 }
AcEntry ::= SEQUENCE {
acSPI SPI,
acGroupName AuthName,
acContextName AuthName,
acContextNameMask AuthName,
acPrivs INTEGER,
acReadViewName AuthName,
acWriteViewName AuthName,
acMemoryType MemoryType,
acStatus RowStatus
}
acSPI OBJECT-TYPE
SYNTAX SPI
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The security protocol under which this conceptual row
provides access privileges. The sPI which is used to
originate a management request must match this object
in order to be granted access to management information."
::= { acEntry 1 }
acGroupName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The textual name of a group associated with a conceptual row
Expires February 1996 [Page 28]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
in the acTable. A group name is associated with zero, one, or
more identities which are afforded the access privileges
authorized by the corresponding value of acPrivs to the zero,
one, or more contexts named by the corresponding values of
acContextName and acContextNameMask via the views named by
acReadViewName and acWriteViewName, if any.
For example, if the corresponding value of sPI is usecNoAuth,
usecAuth, or usecPriv, then the value of an instance of this
object identifies the set of identities whose usecUserGroupName
value is equal to the value of the instance of this object."
::= { acEntry 2 }
acContextName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of this object combined with the corresponding
value of acContextNameMask identifies zero, one, or more
contexts associated with a particular set of access
privileges."
::= { acEntry 3 }
acContextNameMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32)) |
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"The bit mask, which, in combination with the corresponding
instance of acContextName, identifies zero, one, or more
contexts.
Each bit of this bit mask corresponds to an octet of
acContextName, with the most significant bit of the
i-th octet of this octet string value (extended if necessary,
see below) corresponding to the (8*i - 7)-th octet, and the
least significant bit of the i-th octet of this octet string
corresponding to the (8*i)-th octet, where i is in the range
1 through 4.
Each bit of this bit mask specifies whether or not the
corresponding octets must match when determining which
instances of v2ContextEntry are identified by the
corresponding value of acContextName. A '1' indicates that
Expires February 1996 [Page 29]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
the corresponding octets must match, and a '0' indicates that
any octet value matches.
Thus, an instance of v2ContextEntry is identified if, for each
bit in the corresponding value of acContextNameMask,
either:
the bit of acContextNameMask is 0, or
the length of acContextName and v2ContextName are both
at least i octets, and the i-th octet of
acContextName is equal to the i-th octet of
v2ContextName.
It is not permitted for multiple conceptual rows in the acTable
to identify the same v2ContextName in this manner, for a
particular acSPI and acGroupName pair. If a Set request
attempts to modify a conceptual row in the acTable in a way such
that the combination of acContextName and acContextNameMask as
described above would yield the same value as the combination of
acContextName and acContextNameMask of another conceptual row in
the same conceptual table, for which the corresponding values of
acSPI are equal and the corresponding values of acGroupName are
equal, then an inconsistentValueError should be returned, and
the Set operation should fail.
If the value of this bit mask is M bits long and there are
more than M octets in the corresponding instance of either
acContextName or v2ContextName, then the bit mask is
extended with 1's up to the maximum of the two lengths."
::= { acEntry 4 }
acPrivs OBJECT-TYPE
SYNTAX INTEGER {
nothing(1),
readOnly(2),
readWrite(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the types of management operations
that are authorized by this conceptual row. A value of
readOnly(2) indicates that Get, GetNext, and GetBulk
operations are authorized. A value of readWrite(3)
Expires February 1996 [Page 30]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
indicates that Get, GetNext, GetBulk, and Set operations
are authorized."
::= { acEntry 5 }
acReadViewName OBJECT-TYPE
SYNTAX AuthName (SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of an instance of this object identifies the MIB
view to be be used to provide access control via read (i.e.,
Get, GetNext, and GetBulk) operations to the zero, one, or
many contexts identified by the combination of the
corresponding instances of acContextName and acContextNameMask,
for a given value of sPI equal to the value of the corresponding
instance of acSPI, if and only if the corresponding value of
acPrivs authorizes read operations, i.e., equals readOnly(2)
or readWrite(3).
The identified MIB view is that for which viewTreeName has
the same value as the instance of this object; if there are
no active view subtrees for that value, or if the value of
this object has zero-length, then the identified MIB view
is the empty set of view subtrees, and the identified set of
objects for which read operations is enabled by this conceptual
row is the empty set."
::= { acEntry 6 }
acWriteViewName OBJECT-TYPE
SYNTAX AuthName (SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of an instance of this object identifies the MIB
view to be be used to provide access control via write, i.e.,
Set operations to the zero, one, or many contexts identified
by the combination of the corresponding instances of
acContextName and acContextNameMask, for a given value of sPI
equal to the value of the corresponding instance of acSPI, if
and only if the corresponding value of acPrivs authorizes write
(Set) operations, i.e., equals readWrite(3).
The identified MIB view is that for which viewTreeName has
the same value as the instance of this object; if there are
no active view subtrees for that value, or if the value of
Expires February 1996 [Page 31]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
this object has zero-length, then the identified MIB view
is the empty set of view subtrees, and the identified set of
objects for which write (Set) operations is enabled by this
conceptual row is the empty set."
::= { acEntry 7 }
acMemoryType OBJECT-TYPE
SYNTAX MemoryType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row in the acTable.
Conceptual rows having the value 'permanent' need not allow
write-access to any columnar objects in the row."
::= { acEntry 8 }
acStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row in the acTable.
A conceptual row being created in this table is not
considered ready for activation until the values of
acContextName and acContextNameMask are consistent with
all existing active rows in the table, as described above
under acContextNameMask.
For those columnar objects which permit write-access, their
value in an existing conceptual row can be changed
irrespective of the value of acStatus for that row."
::= { acEntry 9 }
Expires February 1996 [Page 32]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- The v2AdminTransport group
--
v2AdminTransport OBJECT IDENTIFIER ::= { v2AdminMIB 6 }
--
-- Spin lock variable for transportTable modification.
--
transportSpinLock OBJECT-TYPE
SYNTAX TestAndIncr
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An advisory lock used to allow several cooperating SNMPv2
entities, all acting in a manager role, to coordinate their
use of Set operations to entries in the transportTable.
A manager application should include the value of
transportSpinLock in every Set operation which accesses the
transportTable. Since this is an advisory lock, entities
acting in an agent role do not enforce the use of
transportSpinLock."
::= { v2AdminTransport 1 }
--
-- The transportTable
--
transportTable OBJECT-TYPE
SYNTAX SEQUENCE OF TransportEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The transport endpoint database. This table need only be
implemented by entities which will send traps or inform
requests, or which will support proxy operations."
::= { v2AdminTransport 3 }
transportEntry OBJECT-TYPE
SYNTAX TransportEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A transport endpoint. This specifies a destination to which
Expires February 1996 [Page 33]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
notifications or proxy requests will be sent."
INDEX { transportLabel, transportSubindex }
::= { transportTable 1 }
TransportEntry ::= SEQUENCE {
transportLabel TransportLabel,
transportSubindex INTEGER,
transportDomain OBJECT IDENTIFIER,
transportAddress OCTET STRING,
transportReceiveMask OCTET STRING,
transportMMS Integer32,
transportMemoryType MemoryType,
transportStatus RowStatus
}
transportLabel OBJECT-TYPE
SYNTAX TransportLabel (SIZE(1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique name for a set of transport endpoints."
::= { transportEntry 1 }
transportSubindex OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The sub-index for a transport endpoint. For multiply-homed
entities, a single transportLabel might refer to multiple
transport endpoints."
::= { transportEntry 2 }
transportDomain OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the kind of transport service."
::= { transportEntry 3 }
-- [@ref tm] specifies some transportDomain values
transportAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) |
Expires February 1996 [Page 34]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The transport service address, formatted according to the
corresponding value of transportDomain. For some operations,
this value is further qualified by the corresponding value of
transportReceiveMask, allowing a group of transport
endpoints to be specified.
For example, for the transport domain corresponding to the
snmpUDPDomain, transportAddress is formatted as a 4-octet
IP Address concatenated with a 2-octet UDP port number."
::= { transportEntry 4 }
transportReceiveMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) |
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to qualify the value of the
corresponding value of transportAddress. The semantics of
this object depend on the corresponding value of
transportDomain.
For example, for the transport domain corresponding to the
snmpUDPDomain, transportReceiveMask specifies a network mask
value. This allows an entry in the transportTable to
specify an entire sub-network."
::= { transportEntry 5 }
transportMMS OBJECT-TYPE
SYNTAX Integer32 (484..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the minimum value of the maximum
size of messages which may be sent or received using this
transport endpoint."
::= { transportEntry 6 }
transportMemoryType OBJECT-TYPE
SYNTAX MemoryType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
Expires February 1996 [Page 35]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
"The storage type for this conceptual row in the transportTable.
Conceptual rows having the value 'permanent' need not allow
write-access to any columnar objects in the row."
::= { transportEntry 7 }
transportStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row in the transportTable.
The values of transportDomain, transportAddress, and
transportReceiveMask in an existing conceptual row cannot be
changed while the corresponding value of transportStatus for
that row is active.
For other columnar objects which permit write-access, their
value in an existing conceptual row can be changed
irrespective of the value of transportStatus for that row."
::= { transportEntry 8 }
Expires February 1996 [Page 36]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- The v2AdminNotify group
--
-- This group contains tables used for configuring notifications.
--
v2AdminNotify OBJECT IDENTIFIER ::= { v2AdminMIB 7 }
notifySpinLock OBJECT-TYPE
SYNTAX TestAndIncr
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An advisory lock used to allow several cooperating SNMPv2
entities, all acting in a manager role, to coordinate their
use of the Set operation in creating view trees.
The values of viewTreeSpinLock, acSpinLock, and notifySpinLock
should be accessed in harmony to provide interlocks on the
creation of new views.
When creating a new view or altering an existing view, it is
important to understand the potential interactions with other
users of the view. The spinlocks for each table which allows
the creation of named views should be retrieved. The name of
the view to be created should be determined to be unique on
the managed system by consulting each table containing named
views. Finally, the named view may be created, including the
advisory spinlocks.
Since this is an advisory lock, entities acting in an agent
role do not enforce the use of notifySpinLock."
::= { v2AdminNotify 1 }
--
-- The notifyTable.
--
-- Note that this table does not provide values to be used for the
-- authSnmpID or contextSnmpID values for outgoing packets.
--
-- When sending a Trap notification, both the authSnmpID and the
-- contextSnmpID will be equal to the local value of snmpID.
--
-- When sending an Inform request, the authSnmpID will be equal to the
-- notifyAuthSnmpID, and the contextSnmpID will be equal to the local
Expires February 1996 [Page 37]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
-- value of snmpID.
--
notifyTable OBJECT-TYPE
SYNTAX SEQUENCE OF NotifyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The notification destination database. This table need
only be implemented by entities which will send trap
notifications or inform requests.
If an entity will only send trap notifications, it need
only implement this table, in which case all entries in the
table are taken as trap destinations.
If an entity will send inform requests, it must implement
both this table, and the notifyInformParametersTable. In this
case, each entry in this table is taken as a trap or inform
destination, as specified in the corresponding value of
notifyConfirm."
::= { v2AdminNotify 2 }
notifyEntry OBJECT-TYPE
SYNTAX NotifyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each conceptual row in this table identifies a notification
destination, including, directly or indirectly, an identity,
context, and transport endpoint information to be used for
sending a notification."
INDEX { notifyIndex }
::= { notifyTable 1 }
NotifyEntry ::= SEQUENCE {
notifyIndex INTEGER,
notifySPI SPI,
notifyIdentityName AuthName,
notifyTransportLabel TransportLabel,
notifyContextName AuthName,
notifyViewName AuthName,
notifyMemoryType MemoryType,
notifyStatus RowStatus
}
Expires February 1996 [Page 38]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
notifyIndex OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary unique value for each notification destination."
::= { notifyEntry 1 }
notifySPI OBJECT-TYPE
SYNTAX SPI
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object identifies the security protocol to be used
when sending this notification."
::= { notifyEntry 2 }
notifyIdentityName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identity which will be used to send a notification. This
object specifies an identity within the security protocol
specified by the corresponding value of notifySPI."
::= { notifyEntry 3 }
notifyTransportLabel OBJECT-TYPE
SYNTAX TransportLabel
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An instance of notifyTransportLabel identifies zero, one, or
more conceptual rows in the transportTable which describe
the transport endpoint(s) to which this notification should
be delivered."
::= { notifyEntry 4 }
notifyContextName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"The context for which notifications will be sent. There
may or may not be be a corresponding conceptual row in the
Expires February 1996 [Page 39]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
v2ContextTable whose value of v2ContextName is equal to the
value of this object. If there is no corresponding conceptual
row in the v2ContextTable, then no notifications shall be
emitted as a result of this entry, even if the value of
notifyStatus is 'active'."
::= { notifyEntry 5 }
notifyViewName OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The family of view subtrees to which this notification has
access. A notification will only be delivered to this
destination if all of the objects in the varbind list to be
delivered are included in this MIB view. This object
specifies a set of entries in the viewTreeTable whose
values of viewTreeName are equal to this object.
The identified view is that for which viewTreeName has the
same value as the instance of this object; if there are no
active view subtrees for that value, or if the value of
this object has zero-length, then the identified MIB view
is the empty set of view subtrees, and thus no objects
are included in the identified view."
::= { notifyEntry 6 }
notifyMemoryType OBJECT-TYPE
SYNTAX MemoryType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row in the notifyTable.
Conceptual rows having the value 'permanent' need not allow
write-access to any columnar objects in the row."
::= { notifyEntry 7 }
notifyStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row in the notifyTable.
For those columnar objects which permit write-access, their
Expires February 1996 [Page 40]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
value in an existing conceptual row can be changed
irrespective of the value of notifyStatus for that row."
::= { notifyEntry 8 }
Expires February 1996 [Page 41]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- The notifyInformParametersTable contains additional parameters for
-- inform requests. This table augments the notifyTable.
--
notifyInformParametersTable OBJECT-TYPE
SYNTAX SEQUENCE OF NotifyInformParametersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Database of additional parameters for notification
destinations. This table need only be implemented by
entities which are configured to send inform requests
via entries in the notifyTable."
::= { v2AdminNotify 3 }
notifyInformParametersEntry OBJECT-TYPE
SYNTAX NotifyInformParametersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Additional parameters for a notification destination."
AUGMENTS { notifyEntry }
::= { notifyInformParametersTable 1 }
NotifyInformParametersEntry ::= SEQUENCE {
notifyConfirm TruthValue,
notifyAuthSnmpID SnmpID,
notifyTimeout Integer32,
notifyMaxRetry Integer32
}
notifyConfirm OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates whether a notification should be confirmed. If
this value is true(1), then the notification will be sent
as an inform request. If the value is false(2), then the
notification will be sent as a trap."
::= { notifyInformParametersEntry 1 }
notifyAuthSnmpID OBJECT-TYPE
SYNTAX SnmpID
MAX-ACCESS read-create
Expires February 1996 [Page 42]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
STATUS current
DESCRIPTION
"Indicates the SnmpID to be used in the AuthInfo
field of Inform requests. This object is located in this
table because the authSnmpID need only be specified
for an Inform request, since this snmpID must be that
of the entity to which the Inform is being sent. For a trap,
the authSnmpID would be equal to the local value of snmpID
of the trap sender."
::= { notifyInformParametersEntry 2 }
notifyTimeout OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The timeout interval to be used when waiting for the response
to an inform request. After this period has expired, the
inform request will be resent. This will be repeated a number
of times up to notifyMaxRetry, until a response is
received."
::= { notifyInformParametersEntry 3 }
notifyMaxRetry OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The maximum number of times an inform request should be
re-sent when a response is not received within the interval
specified by the corresponding value of notifyTimeout."
::= { notifyInformParametersEntry 4 }
Expires February 1996 [Page 43]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
--
-- The v2AdminProxy group
--
v2AdminProxy OBJECT IDENTIFIER ::= { v2AdminMIB 8 }
--
-- The proxyForwardingTable need only be implemented by those entities
-- which perform proxy operations. This includes entities which forward
-- SNMP Get, GetNext, GetBulk, Set, and Inform requests to another
-- entity, and forward the responses resulting from these requests back
-- to the originating entities, and entities which forward SNMP traps to
-- another entity.
--
proxyForwardingTable OBJECT-TYPE
SYNTAX SEQUENCE OF ProxyForwardingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The proxy configuration database. Each conceptual row in
this database specifies configuration information for an
entity acting in a proxy role."
::= { v2AdminProxy 2 }
proxyForwardingEntry OBJECT-TYPE
SYNTAX ProxyForwardingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A proxy configuration."
INDEX { proxyIndex } |
::= { proxyForwardingTable 1 }
ProxyForwardingEntry ::= SEQUENCE {
proxyIndex INTEGER, |
proxyType INTEGER, |
proxySPIIn SPI,
proxyAuthSnmpIDIn SnmpID,
proxyIdentityNameIn AuthName,
proxyContextSnmpIDIn SnmpID,
proxyContextNameIn AuthName,
proxySPIOut SPI,
proxyAuthSnmpIDOut SnmpID,
Expires February 1996 [Page 44]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
proxyIdentityNameOut AuthName,
proxyTransportLabelOut TransportLabel, -
proxyMemoryType MemoryType, -
proxyStatus RowStatus
}
proxyIndex OBJECT-TYPE |
SYNTAX INTEGER (0..2147483647) |
MAX-ACCESS not-accessible |
STATUS current |
DESCRIPTION |
"An arbitrary unique value for each proxy configuration." |
::= { proxyForwardingEntry 1 } |
proxyType OBJECT-TYPE |
SYNTAX INTEGER {
gnb(1), |
set(2), |
trap(3), |
inform(4) |
}
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"Indicates whether the entity will act as a proxy for
management requests being sent from one entity to another
entity (and for the corresponding responses), for traps
operations being sent from an agent to a manager, or for
inform operations being sent from a manager to another manager
(and for the corresponding responses).
If this object is equal to gnb(1), then this conceptual row |
is a configuration for performing proxy operations for Get,
GetNext, and GetBulk operations. |
If this object is equal to set(2), then this conceptual row |
is a configuration for performing proxy operations for Set |
operations. |
If this object is equal to trap(3), then this conceptual |
row is a configuration for performing proxy operations for
Trap operations.
If this object is equal to inform(4), then this conceptual |
row is a configuration for performing proxy operations for
Expires February 1996 [Page 45]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
Inform operations."
::= { proxyForwardingEntry 2 } |
proxySPIIn OBJECT-TYPE
SYNTAX SPI
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"The security protocol for which the agent will act as
a proxy. This entity will only perform proxy operations
for management operations in which the security protocol
in use matches this object."
::= { proxyForwardingEntry 3 } |
proxyAuthSnmpIDIn OBJECT-TYPE
SYNTAX SnmpID
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"The value of authSnmpID for an incoming message. For
entries for which the value of proxyType is gnb(1), set(2) or |
inform(4), this object will have the same value as the local |
value for snmpID."
::= { proxyForwardingEntry 4 } |
proxyIdentityNameIn OBJECT-TYPE
SYNTAX AuthName(SIZE(1..255))
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"The identity for which this agent will act as a proxy.
This entity will only perform proxy operations for management
operations in which the identity derived by the security
protocol from the authentication information matches an
instance of this object."
::= { proxyForwardingEntry 5 } |
proxyContextSnmpIDIn OBJECT-TYPE
SYNTAX SnmpID
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"This object, along with the corresponding instance of
proxyContextNameIn, specifies the context for which
this entity will act as a proxy. These two objects
Expires February 1996 [Page 46]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
identify a particular globally unique context, i.e.,
a particular v2ContextSnmpID and v2ContextName pair."
::= { proxyForwardingEntry 6 } |
proxyContextNameIn OBJECT-TYPE
SYNTAX AuthName (SIZE(1..255))
MAX-ACCESS read-create |
STATUS current
DESCRIPTION
"This object, along with the corresponding instance of
proxyContextSnmpIDIn, specifies the context for which
this entity will act as a proxy. These two objects
identify a particular globally unique context, i.e.,
a particular v2ContextSnmpID and v2ContextName pair."
::= { proxyForwardingEntry 7 } |
proxySPIOut OBJECT-TYPE
SYNTAX SPI
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identifier of the security protocol to be used for
forwarding the proxied requests or trap notifications."
::= { proxyForwardingEntry 8 } |
proxyAuthSnmpIDOut OBJECT-TYPE
SYNTAX SnmpID
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The snmpID value to which forwarded messages will
be sent."
::= { proxyForwardingEntry 9 } |
proxyIdentityNameOut OBJECT-TYPE
SYNTAX AuthName(SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identity to be used for forwarding proxied requests or
trap notifications."
::= { proxyForwardingEntry 10 } |
proxyTransportLabelOut OBJECT-TYPE -
SYNTAX TransportLabel
Expires February 1996 [Page 47]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identification of zero, one, or many conceptual rows in
the transportTable whose values of transportLabel equal the
value of this object, designating the transport endpoint(s) to
which proxied requests will be forwarded.
Note that this object may specify multiple transport endpoints
to which a proxied request may be forwarded. If this is the
case, then the first response to the forwarded request which
is received will be accepted, and subsequent responses will
be discarded. In the case of proxy trap forwarding, multiple
transport end-points simply represent a proxy fan-out."
::= { proxyForwardingEntry 11 } -
proxyMemoryType OBJECT-TYPE
SYNTAX MemoryType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row in the
proxyForwardingTable. Conceptual rows having the value
'permanent' need not allow write-access to any columnar
objects in the row."
::= { proxyForwardingEntry 12 }
proxyStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row in the proxyForwardingTable.
For those columnar objects which permit write-access, their
value in an existing conceptual row can be changed
irrespective of the value of proxyStatus for that row."
::= { proxyForwardingEntry 13 }
Expires February 1996 [Page 48]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
-- conformance information
v2AdminMIBConformance
OBJECT IDENTIFIER ::= { v2AdminMIB 10 }
v2AdminMIBCompliances
OBJECT IDENTIFIER ::= { v2AdminMIBConformance 1 }
v2AdminMIBGroups
OBJECT IDENTIFIER ::= { v2AdminMIBConformance 2 }
-- compliance statements
v2AdminMIBBasicAgentCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for simple SNMPv2 agents which
implement the SNMPv2 ADMIN MIB."
MODULE -- this module
MANDATORY-GROUPS {
v2AdminBasicGroup
}
::= { v2AdminMIBCompliances 1 }
v2AdminMIBBasicAgentWithTransportCheckingCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for simple SNMPv2 agents which
implement the SNMPv2 ADMIN MIB, and which also perform
transport endpoint checks when authenticating messages."
MODULE -- this module
MANDATORY-GROUPS {
v2AdminBasicGroup,
v2AdminTransportGroup
}
::= { v2AdminMIBCompliances 2 }
v2AdminMIBBasicAgentWithTrapsCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities which
implement the SNMPv2 ADMIN MIB."
MODULE -- this module
MANDATORY-GROUPS {
v2AdminBasicGroup,
v2AdminTransportGroup,
Expires February 1996 [Page 49]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
v2AdminTrapGroup
}
::= { v2AdminMIBCompliances 3 }
v2AdminMIBBasicAgentWithProxyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities which
implement the SNMPv2 ADMIN MIB."
MODULE -- this module
MANDATORY-GROUPS {
v2AdminBasicGroup,
v2AdminTransportGroup,
v2AdminProxyGroup
}
::= { v2AdminMIBCompliances 4 }
v2AdminMIBBasicAgentWithTrapsAndProxyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities which
implement the SNMPv2 ADMIN MIB."
MODULE -- this module
MANDATORY-GROUPS {
v2AdminBasicGroup,
v2AdminTransportGroup,
v2AdminTrapGroup,
v2AdminProxyGroup
}
::= { v2AdminMIBCompliances 5 }
v2AdminMIBDualRoleEntityCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities which
implement the SNMPv2 ADMIN MIB."
MODULE -- this module
MANDATORY-GROUPS {
v2AdminBasicGroup,
v2AdminTransportGroup,
v2AdminTrapGroup,
v2AdminProxyGroup,
v2AdminInformGroup
}
::= { v2AdminMIBCompliances 6 }
Expires February 1996 [Page 50]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
-- units of conformance
v2AdminBasicGroup OBJECT-GROUP
OBJECTS {
snmpID,
snmpMaxMessageSize,
maxIdentityNameLength,
maxGroupNameLength,
maxV2ContextNameLength,
maxViewTreeNameLength,
maxTransportLabelLength,
v2ContextSnmpID,
v2ContextName,
v2ContextLocalEntity,
v2ContextLocalTime,
v2ContextMemoryType,
v2ContextStatus,
viewTreeSpinLock,
viewTreeName,
viewTreeSubTree,
viewTreeMask,
viewTreeType,
viewTreeMemoryType,
viewTreeStatus,
acSpinLock,
acGroupName,
acContextName,
acContextNameMask,
acPrivs,
acReadViewName,
acWriteViewName,
acMemoryType,
acStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing for configuration of an
SNMPv2 agent."
::= { v2AdminMIBGroups 1 }
v2AdminTransportGroup OBJECT-GROUP
OBJECTS {
transportSpinLock,
transportLabel,
transportSubindex,
Expires February 1996 [Page 51]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
transportDomain,
transportAddress,
transportReceiveMask,
transportMMS,
transportMemoryType,
transportStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing for configuration of
transport endpoints."
::= { v2AdminMIBGroups 2 }
v2AdminTrapGroup OBJECT-GROUP
OBJECTS {
notifySpinLock,
notifyIndex,
notifySPI,
notifyIdentityName,
notifyTransportLabel,
notifyContextName,
notifyViewName,
notifyMemoryType,
notifyStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing for configuration of an
SNMPv2 agent which will send traps."
::= { v2AdminMIBGroups 3 }
v2AdminProxyGroup OBJECT-GROUP
OBJECTS {
proxyIndex, |
proxyType, |
proxySPIIn,
proxyIdentityNameIn,
proxyContextSnmpIDIn,
proxyContextNameIn,
proxySPIOut,
proxyAuthSnmpIDOut,
proxyIdentityNameOut,
proxyTransportLabelOut,
proxyMemoryType, -
proxyStatus
Expires February 1996 [Page 52]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
}
STATUS current
DESCRIPTION
"A collection of objects providing for configuration of an
SNMPv2 proxy agent."
::= { v2AdminMIBGroups 4 }
v2AdminInformGroup OBJECT-GROUP
OBJECTS {
notifyConfirm,
notifyAuthSnmpID,
notifyTimeout,
notifyMaxRetry
}
STATUS current
DESCRIPTION
"A collection of objects providing for configuration of an
SNMPv2 dual-role-entity which will send informs."
::= { v2AdminMIBGroups 5 }
END
7. Acknowledgements
To be provided here.
8. References
To be provided here.
Expires February 1996 [Page 53]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
9. Authors' Addresses
Tell U. Later
various members of the SNMPv2 Working Group
snmpv2@tis.com
Expires February 1996 [Page 54]
�
Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995
Table of Contents
1 Introduction .................................................... 3
2 Potential Scope ................................................. 3
2.1 Requirements for SNMPv2 Agents ................................ 3
2.2 Requirements for SNMPv2 Dual-Role Entities .................... 4
3 Structure of MIB ................................................ 5
4 Authorizing Notifications ....................................... 8
5 Transport Endpoints ............................................. 10
6 Definitions ..................................................... 12
7 Acknowledgements ................................................ 53
8 References ...................................................... 53
9 Authors' Addresses .............................................. 54
Expires February 1996 [Page 55]
�