This is a summary of information regarding objects below the netSnmpVacmMIB MIB object, which is defined within the NET-SNMP-VACM-MIB MIB document as .1.3.6.1.4.1.8072.1.9.
Name | Type | Access | OID | Description |
---|
Name | Type | Access | Description |
---|---|---|---|
3
vacmGroupName |
OCTETSTR
Legal Lengths: 1 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. The name of the group to which this entry (e.g., the combination of securityModel and securityName) belongs. This groupName is used as index into the vacmAccessTable to select an access control policy. However, a value in this table does not imply that an instance with the value exists in table vacmAccesTable. |
1
vacmAccessContextPrefix |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. In order to gain the access rights allowed by this conceptual row, a contextName must match exactly (if the value of vacmAccessContextMatch is 'exact') or partially (if the value of vacmAccessContextMatch is 'prefix') to the value of the instance of this object. |
2
vacmAccessSecurityModel |
INTEGER
Legal values: 0 .. 2147483647 SnmpSecurityModel | NoAccess |
Note: this object is based on the SnmpSecurityModel TEXTUAL-CONVENTION. In order to gain the access rights allowed by this conceptual row, this securityModel must be in use. |
3
vacmAccessSecurityLevel |
INTEGER
SnmpSecurityLevel (ENUM list below) | NoAccess |
Note: this object is based on the SnmpSecurityLevel TEXTUAL-CONVENTION. The minimum level of security required in order to gain the access rights allowed by this conceptual row. A securityLevel of noAuthNoPriv is less than authNoPriv which in turn is less than authPriv. If multiple entries are equally indexed except for this vacmAccessSecurityLevel index, then the entry which has the highest value for vacmAccessSecurityLevel is selected. |
1
nsVacmAuthType |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. The type of processing that the specified view should be applied to. See 'snmpd.conf(5)' and 'snmptrapd.conf(5)' for details. |
Name | Type | Access | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
2
nsVacmContextMatch |
INTEGER
| Create |
If the value of this object is exact(1), then all rows where the contextName exactly matches vacmAccessContextPrefix are selected. If the value of this object is prefix(2), then all rows where the contextName whose starting octets exactly match vacmAccessContextPrefix are selected. This allows for a simple form of wildcarding. The value of this object should be consistent across all nsVacmAccessEntries corresponding to a single row of the vacmAccessTable. |
||||||
3
nsVacmViewName |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. The MIB view authorised for the appropriate style of processing (as indicated by nsVacmToken). The interpretation of this value is the same as for the standard VACM ViewName objects. |
||||||
4
nsVacmStorageType |
INTEGER
StorageType (ENUM list below) | Create |
Note: this object is based on the StorageType TEXTUAL-CONVENTION. The storage type for this (group of) conceptual rows. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. The value of this object should be consistent across all nsVacmAccessEntries corresponding to a single row of the vacmAccessTable. |
||||||
5
nsVacmStatus |
INTEGER
RowStatus (ENUM list below) | Create |
Note: this object is based on the RowStatus TEXTUAL-CONVENTION. The status of this (group of) conceptual rows. The RowStatus TC [RFC2579] requires that this DESCRIPTION clause states under which circumstances other objects in this row can be modified: The value of this object has no effect on whether other objects in this conceptual row can be modified. The value of this object should be consistent across all nsVacmAccessEntries corresponding to a single row of the vacmAccessTable. |
SCALAR OBJECTS
TABLE OBJECTS |
These TEXTUAL-CONVENTIONS are used in other parts of the document above. They are SNMP's way of defining a datatype that is used repeatedly by other MIB objects. Any implementation implementing objects that use one of these definitions must follow its DESCRIPTION clause as well as the DESCRIPTION clause of the object itself.
Name | Type | Description | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SnmpSecurityLevel | INTEGER
| A Level of Security at which SNMP messages can be sent or with which operations are being processed; in particular, one of: noAuthNoPriv - without authentication and without privacy, authNoPriv - with authentication but without privacy, authPriv - with authentication and with privacy. These three values are ordered such that noAuthNoPriv is less than authNoPriv and authNoPriv is less than authPriv. | ||||||||||||||
StorageType | INTEGER
| Describes the memory realization of a conceptual row. A row which is volatile(2) is lost upon reboot. A row which is either nonVolatile(3), permanent(4) or readOnly(5), is backed up by stable storage. A row which is permanent(4) can be changed but not deleted. A row which is readOnly(5) cannot be changed nor deleted. If the value of an object with this syntax is either permanent(4) or readOnly(5), it cannot be written. Conversely, if the value is either other(1), volatile(2) or nonVolatile(3), it cannot be modified to be permanent(4) or readOnly(5). (All illegal modifications result in a 'wrongValue' error.) Every usage of this textual convention is required to specify the columnar objects which a permanent(4) row must at a minimum allow to be writable. | ||||||||||||||
SnmpSecurityModel | INTEGER | An identifier that uniquely identifies a Security Model of the Security Subsystem within this SNMP Management Architecture. The values for securityModel are allocated as follows: - The zero value does not identify any particular security model. - Values between 1 and 255, inclusive, are reserved for standards-track Security Models and are managed by the Internet Assigned Numbers Authority (IANA). - Values greater than 255 are allocated to enterprise-specific Security Models. An enterprise-specific securityModel value is defined to be: enterpriseID * 256 + security model within enterprise For example, the fourth Security Model defined by the enterprise whose enterpriseID is 1 would be 259. This scheme for allocation of securityModel values allows for a maximum of 255 standards- based Security Models, and for a maximum of 256 Security Models per enterprise. It is believed that the assignment of new securityModel values will be rare in practice because the larger the number of simultaneously utilized Security Models, the larger the chance that interoperability will suffer. Consequently, it is believed that such a range will be sufficient. In the unlikely event that the standards committee finds this number to be insufficient over time, an enterprise number can be allocated to obtain an additional 256 possible values. Note that the most significant bit must be zero; hence, there are 23 bits allocated for various organizations to design and define non-standard securityModels. This limits the ability to define new proprietary implementations of Security Models to the first 8,388,608 enterprises. It is worthwhile to note that, in its encoded form, the securityModel value will normally require only a single byte since, in practice, the leftmost bits will be zero for most messages and sign extension is suppressed by the encoding rules. As of this writing, there are several values of securityModel defined for use with SNMP or reserved for use with supporting MIB objects. They are as follows: 0 reserved for 'any' 1 reserved for SNMPv1 2 reserved for SNMPv2c 3 User-Based Security Model (USM) | ||||||||||||||
RowStatus | INTEGER
| The RowStatus textual convention is used to manage the creation and deletion of conceptual rows, and is used as the value of the SYNTAX clause for the status column of a conceptual row (as described in Section 7.7.1 of [2].) The status column has six defined values: - `active', which indicates that the conceptual row is available for use by the managed device; - `notInService', which indicates that the conceptual row exists in the agent, but is unavailable for use by the managed device (see NOTE below); 'notInService' has no implication regarding the internal consistency of the row, availability of resources, or consistency with the current state of the managed device; - `notReady', which indicates that the conceptual row exists in the agent, but is missing information necessary in order to be available for use by the managed device (i.e., one or more required columns in the conceptual row have not been instanciated); - `createAndGo', which is supplied by a management station wishing to create a new instance of a conceptual row and to have its status automatically set to active, making it available for use by the managed device; - `createAndWait', which is supplied by a management station wishing to create a new instance of a conceptual row (but not make it available for use by the managed device); and, - `destroy', which is supplied by a management station wishing to delete all of the instances associated with an existing conceptual row. Whereas five of the six values (all except `notReady') may be specified in a management protocol set operation, only three values will be returned in response to a management protocol retrieval operation: `notReady', `notInService' or `active'. That is, when queried, an existing conceptual row has only three states: it is either available for use by the managed device (the status column has value `active'); it is not available for use by the managed device, though the agent has sufficient information to attempt to make it so (the status column has value `notInService'); or, it is not available for use by the managed device, and an attempt to make it so would fail because the agent has insufficient information (the state column has value `notReady'). NOTE WELL This textual convention may be used for a MIB table, irrespective of whether the values of that table's conceptual rows are able to be modified while it is active, or whether its conceptual rows must be taken out of service in order to be modified. That is, it is the responsibility of the DESCRIPTION clause of the status column to specify whether the status column must not be `active' in order for the value of some other column of the same conceptual row to be modified. If such a specification is made, affected columns may be changed by an SNMP set PDU if the RowStatus would not be equal to `active' either immediately before or after processing the PDU. In other words, if the PDU also contained a varbind that would change the RowStatus value, the column in question may be changed if the RowStatus was not equal to `active' as the PDU was received, or if the varbind sets the status | ||||||||||||||
SnmpAdminString | OCTETSTR | An octet string containing administrative information, preferably in human-readable form. To facilitate internationalization, this information is represented using the ISO/IEC IS 10646-1 character set, encoded as an octet string using the UTF-8 transformation format described in [RFC2279]. Since additional code points are added by amendments to the 10646 standard from time to time, implementations must be prepared to encounter any code point from 0x00000000 to 0x7fffffff. Byte sequences that do not correspond to the valid UTF-8 encoding of a code point or are outside this range are prohibited. The use of control codes should be avoided. When it is necessary to represent a newline, the control code sequence CR LF should be used. The use of leading or trailing white space should be avoided. For code points not directly supported by user interface hardware or software, an alternative means of entry and display, such as hexadecimal, may be provided. For information encoded in 7-bit US-ASCII, the UTF-8 encoding is identical to the US-ASCII encoding. UTF-8 may require multiple bytes to represent a single character / code point; thus the length of this object in octets may be different from the number of characters encoded. Similarly, size constraints refer to the number of encoded octets, not the number of characters represented by an encoding. Note that when this TC is used for an object that is used or envisioned to be used as an index, then a SIZE restriction MUST be specified so that the number of sub-identifiers for any object instance does not exceed the limit of 128, as defined by [RFC3416]. Note that the size of an SnmpAdminString object is measured in octets, not characters. |
Tree view generated by running: snmptranslate -Tp NET-SNMP-VACM-MIB::netSnmpVacmMIB
+--netSnmpVacmMIB(9) | +--nsVacmAccessTable(1) | +--nsVacmAccessEntry(1) | Index: vacmGroupName, vacmAccessContextPrefix, vacmAccessSecurityModel, vacmAccessSecurityLevel, nsVacmAuthType | +-- ---- String nsVacmAuthType(1) | Textual Convention: SnmpAdminString | Size: 0..32 +-- CR-- EnumVal nsVacmContextMatch(2) | Values: exact(1), prefix(2) +-- CR-- String nsVacmViewName(3) | Textual Convention: SnmpAdminString | Size: 0..32 +-- CR-- EnumVal nsVacmStorageType(4) | Textual Convention: StorageType | Values: other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) +-- CR-- EnumVal nsVacmStatus(5) Textual Convention: RowStatus Values: active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)
Last modified: Wednesday, 01-Aug-2018 04:41:28 UTC
For questions regarding web content and site functionality, please write to the net-snmp-users mail list.