This is a summary of information regarding objects below the netSnmpVacmMIB MIB object, which is defined within the NET-SNMP-VACM-MIB MIB document as .1.3.6.1.4.1.8072.1.9.
| Name | Type | Access | OID | Description |
|---|
| Name | Type | Access | Description |
|---|---|---|---|
|
3
vacmGroupName |
OCTETSTR
Legal Lengths: 1 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The name of the group to which this entry (e.g., the
combination of securityModel and securityName)
belongs.
This groupName is used as index into the
vacmAccessTable to select an access control policy.
However, a value in this table does not imply that an
instance with the value exists in table vacmAccesTable.
|
|
1
vacmAccessContextPrefix |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
In order to gain the access rights allowed by this
conceptual row, a contextName must match exactly
(if the value of vacmAccessContextMatch is 'exact')
or partially (if the value of vacmAccessContextMatch
is 'prefix') to the value of the instance of this
object.
|
|
2
vacmAccessSecurityModel |
INTEGER
Legal values: 0 .. 2147483647 SnmpSecurityModel | NoAccess |
Note: this object is based on the SnmpSecurityModel TEXTUAL-CONVENTION.
In order to gain the access rights allowed by this
conceptual row, this securityModel must be in use.
|
|
3
vacmAccessSecurityLevel |
INTEGER
SnmpSecurityLevel (ENUM list below) | NoAccess |
Note: this object is based on the SnmpSecurityLevel TEXTUAL-CONVENTION.
The minimum level of security required in order to
gain the access rights allowed by this conceptual
row. A securityLevel of noAuthNoPriv is less than
authNoPriv which in turn is less than authPriv.
If multiple entries are equally indexed except for
this vacmAccessSecurityLevel index, then the entry
which has the highest value for
vacmAccessSecurityLevel is selected.
|
|
1
nsVacmAuthType |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. The type of processing that the specified view should be applied to. See 'snmpd.conf(5)' and 'snmptrapd.conf(5)' for details. |
| Name | Type | Access | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
2
nsVacmContextMatch |
INTEGER
| Create |
If the value of this object is exact(1), then all
rows where the contextName exactly matches
vacmAccessContextPrefix are selected.
If the value of this object is prefix(2), then all
rows where the contextName whose starting octets
exactly match vacmAccessContextPrefix are selected.
This allows for a simple form of wildcarding.
The value of this object should be consistent across
all nsVacmAccessEntries corresponding to a single
row of the vacmAccessTable.
|
||||||
|
3
nsVacmViewName |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. The MIB view authorised for the appropriate style of processing (as indicated by nsVacmToken). The interpretation of this value is the same as for the standard VACM ViewName objects. |
||||||
|
4
nsVacmStorageType |
INTEGER
StorageType (ENUM list below) | Create |
Note: this object is based on the StorageType TEXTUAL-CONVENTION.
The storage type for this (group of) conceptual rows.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
The value of this object should be consistent across
all nsVacmAccessEntries corresponding to a single
row of the vacmAccessTable.
|
||||||
|
5
nsVacmStatus |
INTEGER
RowStatus (ENUM list below) | Create |
Note: this object is based on the RowStatus TEXTUAL-CONVENTION.
The status of this (group of) conceptual rows.
The RowStatus TC [RFC2579] requires that this
DESCRIPTION clause states under which circumstances
other objects in this row can be modified:
The value of this object has no effect on whether
other objects in this conceptual row can be modified.
The value of this object should be consistent across
all nsVacmAccessEntries corresponding to a single
row of the vacmAccessTable.
|
SCALAR OBJECTS
TABLE OBJECTS |
These TEXTUAL-CONVENTIONS are used in other parts of the document above. They are SNMP's way of defining a datatype that is used repeatedly by other MIB objects. Any implementation implementing objects that use one of these definitions must follow its DESCRIPTION clause as well as the DESCRIPTION clause of the object itself.
| Name | Type | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SnmpSecurityLevel | INTEGER
| A Level of Security at which SNMP messages can be
sent or with which operations are being processed;
in particular, one of:
noAuthNoPriv - without authentication and
without privacy,
authNoPriv - with authentication but
without privacy,
authPriv - with authentication and
with privacy.
These three values are ordered such that
noAuthNoPriv is less than authNoPriv and
authNoPriv is less than authPriv.
| ||||||||||||||
| StorageType | INTEGER
| Describes the memory realization of a conceptual row. A row which is volatile(2) is lost upon reboot. A row which is either nonVolatile(3), permanent(4) or readOnly(5), is backed up by stable storage. A row which is permanent(4) can be changed but not deleted. A row which is readOnly(5) cannot be changed nor deleted. If the value of an object with this syntax is either permanent(4) or readOnly(5), it cannot be written. Conversely, if the value is either other(1), volatile(2) or nonVolatile(3), it cannot be modified to be permanent(4) or readOnly(5). (All illegal modifications result in a 'wrongValue' error.) Every usage of this textual convention is required to specify the columnar objects which a permanent(4) row must at a minimum allow to be writable. | ||||||||||||||
| SnmpSecurityModel | INTEGER | An identifier that uniquely identifies a
Security Model of the Security Subsystem within
this SNMP Management Architecture.
The values for securityModel are allocated as
follows:
- The zero value does not identify any particular
security model.
- Values between 1 and 255, inclusive, are reserved
for standards-track Security Models and are
managed by the Internet Assigned Numbers Authority
(IANA).
- Values greater than 255 are allocated to
enterprise-specific Security Models. An
enterprise-specific securityModel value is defined
to be:
enterpriseID * 256 + security model within
enterprise
For example, the fourth Security Model defined by
the enterprise whose enterpriseID is 1 would be
259.
This scheme for allocation of securityModel
values allows for a maximum of 255 standards-
based Security Models, and for a maximum of
256 Security Models per enterprise.
It is believed that the assignment of new
securityModel values will be rare in practice
because the larger the number of simultaneously
utilized Security Models, the larger the
chance that interoperability will suffer.
Consequently, it is believed that such a range
will be sufficient. In the unlikely event that
the standards committee finds this number to be
insufficient over time, an enterprise number
can be allocated to obtain an additional 256
possible values.
Note that the most significant bit must be zero;
hence, there are 23 bits allocated for various
organizations to design and define non-standard
securityModels. This limits the ability to
define new proprietary implementations of Security
Models to the first 8,388,608 enterprises.
It is worthwhile to note that, in its encoded
form, the securityModel value will normally
require only a single byte since, in practice,
the leftmost bits will be zero for most messages
and sign extension is suppressed by the encoding
rules.
As of this writing, there are several values
of securityModel defined for use with SNMP or
reserved for use with supporting MIB objects.
They are as follows:
0 reserved for 'any'
1 reserved for SNMPv1
2 reserved for SNMPv2c
3 User-Based Security Model (USM)
| ||||||||||||||
| RowStatus | INTEGER
| The RowStatus textual convention is used to manage the
creation and deletion of conceptual rows, and is used as the
value of the SYNTAX clause for the status column of a
conceptual row (as described in Section 7.7.1 of [2].)
The status column has six defined values:
- `active', which indicates that the conceptual row is
available for use by the managed device;
- `notInService', which indicates that the conceptual
row exists in the agent, but is unavailable for use by
the managed device (see NOTE below); 'notInService' has
no implication regarding the internal consistency of
the row, availability of resources, or consistency with
the current state of the managed device;
- `notReady', which indicates that the conceptual row
exists in the agent, but is missing information
necessary in order to be available for use by the
managed device (i.e., one or more required columns in
the conceptual row have not been instanciated);
- `createAndGo', which is supplied by a management
station wishing to create a new instance of a
conceptual row and to have its status automatically set
to active, making it available for use by the managed
device;
- `createAndWait', which is supplied by a management
station wishing to create a new instance of a
conceptual row (but not make it available for use by
the managed device); and,
- `destroy', which is supplied by a management station
wishing to delete all of the instances associated with
an existing conceptual row.
Whereas five of the six values (all except `notReady') may
be specified in a management protocol set operation, only
three values will be returned in response to a management
protocol retrieval operation: `notReady', `notInService' or
`active'. That is, when queried, an existing conceptual row
has only three states: it is either available for use by
the managed device (the status column has value `active');
it is not available for use by the managed device, though
the agent has sufficient information to attempt to make it
so (the status column has value `notInService'); or, it is
not available for use by the managed device, and an attempt
to make it so would fail because the agent has insufficient
information (the state column has value `notReady').
NOTE WELL
This textual convention may be used for a MIB table,
irrespective of whether the values of that table's
conceptual rows are able to be modified while it is
active, or whether its conceptual rows must be taken
out of service in order to be modified. That is, it is
the responsibility of the DESCRIPTION clause of the
status column to specify whether the status column must
not be `active' in order for the value of some other
column of the same conceptual row to be modified. If
such a specification is made, affected columns may be
changed by an SNMP set PDU if the RowStatus would not
be equal to `active' either immediately before or after
processing the PDU. In other words, if the PDU also
contained a varbind that would change the RowStatus
value, the column in question may be changed if the
RowStatus was not equal to `active' as the PDU was
received, or if the varbind sets the status | ||||||||||||||
| SnmpAdminString | OCTETSTR | An octet string containing administrative
information, preferably in human-readable form.
To facilitate internationalization, this
information is represented using the ISO/IEC
IS 10646-1 character set, encoded as an octet
string using the UTF-8 transformation format
described in [RFC2279].
Since additional code points are added by
amendments to the 10646 standard from time
to time, implementations must be prepared to
encounter any code point from 0x00000000 to
0x7fffffff. Byte sequences that do not
correspond to the valid UTF-8 encoding of a
code point or are outside this range are
prohibited.
The use of control codes should be avoided.
When it is necessary to represent a newline,
the control code sequence CR LF should be used.
The use of leading or trailing white space should
be avoided.
For code points not directly supported by user
interface hardware or software, an alternative
means of entry and display, such as hexadecimal,
may be provided.
For information encoded in 7-bit US-ASCII,
the UTF-8 encoding is identical to the
US-ASCII encoding.
UTF-8 may require multiple bytes to represent a
single character / code point; thus the length
of this object in octets may be different from
the number of characters encoded. Similarly,
size constraints refer to the number of encoded
octets, not the number of characters represented
by an encoding.
Note that when this TC is used for an object that
is used or envisioned to be used as an index, then
a SIZE restriction MUST be specified so that the
number of sub-identifiers for any object instance
does not exceed the limit of 128, as defined by
[RFC3416].
Note that the size of an SnmpAdminString object is
measured in octets, not characters.
|
Tree view generated by running: snmptranslate -Tp NET-SNMP-VACM-MIB::netSnmpVacmMIB
+--netSnmpVacmMIB(9) | +--nsVacmAccessTable(1) | +--nsVacmAccessEntry(1) | Index: vacmGroupName, vacmAccessContextPrefix, vacmAccessSecurityModel, vacmAccessSecurityLevel, nsVacmAuthType | +-- ---- String nsVacmAuthType(1) | Textual Convention: SnmpAdminString | Size: 0..32 +-- CR-- EnumVal nsVacmContextMatch(2) | Values: exact(1), prefix(2) +-- CR-- String nsVacmViewName(3) | Textual Convention: SnmpAdminString | Size: 0..32 +-- CR-- EnumVal nsVacmStorageType(4) | Textual Convention: StorageType | Values: other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) +-- CR-- EnumVal nsVacmStatus(5) Textual Convention: RowStatus Values: active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)
Last modified: Wednesday, 01-Aug-2018 04:41:28 UTC
For questions regarding web content and site functionality, please write to the net-snmp-users mail list.