This is a summary of information regarding objects below the snmpVacmMIB MIB object, which is defined within the SNMP-VIEW-BASED-ACM-MIB MIB document as .1.3.6.1.6.3.16.
| Name | Type | Access | OID | Description |
|---|---|---|---|---|
|
1
vacmViewSpinLock |
INTEGER
Legal values: 0 .. 2147483647 TestAndIncr | ReadWrite | .1.3.6.1.6.3.16.1.5.1 |
Note: this object is based on the TestAndIncr TEXTUAL-CONVENTION.
An advisory lock used to allow cooperating SNMP
Command Generator applications to coordinate their
use of the Set operation in creating or modifying
views.
When creating a new view or altering an existing
view, it is important to understand the potential
interactions with other uses of the view. The
vacmViewSpinLock should be retrieved. The name of
the view to be created should be determined to be
unique by the SNMP Command Generator application by
consulting the vacmViewTreeFamilyTable. Finally,
the named view may be created (Set), including the
advisory lock.
If another SNMP Command Generator application has
altered the views in the meantime, then the spin
lock's value will have changed, and so this creation
will fail because it will specify the wrong value for
the spin lock.
Since this is an advisory lock, the use of this lock
is not enforced.
|
| Name | Type | Access | Description |
|---|---|---|---|
|
1
vacmContextName |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | ReadOnly |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
A human readable name identifying a particular
context at a particular SNMP entity.
The empty contextName (zero length) represents the
default context.
|
| Name | Type | Access | Description |
|---|
| Name | Type | Access | Description |
|---|---|---|---|
|
1
vacmSecurityModel |
INTEGER
Legal values: 1 .. 2147483647 SnmpSecurityModel | NoAccess |
Note: this object is based on the SnmpSecurityModel TEXTUAL-CONVENTION.
The Security Model, by which the vacmSecurityName
referenced by this entry is provided.
Note, this object may not take the 'any' (0) value.
|
|
2
vacmSecurityName |
OCTETSTR
Legal Lengths: 1 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The securityName for the principal, represented in a
Security Model independent format, which is mapped by
this entry to a groupName.
|
| Name | Type | Access | Description |
|---|---|---|---|
|
3
vacmGroupName |
OCTETSTR
Legal Lengths: 1 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The name of the group to which this entry (e.g., the
combination of securityModel and securityName)
belongs.
This groupName is used as index into the
vacmAccessTable to select an access control policy.
However, a value in this table does not imply that an
instance with the value exists in table vacmAccesTable.
|
|
4
vacmSecurityToGroupStorageType |
INTEGER
StorageType (ENUM list below) | Create |
Note: this object is based on the StorageType TEXTUAL-CONVENTION.
The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
|
|
5
vacmSecurityToGroupStatus |
INTEGER
RowStatus (ENUM list below) | Create |
Note: this object is based on the RowStatus TEXTUAL-CONVENTION.
The status of this conceptual row.
Until instances of all corresponding columns are
appropriately configured, the value of the
corresponding instance of the vacmSecurityToGroupStatus
column is 'notReady'.
In particular, a newly created row cannot be made
active until a value has been set for vacmGroupName.
The RowStatus TC [RFC2579] requires that this
DESCRIPTION clause states under which circumstances
other objects in this row can be modified:
The value of this object has no effect on whether
other objects in this conceptual row can be modified.
|
| Name | Type | Access | Description |
|---|---|---|---|
|
3
vacmGroupName |
OCTETSTR
Legal Lengths: 1 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The name of the group to which this entry (e.g., the
combination of securityModel and securityName)
belongs.
This groupName is used as index into the
vacmAccessTable to select an access control policy.
However, a value in this table does not imply that an
instance with the value exists in table vacmAccesTable.
|
|
1
vacmAccessContextPrefix |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
In order to gain the access rights allowed by this
conceptual row, a contextName must match exactly
(if the value of vacmAccessContextMatch is 'exact')
or partially (if the value of vacmAccessContextMatch
is 'prefix') to the value of the instance of this
object.
|
|
2
vacmAccessSecurityModel |
INTEGER
Legal values: 0 .. 2147483647 SnmpSecurityModel | NoAccess |
Note: this object is based on the SnmpSecurityModel TEXTUAL-CONVENTION.
In order to gain the access rights allowed by this
conceptual row, this securityModel must be in use.
|
|
3
vacmAccessSecurityLevel |
INTEGER
SnmpSecurityLevel (ENUM list below) | NoAccess |
Note: this object is based on the SnmpSecurityLevel TEXTUAL-CONVENTION.
The minimum level of security required in order to
gain the access rights allowed by this conceptual
row. A securityLevel of noAuthNoPriv is less than
authNoPriv which in turn is less than authPriv.
If multiple entries are equally indexed except for
this vacmAccessSecurityLevel index, then the entry
which has the highest value for
vacmAccessSecurityLevel is selected.
|
| Name | Type | Access | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
4
vacmAccessContextMatch |
INTEGER
| Create |
If the value of this object is exact(1), then all
rows where the contextName exactly matches
vacmAccessContextPrefix are selected.
If the value of this object is prefix(2), then all
rows where the contextName whose starting octets
exactly match vacmAccessContextPrefix are selected.
This allows for a simple form of wildcarding.
|
||||||
|
5
vacmAccessReadViewName |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The value of an instance of this object identifies
the MIB view of the SNMP context to which this
conceptual row authorizes read access.
The identified MIB view is that one for which the
vacmViewTreeFamilyViewName has the same value as the
instance of this object; if the value is the empty
string or if there is no active MIB view having this
value of vacmViewTreeFamilyViewName, then no access
is granted.
|
||||||
|
6
vacmAccessWriteViewName |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The value of an instance of this object identifies
the MIB view of the SNMP context to which this
conceptual row authorizes write access.
The identified MIB view is that one for which the
vacmViewTreeFamilyViewName has the same value as the
instance of this object; if the value is the empty
string or if there is no active MIB view having this
value of vacmViewTreeFamilyViewName, then no access
is granted.
|
||||||
|
7
vacmAccessNotifyViewName |
OCTETSTR
Legal Lengths: 0 .. 32 SnmpAdminString | Create |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION.
The value of an instance of this object identifies
the MIB view of the SNMP context to which this
conceptual row authorizes access for notifications.
The identified MIB view is that one for which the
vacmViewTreeFamilyViewName has the same value as the
instance of this object; if the value is the empty
string or if there is no active MIB view having this
value of vacmViewTreeFamilyViewName, then no access
is granted.
|
||||||
|
8
vacmAccessStorageType |
INTEGER
StorageType (ENUM list below) | Create |
Note: this object is based on the StorageType TEXTUAL-CONVENTION.
The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
|
||||||
|
9
vacmAccessStatus |
INTEGER
RowStatus (ENUM list below) | Create |
Note: this object is based on the RowStatus TEXTUAL-CONVENTION.
The status of this conceptual row.
The RowStatus TC [RFC2579] requires that this
DESCRIPTION clause states under which circumstances
other objects in this row can be modified:
The value of this object has no effect on whether
other objects in this conceptual row can be modified.
|
| Name | Type | Access | Description |
|---|---|---|---|
|
1
vacmViewTreeFamilyViewName |
OCTETSTR
Legal Lengths: 1 .. 32 SnmpAdminString | NoAccess |
Note: this object is based on the SnmpAdminString TEXTUAL-CONVENTION. The human readable name for a family of view subtrees. |
|
2
vacmViewTreeFamilySubtree | OBJECTID | NoAccess |
The MIB subtree which when combined with the
corresponding instance of vacmViewTreeFamilyMask
defines a family of view subtrees.
|
| Name | Type | Access | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
3
vacmViewTreeFamilyMask |
OCTETSTR
Legal Lengths: 0 .. 16 | Create |
The bit mask which, in combination with the
corresponding instance of vacmViewTreeFamilySubtree,
defines a family of view subtrees.
Each bit of this bit mask corresponds to a
sub-identifier of vacmViewTreeFamilySubtree, with the
most significant bit of the i-th octet of this octet
string value (extended if necessary, see below)
corresponding to the (8*i - 7)-th sub-identifier, and
the least significant bit of the i-th octet of this
octet string corresponding to the (8*i)-th
sub-identifier, where i is in the range 1 through 16.
Each bit of this bit mask specifies whether or not
the corresponding sub-identifiers must match when
determining if an OBJECT IDENTIFIER is in this
family of view subtrees; a '1' indicates that an
exact match must occur; a '0' indicates 'wild card',
i.e., any sub-identifier value matches.
Thus, the OBJECT IDENTIFIER X of an object instance
is contained in a family of view subtrees if, for
each sub-identifier of the value of
vacmViewTreeFamilySubtree, either:
the i-th bit of vacmViewTreeFamilyMask is 0, or
the i-th sub-identifier of X is equal to the i-th
sub-identifier of the value of
vacmViewTreeFamilySubtree.
If the value of this bit mask is M bits long and
there are more than M sub-identifiers in the
corresponding instance of vacmViewTreeFamilySubtree,
then the bit mask is extended with 1's to be the
required length.
Note that when the value of this object is the
zero-length string, this extension rule results in
a mask of all-1's being used (i.e., no 'wild card'),
and the family of view subtrees is the one view
subtree uniquely identified by the corresponding
instance of vacmViewTreeFamilySubtree.
Note that masks of length greater than zero length
do not need to be supported. In this case this
object is made read-only.
|
||||||
|
4
vacmViewTreeFamilyType |
INTEGER
| Create |
Indicates whether the corresponding instances of
vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
define a family of view subtrees which is included in
or excluded from the MIB view.
|
||||||
|
5
vacmViewTreeFamilyStorageType |
INTEGER
StorageType (ENUM list below) | Create |
Note: this object is based on the StorageType TEXTUAL-CONVENTION.
The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
|
||||||
|
6
vacmViewTreeFamilyStatus |
INTEGER
RowStatus (ENUM list below) | Create |
Note: this object is based on the RowStatus TEXTUAL-CONVENTION.
The status of this conceptual row.
The RowStatus TC [RFC2579] requires that this
DESCRIPTION clause states under which circumstances
other objects in this row can be modified:
The value of this object has no effect on whether
other objects in this conceptual row can be modified.
|
SCALAR OBJECTS
TABLE OBJECTS |
These TEXTUAL-CONVENTIONS are used in other parts of the document above. They are SNMP's way of defining a datatype that is used repeatedly by other MIB objects. Any implementation implementing objects that use one of these definitions must follow its DESCRIPTION clause as well as the DESCRIPTION clause of the object itself.
| Name | Type | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SnmpSecurityLevel | INTEGER
| A Level of Security at which SNMP messages can be
sent or with which operations are being processed;
in particular, one of:
noAuthNoPriv - without authentication and
without privacy,
authNoPriv - with authentication but
without privacy,
authPriv - with authentication and
with privacy.
These three values are ordered such that
noAuthNoPriv is less than authNoPriv and
authNoPriv is less than authPriv.
| ||||||||||||||
| TestAndIncr | INTEGER | Represents integer-valued information used for atomic operations. When the management protocol is used to specify that an object instance having this syntax is to be modified, the new value supplied via the management protocol must precisely match the value presently held by the instance. If not, the management protocol set operation fails with an error of `inconsistentValue'. Otherwise, if the current value is the maximum value of 2^31-1 (2147483647 decimal), then the value held by the instance is wrapped to zero; otherwise, the value held by the instance is incremented by one. (Note that regardless of whether the management protocol set operation succeeds, the variable- binding in the request and response PDUs are identical.) The value of the ACCESS clause for objects having this syntax is either `read-write' or `read-create'. When an instance of a columnar object having this syntax is created, any value may be supplied via the management protocol. When the network management portion of the system is re- initialized, the value of every object instance having this syntax must either be incremented from its value prior to the re-initialization, or (if the value prior to the re- initialization is unknown) be set to a pseudo-randomly generated value. | ||||||||||||||
| StorageType | INTEGER
| Describes the memory realization of a conceptual row. A row which is volatile(2) is lost upon reboot. A row which is either nonVolatile(3), permanent(4) or readOnly(5), is backed up by stable storage. A row which is permanent(4) can be changed but not deleted. A row which is readOnly(5) cannot be changed nor deleted. If the value of an object with this syntax is either permanent(4) or readOnly(5), it cannot be written. Conversely, if the value is either other(1), volatile(2) or nonVolatile(3), it cannot be modified to be permanent(4) or readOnly(5). (All illegal modifications result in a 'wrongValue' error.) Every usage of this textual convention is required to specify the columnar objects which a permanent(4) row must at a minimum allow to be writable. | ||||||||||||||
| SnmpSecurityModel | INTEGER | An identifier that uniquely identifies a
Security Model of the Security Subsystem within
this SNMP Management Architecture.
The values for securityModel are allocated as
follows:
- The zero value does not identify any particular
security model.
- Values between 1 and 255, inclusive, are reserved
for standards-track Security Models and are
managed by the Internet Assigned Numbers Authority
(IANA).
- Values greater than 255 are allocated to
enterprise-specific Security Models. An
enterprise-specific securityModel value is defined
to be:
enterpriseID * 256 + security model within
enterprise
For example, the fourth Security Model defined by
the enterprise whose enterpriseID is 1 would be
259.
This scheme for allocation of securityModel
values allows for a maximum of 255 standards-
based Security Models, and for a maximum of
256 Security Models per enterprise.
It is believed that the assignment of new
securityModel values will be rare in practice
because the larger the number of simultaneously
utilized Security Models, the larger the
chance that interoperability will suffer.
Consequently, it is believed that such a range
will be sufficient. In the unlikely event that
the standards committee finds this number to be
insufficient over time, an enterprise number
can be allocated to obtain an additional 256
possible values.
Note that the most significant bit must be zero;
hence, there are 23 bits allocated for various
organizations to design and define non-standard
securityModels. This limits the ability to
define new proprietary implementations of Security
Models to the first 8,388,608 enterprises.
It is worthwhile to note that, in its encoded
form, the securityModel value will normally
require only a single byte since, in practice,
the leftmost bits will be zero for most messages
and sign extension is suppressed by the encoding
rules.
As of this writing, there are several values
of securityModel defined for use with SNMP or
reserved for use with supporting MIB objects.
They are as follows:
0 reserved for 'any'
1 reserved for SNMPv1
2 reserved for SNMPv2c
3 User-Based Security Model (USM)
| ||||||||||||||
| RowStatus | INTEGER
| The RowStatus textual convention is used to manage the
creation and deletion of conceptual rows, and is used as the
value of the SYNTAX clause for the status column of a
conceptual row (as described in Section 7.7.1 of [2].)
The status column has six defined values:
- `active', which indicates that the conceptual row is
available for use by the managed device;
- `notInService', which indicates that the conceptual
row exists in the agent, but is unavailable for use by
the managed device (see NOTE below); 'notInService' has
no implication regarding the internal consistency of
the row, availability of resources, or consistency with
the current state of the managed device;
- `notReady', which indicates that the conceptual row
exists in the agent, but is missing information
necessary in order to be available for use by the
managed device (i.e., one or more required columns in
the conceptual row have not been instanciated);
- `createAndGo', which is supplied by a management
station wishing to create a new instance of a
conceptual row and to have its status automatically set
to active, making it available for use by the managed
device;
- `createAndWait', which is supplied by a management
station wishing to create a new instance of a
conceptual row (but not make it available for use by
the managed device); and,
- `destroy', which is supplied by a management station
wishing to delete all of the instances associated with
an existing conceptual row.
Whereas five of the six values (all except `notReady') may
be specified in a management protocol set operation, only
three values will be returned in response to a management
protocol retrieval operation: `notReady', `notInService' or
`active'. That is, when queried, an existing conceptual row
has only three states: it is either available for use by
the managed device (the status column has value `active');
it is not available for use by the managed device, though
the agent has sufficient information to attempt to make it
so (the status column has value `notInService'); or, it is
not available for use by the managed device, and an attempt
to make it so would fail because the agent has insufficient
information (the state column has value `notReady').
NOTE WELL
This textual convention may be used for a MIB table,
irrespective of whether the values of that table's
conceptual rows are able to be modified while it is
active, or whether its conceptual rows must be taken
out of service in order to be modified. That is, it is
the responsibility of the DESCRIPTION clause of the
status column to specify whether the status column must
not be `active' in order for the value of some other
column of the same conceptual row to be modified. If
such a specification is made, affected columns may be
changed by an SNMP set PDU if the RowStatus would not
be equal to `active' either immediately before or after
processing the PDU. In other words, if the PDU also
contained a varbind that would change the RowStatus
value, the column in question may be changed if the
RowStatus was not equal to `active' as the PDU was
received, or if the varbind sets the status | ||||||||||||||
| SnmpAdminString | OCTETSTR | An octet string containing administrative
information, preferably in human-readable form.
To facilitate internationalization, this
information is represented using the ISO/IEC
IS 10646-1 character set, encoded as an octet
string using the UTF-8 transformation format
described in [RFC2279].
Since additional code points are added by
amendments to the 10646 standard from time
to time, implementations must be prepared to
encounter any code point from 0x00000000 to
0x7fffffff. Byte sequences that do not
correspond to the valid UTF-8 encoding of a
code point or are outside this range are
prohibited.
The use of control codes should be avoided.
When it is necessary to represent a newline,
the control code sequence CR LF should be used.
The use of leading or trailing white space should
be avoided.
For code points not directly supported by user
interface hardware or software, an alternative
means of entry and display, such as hexadecimal,
may be provided.
For information encoded in 7-bit US-ASCII,
the UTF-8 encoding is identical to the
US-ASCII encoding.
UTF-8 may require multiple bytes to represent a
single character / code point; thus the length
of this object in octets may be different from
the number of characters encoded. Similarly,
size constraints refer to the number of encoded
octets, not the number of characters represented
by an encoding.
Note that when this TC is used for an object that
is used or envisioned to be used as an index, then
a SIZE restriction MUST be specified so that the
number of sub-identifiers for any object instance
does not exceed the limit of 128, as defined by
[RFC3416].
Note that the size of an SnmpAdminString object is
measured in octets, not characters.
|
Tree view generated by running: snmptranslate -Tp SNMP-VIEW-BASED-ACM-MIB::snmpVacmMIB
+--snmpVacmMIB(16) | +--vacmMIBObjects(1) | | | +--vacmContextTable(1) | | | | | +--vacmContextEntry(1) | | | Index: vacmContextName | | | | | +-- -R-- String vacmContextName(1) | | Textual Convention: SnmpAdminString | | Size: 0..32 | | | +--vacmSecurityToGroupTable(2) | | | | | +--vacmSecurityToGroupEntry(1) | | | Index: vacmSecurityModel, vacmSecurityName | | | | | +-- ---- INTEGER vacmSecurityModel(1) | | | Textual Convention: SnmpSecurityModel | | | Range: 1..2147483647 | | +-- ---- String vacmSecurityName(2) | | | Textual Convention: SnmpAdminString | | | Size: 1..32 | | +-- CR-- String vacmGroupName(3) | | | Textual Convention: SnmpAdminString | | | Size: 1..32 | | +-- CR-- EnumVal vacmSecurityToGroupStorageType(4) | | | Textual Convention: StorageType | | | Values: other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) | | +-- CR-- EnumVal vacmSecurityToGroupStatus(5) | | Textual Convention: RowStatus | | Values: active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) | | | +--vacmAccessTable(4) | | | | | +--vacmAccessEntry(1) | | | Index: vacmGroupName, vacmAccessContextPrefix, vacmAccessSecurityModel, vacmAccessSecurityLevel | | | | | +-- ---- String vacmAccessContextPrefix(1) | | | Textual Convention: SnmpAdminString | | | Size: 0..32 | | +-- ---- INTEGER vacmAccessSecurityModel(2) | | | Textual Convention: SnmpSecurityModel | | | Range: 0..2147483647 | | +-- ---- EnumVal vacmAccessSecurityLevel(3) | | | Textual Convention: SnmpSecurityLevel | | | Values: noAuthNoPriv(1), authNoPriv(2), authPriv(3) | | +-- CR-- EnumVal vacmAccessContextMatch(4) | | | Values: exact(1), prefix(2) | | +-- CR-- String vacmAccessReadViewName(5) | | | Textual Convention: SnmpAdminString | | | Size: 0..32 | | +-- CR-- String vacmAccessWriteViewName(6) | | | Textual Convention: SnmpAdminString | | | Size: 0..32 | | +-- CR-- String vacmAccessNotifyViewName(7) | | | Textual Convention: SnmpAdminString | | | Size: 0..32 | | +-- CR-- EnumVal vacmAccessStorageType(8) | | | Textual Convention: StorageType | | | Values: other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) | | +-- CR-- EnumVal vacmAccessStatus(9) | | Textual Convention: RowStatus | | Values: active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) | | | +--vacmMIBViews(5) | | | +-- -RW- INTEGER vacmViewSpinLock(1) | | Textual Convention: TestAndIncr | | Range: 0..2147483647 | | | +--vacmViewTreeFamilyTable(2) | | | +--vacmViewTreeFamilyEntry(1) | | Index: vacmViewTreeFamilyViewName, vacmViewTreeFamilySubtree | | | +-- ---- String vacmViewTreeFamilyViewName(1) | | Textual Convention: SnmpAdminString | | Size: 1..32 | +-- ---- ObjID vacmViewTreeFamilySubtree(2) | +-- CR-- String vacmViewTreeFamilyMask(3) | | Size: 0..16 | +-- CR-- EnumVal vacmViewTreeFamilyType(4) | | Values: included(1), excluded(2) | +-- CR-- EnumVal vacmViewTreeFamilyStorageType(5) | | Textual Convention: StorageType | | Values: other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) | +-- CR-- EnumVal vacmViewTreeFamilyStatus(6) | Textual Convention: RowStatus | Values: active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) | +--vacmMIBConformance(2) | +--vacmMIBCompliances(1) | | | +--vacmMIBCompliance(1) | +--vacmMIBGroups(2) | +--vacmBasicGroup(1)
Last modified: Wednesday, 01-Aug-2018 04:41:28 UTC
For questions regarding web content and site functionality, please write to the net-snmp-users mail list.