-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathCISCO-COMMON-MGMT-MIB.mib
538 lines (464 loc) · 21.2 KB
/
CISCO-COMMON-MGMT-MIB.mib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
-- ********************************************************************
-- CISCO-COMMON-MGMT-MIB.my: Common Management Mib
--
-- July 2004, Vinay Gaonkar
-- June 2005, Sanjeev C Joshi
--
-- Copyright (c) 2004-2005 by cisco Systems, Inc.
-- All rights reserved.
--
-- ********************************************************************
CISCO-COMMON-MGMT-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Unsigned32 FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
RowStatus, DisplayString,
DateAndTime, AutonomousType,
TruthValue, StorageType FROM SNMPv2-TC
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
usmNoAuthProtocol, usmNoPrivProtocol FROM SNMP-USER-BASED-SM-MIB
ciscoMgmt FROM CISCO-SMI;
ciscoCommonMgmtMIB MODULE-IDENTITY
LAST-UPDATED "200506230000Z"
ORGANIZATION "Cisco Systems Inc. "
CONTACT-INFO
" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553 -NETS
E-mail: [email protected]"
DESCRIPTION
"MIB module for integrating different elements of
managing a device. For example, different device access
methods like SNMP, CLI, XML and so on have different set
of users which are used to communicate with the device.
The ccmCommonUserTable provides framework to create one
set of users which is common across all the device
access methods.
So, this MIB serves as a framework to integrate
management of different access methods."
REVISION "200506230000Z"
DESCRIPTION
"Initial version of this MIB module."
::= { ciscoMgmt 443 }
ciscoCommonMgmtNotifs
OBJECT IDENTIFIER ::= { ciscoCommonMgmtMIB 0 }
ciscoCommonMgmtMIBObjects
OBJECT IDENTIFIER ::= { ciscoCommonMgmtMIB 1 }
ciscoCommonMgmtMIBConform
OBJECT IDENTIFIER ::= { ciscoCommonMgmtMIB 2 }
ccmUserConfig OBJECT IDENTIFIER ::=
{ ciscoCommonMgmtMIBObjects 1 }
--
-- ccmCommonMaxUsers
--
ccmCommonMaxUsers OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of common users that can be configured
on this device. i.e., the maximum number of entries in
the ccmCommonUserTable.
0 means maximum number of users is dynamically
determined, e.g., depending on memory availability."
::= { ccmUserConfig 1 }
ccmCommonUsers OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of common users that are currently configured on
this device. i.e., the number of entries in the
ccmCommonUserTable."
::= { ccmUserConfig 2 }
ccmCommonUsersGlobalEnforcePriv OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether the SNMP agent enforces
the use of encryption for SNMPv3 messages globally on
all the users in the system.
The 'vacmAccessSecurityLevel' determines the acceptable
security levels per group and is set to noAuthnoPriv
default unless otherwise configured. The actual access
to the mib objects in a SNMP message is controlled by
vacmAccessTable. This object provides the configuration
at a higher level to enforce privacy without any
introspection of the mib objects in the SNMP message.
When the privacy is enforced globally, for any SNMPv3
PDU request with securityLevel of either 'noAuthNoPriv'
and 'authNoPriv', the SNMP agent responds with an
'authorizationError'."
DEFVAL { false }
::= { ccmUserConfig 3 }
ccmCommonUserLastChange OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local date and time when the user database -
ccmCommonUserTable configuration was last changed.
This object will be set to zero on power cycle or
on reboot of the system. Also, if the clock is
changed on local system it is set to zero."
::= { ccmUserConfig 4 }
--
-- ccmCommonUserTable
--
ccmCommonUserTable OBJECT-TYPE
SYNTAX SEQUENCE OF CcmCommonUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists all the common users configured on
this device. A common user is a user who is common
across SNMP, CLI and other device access methods.
Certain access methods might need the user created
to be standard compliant. For example - for SNMP, the
user created need to be compliant to RFC 3414
(SNMP-USER-BASED-SM-MIB). When a common user is
created in this table, a corresponding SNMP user is
created in the 'usmUserTable' with corresponding
instance of usmUserStorageType set to readOnly .
Similarly when a common user is deleted from this
table, the corresponding entry in the 'usmUserTable'
is deleted."
::= { ccmUserConfig 5 }
ccmCommonUserEntry OBJECT-TYPE
SYNTAX CcmCommonUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) in the ccmCommonUserTable."
INDEX { ccmCommonUserName }
::= { ccmCommonUserTable 1 }
CcmCommonUserEntry ::= SEQUENCE {
ccmCommonUserName SnmpAdminString,
ccmCommonUserPassword DisplayString,
ccmCommonUserExpiryDate DateAndTime,
ccmCommonUserSshKeyFilename SnmpAdminString,
ccmCommonUserSshKeyConfigured TruthValue,
ccmCommonUserSNMPAuthProtocol AutonomousType,
ccmCommonUserSNMPPrivProtocol AutonomousType,
ccmCommonUserCredType INTEGER,
ccmCommonUserStorageType StorageType,
ccmCommonUserRowStatus RowStatus
}
ccmCommonUserName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Name of the common user."
::= { ccmCommonUserEntry 1}
ccmCommonUserPassword OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Password of the common user.
For SNMP, this password is used for both authentication
and privacy. For CLI and XML, it is used for
authentication only.
A zero-length string is always returned when this
object is read."
DEFVAL { ''H }
::= { ccmCommonUserEntry 2}
ccmCommonUserExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The date on which this user will expire. Note
that non-date related octets in this object are
ignored.
If the all the date related octets have value
'00'H, then user never expires."
DEFVAL { '0000000000000000000000'H }
::= { ccmCommonUserEntry 3}
ccmCommonUserSshKeyFilename OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the file storing the SSH public key.
The SSH public key is used to authenticate the SSH
session for this user. Note that this object
applies to only CLI user.
The content within SSH Key file can be one of the
following:
- SSH Public Key in OpenSSH format
- SSH Public Key in IETF SECSH (Commercial
SSH public key format)
- SSH Client Certificate in PEM (privacy-enhanced
mail format) from which the public key will be
extracted
- SSH Client Certificate DN (Distinguished Name)
for certificate based authentication.
The file format for specifying SSH Client Certificate
DN (Distinguished Name) is below
<Algorithm Used for Authentication> DN <Distinguished
Name>
For example, if RSA algorithm is used then input file
should contain following content
x509v3-sign-rsa DN <Distinguished Name>
Whereas if DSA algorithm is used then input file
should contain following content
x509v3-sign-dsa DN <Distinguished Name>
Here Distinguished Name is essentially Subject name in
the certificate.
This object is used to configure the SSH public key for
a user. When this object is read, the agent may return
a zero length string. However, the value of the
corresponding instance of ccmCommonUserSshKeyConfigured
should indicate if the key is configured or not."
DEFVAL { ''H }
::= { ccmCommonUserEntry 4}
ccmCommonUserSshKeyConfigured OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies whether the user corresponding
to this entry is configured with SSH public key.
The value of 'true' indicates that the user is
configured with SSH public key. The value of 'false'
indicates the user is not configured with SSH public
key."
::= { ccmCommonUserEntry 5 }
ccmCommonUserSNMPAuthProtocol OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An indication of whether messages sent on behalf of
this user to/from the SNMP engine can be authenticated,
and if so, the type of authentication protocol which is
used.
An instance of this object is created concurrently
with the creation of any other object instance for
the same user (i.e., as part of the processing of
the set operation which creates the first object
instance in the same conceptual row).
If an initial set operation (i.e. at row creation time)
tries to set a value for an unknown or unsupported
protocol, then a 'wrongValue' error must be returned.
Once instantiated, the value of such an instance of
this object can only be changed via a set operation to
the value of the usmNoAuthProtocol.
If a set operation tries to change the value of an
existing instance of this object to any value other
than usmNoAuthProtocol, then an 'inconsistentValue'
error must be returned.
If a set operation tries to set the value to the
usmNoAuthProtocol while the
ccmCommonUserSNMPPrivProtocol value in the same row is
not equal to usmNoPrivProtocol, then an
'inconsistentValue' error must be returned. That means
that an SNMP command generator application must first
ensure that the usmUserPrivProtocol is set to the
usmNoPrivProtocol value before it can set the
usmUserAuthProtocol value to usmNoAuthProtocol.
The value of an instance of this object directly maps
to a corresponding instance of usmUserAuthProtocol in
the usmUserTable."
DEFVAL { usmNoAuthProtocol }
::= { ccmCommonUserEntry 6 }
ccmCommonUserSNMPPrivProtocol OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An indication of whether messages sent on behalf of
this user to/from the SNMP engine can be protected
from disclosure, and if so, the type of privacy
protocol which is used.
An instance of this object is created concurrently
with the creation of any other object instance for
the same user (i.e., as part of the processing of
the set operation which creates the first object
instance in the same conceptual row).
If an initial set operation (i.e. at row creation time)
tries to set a value for an unknown or unsupported
protocol, then a 'wrongValue' error must be returned.
Once instantiated, the value of such an instance of
this object can only be changed via a set operation to
the value of the usmNoPrivProtocol.
If a set operation tries to change the value of an
existing instance of this object to any value other
than usmNoPrivProtocol, then an 'inconsistentValue'
error must be returned.
Note that if any privacy protocol is used, then you
must also use an authentication protocol. In other
words, if usmUserPrivProtocol is set to anything else
than usmNoPrivProtocol, then the corresponding instance
of usmUserAuthProtocol cannot have a value of
usmNoAuthProtocol. If it does, then an
'inconsistentValue' error must be returned.
The value of an instance of this object directly maps
to a corresponding instance of usmUserPrivProtocol in
the usmUserTable."
DEFVAL { usmNoPrivProtocol }
::= { ccmCommonUserEntry 7 }
ccmCommonUserCredType OBJECT-TYPE
SYNTAX INTEGER {
none(1),
localCredentialStore(2),
remoteCredentialStore(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the credential store of the user.
When a row is created in this table by a user, the
user entry is created in a credential store local to
the device.
In case of remote authentication mechanism like AAA
Server based authentication, credentials are stored
in other(remote) system/device."
::= { ccmCommonUserEntry 8 }
ccmCommonUserStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need
not allow write-access to any columnar objects in
the row."
DEFVAL { nonVolatile }
::= { ccmCommonUserEntry 9 }
ccmCommonUserRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Status of the user."
::= { ccmCommonUserEntry 10 }
--
-- ccmCommonUserRoleListTable
--
ccmCommonUserRoleTable OBJECT-TYPE
SYNTAX SEQUENCE OF CcmCommonUserRoleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides a mechanism to map a common
user represented by ccmCommonUserName to one or
more roles. These roles provide access control
policies for a principal. Note that all the roles
used in the this table have to be present in the
commonRoleTable of CISCO-COMMON-ROLES-MIB.
For Common User - Role assignments created in this
table, for SNMP user access, the corresponding
entries are created in the vacmSecurityToGroupTable
(of SNMP-VIEW-BASED-ACM-MIB) in line with View-based
Access Control Model (RFC3415) and
cvacmSecurityToGroupTable (of CISCO-SNMP-VACM-EXT-MIB)
to represent all the mappings. All such instances in
SNMP tables are created with corresponding StorageType
set to readOnly.
Note that it is not necessary to update this table if
the user-role mapping data is changed using
corresponding access methods. e.g., if the SNMPv3
user-group mapping using vacmSecurityToGroupTable
and cvacmSecurityToGroupTable is changed, it is not
necessary to reflect that change in this table."
::= { ccmUserConfig 6 }
ccmCommonUserRoleEntry OBJECT-TYPE
SYNTAX CcmCommonUserRoleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) in the
ccmCommonUserRoleTable."
INDEX { ccmCommonUserName, ccmCommonUserRoleName }
::= { ccmCommonUserRoleTable 1 }
CcmCommonUserRoleEntry ::= SEQUENCE {
ccmCommonUserRoleName SnmpAdminString,
ccmCommonUserRoleStorageType StorageType,
ccmCommonUserRoleRowStatus RowStatus
}
ccmCommonUserRoleName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Name of the role."
::= { ccmCommonUserRoleEntry 1}
ccmCommonUserRoleStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need
not allow write-access to any columnar objects in
the row."
DEFVAL { nonVolatile }
::= { ccmCommonUserRoleEntry 2 }
ccmCommonUserRoleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Status of the role list entry."
::= { ccmCommonUserRoleEntry 3}
-- Conformance
ciscoCommonMgmtMIBCompliances
OBJECT IDENTIFIER ::= { ciscoCommonMgmtMIBConform 1 }
ciscoCommonMgmtMIBGroups
OBJECT IDENTIFIER ::= { ciscoCommonMgmtMIBConform 2 }
ciscoCommonMgmtMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for entities which
implement the CISCO-COMMON-MGMT-MIB."
MODULE MANDATORY-GROUPS { ccmConfigurationGroup }
OBJECT ccmCommonUserRowStatus
SYNTAX INTEGER {
active (1),
createAndGo (4),
destroy (6)}
DESCRIPTION
"Only 'createAndGo', 'destroy' and 'active' need to be
supported."
OBJECT ccmCommonUserRoleRowStatus
SYNTAX INTEGER {
active (1),
createAndGo (4),
destroy (6)}
DESCRIPTION
"Only 'createAndGo', 'destroy' and 'active' need to be
supported."
::= { ciscoCommonMgmtMIBCompliances 1 }
-- Units of Conformance
ccmConfigurationGroup OBJECT-GROUP
OBJECTS {
ccmCommonMaxUsers,
ccmCommonUsers,
ccmCommonUsersGlobalEnforcePriv,
ccmCommonUserLastChange,
ccmCommonUserPassword,
ccmCommonUserExpiryDate,
ccmCommonUserSshKeyFilename,
ccmCommonUserSshKeyConfigured,
ccmCommonUserSNMPAuthProtocol,
ccmCommonUserSNMPPrivProtocol,
ccmCommonUserCredType,
ccmCommonUserStorageType,
ccmCommonUserRowStatus,
ccmCommonUserRoleStorageType,
ccmCommonUserRoleRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects for Common Management
configuration."
::= { ciscoCommonMgmtMIBGroups 1 }
END