You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-SNMP-VACM-EXT-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-SNMP-VACM-EXT-MIB by vendor Cisco

CISCO-SNMP-VACM-EXT-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-SNMP-VACM-EXT-MIB.


Vendor: Cisco
Mib: CISCO-SNMP-VACM-EXT-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- ******************************************************************** 
-- CISCO-SNMP-VACM-EXT-MIB.my : Extension to SNMP-VIEW-BASED-ACM-MIB
--
-- April 2004, Keith McCloghrie, Sanjeev C Joshi, Vinay Gaonkar
--
-- Copyright (c) 2004 by cisco Systems, Inc.
-- All rights reserved.
-- 
-- ********************************************************************

CISCO-SNMP-VACM-EXT-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE
                FROM SNMPv2-SMI
        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF
        RowStatus,
        StorageType
                FROM SNMPv2-TC
        SnmpAdminString
                FROM SNMP-FRAMEWORK-MIB 
        vacmSecurityModel,
        vacmSecurityName
                FROM SNMP-VIEW-BASED-ACM-MIB                
        ciscoMgmt
                FROM CISCO-SMI;

ciscoSnmpVacmExtMIB MODULE-IDENTITY
        LAST-UPDATED        "200405190000Z"
        ORGANIZATION        "Cisco Systems, Inc."
        CONTACT-INFO
                "       Cisco Systems
                        Customer Service
                        
                Postal: 170 W Tasman Drive
                        San Jose, CA  95134
                        USA
                        
                   Tel: +1 800 553-NETS
                   
                E-mail:  cs-snmp@cisco.com"
        DESCRIPTION
                "The management information definitions to extend
                 the View-based Access Control Model (RFC3415) for
                 SNMP.
                 
                 This MIB extends the 'SNMP-VIEW-BASED-ACM-MIB' to
                 allow each combination of a 'securityModel' and a
                 'securityName' to be mapped into additional
                 groupNames. The groups identified by these mappings
                 are in addition to those identified by 
                 'vacmGroupName' of the 'vacmSecurityToGroupTable'.
                 "

        REVISION  "200405190000Z"
        DESCRIPTION
                "Initial version of this MIB."
        ::= { ciscoMgmt 409 }

--
-- CISCO-SNMP-VACM-EXT-MIB administrative assignments
--

ciscoSnmpVacmExtMIBObjects        OBJECT IDENTIFIER     
                                  ::= { ciscoSnmpVacmExtMIB 1 }
ciscoSnmpVacmExtMIBConformance    OBJECT IDENTIFIER     
                                  ::= { ciscoSnmpVacmExtMIB 2 }
                                
--
--  VACM  Group Extension - Extension of vacmSecurityToGroupTable
--

cvacmSecurityToGroupTable       OBJECT-TYPE
        SYNTAX         SEQUENCE OF CvacmSecurityToGroupEntry
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION
           "An Extension table to the 'vacmSecurityToGroupTable'
            defined in 'SNMP-VIEW-BASED-ACM-MIB. 
            
            This table provides a mechanism to map a combination 
            of 'securityModel' and 'securityName' into one or more
            groups in addition to the 'vacmGroupName' mapped in
            the 'vacmSecurityToGroupTable'. These groups provide 
            additional access control policies for a principal.
            
            The agent must allow the same group mapping entry to be
            present in both  the 'cvacmSecurityToGroupTable' and the
            'vacmSecurityToGroupTable'.            
            
            A row in this table can not exist without a corresponding
            row for the same combination of 'securityModel' and
            'securityName in the 'vacmSecurityToGroupTable'.
            
            While creating a row in this table, if there is no
            corresponding row for the same combination of
            'securityModel' and 'securityName in the 
            'vacmSecurityToGroupTable', the same  mapping entry in 
            is created in the  'vacmSecurityToGroupTable' by the
            agent using the values of instance variables of the entry
            in this table. 
           
            The deletion of a row in the 'vacmSecurityToGroupTable'
            also causes the deletion of all the group mapping 
            entries for the same combination of  'vacmSecurityModel' 
            and 'vacmSecurityName' in the 'cvacmSecurityToGroupTable'.
            The deletion of a row in this table does not affect
            'vacmSecurityToGroupTable'entries.
            "
        REFERENCE
           " [RFC3415] View-based Access Control Model (VACM) for the 
             Simple Network Management Protocol (SNMP), STD 62 .
           "
        ::= { ciscoSnmpVacmExtMIBObjects 1 }

cvacmSecurityToGroupEntry OBJECT-TYPE
        SYNTAX         CvacmSecurityToGroupEntry
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION
           "An entry (conceptual row) in the
            'cvacmSecurityToGroupTable'. Each row represents one
            groupName mapping for the combination of 'securityModel' 
            and 'securityName' in the system.
           "
        INDEX          { vacmSecurityModel,
                         vacmSecurityName,
                         cvacmSecurityGrpName }
        ::= { cvacmSecurityToGroupTable 1}

CvacmSecurityToGroupEntry ::=
        SEQUENCE {
            cvacmSecurityGrpName                SnmpAdminString,
            cvacmSecurityGrpStorageType         StorageType,
            cvacmSecurityGrpStatus              RowStatus
} 

cvacmSecurityGrpName OBJECT-TYPE
        SYNTAX         SnmpAdminString(SIZE(1..32))
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION
           "The name of the group for the mapping represented by
            this row. This is in addition to the 'vacmGroupName'
            mapped in the 'vacmSecurityToGroupTable'. For example
            a user principal  represented by 'securityName' maps
            to a group represented by 'cvacmSecurityGrpName' under
            a security model represented by 'securityModel'.
            
            This groupName is used as index into the 
            'vacmAccessTable' to select an access control policy.
            However, a value in this table does not imply that an
            instance with the value exists in table 'vacmAccesTable'.
            "
	    ::= { cvacmSecurityToGroupEntry 1 }   

cvacmSecurityGrpStorageType OBJECT-TYPE
        SYNTAX         StorageType
        MAX-ACCESS     read-create
        STATUS         current
        DESCRIPTION
           "The storage type for this conceptual row.
            Conceptual rows having the value 'permanent' need not
            allow write-access to any columnar objects in the row.
            "
        DEFVAL         { nonVolatile }            
	    ::= { cvacmSecurityToGroupEntry 2 }

cvacmSecurityGrpStatus OBJECT-TYPE
        SYNTAX         RowStatus
        MAX-ACCESS     read-create
        STATUS         current
        DESCRIPTION
           "The status of this conceptual row. The value of
            this object has no effect on whether other objects
            in this conceptual row can be modified.            
            "
	    ::= { cvacmSecurityToGroupEntry 3 }                    
     
--
-- Conformance information
--

ciscoSnmpVacmExtMIBCompliances OBJECT IDENTIFIER
                               ::= { ciscoSnmpVacmExtMIBConformance 1 }
ciscoSnmpVacmExtMIBGroups      OBJECT IDENTIFIER
                               ::= { ciscoSnmpVacmExtMIBConformance 2 }

ciscoSnmpVacmExtMIBCompliance MODULE-COMPLIANCE
        STATUS         current
        DESCRIPTION
           "The compliance statement for SNMP engines which 
            implement the CISCO-SNMP-VACM-EXT-MIB."
        MODULE 
           MANDATORY-GROUPS { ciscoSnmpVacmExtGroup }

        OBJECT cvacmSecurityGrpStatus
        SYNTAX      INTEGER { active (1),
                              createAndGo (4),
                              destroy (6)
                            }
        DESCRIPTION
           "Only 'active', 'createAndGo' and 'destroy' are needed to be
            supported."           
        ::= { ciscoSnmpVacmExtMIBCompliances 1 }
--
-- Units of Conformance
--

ciscoSnmpVacmExtGroup  OBJECT-GROUP
        OBJECTS        { cvacmSecurityGrpStorageType,
                         cvacmSecurityGrpStatus }
        STATUS         current
        DESCRIPTION
           "A collection of objects providing for remote
            configuration of an SNMP engine which extends
            the SNMP View-based Access Control Model."
        ::= { ciscoSnmpVacmExtMIBGroups 1 }

END