1-- ******************************************************************** 2-- CISCO-SNMP-VACM-EXT-MIB.my : Extension to SNMP-VIEW-BASED-ACM-MIB 3-- 4-- April 2004, Keith McCloghrie, Sanjeev C Joshi, Vinay Gaonkar 5-- 6-- Copyright (c) 2004 by cisco Systems, Inc. 7-- All rights reserved. 8-- 9-- ******************************************************************** 10 11CISCO-SNMP-VACM-EXT-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE 16 FROM SNMPv2-SMI 17 MODULE-COMPLIANCE, 18 OBJECT-GROUP 19 FROM SNMPv2-CONF 20 RowStatus, 21 StorageType 22 FROM SNMPv2-TC 23 SnmpAdminString 24 FROM SNMP-FRAMEWORK-MIB 25 vacmSecurityModel, 26 vacmSecurityName 27 FROM SNMP-VIEW-BASED-ACM-MIB 28 ciscoMgmt 29 FROM CISCO-SMI; 30 31ciscoSnmpVacmExtMIB MODULE-IDENTITY 32 LAST-UPDATED "200405190000Z" 33 ORGANIZATION "Cisco Systems, Inc." 34 CONTACT-INFO 35 " Cisco Systems 36 Customer Service 37 38 Postal: 170 W Tasman Drive 39 San Jose, CA 95134 40 USA 41 42 Tel: +1 800 553-NETS 43 44 E-mail: cs-snmp@cisco.com" 45 DESCRIPTION 46 "The management information definitions to extend 47 the View-based Access Control Model (RFC3415) for 48 SNMP. 49 50 This MIB extends the 'SNMP-VIEW-BASED-ACM-MIB' to 51 allow each combination of a 'securityModel' and a 52 'securityName' to be mapped into additional 53 groupNames. The groups identified by these mappings 54 are in addition to those identified by 55 'vacmGroupName' of the 'vacmSecurityToGroupTable'. 56 " 57 58 REVISION "200405190000Z" 59 DESCRIPTION 60 "Initial version of this MIB." 61 ::= { ciscoMgmt 409 } 62 63-- 64-- CISCO-SNMP-VACM-EXT-MIB administrative assignments 65-- 66 67ciscoSnmpVacmExtMIBObjects OBJECT IDENTIFIER 68 ::= { ciscoSnmpVacmExtMIB 1 } 69ciscoSnmpVacmExtMIBConformance OBJECT IDENTIFIER 70 ::= { ciscoSnmpVacmExtMIB 2 } 71 72-- 73-- VACM Group Extension - Extension of vacmSecurityToGroupTable 74-- 75 76cvacmSecurityToGroupTable OBJECT-TYPE 77 SYNTAX SEQUENCE OF CvacmSecurityToGroupEntry 78 MAX-ACCESS not-accessible 79 STATUS current 80 DESCRIPTION 81 "An Extension table to the 'vacmSecurityToGroupTable' 82 defined in 'SNMP-VIEW-BASED-ACM-MIB. 83 84 This table provides a mechanism to map a combination 85 of 'securityModel' and 'securityName' into one or more 86 groups in addition to the 'vacmGroupName' mapped in 87 the 'vacmSecurityToGroupTable'. These groups provide 88 additional access control policies for a principal. 89 90 The agent must allow the same group mapping entry to be 91 present in both the 'cvacmSecurityToGroupTable' and the 92 'vacmSecurityToGroupTable'. 93 94 A row in this table can not exist without a corresponding 95 row for the same combination of 'securityModel' and 96 'securityName in the 'vacmSecurityToGroupTable'. 97 98 While creating a row in this table, if there is no 99 corresponding row for the same combination of 100 'securityModel' and 'securityName in the 101 'vacmSecurityToGroupTable', the same mapping entry in 102 is created in the 'vacmSecurityToGroupTable' by the 103 agent using the values of instance variables of the entry 104 in this table. 105 106 The deletion of a row in the 'vacmSecurityToGroupTable' 107 also causes the deletion of all the group mapping 108 entries for the same combination of 'vacmSecurityModel' 109 and 'vacmSecurityName' in the 'cvacmSecurityToGroupTable'. 110 The deletion of a row in this table does not affect 111 'vacmSecurityToGroupTable'entries. 112 " 113 REFERENCE 114 " [RFC3415] View-based Access Control Model (VACM) for the 115 Simple Network Management Protocol (SNMP), STD 62 . 116 " 117 ::= { ciscoSnmpVacmExtMIBObjects 1 } 118 119cvacmSecurityToGroupEntry OBJECT-TYPE 120 SYNTAX CvacmSecurityToGroupEntry 121 MAX-ACCESS not-accessible 122 STATUS current 123 DESCRIPTION 124 "An entry (conceptual row) in the 125 'cvacmSecurityToGroupTable'. Each row represents one 126 groupName mapping for the combination of 'securityModel' 127 and 'securityName' in the system. 128 " 129 INDEX { vacmSecurityModel, 130 vacmSecurityName, 131 cvacmSecurityGrpName } 132 ::= { cvacmSecurityToGroupTable 1} 133 134CvacmSecurityToGroupEntry ::= 135 SEQUENCE { 136 cvacmSecurityGrpName SnmpAdminString, 137 cvacmSecurityGrpStorageType StorageType, 138 cvacmSecurityGrpStatus RowStatus 139} 140 141cvacmSecurityGrpName OBJECT-TYPE 142 SYNTAX SnmpAdminString(SIZE(1..32)) 143 MAX-ACCESS not-accessible 144 STATUS current 145 DESCRIPTION 146 "The name of the group for the mapping represented by 147 this row. This is in addition to the 'vacmGroupName' 148 mapped in the 'vacmSecurityToGroupTable'. For example 149 a user principal represented by 'securityName' maps 150 to a group represented by 'cvacmSecurityGrpName' under 151 a security model represented by 'securityModel'. 152 153 This groupName is used as index into the 154 'vacmAccessTable' to select an access control policy. 155 However, a value in this table does not imply that an 156 instance with the value exists in table 'vacmAccesTable'. 157 " 158 ::= { cvacmSecurityToGroupEntry 1 } 159 160cvacmSecurityGrpStorageType OBJECT-TYPE 161 SYNTAX StorageType 162 MAX-ACCESS read-create 163 STATUS current 164 DESCRIPTION 165 "The storage type for this conceptual row. 166 Conceptual rows having the value 'permanent' need not 167 allow write-access to any columnar objects in the row. 168 " 169 DEFVAL { nonVolatile } 170 ::= { cvacmSecurityToGroupEntry 2 } 171 172cvacmSecurityGrpStatus OBJECT-TYPE 173 SYNTAX RowStatus 174 MAX-ACCESS read-create 175 STATUS current 176 DESCRIPTION 177 "The status of this conceptual row. The value of 178 this object has no effect on whether other objects 179 in this conceptual row can be modified. 180 " 181 ::= { cvacmSecurityToGroupEntry 3 } 182 183-- 184-- Conformance information 185-- 186 187ciscoSnmpVacmExtMIBCompliances OBJECT IDENTIFIER 188 ::= { ciscoSnmpVacmExtMIBConformance 1 } 189ciscoSnmpVacmExtMIBGroups OBJECT IDENTIFIER 190 ::= { ciscoSnmpVacmExtMIBConformance 2 } 191 192ciscoSnmpVacmExtMIBCompliance MODULE-COMPLIANCE 193 STATUS current 194 DESCRIPTION 195 "The compliance statement for SNMP engines which 196 implement the CISCO-SNMP-VACM-EXT-MIB." 197 MODULE 198 MANDATORY-GROUPS { ciscoSnmpVacmExtGroup } 199 200 OBJECT cvacmSecurityGrpStatus 201 SYNTAX INTEGER { active (1), 202 createAndGo (4), 203 destroy (6) 204 } 205 DESCRIPTION 206 "Only 'active', 'createAndGo' and 'destroy' are needed to be 207 supported." 208 ::= { ciscoSnmpVacmExtMIBCompliances 1 } 209-- 210-- Units of Conformance 211-- 212 213ciscoSnmpVacmExtGroup OBJECT-GROUP 214 OBJECTS { cvacmSecurityGrpStorageType, 215 cvacmSecurityGrpStatus } 216 STATUS current 217 DESCRIPTION 218 "A collection of objects providing for remote 219 configuration of an SNMP engine which extends 220 the SNMP View-based Access Control Model." 221 ::= { ciscoSnmpVacmExtMIBGroups 1 } 222 223END 224 225