HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 12:01:18 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Tue, 12 Sep 1995 22:00:00 GMT ETag: "3ddb67-184fd-305602e0" Accept-Ranges: bytes Content-Length: 99581 Connection: close Content-Type: text/plain Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 Administrative MIB for Version 2 of the Simple Network Management Protocol (SNMPv2) Fri Sep 08 1995 draft-various-snmpv2-adminmib-syn-00.txt Tell U. Later various members of the SNMPv2 Working Group snmpv2@tis.com Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Expires February 1996 [Page 1] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 running list of open issues reference list reference citations acknowledgements authors author addresses spell check decide what to do with respect to multi-manager race conditions on creating new views ... there are multiple options for the working group to select from: use of multiple, small grained spinlocks (as in present text) use of a single, large grained spinlock use of multiple table per bok switch from ascii-based strings (favored by jjohnson) to small-valued integer names the working group needs to reach a consensus on this decision and the text needs to be updated to reflect the resulting consensus Expires February 1996 [Page 2] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 1. Introduction A management system contains: several (potentially many) manageable nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol. The management protocol is used to convey management information between the agents and management stations; and, for manager-to-manager communications, between management stations. Operations of the protocol are carried out under an administrative framework which defines authentication, authorization, access control, and privacy policies. Management stations execute management applications which monitor and control managed elements. Managed elements are devices such as hosts, routers, terminal servers, etc., which are monitored and controlled via access to their management information. It is the purpose of this document to define managed objects such that an SNMPv2 entity can be configured via SNMP operations to control what access rights are granted to a particular entity, given the identity of that entity as determined by a security protocol. The MIB described in this document provides objects which can be used to configure access rights for multiple types of management operations, including configuration of proxy operations. 2. Potential Scope An SNMPv2 manager and an SNMPv2 agent are defined as the operational roles which can be assumed by an SNMPv2 entity. An SNMPv2 entity which sometimes acts in an agent role and sometimes in a manager role is termed an SNMPv2 dual-role entity [@ref v2admin]. In order for SNMPv2 operations to be able to configure operational parameters such as access rights, an SNMPv2 entity must act, at least some of the time, in an agent role. Thus, the scope of managed objects to support such remote configuration potentially extends to include both SNMPv2 agents and SNMPv2 dual-role entities. 2.1. Requirements for SNMPv2 Agents An SNMPv2 agent needs to know the access rights authorized for each identity which a security protocol might provide, in order to receive retrieval and/or modification requests. These access rights specify the Expires February 1996 [Page 3] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 types of operations permitted as well as the MIB views to which access is authorized for a particular local context at a particular security level. It also needs to know which notifications are authorized to be sent on behalf of which identities, and the transport addresses to which such notifications should be sent. In addition, it is valuable for a manager to determine the set of local contexts which are (potentially) accessible via this SNMPv2 agent, including indications of the temporal domains [@ref v2admin] of such contexts. It is worth noting that in each of these situations, a simple SNMPv2 agent (one which is not a part of a dual-role entity and which does not perform proxy forwarding operations) never sends or receives a message having an authSnmpID value or contextSnmpID value other than its own. Thus, it has no need for any information other than is used to access its own set of MIB objects. In particular, there is no need for one agent to maintain information about the authentication/privacy protocols and their secret key values used to access other agents. However, this is not the case for dual-role entities such as mid-level managers and proxy SNMPv2 agents. 2.2. Requirements for SNMPv2 Dual-Role Entities There are two categories of SNMPv2 dual-role entities: so-called mid- level managers and proxy SNMPv2 agents. In each case, a dual-role entity both sends and receives requests or notifications; it also sends and receives messages for multiple values of snmpID. A proxy SNMPv2 agent needs to know the context values identifying proxy contexts for which it acts as a proxy agent, and for each such proxy context, the security protocol, snmpID, and identity with which it forwards received requests and trap notifications for that context. It is also likely that a SNMPv2 dual-role entity will need to maintain a set of mappings between snmpID values and transport values, either to record agents which have been discovered by this dual-role entity or to allow it to be configured with such information. On the other hand, a SNMPv2 dual-role entity does not need to maintain the authorization information about the access rights of identities, nor information about the composition of MIB views in order to conduct its functions as a mid-level manager or to conduct proxy forwarding operations. Expires February 1996 [Page 4] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 3. Structure of MIB This MIB consists of seven tables and several scalars. However, not all agents will require implementation of all tables and scalars defined in this MIB. In fact, some low-cost agent implementations may only implement read-only versions of the first three tables listed below and the appropriate scalars, and leave the rest of the MIB unimplemented. The tables are: - v2ContextTable The table of all contexts for which the agent conducts local agent operations. This table must be implemented by all systems, although it may be read-only. - viewTreeTable The table containing information on subtrees of MIB views known to this agent. This table must be implemented by all systems, although it may be read-only. - acTable The table of access rights configured in the agent's local configuration datastore. This table must be implemented by all systems, although it may be read-only. - transportTable The table of transport endpoints [optionally] used for authenticating the source of management operations, and for destinations for proxy forwarding operations and notification operations (traps and inform requests). This table need only be implemented by systems which allow remote configuration of trap destinations, inform destinations, or proxy parameters. Expires February 1996 [Page 5] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 - notifyTable The table of trap and inform configurations authorized to be sent on behalf of specific identities. This table need only be implemented by systems which allow remote configuration of trap parameters or inform parameters. - notifyInformParametersTable The table, which augments the notifyTable, contains additional parameters for sending inform requests. This table need only be implemented by systems which allow remote configuration of inform parameters. - proxyForwardingTable The table of configurations for which an agent is authorized to act as a proxy. This table need only be implemented by systems which allow remote configuration of proxy parameters. The scalars are: - snmpID The unique 12-octet identifier of an SNMPv2 entity. Each SNMPv2 entity which originates Get, GetNext, GetBulk, or Set request operations or trap notifications, or which acts as a sink for Inform notification operations, or which performs proxy forwarding operations must be assigned a value of snmpID. - snmpMaxMessageSize The maximum message size that can be sent or received by an SNMPv2 entity, determined as the minimum of the maximum message size values supported among all of the transports available to and supported by the entity. This object must be implemented by all systems. Expires February 1996 [Page 6] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 - viewTreeSpinLock The advisory lock used to coordinate modification of the viewTreeTable. This object need only be implemented by systems that implement a read-write version of the viewTreeTable. - transportSpinLock The advisory lock used to coordinate modification of the transportTable. This object need only be implemented by systems that implement a read-write version of the transportTable. - maxIdentityNameLength The implementation-enforced maximum length of objects which specify an identityName. This object need only be implemented by systems that implement a read-write version of any table containing an object that specifies an identityName. - maxGroupNameLength The implementation-enforced maximum length of objects which specify a groupName. This object need only be implemented by systems that implement a read-write version of any table containing an object that specifies a groupName. - maxV2ContextNameLength The implementation-enforced maximum length of objects which specify a contextName. This object need only be implemented by systems that implement a read-write version of any table containing an object that specifies a contextName. - maxViewTreeNameLength Expires February 1996 [Page 7] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 The implementation-enforced maximum length of objects which specify a viewTreeName. This object need only be implemented by systems that implement a read-write version of any table containing an object that specifies a viewTreeName. - maxTransportLabelLength The implementation-enforced maximum length of objects which specify a transportLabel. This object need only be implemented by systems that implement a read-write version of any table containing an object that specifies a transportLabel. - acSpinLock The advisory lock used to coordinate modification of the acTable. This object need only be implemented by systems that implement a read-write version of the acTable. - notifySpinLock The advisory lock used to coordinate modification of the notifyTable. This object need only be implemented by systems that implement the notifyTable. 4. Authorizing Notifications The destination(s) to which a notification is authorized to be sent is determined by consulting the notifyTable to find all entries satisfying the following conditions: - The value of notifyContextName refers to a context containing the local management information contained in the notification. - The notification's administratively assigned name is accessible within the corresponding MIB view. (That is, the set of entries in the viewTreeTable, for which the instance of viewTreeName has the same value as notifyViewName, defines a MIB view which contains the notification's administratively assigned name.) Expires February 1996 [Page 8] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 - If the OBJECTS clause is present in the invocation of the corresponding NOTIFICATION-TYPE macro, then the correspondent variables are all present in the MIB view corresponding to notifyViewName. - For any additional variables which the generating SNMPv2 entity chooses to include within the notification, then these variables are all present in the MIB view corresponding to notifyViewName. For each such entry, a notification is authorized to be sent on behalf of the identity associated with that entry, using the security protocol associated with that entry, with context notifyContextName, and to each transport address associated with the specified notifyTransportLabel. In the absence of other (filtering) information to the contrary, each of these authorized notifications should be sent. Expires February 1996 [Page 9] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 5. Transport Endpoints The transportTable contains information about transport endpoints. This table is capable of representing sets of transport endpoints. This is accomplished in two ways. The use of an address mask allows specification of things like IP subnets. The use of a sub-indexing allows grouping of conceptual rows within the table. The following examples demonstrate the use of the transportTable. Although these examples are IP-centric, the transportTable may be used to represent transport end-points in other domains. In this case, the semantics of address masks depend on the particular transport domain being represented. The address mask capability allows, for example, an agent to accept as authentic only packets received from a particular subnet. For example, the following configuration can be used to specify that only packets from subnet 1.2.3.0, received on UDP port 161, be accepted as authentic: transportLabel = subnet1 transportSubindex = 1 transportAddress = 1.2.3.0.161 transportReceiveMask = 255.255.255.0.255 The sub-indexing capability allows, for example, an agent to be configured to send traps to a set of IP addresses. The following configuration allows an agent to send traps to IP addresses 1.2.3.4 and 1.2.3.5 on UDP port 162: transportLabel = subnet1 transportSubindex = 1 transportAddress = 1.2.3.4.162 transportReceiveMask = 255.255.255.255.0 transportLabel = subnet1 transportSubindex = 2 transportAddress = 1.2.3.5.162 transportReceiveMask = 255.255.255.255.0 This configuration also allows the agent to receive authenticated packets from any ports at addresses 1.2.3.4 and 1.2.3.5. The use of the transportTable is, in part, determined by the definition of the tables which reference it. However, in general, when sending a trap notification, the transportReceiveMask would be ignored, and the trap would be sent to the specific addresses specified by transportAddress. When authenticating a message, the transportAddress and transportReceiveMask would generally be used in combination to check the transport endpoint which originated the message. This means that Expires February 1996 [Page 10] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 the transportReceiveMask values in the example above could actually be 255.255.255.0.0, in which case traps would still be sent to two IP addresses, but messages would be accepted as authentic from the entire 1.2.3.0 subnet. Expires February 1996 [Page 11] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 6. Definitions V2ADMIN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, UInteger32 FROM SNMPv2-SMI RowStatus, TestAndIncr FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; v2AdminMIB MODULE-IDENTITY LAST-UPDATED "9508231700" ORGANIZATION "IETF SNMPv2 Working Group" CONTACT-INFO "The IETF SNMPv2 Working Group snmpv2@tis.com Full contact info to be provided . . ." DESCRIPTION "The MIB module for configuring SNMPv2 entities." ::= { snmpModules xx } -- definition of textual conventions KeyChange ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Objects with this syntax are used to change a value, K, such as a secret key, using a one-way function. Objects which specify this syntax must designate the mechanism for selecting the key value to be changed. The value of an instance of this object is the concatenation of two components: a 'random' component and a 'delta' component. The length of the random component is always 16, and the length of the delta component is variable and non-negative. When an instance of this object is modified to have a new value by the management protocol, the agent generates a new value of K as follows: Expires February 1996 [Page 12] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 - a temporary variable is initialized to the existing value of K; - if the length of the delta component is greater than 16 bytes, then: - the random component is appended to the value of the temporary variable, and the result is input to the MD5 hash algorithm to produce a digest value, and the temporary variable is set to this digest value; - the value of the temporary variable is XOR-ed with the first (next) 16-bytes of the delta component to produce the first (next) 16-bytes of the new value of K. - the above two steps are repeated until the unused portion of the delta component is 16 bytes or less, - the random component is appended to the value of the temporary variable, and the result is input to the MD5 hash algorithm to produce a digest value; - this digest value, truncated if necessary to be the same length as the unused portion of the delta component, is XOR-ed with the unused portion of the delta component to produce the (final portion of the) new value of K. That is, iterations = (lenOfDelta - 1) / 16; /* integer division */ temp = keyold; for (i = 0; i < iterations; i++) { temp = MD5 (temp || random); keynew[i*16 .. (i*16)+15] = temp XOR delta[i*16 .. (i*16)+15]; } temp = MD5 (temp || random); keynew[i*16 .. lenOfDelta-1] = temp XOR delta[i*16 .. lenOfDelta-1]; The value of an object with this syntax, whenever it is retrieved by the management protocol, is always the zero- length string." SYNTAX OCTET STRING MemoryType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes the memory realization of a conceptual row. A row which is 'volatile' is lost upon reboot. A row which is Expires February 1996 [Page 13] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 either 'nonVolatile', 'permanent' or 'readOnly', is backed up by stable storage. A row which is 'permanent' can be changed but not deleted. A row which is 'readOnly' cannot be changed nor deleted. It is not necessary for an implementation to allow the creation of permanent(4) or readOnly(5) entries. Every usage of this textual convention is required to specify the columnar objects which a 'permanent' row must at a minimum allow to be writable." SYNTAX INTEGER { other(1), -- eh? volatile(2), -- e.g., in RAM nonVolatile(3), -- e.g., in NVRAM permanent(4), -- e.g., partially in ROM readOnly(5) -- e.g., completely in ROM } TransportLabel ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A textual description for a transport endpoint. This description will typically be an alias for the endpoint as defined by the operating system. For example, for a transport endpoint in the snmpUDPDomain, the textual description might be the hostname of the corresponding IP address." SYNTAX OCTET STRING (SIZE (0..255)) AuthName ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An octet string consisting entirely of upper- or lower-case letters, digits, underscore, hyphen, and period characters. This corresponds to ASCII characters 65-90, 97-122, 48-57, 95, 45, and 46. The use of this set of characters makes the configuration datastore for an SNMPv2 entity more human-readable, when stored as ASCII datafiles." SYNTAX OCTET STRING Expires February 1996 [Page 14] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 SnmpID ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An SNMPv2 entity's administratively-unique identifier." SYNTAX OCTET STRING (SIZE (12)) SPI ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An integer specifying a security protocol." SYNTAX INTEGER { snmpv1(1), snmpv1point5(2), maint(3), -- maintenance operations usecNoAuth(4), usecAuth(5), usecPriv(6) } -- -- The v2AdminSnmpScalars Group -- v2AdminSnmpScalars OBJECT IDENTIFIER ::= { v2AdminMIB 1 } snmpID OBJECT-TYPE SYNTAX SnmpID MAX-ACCESS read-only STATUS current DESCRIPTION "An SNMPv2 entity's administratively-unique identifier. The initial value for this object may be configured via an operator console entry or via an algorithmic function defined by the vendor or administrator. In the later case, the following guidelines are recommended: 1) The first four octets should be set to the binary equivalent of the device vendor's SNMP network management private enterprise number as assigned by the Internet Assigned Numbers Authority (IANA). For example, if Acme Networks has been assigned { enterprises 696 }, the first four octets would be assigned '000002b8'H. 2) The remaining eight octets are the cookie whose Expires February 1996 [Page 15] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 contents are determined via one or more enterprise- specific methods. Such methods must be designed so as to maximize the possibility that the value of this object will be unique in the device's administrative domain. For example, the cookie may be the IP address of the device, or the MAC address of one of the interfaces, with each address suitably padded with random octets, or possibly a unique cookie determined by the device's model# and serial#. If multiple methods are defined, then it is recommended that the cookie be further divided into one octet that indicates the method being used and seven octets which are a function of the method." ::= { v2AdminSnmpScalars 1 } snmpMaxMessageSize OBJECT-TYPE SYNTAX Integer32 (484..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length in octets of an SNMPv2 message which this SNMPv2 entity can send or receive and process, determined as the minimum of the maximum message size values supported among all of the transports available to and supported by the entity." ::= { v2AdminSnmpScalars 3 } maxIdentityNameLength OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length in octets which a particular implementation will allow for any object which specifies an identityName. This object may be queried by a manager in order to determine system-specific limits for use during creation of new entries in the tables defined in this MIB module." ::= { v2AdminSnmpScalars 4 } maxGroupNameLength OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length in octets which a particular implementation Expires February 1996 [Page 16] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 will allow for any object which specifies a groupName. This object may be queried by a manager in order to determine system-specific limits for use during creation of new entries in the tables defined in this MIB module." ::= { v2AdminSnmpScalars 5 } maxV2ContextNameLength OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length in octets which a particular implementation will allow for the v2ContextName object, the acContextName object, the notifyContextName object, the proxyContextNameIn object, and any other objects which specify a contextName. This object may be queried by a manager in order to determine system-specific limits for use during creation of new entries in the tables defined in this MIB module." ::= { v2AdminSnmpScalars 6 } maxViewTreeNameLength OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length in octets which a particular implementation will allow for the viewTreeName object, and any other object which specifies the name of a view. This object may be queried by a manager in order to determine system-specific limits for use during creation of new entries in the tables defined in this MIB module." ::= { v2AdminSnmpScalars 7 } maxTransportLabelLength OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length in octets which a particular implementation will allow for objects whose syntax is TransportLabel. This object may be queried by a manager in order to determine system-specific limits for use during creation of new entries in the tables defined in this MIB module." ::= { v2AdminSnmpScalars 8 } Expires February 1996 [Page 17] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- The v2ContextTable -- v2ContextTable OBJECT-TYPE SYNTAX SEQUENCE OF V2ContextEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The context database portion of the Local Configuration Datastore." ::= { v2AdminMIB 3 } v2ContextEntry OBJECT-TYPE SYNTAX V2ContextEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular context." INDEX { v2ContextSnmpID, IMPLIED v2ContextName } ::= { v2ContextTable 1 } V2ContextEntry ::= SEQUENCE { v2ContextSnmpID SnmpID, v2ContextName AuthName, v2ContextLocalEntity OCTET STRING, v2ContextLocalTime INTEGER, v2ContextMemoryType MemoryType, v2ContextStatus RowStatus } v2ContextSnmpID OBJECT-TYPE SYNTAX SnmpID MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SNMPv2 entity's administratively-unique identifier. It is worth noting that in a simple agent implementation, the value of this object will always be equal to the entity's local snmpID object." ::= { v2ContextEntry 1 } v2ContextName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS not-accessible Expires February 1996 [Page 18] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 STATUS current DESCRIPTION "A textual name uniquely identifying a particular context on a particular agent." ::= { v2ContextEntry 2 } v2ContextLocalEntity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create -- usually read-only on an agent STATUS current DESCRIPTION "If the value of the corresponding instance of the v2ContextSnmpID is equal to the local value of snmpID, then the value of an instance of this object uniquely identifies a local entity (e.g., a logical device managed by the same agent) whose management information is available within this context. The empty string indicates that the context contains the SNMPv2 entity's own local management information; otherwise, a non-empty string indicates that the context contains management information of some other local entity, e.g., 'Repeater1'. If the value of the corresponding instance of v2ContextSnmpID is not equal to the local value of snmpID, then the value of an instance of this object identifies an entity which is local to the SNMPv2 entity which realizes this context." DEFVAL { ''H } ::= { v2ContextEntry 3 } v2ContextLocalTime OBJECT-TYPE SYNTAX INTEGER { currentTime(1), restartTime(2) } MAX-ACCESS read-create -- usually read-only on an agent STATUS current DESCRIPTION "This object identifies the temporal domain of the management information within this context." DEFVAL { currentTime } ::= { v2ContextEntry 4 } v2ContextMemoryType OBJECT-TYPE SYNTAX MemoryType MAX-ACCESS read-create -- usually read-only on an agent Expires February 1996 [Page 19] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 STATUS current DESCRIPTION "The storage type for this conceptual row in the v2ContextTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { v2ContextEntry 5 } v2ContextStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create -- usually read-only on an agent STATUS current DESCRIPTION "The status of this conceptual row in the v2ContextTable. A context is not qualified for activation until instances of all corresponding columns have consistent values. For those columnar objects which permit write-access, their value in an existing conceptual row can be changed irrespective of the value of v2ContextStatus for that row." ::= { v2ContextEntry 6 } Expires February 1996 [Page 20] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- The v2AdminViewTree group -- -- This group contains the viewTreeTable, and a spin lock variable to -- coordinate use of the viewTreeTable -- v2AdminViewTree OBJECT IDENTIFIER ::= { v2AdminMIB 4 } viewTreeSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of the Set operation in creating view trees. The values of viewTreeSpinLock, acSpinLock, and notifySpinLock [if the notifyTable is implemented] should be accessed in harmony to provide interlocks on the creation of new views. When creating a new view or altering an existing view, it is important to understand the potential interactions with other users of the view. The spinlocks for each table which allows the creation of named views should be retrieved. The name of the view to be created should be determined to be unique on the managed system by consulting each table containing named views. Finally, the named view may be created, including the advisory spinlocks. Since this is an advisory lock, entities acting in an agent role do not enforce the use of viewTreeSpinLock." ::= { v2AdminViewTree 1 } viewTreeTable OBJECT-TYPE SYNTAX SEQUENCE OF ViewTreeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The view tree database. This contains information about the subtrees of MIB views known to this SNMPv2 entity. Note that a MIB view which has no subtrees defined for it has no entries in this table. Expires February 1996 [Page 21] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 Each MIB view is defined by two collections of view subtrees: the included view subtrees, and the excluded view subtrees. Every such subtree, both included and excluded, is defined in this table. To determine if a particular object instance is in a particular MIB view, compare the object instance's OBJECT IDENTIFIER with each of the MIB view's active entries in this table. If none match, then the object instance is not in the MIB view. If one or more match, then the object instance is included in, or excluded from, the MIB view according to the value of viewTreeType in the entry whose value of viewTreeSubTree has the most sub-identifiers. If multiple entries match and have the same number of sub-identifiers, then the lexicographically greatest instance of viewTreeType among those which match determines the inclusion or exclusion. An object instance's OBJECT IDENTIFIER X matches an active entry in this table when the number of sub-identifiers in X is at least as many as in the value of viewTreeSubTree for the entry, and each sub-identifier in the value of viewTreeSubTree matches its corresponding sub-identifier in X. Two sub-identifiers match either if the corresponding bit of viewMask is zero (the 'wild card' value), or if they are equal. Due to this 'wild card' capability, we introduce the term, a 'family' of view subtrees, to refer to the set of subtrees defined by a particular combination of values of viewTreeSubTree and viewTreeMask. In the case where no 'wild card' is defined in viewTreeMask, the family of view subtrees reduces to a single view subtree." ::= { v2AdminViewTree 2 } viewTreeEntry OBJECT-TYPE SYNTAX ViewTreeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information on a particular family of view subtrees included in or excluded from a particular MIB view. Implementations must not restrict the number of families of view subtrees for a given MIB view, except as dictated by resource constraints on the overall number of entries in the Expires February 1996 [Page 22] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 viewTable." INDEX { viewTreeName, viewTreeSubTree } ::= { viewTreeTable 1 } ViewTreeEntry ::= SEQUENCE { viewTreeName AuthName, viewTreeSubTree OBJECT IDENTIFIER, viewTreeMask OCTET STRING, viewTreeType INTEGER, viewTreeMemoryType MemoryType, viewTreeStatus RowStatus } viewTreeName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The textual name for a family of view subtrees." ::= { viewTreeEntry 1 } viewTreeSubTree OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "A MIB subtree." ::= { viewTreeEntry 2 } viewTreeMask OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "The bit mask which, in combination with the corresponding instance of viewTreeSubTree, defines a family of view subtrees. Each bit of this bit mask corresponds to a sub-identifier of viewTreeSubTree, with the most significant bit of the i-th octet of this octet string value (extended if necessary, see below) corresponding to the (8*i - 7)-th sub-identifier, and the least significant bit of the i-th octet of this octet string corresponding to the (8*i)-th sub-identifier, where i is in the range 1 through 16. Expires February 1996 [Page 23] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 Each bit of this bit mask specifies whether or not the corresponding sub-identifiers must match when determining if an OBJECT IDENTIFIER is in this family of view subtrees; a '1' indicates that an exact match must occur; a '0' indicates 'wild card', i.e., any sub-identifier value matches. Thus, the OBJECT IDENTIFIER X of an object instance is contained in a family of view subtrees if the following criteria are met: for each sub-identifier of the value of viewTreeSubTree, either: the i-th bit of viewMask is 0, or the i-th sub-identifier of X is equal to the i-th sub-identifier of the value of viewTreeSubTree. If the value of this bit mask is M bits long and there are more than M sub-identifiers in the corresponding instance of viewTreeSubTree, then the bit mask is extended with 1's to be the required length. Note that when the value of this object is the zero-length string, this extension rule results in a mask of all-1's being used (i.e., no 'wild card'), and the family of view subtrees is the one view subtree uniquely identified by the corresponding instance of viewTreeSubTree." DEFVAL { ''H } ::= { viewTreeEntry 3 } viewTreeType OBJECT-TYPE SYNTAX INTEGER { included(1), excluded(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The status of a particular family of view subtrees within the particular context's MIB view. The value 'included(1)' indicates that the corresponding instances of viewTreeSubTree and viewTreeMask define a family of view subtrees included in the MIB view. The value 'excluded(2)' indicates that the Expires February 1996 [Page 24] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 corresponding instances of viewTreeSubTree and viewTreeMask define a family of view subtrees excluded from the MIB view." ::= { viewTreeEntry 4 } viewTreeMemoryType OBJECT-TYPE SYNTAX MemoryType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row in the viewTreeTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { viewTreeEntry 5 } viewTreeStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row in the viewTreeTable. For those columnar objects which permit write-access, their value in an existing conceptual row can be changed irrespective of the value of viewTreeStatus for that row." ::= { viewTreeEntry 6 } Expires February 1996 [Page 25] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- Access Control Portion of the Local Configuration Datastore (LCD) -- v2AdminAccessControl OBJECT IDENTIFIER ::= { v2AdminMIB 5 } -- -- a spinlock for the acTable -- acSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of the Set operation in creating view trees. The values of viewTreeSpinLock, acSpinLock, and notifySpinLock [if the notifyTable is implemented] should be accessed in harmony to provide interlocks on the creation of new views. When creating a new view or altering an existing view, it is important to understand the potential interactions with other users of the view. The spinlocks for each table which allows the creation of named views should be retrieved. The name of the view to be created should be determined to be unique on the managed system by consulting each table containing named views. Finally, the named view may be created, including the advisory spinlocks. Since this is an advisory lock, entities acting in an agent role do not enforce the use of acSpinLock." ::= { v2AdminAccessControl 1 } -- -- The acTable -- acTable OBJECT-TYPE SYNTAX SEQUENCE OF AcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Expires February 1996 [Page 26] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 "The access control database." ::= { v2AdminAccessControl 2 } acEntry OBJECT-TYPE SYNTAX AcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each conceptual row in this table represents the access policy for a group of identities within a particular sPI. An access policy specifies the access privileges authorized and MIB views accessible by a group of identities for communication concerning information contained in a particular context." INDEX { acSPI, acGroupName, acContextName } ::= { acTable 1 } AcEntry ::= SEQUENCE { acSPI SPI, acGroupName AuthName, acContextName AuthName, acContextNameMask AuthName, acPrivs INTEGER, acReadViewName AuthName, acWriteViewName AuthName, acMemoryType MemoryType, acStatus RowStatus } acSPI OBJECT-TYPE SYNTAX SPI MAX-ACCESS not-accessible STATUS current DESCRIPTION "The security protocol under which this conceptual row provides access privileges. The sPI which is used to originate a management request must match this object in order to be granted access to management information." ::= { acEntry 1 } acGroupName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The textual name of a group associated with a conceptual row Expires February 1996 [Page 27] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 in the acTable. A group name is associated with zero, one, or more identities which are afforded the access privileges authorized by the corresponding value of acPrivs to the zero, one, or more contexts named by the corresponding values of acContextName and acContextNameMask via the views named by acReadViewName and acWriteViewName, if any. For example, if the corresponding value of sPI is usecNoAuth, usecAuth, or usecPriv, then the value of an instance of this object identifies the set of identities whose usecUserGroupName value is equal to the value of the instance of this object." ::= { acEntry 2 } acContextName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of this object combined with the corresponding value of acContextNameMask identifies zero, one, or more contexts associated with a particular set of access privileges." ::= { acEntry 3 } acContextNameMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..4)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The bit mask, which, in combination with the corresponding instance of acContextName, identifies zero, one, or more contexts. Each bit of this bit mask corresponds to an octet of acContextName, with the most significant bit of the i-th octet of this octet string value (extended if necessary, see below) corresponding to the (8*i - 7)-th octet, and the least significant bit of the i-th octet of this octet string corresponding to the (8*i)-th octet, where i is in the range 1 through 4. Each bit of this bit mask specifies whether or not the corresponding octets must match when determining which instances of v2ContextEntry are identified by the corresponding value of acContextName. A '1' indicates that Expires February 1996 [Page 28] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 the corresponding octets must match, and a '0' indicates that any octet value matches. Thus, an instance of v2ContextEntry is identified if, for each bit in the corresponding value of acContextNameMask, either: the bit of acContextNameMask is 0, or the length of acContextName and v2ContextName are both at least i octets, and the i-th octet of acContextName is equal to the i-th octet of v2ContextName. It is not permitted for multiple conceptual rows in the acTable to identify the same v2ContextName in this manner, for a particular acSPI and acGroupName pair. If a Set request attempts to modify a conceptual row in the acTable in a way such that the combination of acContextName and acContextNameMask as described above would yield the same value as the combination of acContextName and acContextNameMask of another conceptual row in the same conceptual table, for which the corresponding values of acSPI are equal and the corresponding values of acGroupName are equal, then an inconsistentValueError should be returned, and the Set operation should fail. If the value of this bit mask is M bits long and there are more than M octets in the corresponding instance of either acContextName or v2ContextName, then the bit mask is extended with 1's up to the maximum of the two lengths." ::= { acEntry 4 } acPrivs OBJECT-TYPE SYNTAX INTEGER { nothing(1), readOnly(2), readWrite(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the types of management operations that are authorized by this conceptual row. A value of readOnly(2) indicates that Get, GetNext, and GetBulk operations are authorized. A value of readWrite(3) Expires February 1996 [Page 29] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 indicates that Get, GetNext, GetBulk, and Set operations are authorized." ::= { acEntry 5 } acReadViewName OBJECT-TYPE SYNTAX AuthName (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of an instance of this object identifies the MIB view to be be used to provide access control via read (i.e., Get, GetNext, and GetBulk) operations to the zero, one, or many contexts identified by the combination of the corresponding instances of acContextName and acContextNameMask, for a given value of sPI equal to the value of the corresponding instance of acSPI, if and only if the corresponding value of acPrivs authorizes read operations, i.e., equals readOnly(2) or readWrite(3). The identified MIB view is that for which viewTreeName has the same value as the instance of this object; if there are no active view subtrees for that value, or if the value of this object has zero-length, then the identified MIB view is the empty set of view subtrees, and the identified set of objects for which read operations is enabled by this conceptual row is the empty set." ::= { acEntry 6 } acWriteViewName OBJECT-TYPE SYNTAX AuthName (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of an instance of this object identifies the MIB view to be be used to provide access control via write, i.e., Set operations to the zero, one, or many contexts identified by the combination of the corresponding instances of acContextName and acContextNameMask, for a given value of sPI equal to the value of the corresponding instance of acSPI, if and only if the corresponding value of acPrivs authorizes write (Set) operations, i.e., equals readWrite(3). The identified MIB view is that for which viewTreeName has the same value as the instance of this object; if there are no active view subtrees for that value, or if the value of Expires February 1996 [Page 30] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 this object has zero-length, then the identified MIB view is the empty set of view subtrees, and the identified set of objects for which write (Set) operations is enabled by this conceptual row is the empty set." ::= { acEntry 7 } acMemoryType OBJECT-TYPE SYNTAX MemoryType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row in the acTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { acEntry 8 } acStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row in the acTable. A conceptual row being created in this table is not considered ready for activation until the values of acContextName and acContextNameMask are consistent with all existing active rows in the table, as described above under acContextNameMask. For those columnar objects which permit write-access, their value in an existing conceptual row can be changed irrespective of the value of acStatus for that row." ::= { acEntry 9 } Expires February 1996 [Page 31] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- The v2AdminTransport group -- v2AdminTransport OBJECT IDENTIFIER ::= { v2AdminMIB 6 } -- -- Spin lock variable for transportTable modification. -- transportSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of Set operations to entries in the transportTable. A manager application should include the value of transportSpinLock in every Set operation which accesses the transportTable. Since this is an advisory lock, entities acting in an agent role do not enforce the use of transportSpinLock." ::= { v2AdminTransport 1 } -- -- The transportTable -- transportTable OBJECT-TYPE SYNTAX SEQUENCE OF TransportEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The transport endpoint database. This table need only be implemented by entities which will send traps or inform requests, or which will support proxy operations." ::= { v2AdminTransport 3 } transportEntry OBJECT-TYPE SYNTAX TransportEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A transport endpoint. This specifies a destination to which Expires February 1996 [Page 32] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 notifications or proxy requests will be sent." INDEX { transportLabel, transportSubindex } ::= { transportTable 1 } TransportEntry ::= SEQUENCE { transportLabel TransportLabel, transportSubindex INTEGER, transportDomain OBJECT IDENTIFIER, transportAddress OCTET STRING, transportReceiveMask OCTET STRING, transportMMS Integer32, transportMemoryType MemoryType, transportStatus RowStatus } transportLabel OBJECT-TYPE SYNTAX TransportLabel (SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique name for a set of transport endpoints." ::= { transportEntry 1 } transportSubindex OBJECT-TYPE SYNTAX INTEGER (0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The sub-index for a transport endpoint. For multiply-homed entities, a single transportLabel might refer to multiple transport endpoints." ::= { transportEntry 2 } transportDomain OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the kind of transport service." ::= { transportEntry 3 } -- [@ref tm] specifies some transportDomain values transportAddress OBJECT-TYPE SYNTAX OCTET STRING Expires February 1996 [Page 33] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 MAX-ACCESS read-create STATUS current DESCRIPTION "The transport service address, formatted according to the corresponding value of transportDomain. For some operations, this value is further qualified by the corresponding value of transportReceiveMask, allowing a group of transport endpoints to be specified. For example, for the transport domain corresponding to the snmpUDPDomain, transportAddress is formatted as a 4-octet IP Address concatenated with a 2-octet UDP port number." ::= { transportEntry 4 } transportReceiveMask OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to qualify the value of the corresponding value of transportAddress. The semantics of this object depend on the corresponding value of transportDomain. For example, for the transport domain corresponding to the snmpUDPDomain, transportReceiveMask specifies a network mask value. This allows an entry in the transportTable to specify an entire sub-network." ::= { transportEntry 5 } transportMMS OBJECT-TYPE SYNTAX Integer32 (484..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum value of the maximum size of messages which may be sent or received using this transport endpoint." ::= { transportEntry 6 } transportMemoryType OBJECT-TYPE SYNTAX MemoryType MAX-ACCESS read-create STATUS current DESCRIPTION Expires February 1996 [Page 34] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 "The storage type for this conceptual row in the transportTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { transportEntry 7 } transportStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row in the transportTable. The values of transportDomain, transportAddress, and transportReceiveMask in an existing conceptual row cannot be changed while the corresponding value of transportStatus for that row is active. For other columnar objects which permit write-access, their value in an existing conceptual row can be changed irrespective of the value of transportStatus for that row." ::= { transportEntry 8 } Expires February 1996 [Page 35] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- The v2AdminNotify group -- -- This group contains tables used for configuring notifications. -- v2AdminNotify OBJECT IDENTIFIER ::= { v2AdminMIB 7 } notifySpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of the Set operation in creating view trees. The values of viewTreeSpinLock, acSpinLock, and notifySpinLock should be accessed in harmony to provide interlocks on the creation of new views. When creating a new view or altering an existing view, it is important to understand the potential interactions with other users of the view. The spinlocks for each table which allows the creation of named views should be retrieved. The name of the view to be created should be determined to be unique on the managed system by consulting each table containing named views. Finally, the named view may be created, including the advisory spinlocks. Since this is an advisory lock, entities acting in an agent role do not enforce the use of notifySpinLock." ::= { v2AdminNotify 1 } -- -- The notifyTable. -- -- Note that this table does not provide values to be used for the -- authSnmpID or contextSnmpID values for outgoing packets. -- -- When sending a Trap notification, both the authSnmpID and the -- contextSnmpID will be equal to the local value of snmpID. -- -- When sending an Inform request, the authSnmpID will be equal to the -- notifyAuthSnmpID, and the contextSnmpID will be equal to the local Expires February 1996 [Page 36] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- value of snmpID. -- notifyTable OBJECT-TYPE SYNTAX SEQUENCE OF NotifyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The notification destination database. This table need only be implemented by entities which will send trap notifications or inform requests. If an entity will only send trap notifications, it need only implement this table, in which case all entries in the table are taken as trap destinations. If an entity will send inform requests, it must implement both this table, and the notifyInformParametersTable. In this case, each entry in this table is taken as a trap or inform destination, as specified in the corresponding value of notifyConfirm." ::= { v2AdminNotify 2 } notifyEntry OBJECT-TYPE SYNTAX NotifyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each conceptual row in this table identifies a notification destination, including, directly or indirectly, an identity, context, and transport endpoint information to be used for sending a notification." INDEX { notifyIndex } ::= { notifyTable 1 } NotifyEntry ::= SEQUENCE { notifyIndex INTEGER, notifySPI SPI, notifyIdentityName AuthName, notifyTransportLabel TransportLabel, notifyContextName AuthName, notifyViewName AuthName, notifyMemoryType MemoryType, notifyStatus RowStatus } Expires February 1996 [Page 37] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 notifyIndex OBJECT-TYPE SYNTAX INTEGER (0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary unique value for each notification destination." ::= { notifyEntry 1 } notifySPI OBJECT-TYPE SYNTAX SPI MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the security protocol to be used when sending this notification." ::= { notifyEntry 2 } notifyIdentityName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The identity which will be used to send a notification. This object specifies an identity within the security protocol specified by the corresponding value of notifySPI." ::= { notifyEntry 3 } notifyTransportLabel OBJECT-TYPE SYNTAX TransportLabel MAX-ACCESS read-create STATUS current DESCRIPTION "An instance of notifyTransportLabel identifies zero, one, or more conceptual rows in the transportTable which describe the transport endpoint(s) to which this notification should be delivered." ::= { notifyEntry 4 } notifyContextName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The context for which notifications will be sent. There may or may not be be a corresponding conceptual row in the Expires February 1996 [Page 38] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 v2ContextTable whose value of v2ContextName is equal to the value of this object. If there is no corresponding conceptual row in the v2ContextTable, then no notifications shall be emitted as a result of this entry, even if the value of notifyStatus is 'active'." ::= { notifyEntry 5 } notifyViewName OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The family of view subtrees to which this notification has access. A notification will only be delivered to this destination if all of the objects in the varbind list to be delivered are included in this MIB view. This object specifies a set of entries in the viewTreeTable whose values of viewTreeName are equal to this object. The identified view is that for which viewTreeName has the same value as the instance of this object; if there are no active view subtrees for that value, or if the value of this object has zero-length, then the identified MIB view is the empty set of view subtrees, and thus no objects are included in the identified view." ::= { notifyEntry 6 } notifyMemoryType OBJECT-TYPE SYNTAX MemoryType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row in the notifyTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { notifyEntry 7 } notifyStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row in the notifyTable. For those columnar objects which permit write-access, their Expires February 1996 [Page 39] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 value in an existing conceptual row can be changed irrespective of the value of notifyStatus for that row." ::= { notifyEntry 8 } Expires February 1996 [Page 40] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- The notifyInformParametersTable contains additional parameters for -- inform requests. This table augments the notifyTable. -- notifyInformParametersTable OBJECT-TYPE SYNTAX SEQUENCE OF NotifyInformParametersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Database of additional parameters for notification destinations. This table need only be implemented by entities which are configured to send inform requests via entries in the notifyTable." ::= { v2AdminNotify 3 } notifyInformParametersEntry OBJECT-TYPE SYNTAX NotifyInformParametersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Additional parameters for a notification destination." AUGMENTS { notifyEntry } ::= { notifyInformParametersTable 1 } NotifyInformParametersEntry ::= SEQUENCE { notifyConfirm TruthValue, notifyAuthSnmpID SnmpID, notifyTimeout Integer32, notifyMaxRetry Integer32 } notifyConfirm OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether a notification should be confirmed. If this value is true(1), then the notification will be sent as an inform request. If the value is false(2), then the notification will be sent as a trap." ::= { notifyInformParametersEntry 1 } notifyAuthSnmpID OBJECT-TYPE SYNTAX SnmpID MAX-ACCESS read-create Expires February 1996 [Page 41] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 STATUS current DESCRIPTION "Indicates the SnmpID to be used in the AuthInfo field of Inform requests. This object is located in this table because the authSnmpID need only be specified for an Inform request, since this snmpID must be that of the entity to which the Inform is being sent. For a trap, the authSnmpID would be equal to the local value of snmpID of the trap sender." ::= { notifyInformParametersEntry 2 } notifyTimeout OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The timeout interval to be used when waiting for the response to an inform request. After this period has expired, the inform request will be resent. This will be repeated a number of times up to notifyMaxRetry, until a response is received." ::= { notifyInformParametersEntry 3 } notifyMaxRetry OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number of times an inform request should be re-sent when a response is not received within the interval specified by the corresponding value of notifyTimeout." ::= { notifyInformParametersEntry 4 } Expires February 1996 [Page 42] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- -- The v2AdminProxy group -- v2AdminProxy OBJECT IDENTIFIER ::= { v2AdminMIB 8 } -- -- The proxyForwardingTable need only be implemented by those entities -- which perform proxy operations. This includes entities which forward -- SNMP Get, GetNext, GetBulk, Set, and Inform requests to another -- entity, and forward the responses resulting from these requests back -- to the originating entities, and entities which forward SNMP traps to -- another entity. -- proxyForwardingTable OBJECT-TYPE SYNTAX SEQUENCE OF ProxyForwardingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy configuration database. Each conceptual row in this database specifies configuration information for an entity acting in a proxy role." ::= { v2AdminProxy 2 } proxyForwardingEntry OBJECT-TYPE SYNTAX ProxyForwardingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A proxy configuration." INDEX { proxyDirection, proxySPIIn, proxyAuthSnmpIDIn, proxyIdentityNameIn, proxyContextSnmpIDIn, proxyContextNameIn } ::= { proxyForwardingTable 1 } ProxyForwardingEntry ::= SEQUENCE { proxyDirection INTEGER, proxySPIIn SPI, proxyAuthSnmpIDIn SnmpID, proxyIdentityNameIn AuthName, proxyContextSnmpIDIn SnmpID, proxyContextNameIn AuthName, proxySPIOut SPI, proxyAuthSnmpIDOut SnmpID, Expires February 1996 [Page 43] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 proxyIdentityNameOut AuthName, proxyTransportLabelOut TransportLabel, proxyPrivs INTEGER, proxyMemoryType MemoryType, proxyStatus RowStatus } proxyDirection OBJECT-TYPE SYNTAX INTEGER { gnsb(1), trap(2), inform(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates whether the entity will act as a proxy for management requests being sent from one entity to another entity (and for the corresponding responses), for traps operations being sent from an agent to a manager, or for inform operations being sent from a manager to another manager (and for the corresponding responses). If this object is equal to gnsb(1), then this conceptual row is a configuration for performing proxy operations for Get, GetNext, Set, and GetBulk operations. If this object is equal to trap(2), then this conceptual row is a configuration for performing proxy operations for Trap operations. If this object is equal to inform(3), then this conceptual row is a configuration for performing proxy operations for Inform operations." ::= { proxyForwardingEntry 1 } proxySPIIn OBJECT-TYPE SYNTAX SPI MAX-ACCESS not-accessible STATUS current DESCRIPTION "The security protocol for which the agent will act as a proxy. This entity will only perform proxy operations for management operations in which the security protocol in use matches this object." Expires February 1996 [Page 44] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 ::= { proxyForwardingEntry 2 } proxyAuthSnmpIDIn OBJECT-TYPE SYNTAX SnmpID MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of authSnmpID for an incoming message. For entries for which the value of proxyDirection is gnsb(1) or inform(3), this object will have the same value as the local value for snmpID." ::= { proxyForwardingEntry 3 } proxyIdentityNameIn OBJECT-TYPE SYNTAX AuthName(SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identity for which this agent will act as a proxy. This entity will only perform proxy operations for management operations in which the identity derived by the security protocol from the authentication information matches an instance of this object." ::= { proxyForwardingEntry 4 } proxyContextSnmpIDIn OBJECT-TYPE SYNTAX SnmpID MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object, along with the corresponding instance of proxyContextNameIn, specifies the context for which this entity will act as a proxy. These two objects identify a particular globally unique context, i.e., a particular v2ContextSnmpID and v2ContextName pair." ::= { proxyForwardingEntry 5 } proxyContextNameIn OBJECT-TYPE SYNTAX AuthName (SIZE(1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object, along with the corresponding instance of proxyContextSnmpIDIn, specifies the context for which this entity will act as a proxy. These two objects Expires February 1996 [Page 45] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 identify a particular globally unique context, i.e., a particular v2ContextSnmpID and v2ContextName pair." ::= { proxyForwardingEntry 6 } proxySPIOut OBJECT-TYPE SYNTAX SPI MAX-ACCESS read-create STATUS current DESCRIPTION "The identifier of the security protocol to be used for forwarding the proxied requests or trap notifications." ::= { proxyForwardingEntry 7 } proxyAuthSnmpIDOut OBJECT-TYPE SYNTAX SnmpID MAX-ACCESS read-create STATUS current DESCRIPTION "The snmpID value to which forwarded messages will be sent." ::= { proxyForwardingEntry 8 } proxyIdentityNameOut OBJECT-TYPE SYNTAX AuthName(SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The identity to be used for forwarding proxied requests or trap notifications." ::= { proxyForwardingEntry 9 } proxyTransportLabelOut OBJECT-TYPE SYNTAX TransportLabel MAX-ACCESS read-create STATUS current DESCRIPTION "The identification of zero, one, or many conceptual rows in the transportTable whose values of transportLabel equal the value of this object, designating the transport endpoint(s) to which proxied requests will be forwarded. Note that this object may specify multiple transport endpoints to which a proxied request may be forwarded. If this is the case, then the first response to the forwarded request which Expires February 1996 [Page 46] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 is received will be accepted, and subsequent responses will be discarded. In the case of proxy trap forwarding, multiple transport end-points simply represent a proxy fan-out." ::= { proxyForwardingEntry 10 } proxyPrivs OBJECT-TYPE SYNTAX INTEGER { nothing(1), readOnly(2), readWrite(3), trapOnly(4), informOnly(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which protocol operations are authorized to be forwarded by this proxy configuration. The values that an instance of this object may take are restricted by the corresponding instance of proxyDirection. If the value of proxyDirection is gnsb(1), then this object may take the values: - nothing(1), indicating that no protocol operations may be forwarded, or - readOnly(2), indicating that Get, GetNext, and GetBulk operations may be forwarded, or - readWrite(3), indicating that Get, GetNext, GetBulk, and Set operations may be forwarded. If the value of proxyDirection is trap(2), then this object may take the values: - nothing(1), indicating that no protocol operations may be forwarded, or - trapOnly(4), indicating that only Trap operations may be forwarded. If the value of proxyDirection is informOnly(3), then this object may take the values: - nothing(1), indicating that no protocol operations may be forwarded, or - informOnly(5), indicating that only Inform operations may be forwarded. The responses to forwarded management requests may always Expires February 1996 [Page 47] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 be forwarded, regardless of the value of this object. If a Set operation attempts to change the value of an instance of this object to a value not consistent with the corresponding instance of proxyDirection, then an inconsistentValueError response will be generated, and the Set operation will fail." DEFVAL { nothing } ::= { proxyForwardingEntry 11 } proxyMemoryType OBJECT-TYPE SYNTAX MemoryType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row in the proxyForwardingTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { proxyForwardingEntry 12 } proxyStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row in the proxyForwardingTable. For those columnar objects which permit write-access, their value in an existing conceptual row can be changed irrespective of the value of proxyStatus for that row." ::= { proxyForwardingEntry 13 } Expires February 1996 [Page 48] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- conformance information v2AdminMIBConformance OBJECT IDENTIFIER ::= { v2AdminMIB 10 } v2AdminMIBCompliances OBJECT IDENTIFIER ::= { v2AdminMIBConformance 1 } v2AdminMIBGroups OBJECT IDENTIFIER ::= { v2AdminMIBConformance 2 } -- compliance statements v2AdminMIBBasicAgentCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for simple SNMPv2 agents which implement the SNMPv2 ADMIN MIB." MODULE -- this module MANDATORY-GROUPS { v2AdminBasicGroup } ::= { v2AdminMIBCompliances 1 } v2AdminMIBBasicAgentWithTransportCheckingCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for simple SNMPv2 agents which implement the SNMPv2 ADMIN MIB, and which also perform transport endpoint checks when authenticating messages." MODULE -- this module MANDATORY-GROUPS { v2AdminBasicGroup, v2AdminTransportGroup } ::= { v2AdminMIBCompliances 2 } v2AdminMIBBasicAgentWithTrapsCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the SNMPv2 ADMIN MIB." MODULE -- this module MANDATORY-GROUPS { v2AdminBasicGroup, v2AdminTransportGroup, Expires February 1996 [Page 49] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 v2AdminTrapGroup } ::= { v2AdminMIBCompliances 3 } v2AdminMIBBasicAgentWithProxyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the SNMPv2 ADMIN MIB." MODULE -- this module MANDATORY-GROUPS { v2AdminBasicGroup, v2AdminTransportGroup, v2AdminProxyGroup } ::= { v2AdminMIBCompliances 4 } v2AdminMIBBasicAgentWithTrapsAndProxyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the SNMPv2 ADMIN MIB." MODULE -- this module MANDATORY-GROUPS { v2AdminBasicGroup, v2AdminTransportGroup, v2AdminTrapGroup, v2AdminProxyGroup } ::= { v2AdminMIBCompliances 5 } v2AdminMIBDualRoleEntityCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMPv2 entities which implement the SNMPv2 ADMIN MIB." MODULE -- this module MANDATORY-GROUPS { v2AdminBasicGroup, v2AdminTransportGroup, v2AdminTrapGroup, v2AdminProxyGroup, v2AdminInformGroup } ::= { v2AdminMIBCompliances 6 } Expires February 1996 [Page 50] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 -- units of conformance v2AdminBasicGroup OBJECT-GROUP OBJECTS { snmpID, snmpMaxMessageSize, maxIdentityNameLength, maxGroupNameLength, maxV2ContextNameLength, maxViewTreeNameLength, maxTransportLabelLength, v2ContextSnmpID, v2ContextName, v2ContextLocalEntity, v2ContextLocalTime, v2ContextMemoryType, v2ContextStatus, viewTreeSpinLock, viewTreeName, viewTreeSubTree, viewTreeMask, viewTreeType, viewTreeMemoryType, viewTreeStatus, acSpinLock, acGroupName, acContextName, acContextNameMask, acPrivs, acReadViewName, acWriteViewName, acMemoryType, acStatus } STATUS current DESCRIPTION "A collection of objects providing for configuration of an SNMPv2 agent." ::= { v2AdminMIBGroups 1 } v2AdminTransportGroup OBJECT-GROUP OBJECTS { transportSpinLock, transportLabel, transportSubindex, Expires February 1996 [Page 51] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 transportDomain, transportAddress, transportReceiveMask, transportMMS, transportMemoryType, transportStatus } STATUS current DESCRIPTION "A collection of objects providing for configuration of transport endpoints." ::= { v2AdminMIBGroups 2 } v2AdminTrapGroup OBJECT-GROUP OBJECTS { notifySpinLock, notifyIndex, notifySPI, notifyIdentityName, notifyTransportLabel, notifyContextName, notifyViewName, notifyMemoryType, notifyStatus } STATUS current DESCRIPTION "A collection of objects providing for configuration of an SNMPv2 agent which will send traps." ::= { v2AdminMIBGroups 3 } v2AdminProxyGroup OBJECT-GROUP OBJECTS { proxyDirection, proxySPIIn, proxyIdentityNameIn, proxyContextSnmpIDIn, proxyContextNameIn, proxySPIOut, proxyAuthSnmpIDOut, proxyIdentityNameOut, proxyTransportLabelOut, proxyPrivs, proxyMemoryType, proxyStatus Expires February 1996 [Page 52] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 } STATUS current DESCRIPTION "A collection of objects providing for configuration of an SNMPv2 proxy agent." ::= { v2AdminMIBGroups 4 } v2AdminInformGroup OBJECT-GROUP OBJECTS { notifyConfirm, notifyAuthSnmpID, notifyTimeout, notifyMaxRetry } STATUS current DESCRIPTION "A collection of objects providing for configuration of an SNMPv2 dual-role-entity which will send informs." ::= { v2AdminMIBGroups 5 } END 7. Acknowledgements To be provided here. 8. References To be provided here. Expires February 1996 [Page 53] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 9. Authors' Addresses Tell U. Later various members of the SNMPv2 Working Group snmpv2@tis.com Expires February 1996 [Page 54] Internet Draft SNMPv2 Administrative MIB for SNMPv2 September 1995 Table of Contents 1 Introduction .................................................... 3 2 Potential Scope ................................................. 3 2.1 Requirements for SNMPv2 Agents ................................ 3 2.2 Requirements for SNMPv2 Dual-Role Entities .................... 4 3 Structure of MIB ................................................ 5 4 Authorizing Notifications ....................................... 8 5 Transport Endpoints ............................................. 10 6 Definitions ..................................................... 12 7 Acknowledgements ................................................ 53 8 References ...................................................... 53 9 Authors' Addresses .............................................. 54 Expires February 1996 [Page 55]