CISCO-COMMON-MGMT-MIB
File:
CISCO-COMMON-MGMT-MIB.mib (22082 bytes)
Imported modules
Imported symbols
Defined Types
| CcmCommonUserEntry |
|
| SEQUENCE |
|
|
|
| |
ccmCommonUserName |
SnmpAdminString |
|
| |
ccmCommonUserPassword |
DisplayString |
|
| |
ccmCommonUserExpiryDate |
DateAndTime |
|
| |
ccmCommonUserSshKeyFilename |
SnmpAdminString |
|
| |
ccmCommonUserSshKeyConfigured |
TruthValue |
|
| |
ccmCommonUserSNMPAuthProtocol |
AutonomousType |
|
| |
ccmCommonUserSNMPPrivProtocol |
AutonomousType |
|
| |
ccmCommonUserCredType |
INTEGER |
|
| |
ccmCommonUserStorageType |
StorageType |
|
| |
ccmCommonUserRowStatus |
RowStatus |
|
| CcmCommonUserRoleEntry |
|
| SEQUENCE |
|
|
|
| |
ccmCommonUserRoleName |
SnmpAdminString |
|
| |
ccmCommonUserRoleStorageType |
StorageType |
|
| |
ccmCommonUserRoleRowStatus |
RowStatus |
|
Defined Values
| ciscoCommonMgmtMIB |
1.3.6.1.4.1.9.9.443 |
| MIB module for integrating different elements of
managing a device. For example, different device access
methods like SNMP, CLI, XML and so on have different set
of users which are used to communicate with the device.
The ccmCommonUserTable provides framework to create one
set of users which is common across all the device
access methods.
So, this MIB serves as a framework to integrate
management of different access methods. |
| MODULE-IDENTITY |
|
|
|
| ccmCommonMaxUsers |
1.3.6.1.4.1.9.9.443.1.1.1 |
| Maximum number of common users that can be configured
on this device. i.e., the maximum number of entries in
the ccmCommonUserTable.
0 means maximum number of users is dynamically
determined, e.g., depending on memory availability. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
0..65535 |
|
| ccmCommonUsers |
1.3.6.1.4.1.9.9.443.1.1.2 |
| Number of common users that are currently configured on
this device. i.e., the number of entries in the
ccmCommonUserTable. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
1..65535 |
|
| ccmCommonUsersGlobalEnforcePriv |
1.3.6.1.4.1.9.9.443.1.1.3 |
| This object specifies whether the SNMP agent enforces
the use of encryption for SNMPv3 messages globally on
all the users in the system.
The 'vacmAccessSecurityLevel' determines the acceptable
security levels per group and is set to noAuthnoPriv
default unless otherwise configured. The actual access
to the mib objects in a SNMP message is controlled by
vacmAccessTable. This object provides the configuration
at a higher level to enforce privacy without any
introspection of the mib objects in the SNMP message.
When the privacy is enforced globally, for any SNMPv3
PDU request with securityLevel of either 'noAuthNoPriv'
and 'authNoPriv', the SNMP agent responds with an
'authorizationError'. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| ccmCommonUserLastChange |
1.3.6.1.4.1.9.9.443.1.1.4 |
| The local date and time when the user database -
ccmCommonUserTable configuration was last changed.
This object will be set to zero on power cycle or
on reboot of the system. Also, if the clock is
changed on local system it is set to zero. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
DateAndTime |
|
|
| ccmCommonUserTable |
1.3.6.1.4.1.9.9.443.1.1.5 |
| This table lists all the common users configured on
this device. A common user is a user who is common
across SNMP, CLI and other device access methods.
Certain access methods might need the user created
to be standard compliant. For example - for SNMP, the
user created need to be compliant to RFC 3414
(SNMP-USER-BASED-SM-MIB). When a common user is
created in this table, a corresponding SNMP user is
created in the 'usmUserTable' with corresponding
instance of usmUserStorageType set to readOnly .
Similarly when a common user is deleted from this
table, the corresponding entry in the 'usmUserTable'
is deleted. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
CcmCommonUserEntry |
|
| ccmCommonUserEntry |
1.3.6.1.4.1.9.9.443.1.1.5.1 |
| An entry (conceptual row) in the ccmCommonUserTable. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
CcmCommonUserEntry |
|
|
| ccmCommonUserPassword |
1.3.6.1.4.1.9.9.443.1.1.5.1.2 |
| Password of the common user.
For SNMP, this password is used for both authentication
and privacy. For CLI and XML, it is used for
authentication only.
A zero-length string is always returned when this
object is read. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
|
|
| ccmCommonUserExpiryDate |
1.3.6.1.4.1.9.9.443.1.1.5.1.3 |
| The date on which this user will expire. Note
that non-date related octets in this object are
ignored.
If the all the date related octets have value
'00'H, then user never expires. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DateAndTime |
|
|
| ccmCommonUserSNMPAuthProtocol |
1.3.6.1.4.1.9.9.443.1.1.5.1.6 |
| An indication of whether messages sent on behalf of
this user to/from the SNMP engine can be authenticated,
and if so, the type of authentication protocol which is
used.
An instance of this object is created concurrently
with the creation of any other object instance for
the same user (i.e., as part of the processing of
the set operation which creates the first object
instance in the same conceptual row).
If an initial set operation (i.e. at row creation time)
tries to set a value for an unknown or unsupported
protocol, then a 'wrongValue' error must be returned.
Once instantiated, the value of such an instance of
this object can only be changed via a set operation to
the value of the usmNoAuthProtocol.
If a set operation tries to change the value of an
existing instance of this object to any value other
than usmNoAuthProtocol, then an 'inconsistentValue'
error must be returned.
If a set operation tries to set the value to the
usmNoAuthProtocol while the
ccmCommonUserSNMPPrivProtocol value in the same row is
not equal to usmNoPrivProtocol, then an
'inconsistentValue' error must be returned. That means
that an SNMP command generator application must first
ensure that the usmUserPrivProtocol is set to the
usmNoPrivProtocol value before it can set the
usmUserAuthProtocol value to usmNoAuthProtocol.
The value of an instance of this object directly maps
to a corresponding instance of usmUserAuthProtocol in
the usmUserTable. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
AutonomousType |
|
|
| ccmCommonUserSNMPPrivProtocol |
1.3.6.1.4.1.9.9.443.1.1.5.1.7 |
| An indication of whether messages sent on behalf of
this user to/from the SNMP engine can be protected
from disclosure, and if so, the type of privacy
protocol which is used.
An instance of this object is created concurrently
with the creation of any other object instance for
the same user (i.e., as part of the processing of
the set operation which creates the first object
instance in the same conceptual row).
If an initial set operation (i.e. at row creation time)
tries to set a value for an unknown or unsupported
protocol, then a 'wrongValue' error must be returned.
Once instantiated, the value of such an instance of
this object can only be changed via a set operation to
the value of the usmNoPrivProtocol.
If a set operation tries to change the value of an
existing instance of this object to any value other
than usmNoPrivProtocol, then an 'inconsistentValue'
error must be returned.
Note that if any privacy protocol is used, then you
must also use an authentication protocol. In other
words, if usmUserPrivProtocol is set to anything else
than usmNoPrivProtocol, then the corresponding instance
of usmUserAuthProtocol cannot have a value of
usmNoAuthProtocol. If it does, then an
'inconsistentValue' error must be returned.
The value of an instance of this object directly maps
to a corresponding instance of usmUserPrivProtocol in
the usmUserTable. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
AutonomousType |
|
|
| ccmCommonUserCredType |
1.3.6.1.4.1.9.9.443.1.1.5.1.8 |
| The type of the credential store of the user.
When a row is created in this table by a user, the
user entry is created in a credential store local to
the device.
In case of remote authentication mechanism like AAA
Server based authentication, credentials are stored
in other(remote) system/device. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
none(1), localCredentialStore(2), remoteCredentialStore(3) |
|
| ccmCommonUserStorageType |
1.3.6.1.4.1.9.9.443.1.1.5.1.9 |
| The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need
not allow write-access to any columnar objects in
the row. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
StorageType |
|
|
| ccmCommonUserRoleTable |
1.3.6.1.4.1.9.9.443.1.1.6 |
| This table provides a mechanism to map a common
user represented by ccmCommonUserName to one or
more roles. These roles provide access control
policies for a principal. Note that all the roles
used in the this table have to be present in the
commonRoleTable of CISCO-COMMON-ROLES-MIB.
For Common User - Role assignments created in this
table, for SNMP user access, the corresponding
entries are created in the vacmSecurityToGroupTable
(of SNMP-VIEW-BASED-ACM-MIB) in line with View-based
Access Control Model (RFC3415) and
cvacmSecurityToGroupTable (of CISCO-SNMP-VACM-EXT-MIB)
to represent all the mappings. All such instances in
SNMP tables are created with corresponding StorageType
set to readOnly.
Note that it is not necessary to update this table if
the user-role mapping data is changed using
corresponding access methods. e.g., if the SNMPv3
user-group mapping using vacmSecurityToGroupTable
and cvacmSecurityToGroupTable is changed, it is not
necessary to reflect that change in this table. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
CcmCommonUserRoleEntry |
|
| ccmCommonUserRoleEntry |
1.3.6.1.4.1.9.9.443.1.1.6.1 |
| An entry (conceptual row) in the
ccmCommonUserRoleTable. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
CcmCommonUserRoleEntry |
|
|
| ccmCommonUserRoleStorageType |
1.3.6.1.4.1.9.9.443.1.1.6.1.2 |
| The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need
not allow write-access to any columnar objects in
the row. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
StorageType |
|
|
| ccmCommonUserCacheTimeout |
1.3.6.1.4.1.9.9.443.1.1.7 |
| This object specifies maximum timeout value for
caching the user credentials in the local system.
Such caching is used in remote authentication
mechanism like AAA Server based authentication.
This applies to the common user entries as
represented by 'ccmCommonUserTable' where
the value of 'ccmCommonUserCredType' is
'remoteCredentialStore'. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
1..86400 |
|
| ciscoCommonMgmtMIBCompliance |
1.3.6.1.4.1.9.9.443.2.1.1 |
| The compliance statement for entities which
implement the CISCO-COMMON-MGMT-MIB. |
| Status: obsolete |
Access: read-write |
| MODULE-COMPLIANCE |
|
|
|
| ciscoCommonMgmtMIBCompliance1 |
1.3.6.1.4.1.9.9.443.2.1.2 |
| The compliance statement for entities which
implement the CISCO-COMMON-MGMT-MIB. |
| Status: current |
Access: read-write |
| MODULE-COMPLIANCE |
|
|
|
| ccmConfigurationGroup |
1.3.6.1.4.1.9.9.443.2.2.1 |
| A collection of objects for Common Management
configuration. |
| Status: current |
Access: read-write |
| OBJECT-GROUP |
|
|
|
| ccmCacheTimeoutConfigGroup |
1.3.6.1.4.1.9.9.443.2.2.2 |
| A collection of objects for configuring
timeout value for caching the user
credentials in the local system. |
| Status: current |
Access: read-write |
| OBJECT-GROUP |
|
|
|