CISCO-COMMON-MGMT-MIB

File: CISCO-COMMON-MGMT-MIB.mib (21473 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
SNMP-FRAMEWORK-MIB SNMP-USER-BASED-SM-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
dod MODULE-COMPLIANCE OBJECT-GROUP
RowStatus DisplayString DateAndTime
AutonomousType TruthValue StorageType
SnmpAdminString usmNoAuthProtocol usmNoPrivProtocol
ciscoMgmt

Defined Types

CcmCommonUserEntry  
SEQUENCE    
  ccmCommonUserName SnmpAdminString
  ccmCommonUserPassword DisplayString
  ccmCommonUserExpiryDate DateAndTime
  ccmCommonUserSshKeyFilename SnmpAdminString
  ccmCommonUserSshKeyConfigured TruthValue
  ccmCommonUserSNMPAuthProtocol AutonomousType
  ccmCommonUserSNMPPrivProtocol AutonomousType
  ccmCommonUserCredType INTEGER
  ccmCommonUserStorageType StorageType
  ccmCommonUserRowStatus RowStatus

CcmCommonUserRoleEntry  
SEQUENCE    
  ccmCommonUserRoleName SnmpAdminString
  ccmCommonUserRoleStorageType StorageType
  ccmCommonUserRoleRowStatus RowStatus

Defined Values

ciscoCommonMgmtMIB 1.3.6.1.4.1.9.9.443
MIB module for integrating different elements of managing a device. For example, different device access methods like SNMP, CLI, XML and so on have different set of users which are used to communicate with the device. The ccmCommonUserTable provides framework to create one set of users which is common across all the device access methods. So, this MIB serves as a framework to integrate management of different access methods.
MODULE-IDENTITY    

ciscoCommonMgmtNotifs 1.3.6.1.4.1.9.9.443.0
OBJECT IDENTIFIER    

ciscoCommonMgmtMIBObjects 1.3.6.1.4.1.9.9.443.1
OBJECT IDENTIFIER    

ciscoCommonMgmtMIBConform 1.3.6.1.4.1.9.9.443.2
OBJECT IDENTIFIER    

ccmUserConfig 1.3.6.1.4.1.9.9.443.1.1
OBJECT IDENTIFIER    

ccmCommonMaxUsers 1.3.6.1.4.1.9.9.443.1.1.1
Maximum number of common users that can be configured on this device. i.e., the maximum number of entries in the ccmCommonUserTable. 0 means maximum number of users is dynamically determined, e.g., depending on memory availability.
OBJECT-TYPE    
  Unsigned32 0..65535  

ccmCommonUsers 1.3.6.1.4.1.9.9.443.1.1.2
Number of common users that are currently configured on this device. i.e., the number of entries in the ccmCommonUserTable.
OBJECT-TYPE    
  Unsigned32 1..65535  

ccmCommonUsersGlobalEnforcePriv 1.3.6.1.4.1.9.9.443.1.1.3
This object specifies whether the SNMP agent enforces the use of encryption for SNMPv3 messages globally on all the users in the system. The 'vacmAccessSecurityLevel' determines the acceptable security levels per group and is set to noAuthnoPriv default unless otherwise configured. The actual access to the mib objects in a SNMP message is controlled by vacmAccessTable. This object provides the configuration at a higher level to enforce privacy without any introspection of the mib objects in the SNMP message. When the privacy is enforced globally, for any SNMPv3 PDU request with securityLevel of either 'noAuthNoPriv' and 'authNoPriv', the SNMP agent responds with an 'authorizationError'.
OBJECT-TYPE    
  TruthValue  

ccmCommonUserLastChange 1.3.6.1.4.1.9.9.443.1.1.4
The local date and time when the user database - ccmCommonUserTable configuration was last changed. This object will be set to zero on power cycle or on reboot of the system. Also, if the clock is changed on local system it is set to zero.
OBJECT-TYPE    
  DateAndTime  

ccmCommonUserTable 1.3.6.1.4.1.9.9.443.1.1.5
This table lists all the common users configured on this device. A common user is a user who is common across SNMP, CLI and other device access methods. Certain access methods might need the user created to be standard compliant. For example - for SNMP, the user created need to be compliant to RFC 3414 (SNMP-USER-BASED-SM-MIB). When a common user is created in this table, a corresponding SNMP user is created in the 'usmUserTable' with corresponding instance of usmUserStorageType set to readOnly . Similarly when a common user is deleted from this table, the corresponding entry in the 'usmUserTable' is deleted.
OBJECT-TYPE    
  SEQUENCE OF  
    CcmCommonUserEntry

ccmCommonUserEntry 1.3.6.1.4.1.9.9.443.1.1.5.1
An entry (conceptual row) in the ccmCommonUserTable.
OBJECT-TYPE    
  CcmCommonUserEntry  

ccmCommonUserName 1.3.6.1.4.1.9.9.443.1.1.5.1.1
Name of the common user.
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ccmCommonUserPassword 1.3.6.1.4.1.9.9.443.1.1.5.1.2
Password of the common user. For SNMP, this password is used for both authentication and privacy. For CLI and XML, it is used for authentication only. A zero-length string is always returned when this object is read.
OBJECT-TYPE    
  DisplayString  

ccmCommonUserExpiryDate 1.3.6.1.4.1.9.9.443.1.1.5.1.3
The date on which this user will expire. Note that non-date related octets in this object are ignored. If the all the date related octets have value '00'H, then user never expires.
OBJECT-TYPE    
  DateAndTime  

ccmCommonUserSshKeyFilename 1.3.6.1.4.1.9.9.443.1.1.5.1.4
The name of the file storing the SSH public key. The SSH public key is used to authenticate the SSH session for this user. Note that this object applies to only CLI user. The content within SSH Key file can be one of the following: - SSH Public Key in OpenSSH format - SSH Public Key in IETF SECSH (Commercial SSH public key format) - SSH Client Certificate in PEM (privacy-enhanced mail format) from which the public key will be extracted - SSH Client Certificate DN (Distinguished Name) for certificate based authentication This object is used to configure the SSH public key for a user. When this object is read, the agent may return a zero length string. However, the value of the corresponding instance of ccmCommonUserSshKeyConfigured should indicate if the key is configured or not.
OBJECT-TYPE    
  SnmpAdminString Size(0..255)  

ccmCommonUserSshKeyConfigured 1.3.6.1.4.1.9.9.443.1.1.5.1.5
This object specifies whether the user corresponding to this entry is configured with SSH public key. The value of 'true' indicates that the user is configured with SSH public key. The value of 'false' indicates the user is not configured with SSH public key.
OBJECT-TYPE    
  TruthValue  

ccmCommonUserSNMPAuthProtocol 1.3.6.1.4.1.9.9.443.1.1.5.1.6
An indication of whether messages sent on behalf of this user to/from the SNMP engine can be authenticated, and if so, the type of authentication protocol which is used. An instance of this object is created concurrently with the creation of any other object instance for the same user (i.e., as part of the processing of the set operation which creates the first object instance in the same conceptual row). If an initial set operation (i.e. at row creation time) tries to set a value for an unknown or unsupported protocol, then a 'wrongValue' error must be returned. Once instantiated, the value of such an instance of this object can only be changed via a set operation to the value of the usmNoAuthProtocol. If a set operation tries to change the value of an existing instance of this object to any value other than usmNoAuthProtocol, then an 'inconsistentValue' error must be returned. If a set operation tries to set the value to the usmNoAuthProtocol while the ccmCommonUserSNMPPrivProtocol value in the same row is not equal to usmNoPrivProtocol, then an 'inconsistentValue' error must be returned. That means that an SNMP command generator application must first ensure that the usmUserPrivProtocol is set to the usmNoPrivProtocol value before it can set the usmUserAuthProtocol value to usmNoAuthProtocol. The value of an instance of this object directly maps to a corresponding instance of usmUserAuthProtocol in the usmUserTable.
OBJECT-TYPE    
  AutonomousType  

ccmCommonUserSNMPPrivProtocol 1.3.6.1.4.1.9.9.443.1.1.5.1.7
An indication of whether messages sent on behalf of this user to/from the SNMP engine can be protected from disclosure, and if so, the type of privacy protocol which is used. An instance of this object is created concurrently with the creation of any other object instance for the same user (i.e., as part of the processing of the set operation which creates the first object instance in the same conceptual row). If an initial set operation (i.e. at row creation time) tries to set a value for an unknown or unsupported protocol, then a 'wrongValue' error must be returned. Once instantiated, the value of such an instance of this object can only be changed via a set operation to the value of the usmNoPrivProtocol. If a set operation tries to change the value of an existing instance of this object to any value other than usmNoPrivProtocol, then an 'inconsistentValue' error must be returned. Note that if any privacy protocol is used, then you must also use an authentication protocol. In other words, if usmUserPrivProtocol is set to anything else than usmNoPrivProtocol, then the corresponding instance of usmUserAuthProtocol cannot have a value of usmNoAuthProtocol. If it does, then an 'inconsistentValue' error must be returned. The value of an instance of this object directly maps to a corresponding instance of usmUserPrivProtocol in the usmUserTable.
OBJECT-TYPE    
  AutonomousType  

ccmCommonUserCredType 1.3.6.1.4.1.9.9.443.1.1.5.1.8
The type of the credential store of the user. When a row is created in this table by a user, the user entry is created in a credential store local to the device. In case of remote authentication mechanism like AAA Server based authentication, credentials are stored in other(remote) system/device.
OBJECT-TYPE    
  INTEGER none(1), localCredentialStore(2), remoteCredentialStore(3)  

ccmCommonUserStorageType 1.3.6.1.4.1.9.9.443.1.1.5.1.9
The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row.
OBJECT-TYPE    
  StorageType  

ccmCommonUserRowStatus 1.3.6.1.4.1.9.9.443.1.1.5.1.10
Status of the user.
OBJECT-TYPE    
  RowStatus  

ccmCommonUserRoleTable 1.3.6.1.4.1.9.9.443.1.1.6
This table provides a mechanism to map a common user represented by ccmCommonUserName to one or more roles. These roles provide access control policies for a principal. Note that all the roles used in the this table have to be present in the commonRoleTable of CISCO-COMMON-ROLES-MIB. For Common User - Role assignments created in this table, for SNMP user access, the corresponding entries are created in the vacmSecurityToGroupTable (of SNMP-VIEW-BASED-ACM-MIB) in line with View-based Access Control Model (RFC3415) and cvacmSecurityToGroupTable (of CISCO-SNMP-VACM-EXT-MIB) to represent all the mappings. All such instances in SNMP tables are created with corresponding StorageType set to readOnly. Note that it is not necessary to update this table if the user-role mapping data is changed using corresponding access methods. e.g., if the SNMPv3 user-group mapping using vacmSecurityToGroupTable and cvacmSecurityToGroupTable is changed, it is not necessary to reflect that change in this table.
OBJECT-TYPE    
  SEQUENCE OF  
    CcmCommonUserRoleEntry

ccmCommonUserRoleEntry 1.3.6.1.4.1.9.9.443.1.1.6.1
An entry (conceptual row) in the ccmCommonUserRoleTable.
OBJECT-TYPE    
  CcmCommonUserRoleEntry  

ccmCommonUserRoleName 1.3.6.1.4.1.9.9.443.1.1.6.1.1
Name of the role.
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ccmCommonUserRoleStorageType 1.3.6.1.4.1.9.9.443.1.1.6.1.2
The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row.
OBJECT-TYPE    
  StorageType  

ccmCommonUserRoleRowStatus 1.3.6.1.4.1.9.9.443.1.1.6.1.3
Status of the role list entry.
OBJECT-TYPE    
  RowStatus  

ccmCommonUserCacheTimeout 1.3.6.1.4.1.9.9.443.1.1.7
This object specifies maximum timeout value for caching the user credentials in the local system. Such caching is used in remote authentication mechanism like AAA Server based authentication. This applies to the common user entries as represented by 'ccmCommonUserTable' where the value of 'ccmCommonUserCredType' is 'remoteCredentialStore'.
OBJECT-TYPE    
  Unsigned32 1..86400  

ciscoCommonMgmtMIBCompliances 1.3.6.1.4.1.9.9.443.2.1
OBJECT IDENTIFIER    

ciscoCommonMgmtMIBGroups 1.3.6.1.4.1.9.9.443.2.2
OBJECT IDENTIFIER    

ciscoCommonMgmtMIBCompliance 1.3.6.1.4.1.9.9.443.2.1.1
Only 'createAndGo', 'destroy' and 'active' need to be supported.
MODULE-COMPLIANCE    
  ccmCommonUserRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  ccmCommonUserRoleRowStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoCommonMgmtMIBCompliance1 1.3.6.1.4.1.9.9.443.2.1.2
Only 'createAndGo', 'destroy' and 'active' need to be supported.
MODULE-COMPLIANCE    
  ccmCommonUserRowStatus INTEGER active(1), createAndGo(4), destroy(6)
  ccmCommonUserRoleRowStatus INTEGER active(1), createAndGo(4), destroy(6)

ccmConfigurationGroup 1.3.6.1.4.1.9.9.443.2.2.1
A collection of objects for Common Management configuration.
OBJECT-GROUP    

ccmCacheTimeoutConfigGroup 1.3.6.1.4.1.9.9.443.2.2.2
A collection of objects for configuring timeout value for caching the user credentials in the local system.
OBJECT-GROUP