You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-COMMON-ROLES-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-COMMON-ROLES-MIB by vendor Cisco

CISCO-COMMON-ROLES-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-COMMON-ROLES-MIB.


Vendor: Cisco
Mib: CISCO-COMMON-ROLES-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *********************************************************************
-- CISCO-COMMON-ROLES-MIB.my: Common Roles Mib
--
-- March 2003, Vinay Gaonkar
--
-- Copyright (c) 2003 by cisco Systems, Inc.
-- All rights reserved.
-- 
-- *********************************************************************

CISCO-COMMON-ROLES-MIB DEFINITIONS ::= BEGIN

IMPORTS        
     MODULE-IDENTITY, OBJECT-TYPE, 
     Unsigned32                             FROM SNMPv2-SMI
     MODULE-COMPLIANCE, OBJECT-GROUP        FROM SNMPv2-CONF
     RowStatus, 
     TEXTUAL-CONVENTION,
     TruthValue                             FROM SNMPv2-TC
     SnmpAdminString                        FROM SNMP-FRAMEWORK-MIB
     ciscoMgmt                              FROM CISCO-SMI;

ciscoCommonRolesMIB MODULE-IDENTITY
        LAST-UPDATED "200309150000Z"
        ORGANIZATION "Cisco Systems Inc. "
        CONTACT-INFO
                "     Cisco Systems
                      Customer Service
                Postal: 170 W Tasman Drive
                      San Jose, CA  95134
                      USA
                Tel: +1 800 553 -NETS
                E-mail: cs-san@cisco.com"
        DESCRIPTION
                "MIB module for managing the common roles between 
                access methods like Command Line Interface (CLI), SNMP
                and XML interfaces.
                Every user on a device is associated with a role.
                A user role defines access rights afforded to the users 
                that belog to this role. A role specifies which 
                commands/operations a user is able to perform on what 
                information.
                SNMP uses VACM (View-based Access Control Model) group 
                to define access rights. Both SNMPv1/v2c community and 
                SNMPv3 user have to belong to a group in order to access
                information.
                CLI uses proprietary mechanisms to define the access 
                rights. Most of them depend on the underlying operating 
                system.
                Groups created from SNMP are not same as the roles 
                created from CLI unless they are synchronized. In 
                addition to this, views make up the roles in VACM where
                was some kind of internal rules make the roles in the 
                CLI. This MIB describes a framework in which a role 
                defined independent of access methods. It is up to the
                the particular access method to convert this 
                framework information into the native information. For
                example, SNMP needs to convert common role framework to
                VACM.
                Note that this framework could be also used for any 
                other access methods other than SNMP and CLI.

                The framework needs a list of features and list of 
                operations they can support. Features provide the data 
                context and are system dependent. Operations are the 
                actions that can be done on the data. The role are 
                defined in terms of rules. Rules are essentially access
                rights which specify if a certain operation on a feature
                is permitted or not."
        REVISION   "200309150000Z"
        DESCRIPTION
            "Added DEFVAL to commonRoleRuleFeatureName. Also, removed
            commonRoleRuleFeatureName from mandatory object list while 
            creating row in the commonRoleRuleTable."
        REVISION   "200306300000Z"
        DESCRIPTION
            "Initial version of this MIB module."
        ::= { ciscoMgmt 361 }

ciscoCommonRolesNotifications
        OBJECT IDENTIFIER ::= { ciscoCommonRolesMIB 0 }
ciscoCommonRolesMIBObjects
        OBJECT IDENTIFIER ::= { ciscoCommonRolesMIB 1 }
ciscoCommonRolesMIBConformance
        OBJECT IDENTIFIER ::= { ciscoCommonRolesMIB 2 }

ccrInfo OBJECT IDENTIFIER ::=
        { ciscoCommonRolesMIBObjects 1 }    

ccrRoleConfig OBJECT IDENTIFIER ::=
        { ciscoCommonRolesMIBObjects 2 }    

ccrRuleConfig OBJECT IDENTIFIER ::=
        { ciscoCommonRolesMIBObjects 3 }    

-- Textual Conventions
CommonRoleOperation   ::= TEXTUAL-CONVENTION
        STATUS current
        DESCRIPTION
               "Operations allowed for a common role.
               clear  - Clear operation
               config - Config/Set operation
               debug  - Debug operation 
               show   - Show/Get operation
               exec   - Exec/Set Operation

               Note that if an operation is not supported by an access
               method, then it does not apply to that access method."
       SYNTAX  INTEGER {
                   clear (1),
                   config (2),
                   debug (3),
                   show (4),
                   exec (5)
       }


--
-- commonRoleFeatureTable
--

commonRoleFeatureTable  OBJECT-TYPE
        SYNTAX     SEQUENCE OF CommonRoleFeatureEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "This table lists all the features and the operations 
               supported by the features on the system."
        ::= { ccrInfo 1 }

commonRoleFeatureEntry OBJECT-TYPE
        SYNTAX     CommonRoleFeatureEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "An entry (conceptual row) in the 
               commonRoleFeatureTable containing information about 
               features and the operations supported by each of the
               features."
        INDEX { commonRoleFeatureIndex}
        ::= { commonRoleFeatureTable 1 }

CommonRoleFeatureEntry ::= SEQUENCE {
        commonRoleFeatureIndex          Unsigned32,
        commonRoleFeatureName           SnmpAdminString,
        commonRoleFeatureOperation      CommonRoleOperation
}
commonRoleFeatureIndex OBJECT-TYPE
        SYNTAX      Unsigned32 (1..4294967295)
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
               "An arbitrary index for this entry."
        ::= { commonRoleFeatureEntry 1}

commonRoleFeatureName OBJECT-TYPE
        SYNTAX      SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
               "Name of the feature. For example, strings like 'ip', 
               'snmp-server' and 'vsan' are valid feature names." 
        ::= { commonRoleFeatureEntry 2}

commonRoleFeatureOperation OBJECT-TYPE
        SYNTAX      CommonRoleOperation 
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
               "The operation associated with this feature." 
        ::= { commonRoleFeatureEntry 3}


-- commonRoleSupportedOperTable
commonRoleSupportedOperTable  OBJECT-TYPE
        SYNTAX     SEQUENCE OF CommonRoleSupportedOperEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "This table lists all the access methods supported on
               device and the operations supported by each of the 
               access methods. 
               The operations listed in CommonRoleOperation may not
               be supported by all the access methods. For example,
               suppose that in the future, a new operation 'create' is
               added to CommonRoleOperation. CLI may not support it; 
               but may be supported by XML. So this operation would not
               apply to CLI. This table captures the supported 
               operations for each of the access methods."
        ::= { ccrInfo 2 }

commonRoleSupportedOperEntry OBJECT-TYPE
        SYNTAX     CommonRoleSupportedOperEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "An entry (conceptual row) in the 
               commonRoleSupportedOperTable which lists the operations
               supported by the local device for a particular access 
               method."
        INDEX { commonRoleAccessMethod }
        ::= { commonRoleSupportedOperTable 1 }

CommonRoleSupportedOperEntry ::= SEQUENCE {
        commonRoleAccessMethod       INTEGER,
        commonRoleSupportedOperation BITS
}
commonRoleAccessMethod OBJECT-TYPE
        SYNTAX      INTEGER {
                      cli (1),
                      snmp (2)
                    }
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
               "Access method supported on this system."
        ::= { commonRoleSupportedOperEntry 1}

commonRoleSupportedOperation OBJECT-TYPE
        SYNTAX     BITS {
                      clear (0),
                      config (1),
                      debug (2),
                      show (3),
                      exec (4)
                   }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
               "Operations supported by the access method.
                   clear  - Clear operation
                   config - Config/Set operation
                   debug  - Debug operation 
                   show   - Show/Get operation
                   exec   - Exec/Set Operation
                ."
        ::= { commonRoleSupportedOperEntry 2}


--
-- commonRoleMaxRoles
--
commonRoleMaxRoles OBJECT-TYPE
        SYNTAX      Unsigned32 (1..65535)
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
               "Maximum number of common roles that can be configured
               this device. i.e., the maximum number of entries in the
               commonRoleTable."
        ::= { ccrRoleConfig 1 }

-- commonRoleTable

commonRoleTable  OBJECT-TYPE
        SYNTAX     SEQUENCE OF CommonRoleEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "This table lists all the common roles configured on this
               device.Common roles are the user roles which are common 
               across SNMP and CLI."
        ::= { ccrRoleConfig 2 }

commonRoleEntry OBJECT-TYPE
        SYNTAX     CommonRoleEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "An entry (conceptual row) in the commonRoleTable. "
        INDEX { commonRoleName }
        ::= { commonRoleTable 1 }

CommonRoleEntry ::= SEQUENCE {
        commonRoleName              SnmpAdminString,
        commonRoleDescription       SnmpAdminString,
        commonRoleScopeRestriction  INTEGER ,
        commonRoleScope1            OCTET STRING,
        commonRoleScope2            OCTET STRING,
        commonRoleRowStatus         RowStatus
}
commonRoleName OBJECT-TYPE
        SYNTAX      SnmpAdminString (SIZE(1..16))
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
               "Name of the common role."
        ::= { commonRoleEntry 1}

commonRoleDescription OBJECT-TYPE
        SYNTAX      SnmpAdminString (SIZE(0..64))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "Description of the common role."
        DEFVAL { ''H}
        ::= { commonRoleEntry 2}

commonRoleScopeRestriction OBJECT-TYPE
        SYNTAX      INTEGER {
                       none (1),
                       vsan (2)
                    }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "This object indicates if there is a scope restriction
               for this role. 

               If the value of this object is 'none', then there no 
               scope restriction.

               If it is 'vsan', the two objects commonRoleScope1 and 
               commonRoleScope2 provide the list of Virtual Storage
               Area Networks (VSANs) which this role can access. The 
               object commonRoleScope1 provides list of VSANs from 0 
               through 2047 and commonRoleScope2 provides from 2048 
               through 4095. Each octet within the value of the the two
               objects specifies a set of eight VSANs. The first octet 
               specifies VSANs 0 through 7 for commonRoleScope1 and  
               VSANs 2048 through 2054 for commonRoleScope2. Similarly,
               the second octet specifies VSANs 8 through 15 and VSANs 
               2055 through 2062 for commonRoleScope2, etc. Within each
               octet, the most significant bit represents the lowest 
               numbered VSAN, and the least significant bit represents 
               the highest numbered VSAN. Thus, each VSAN, is 
               represented by a single bit within the value of this 
               object. A role can access a VSAN  if and only if that bit
               has a value of '1'. If these objects have a value which 
               are less than 256 bytes long, then the VSANs which are 
               not represented are not considered to be in these list.
               If both the scope objects are zero-length strings, then
               this role can not access any VSANs if this object is 
               `vsan'. The role can access all the VSANs if the this 
               object is 'none'. Also, both commonRoleScope1 and 
               commonRoleScope2 are invalid if this object is 'none'.

               Other means of restricting the scope of a role can be
               defined in the future by extending this object with
               additional enumerations.  Each such addition will
               define the restriction and any parameters it might
               have, which might or might not be specified via the
               corresponding values of commonRoleScope1 and
               commonRoleScope2."
        DEFVAL { none }
        ::= { commonRoleEntry 3}

commonRoleScope1 OBJECT-TYPE
        SYNTAX      OCTET STRING
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "This object provides the scope for the role. The actual
               meaning of this object depends the value of 
               commonRoleScopeRestriction and is defined in that
                object."
        DEFVAL { ''H}
        ::= { commonRoleEntry 4}

commonRoleScope2 OBJECT-TYPE
        SYNTAX      OCTET STRING
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "This object provides the scope for the role. The actual
               meaning of this object depends the value of 
               commonRoleScopeRestriction and is defined in that
                object."
        DEFVAL { ''H}
        ::= { commonRoleEntry 5 }

commonRoleRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "Status of this role."
        ::= { commonRoleEntry 6 }

--
-- commonRoleMaxRulesPerRole
--
commonRoleMaxRulesPerRole OBJECT-TYPE
        SYNTAX      Unsigned32 (1..65535)
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
               "Maximum number of rules that can be configured for a
               role."
        ::= { ccrRuleConfig 1 }

--
-- commonRoleRuleTable
--
commonRoleRuleTable  OBJECT-TYPE
        SYNTAX     SEQUENCE OF CommonRoleRuleEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "This table lists all the rules configured for roles 
               defined in the commonRoleTable. Each rule defines a 
               feature and related access-level which provides either 
               permit or deny access to the feature information.

               Entries in this table are also created/deleted using 
               commonRoleRuleRowStatus.

               A row in this table cannot be made 'active' until a 
               value is explicitly provided for that row's instances 
               of following objects :
               - commonRoleRuleOperation

               Also, the following objects cannot be modified when 
               'commonRoleRuleRowStatus' is 'active' :
               - commonRoleRuleFeatureName
               - commonRoleRuleOperation
               - commonRoleRuleOperPermitted

               To modify the above objects, the entry must be deleted 
               and re-created with new value of above objects."
        ::= { ccrRuleConfig 2 }

commonRoleRuleEntry OBJECT-TYPE
        SYNTAX     CommonRoleRuleEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
               "An entry (conceptual row) in the commonRoleRuleTable. "
        INDEX { commonRoleName, commonRoleRuleIndex }
        ::= { commonRoleRuleTable 1 }

CommonRoleRuleEntry ::= SEQUENCE {
        commonRoleRuleIndex            Unsigned32,
        commonRoleRuleFeatureName      SnmpAdminString,
        commonRoleRuleOperation        CommonRoleOperation,
        commonRoleRuleOperPermitted    TruthValue,
        commonRoleRuleRowStatus        RowStatus
}
commonRoleRuleIndex OBJECT-TYPE
        SYNTAX      Unsigned32 (1..4294967295)
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
               "A sequential number starting from 1, and less than or
               equal to commonRoleMaxRulesPerRole, which identifies a 
               rule."
        ::= { commonRoleRuleEntry 1 }

commonRoleRuleFeatureName OBJECT-TYPE
        SYNTAX      SnmpAdminString (SIZE(0..32))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "Name of the feature.
               If this is a zero-length string, then this rule applies
               to all the features supported on the system as 
               enumerated in commonRoleFeatureTable."
        DEFVAL {''H}
        ::= { commonRoleRuleEntry 2}

commonRoleRuleOperation OBJECT-TYPE
        SYNTAX      CommonRoleOperation
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "The operation permitted for this rule."
        ::= { commonRoleRuleEntry 3}

commonRoleRuleOperPermitted OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "This object tells if the operation 
               `commonRoleRuleOperation' is permitted on the  feature 
               `commonRoleFeatureName'. The operation is permitted if 
               the value of this object is `true'.
               If the value of the object is 'false', the operation is 
               not permitted." 
        DEFVAL { true }
        ::= { commonRoleRuleEntry 4 }

commonRoleRuleRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
               "Status of this rule." 
        ::= { commonRoleRuleEntry 5 }

-- Conformance

ciscoCommonRolesMIBCompliances
       OBJECT IDENTIFIER ::= { ciscoCommonRolesMIBConformance 1 }

ciscoCommonRolesMIBGroups
       OBJECT IDENTIFIER ::= { ciscoCommonRolesMIBConformance 2 }

ciscoCommonRolesMIBCompliance MODULE-COMPLIANCE
        STATUS   current
        DESCRIPTION
                "The compliance statement for entities which
                 implement the CISCO-COMMON-ROLES-MIB."
        MODULE MANDATORY-GROUPS { ccrmConfigurationGroup }

        OBJECT commonRoleRowStatus             
        SYNTAX     INTEGER {             
                     active (1),
                     createAndGo (4),
                     destroy (6)}
        DESCRIPTION 
                "Only 'createAndGo', 'destroy' and 'active' need to be 
                supported."
                                           
        ::= { ciscoCommonRolesMIBCompliances 1 }

-- Units of Conformance

ccrmConfigurationGroup  OBJECT-GROUP
        OBJECTS  { 
        commonRoleFeatureName,
        commonRoleFeatureOperation,
        commonRoleSupportedOperation,
        commonRoleMaxRoles,
        commonRoleDescription,
        commonRoleScopeRestriction,
        commonRoleScope1,
        commonRoleScope2,
        commonRoleRowStatus,
        commonRoleMaxRulesPerRole,
        commonRoleRuleFeatureName,
        commonRoleRuleOperation,
        commonRoleRuleOperPermitted,
        commonRoleRuleRowStatus
        }
        STATUS   current
        DESCRIPTION
                "A collection of objects for Common Roles 
                configuration."
        ::= { ciscoCommonRolesMIBGroups 1 }
END