-- extracted from draft-ietf-snmpv3-coex-v2-00.txt -- at Thu Apr 26 06:04:34 2001 SNMP-COMMUNITY-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, MODULE-IDENTITY, OBJECT-TYPE, Integer32, snmpModules FROM SNMPv2-SMI RowStatus, StorageType FROM SNMPv2-TC SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB SnmpTagValue, snmpTargetAddrEntry FROM SNMP-TARGET-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; snmpCommunityMIB MODULE-IDENTITY LAST-UPDATED "199910050000Z" -- 5 Oct 1999, midnight ORGANIZATION "SNMPv3 Working Group" CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com Subscribe: majordomo@lists.tislabs.com In msg body: subscribe snmpv3 Co-Chair: Russ Mundy Trusted Information Systems Postal: 3060 Washington Rd Glenwood, Maryland 21738 USA EMail: mundy@tislabs.com Phone: +1-301-854-6889 Co-Chair: David Harrington Enterasys Networks Postal: 35 Industrial Way P. O. Box 5004 Rochester, New Hampshire 03866-5005 USA EMail: dbh@enterasys.com Phone: +1 603-337-2614 Co-editor: Rob Frye Longitude Systems, Inc. Postal: 15000 Conference Center Drive Chantilly, Virginia 20151 USA E-mail: rfrye@longsys.com Phone: +1-703-818-5426 Co-editor: David B. Levi Nortel Networks Postal: 3505 Kesterwood Drive Knoxville, Tennessee 37918 E-mail: dlevi@nortelnetworks.com Phone: +1 423 686 0432 Co-editor: Shawn A. Routhier Integrated Systems Inc. Postal: 333 North Ave 4th Floor Wakefield, Massachusetts 01880 E-mail: sar@epilogue.com Phone: +1 781 245 0804 Co-editor: Bert Wijnen Lucent Technologies Postal: Schagen 33 3461 GL Linschoten Netherlands Email: bwijnen@lucent.com Phone: +31-348-680-485 " DESCRIPTION "This MIB module defines objects to help support coexistence between SNMPv1, SNMPv2c, and SNMPv3." REVISION "199905130000Z" -- 13 May 1999 DESCRIPTION "The Initial Revision" REVISION "199910050000Z" -- 5 Oct 1999 (same as LAST-UPDATED) DESCRIPTION "This version published as RFC xxxx" -- RFC-editor assigns xxxx ::= { snmpModules 18 } -- Administrative assignments **************************************** snmpCommunityMIBObjects OBJECT IDENTIFIER ::= { snmpCommunityMIB 1 } snmpCommunityMIBConformance OBJECT IDENTIFIER ::= { snmpCommunityMIB 2 } -- -- The snmpCommunityTable contains a database of community strings. -- This table provides mappings between community strings, and the -- parameters required for View-based Access Control. -- snmpCommunityTable OBJECT-TYPE SYNTAX SEQUENCE OF SnmpCommunityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of community strings configured in the SNMP engine's Local Configuration Datastore (LCD)." ::= { snmpCommunityMIBObjects 1 } snmpCommunityEntry OBJECT-TYPE SYNTAX SnmpCommunityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular community string." INDEX { IMPLIED snmpCommunityIndex } ::= { snmpCommunityTable 1 } SnmpCommunityEntry ::= SEQUENCE { snmpCommunityIndex SnmpAdminString, snmpCommunityName OCTET STRING, snmpCommunitySecurityName SnmpAdminString, snmpCommunityContextEngineID SnmpEngineID, snmpCommunityContextName SnmpAdminString, snmpCommunityTransportTag SnmpTagValue, snmpCommunityStorageType StorageType, snmpCommunityStatus RowStatus } snmpCommunityIndex OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index value of a row in this table." ::= { snmpCommunityEntry 1 } snmpCommunityName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "The community string for which a row in this table represents a configuration." ::= { snmpCommunityEntry 2 } snmpCommunitySecurityName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "A human readable string representing the corresponding value of snmpCommunityName in a Security Model independent format." ::= { snmpCommunityEntry 3 } snmpCommunityContextEngineID OBJECT-TYPE SYNTAX SnmpEngineID MAX-ACCESS read-create STATUS current DESCRIPTION "The contextEngineID indicating the location of the context in which management information is accessed when using the community string specified by the corresponding instance of snmpCommunityName. The default value is the snmpEngineID of the entity in which this object is instantiated." ::= { snmpCommunityEntry 4 } snmpCommunityContextName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The context in which management information is accessed when using the community string specified by the corresponding instance of snmpCommunityName." DEFVAL { ''H } -- the empty string ::= { snmpCommunityEntry 5 } snmpCommunityTransportTag OBJECT-TYPE SYNTAX SnmpTagValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies a set of transport endpoints which are associated with a community string. The community string is only valid when found in an SNMPv1 (or SNMPv2c) message received from one of these transport endpoints, or when used in an SNMPv1 (or SNMPv2c) message to be sent to one of these transport endpoints. The value of this object identifies a set of entries in the snmpTargetAddrTable. Entries in that table whose snmpTargetAddrTagList contains a tag matching the value of this object are identified. When the SNMPv1 (or SNMPv2c) message processing model is attempting to choose an entry from the snmpCommunityTable for the purpose of processing a received SNMPv1 (or SNMPv2c) message, the transport endpoint from which the message was received must match one of the transport endpoints identified by this object. Likewise, when the SNMPv1 (or SNMPv2c) message processing model is attempting to choose an entry from the snmpCommunityTable for the purpose of generating an outgoing SNMPv1 (or SNMPv2c) message, the transport endpoint to which the message is to be sent must match one of the transport endpoints identified by this object. If the value of this object has zero-length, transport endpoints are not checked when attempting to choose an entry in the snmpCommunityTable (e.g., the community string is valid for use with any transport endpoint)." DEFVAL { ''H } -- the empty string ::= { snmpCommunityEntry 6 } snmpCommunityStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row in the snmpCommunityTable. Conceptual rows having the value 'permanent' need not allow write-access to any columnar object in the row." ::= { snmpCommunityEntry 7 } snmpCommunityStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row in the snmpCommunityTable. An entry in this table is not qualified for activation until instances of all corresponding columns have been initialized, either through default values, or through Set operations. The snmpCommunityName and snmpCommunitySecurityName objects must be explicitly set. There is no restriction on setting columns in this table when the value of snmpCommunityStatus is active(1)." ::= { snmpCommunityEntry 8 } -- -- The snmpTargetAddrExtTable -- snmpTargetAddrExtTable OBJECT-TYPE SYNTAX SEQUENCE OF SnmpTargetAddrExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of mask and mms values associated with the snmpTargetAddrTable. The snmpTargetAddrExtTable augments the snmpTargetAddrTable with a transport address mask value and a maximum message size value. The transport address mask allows entries in the snmpTargetAddrTable to define a set of addresses instead of just a single address. The maximum message size value allows the maximum message size of another SNMP entity to be configured for use in SNMPv1 (and SNMPv2c) transactions, where the message format does not specify a maximum message size." ::= { snmpCommunityMIBObjects 2 } snmpTargetAddrExtEntry OBJECT-TYPE SYNTAX SnmpTargetAddrExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular mask and mms value." AUGMENTS { snmpTargetAddrEntry } ::= { snmpTargetAddrExtTable 1 } SnmpTargetAddrExtEntry ::= SEQUENCE { snmpTargetAddrTMask OCTET STRING, snmpTargetAddrMMS Integer32 } snmpTargetAddrTMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask value associated with an entry in the snmpTargetAddrTable. The value of this object must have the same length as the corresponding instance of snmpTargetAddrTAddress, or must have length 0. An attempt to set it to any other value will result in an inconsistentValue error. The value of this object allows an entry in the snmpTargetAddrTable to specify multiple addresses. The mask value is used to select which bits of a transport address must match bits of the corresponding instance of snmpTargetAddrTAddress, in order for the transport address to match a particular entry in the snmpTargetAddrTable. Bits which are 1 in the mask value indicate bits in the transport address which must match bits in the snmpTargetAddrTAddress value. Bits which are 0 in the mask indicate bits in the transport address which need not match. If the length of the mask is 0, the mask should be treated as if all its bits were 1 and its length were equal to the length of the corresponding value of snmpTargetAddrTable. This object may not be modified while the value of the corresponding instance of snmpTargetAddrRowStatus is active(1). An attempt to set this object in this case will result in an inconsistentValue error." DEFVAL { ''H } ::= { snmpTargetAddrExtEntry 1 } snmpTargetAddrMMS OBJECT-TYPE SYNTAX Integer32 (0|484..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum message size value associated with an entry in the snmpTargetAddrTable. Note that a value of 0 means that the maximum message size is unknown." DEFVAL { 484 } ::= { snmpTargetAddrExtEntry 2 } -- -- The snmpTrapAddress and snmpTrapCommunity objects are included -- in notifications that are forwarded by a proxy, which were -- originally received as SNMPv1 Trap messages. -- snmpTrapAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the agent-addr field of a Trap PDU which is forwarded by a proxy forwarder application using an SNMP version other than SNMPv1. The value of this object SHOULD contain the value of the agent-addr field from the original Trap PDU as generated by an SNMPv1 agent." ::= { snmpCommunityMIBObjects 3 } snmpTrapCommunity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the community string field of an SNMPv1 message containing a Trap PDU which is forwarded by a a proxy forwarder application using an SNMP version other than SNMPv1. The value of this object SHOULD contain the value of the community string field from the original SNMPv1 message containing a Trap PDU as generated by an SNMPv1 agent." ::= { snmpCommunityMIBObjects 4 } -- Conformance Information ******************************************* snmpCommunityMIBCompliances OBJECT IDENTIFIER ::= { snmpCommunityMIBConformance 1 } snmpCommunityMIBGroups OBJECT IDENTIFIER ::= { snmpCommunityMIBConformance 2 } -- Compliance statements snmpCommunityMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP engines which implement the SNMP-COMMUNITY-MIB." MODULE -- this module MANDATORY-GROUPS { snmpCommunityTableGroup } OBJECT snmpCommunityName MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT snmpCommunitySecurityName MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT snmpCommunityContextEngineID MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT snmpCommunityContextName MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT snmpCommunityTransportTag MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT snmpCommunityStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT snmpCommunityStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { snmpCommunityMIBCompliances 1 } snmpProxyTrapForwardCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP engines which contain a proxy forwarding application which is capable of forwarding SNMPv1 traps using SNMPv2c or SNMPv3." MODULE -- this module MANDATORY-GROUPS { snmpProxyTrapForwardGroup } ::= { snmpCommunityMIBCompliances 2 } snmpCommunityTableGroup OBJECT-GROUP OBJECTS { snmpCommunityName, snmpCommunitySecurityName, snmpCommunityContextEngineID, snmpCommunityContextName, snmpCommunityTransportTag, snmpCommunityStorageType, snmpCommunityStatus, snmpTargetAddrTMask, snmpTargetAddrMMS } STATUS current DESCRIPTION "A collection of objects providing for configuration of community strings for SNMPv1 (and SNMPv2c) usage." ::= { snmpCommunityMIBGroups 1 } snmpProxyTrapForwardGroup OBJECT-GROUP OBJECTS { snmpTrapAddress, snmpTrapCommunity } STATUS current DESCRIPTION "Objects which are used by proxy forwarding applications when translating traps between SNMP versions. These are used to preserve SNMPv1-specific information when translating to SNMPv2c or SNMPv3." ::= { snmpCommunityMIBGroups 3 } END -- -- This document and translations of it may be copied and furnished to -- others, and derivative works that comment on or otherwise explain it -- or assist in its implementation may be prepared, copied, published -- and distributed, in whole or in part, without restriction of any -- kind, provided that the above copyright notice and this paragraph are -- included on all such copies and derivative works. However, this -- document itself may not be modified in any way, such as by removing -- the copyright notice or references to the Internet Society or other -- Internet organizations, except as needed for the purpose of -- developing Internet standards in which case the procedures for -- copyrights defined in the Internet Standards process must be -- followed, or as required to translate it into languages other than -- English. -- -- The limited permissions granted above are perpetual and will not be -- revoked by the Internet Society or its successors or assigns. -- -- This document and the information contained herein is provided on an -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- B. Changes From RFC1908 -- -- -- - Editorial changes to comply with current RFC requirements. -- -- - Added/updated copyright statements. -- -- - Added Intellectual Property section. -- -- - Replaced old introduction with complete new -- introduction/overview. -- -- - Added content for the Security Considerations Section. -- -- - Updated References to current documents. -- -- - Updated text to use current SNMP terminology. -- -- - Added coexistence for/with SNMPv3. -- -- - Added description for SNMPv1 and SNMPv2c Message Processing -- Models and SNMPv1 and SNMPv2c Community-based Security Models. -- -- - Added snmpCommunityMIB so that SNMPv1 and SNMPv2 community -- strings can be mapped into the SNMP Version Independent -- paramaters which can then be used for access control using the -- standard SNMPv3 View-based Access Control Model and the -- snmpVacmMIB. -- -- - Added two MIB objects such that when an SNMPv1 notification -- (trap) must be converted into an SNMPv2 notification we add -- those two objects in order to preserve information about the -- address and community of the originating SNMPv1 agent. -- -- - Included (and extended) from RFC2089 the SNMPv2 to SNMPv1 -- mapping within a multi-lingual SNMP Engine. -- -- - Use keywords from RFC 2119 to describe requirements for -- compliance. -- -- - Changed/added some rules for converting a MIB module from -- SMIv1 to SMIv2. -- -- - Extended and improved the description of Proxy Forwarder -- behaviour when multiple SNMP versions are involved.