CISCO-COMMON-MGMT-MIB: View SNMP OID List / Download MIB

MIB module for integrating different elements of managing a device. For example, different device access methods like SNMP, CLI, XML and so on have different set of users which are used to communicate with the device. The ccmCommonUserTable provides framework to create one set of users which is common across all the device access methods. So, this MIB serves as a framework to integrate management of different access methods.

Maximum number of common users that can be configured on this device. i.e., the maximum number of entries in the ccmCommonUserTable. 0 means maximum number of users is dynamically determined, e.g., depending on memory availability.

Number of common users that are currently configured on this device. i.e., the number of entries in the ccmCommonUserTable.

This object specifies whether the SNMP agent enforces the use of encryption for SNMPv3 messages globally on all the users in the system. The 'vacmAccessSecurityLevel' determines the acceptable security levels per group and is set to noAuthnoPriv default unless otherwise configured. The actual access to the mib objects in a SNMP message is controlled by vacmAccessTable. This object provides the configuration at a higher level to enforce privacy without any introspection of the mib objects in the SNMP message. When the privacy is enforced globally, for any SNMPv3 PDU request with securityLevel of either 'noAuthNoPriv' and 'authNoPriv', the SNMP agent responds with an 'authorizationError'.

The local date and time when the user database - ccmCommonUserTable configuration was last changed. This object will be set to zero on power cycle or on reboot of the system. Also, if the clock is changed on local system it is set to zero.

This table lists all the common users configured on this device. A common user is a user who is common across SNMP, CLI and other device access methods. Certain access methods might need the user created to be standard compliant. For example - for SNMP, the user created need to be compliant to RFC 3414 (SNMP-USER-BASED-SM-MIB). When a common user is created in this table, a corresponding SNMP user is created in the 'usmUserTable' with corresponding instance of usmUserStorageType set to readOnly . Similarly when a common user is deleted from this table, the corresponding entry in the 'usmUserTable' is deleted.

An entry (conceptual row) in the ccmCommonUserTable.

Name of the common user.

Password of the common user. For SNMP, this password is used for both authentication and privacy. For CLI and XML, it is used for authentication only. A zero-length string is always returned when this object is read.

The date on which this user will expire. Note that non-date related octets in this object are ignored. If the all the date related octets have value '00'H, then user never expires.

The name of the file storing the SSH public key. The SSH public key is used to authenticate the SSH session for this user. Note that this object applies to only CLI user. The content within SSH Key file can be one of the following: - SSH Public Key in OpenSSH format - SSH Public Key in IETF SECSH (Commercial SSH public key format) - SSH Client Certificate in PEM (privacy-enhanced mail format) from which the public key will be extracted - SSH Client Certificate DN (Distinguished Name) for certificate based authentication This object is used to configure the SSH public key for a user. When this object is read, the agent may return a zero length string. However, the value of the corresponding instance of ccmCommonUserSshKeyConfigured should indicate if the key is configured or not.

This object specifies whether the user corresponding to this entry is configured with SSH public key. The value of 'true' indicates that the user is configured with SSH public key. The value of 'false' indicates the user is not configured with SSH public key.

An indication of whether messages sent on behalf of this user to/from the SNMP engine can be authenticated, and if so, the type of authentication protocol which is used. An instance of this object is created concurrently with the creation of any other object instance for the same user (i.e., as part of the processing of the set operation which creates the first object instance in the same conceptual row). If an initial set operation (i.e. at row creation time) tries to set a value for an unknown or unsupported protocol, then a 'wrongValue' error must be returned. Once instantiated, the value of such an instance of this object can only be changed via a set operation to the value of the usmNoAuthProtocol. If a set operation tries to change the value of an existing instance of this object to any value other than usmNoAuthProtocol, then an 'inconsistentValue' error must be returned. If a set operation tries to set the value to the usmNoAuthProtocol while the ccmCommonUserSNMPPrivProtocol value in the same row is not equal to usmNoPrivProtocol, then an 'inconsistentValue' error must be returned. That means that an SNMP command generator application must first ensure that the usmUserPrivProtocol is set to the usmNoPrivProtocol value before it can set the usmUserAuthProtocol value to usmNoAuthProtocol. The value of an instance of this object directly maps to a corresponding instance of usmUserAuthProtocol in the usmUserTable.

An indication of whether messages sent on behalf of this user to/from the SNMP engine can be protected from disclosure, and if so, the type of privacy protocol which is used. An instance of this object is created concurrently with the creation of any other object instance for the same user (i.e., as part of the processing of the set operation which creates the first object instance in the same conceptual row). If an initial set operation (i.e. at row creation time) tries to set a value for an unknown or unsupported protocol, then a 'wrongValue' error must be returned. Once instantiated, the value of such an instance of this object can only be changed via a set operation to the value of the usmNoPrivProtocol. If a set operation tries to change the value of an existing instance of this object to any value other than usmNoPrivProtocol, then an 'inconsistentValue' error must be returned. Note that if any privacy protocol is used, then you must also use an authentication protocol. In other words, if usmUserPrivProtocol is set to anything else than usmNoPrivProtocol, then the corresponding instance of usmUserAuthProtocol cannot have a value of usmNoAuthProtocol. If it does, then an 'inconsistentValue' error must be returned. The value of an instance of this object directly maps to a corresponding instance of usmUserPrivProtocol in the usmUserTable.

The type of the credential store of the user. When a row is created in this table by a user, the user entry is created in a credential store local to the device. In case of remote authentication mechanism like AAA Server based authentication, credentials are stored in other(remote) system/device. Enumeration: 'remoteCredentialStore': 3, 'none': 1, 'localCredentialStore': 2.

The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row.

Status of the user.

This table provides a mechanism to map a common user represented by ccmCommonUserName to one or more roles. These roles provide access control policies for a principal. Note that all the roles used in the this table have to be present in the commonRoleTable of CISCO-COMMON-ROLES-MIB. For Common User - Role assignments created in this table, for SNMP user access, the corresponding entries are created in the vacmSecurityToGroupTable (of SNMP-VIEW-BASED-ACM-MIB) in line with View-based Access Control Model (RFC3415) and cvacmSecurityToGroupTable (of CISCO-SNMP-VACM-EXT-MIB) to represent all the mappings. All such instances in SNMP tables are created with corresponding StorageType set to readOnly. Note that it is not necessary to update this table if the user-role mapping data is changed using corresponding access methods. e.g., if the SNMPv3 user-group mapping using vacmSecurityToGroupTable and cvacmSecurityToGroupTable is changed, it is not necessary to reflect that change in this table.

An entry (conceptual row) in the ccmCommonUserRoleTable.

Name of the role.

The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row.

Status of the role list entry.

This object specifies maximum timeout value for caching the user credentials in the local system. Such caching is used in remote authentication mechanism like AAA Server based authentication. This applies to the common user entries as represented by 'ccmCommonUserTable' where the value of 'ccmCommonUserCredType' is 'remoteCredentialStore'.

The compliance statement for entities which implement the CISCO-COMMON-MGMT-MIB.

The compliance statement for entities which implement the CISCO-COMMON-MGMT-MIB.

A collection of objects for Common Management configuration.

A collection of objects for configuring timeout value for caching the user credentials in the local system.